Privacy Policy
Last updated: 22 June 2026 ยท Effective from: 1 January 2025
FlightControl ("we", "our", "us") is committed to protecting the personal information of all users of the FlightControl platform ("Platform"). This Privacy Policy describes how we collect, use, store, disclose, and protect personal information in accordance with the Protection of Personal Information Act, 4 of 2013 ("POPIA") and all applicable South African laws.
By using the Platform you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.
1. Who we are
FlightControl is operated by Datanetics (Pty) Ltd, a company incorporated in South Africa. We are the responsible party for the purposes of POPIA.
- Information Officer: [Name of Information Officer]
- Email: info@flightcontrol.co.za
- Address: South Africa
2. What personal information we collect
We collect the following categories of personal information:
2.1 Account and identity information
- Name, surname, email address, phone number
- Username and encrypted password
- Role and permissions within your organisation
2.2 Student training records
- Date of birth, nationality, passport number, license number
- Flight logbook entries (dates, aircraft, durations, instructor details)
- Simulator session records
- Ground school and LMS progress
- Quiz attempts and scores
- Programme completion and certificate records
2.3 Document management
- Medical certificates, pilot licences, passports, and visa documents (uploaded by users)
- Issue dates, expiry dates, and verification status
2.4 Financial information
- Invoice and payment records (amounts, dates, references)
- VAT numbers for organisations
- Training wallet transaction history
- PayFast transaction identifiers (we do not store full card or bank account details)
2.5 Technical and usage data
- IP addresses, browser type, device type
- Login timestamps, session durations
- Activity logs (actions performed on the Platform)
2.6 Contact form submissions
- Name, email, phone, school name, and message content submitted via our contact form
3. How we collect personal information
- Directly from you โ when you register, complete your profile, submit a form, or upload documents.
- From your school or employer โ tenant administrators may create and manage accounts for students and staff.
- Automatically โ through cookies, server logs, and activity tracking when you use the Platform.
4. Why we collect personal information (lawful basis)
We process personal information for the following purposes, each with a corresponding lawful basis under POPIA:
| Purpose | Lawful Basis |
|---|---|
| Providing the Platform and its features | Performance of contract |
| Managing user accounts and authentication | Performance of contract |
| Maintaining training records and compliance audit trails | Legal obligation (SACAA), performance of contract |
| Generating invoices and processing payments | Performance of contract, legal obligation |
| Sending transactional emails (invoices, certificates, reminders) | Performance of contract |
| Responding to contact form enquiries | Consent, legitimate interest |
| Security monitoring and fraud prevention | Legitimate interest |
| Improving the Platform | Legitimate interest |
| Complying with applicable laws | Legal obligation |
5. How we share personal information
We do not sell personal information. We may share it in the following circumstances:
- Within your organisation: School administrators, instructors, and finance officers can access information relating to students and staff within their tenant.
- Service providers: We share information with third-party service providers who assist us in operating the Platform (cloud hosting, email delivery, payment processing, PDF generation). These providers are bound by data processing agreements and may not use the data for any other purpose.
- Accounting integrations: If your school connects an accounting provider (Xero, Sage, Pastel, QuickBooks), relevant invoice and payment data is shared with that provider under your instruction.
- Legal requirements: We may disclose information if required by law, court order, or government authority โ including the South African Civil Aviation Authority (SACAA) where legally required.
- Business transfers: In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the new entity, subject to the same protections.
6. Cross-border transfers
Some of our service providers are located outside South Africa. When we transfer personal information to foreign countries, we ensure adequate safeguards are in place as required by section 72 of POPIA, including contractual clauses or adequacy determinations.
7. Data retention
- Active accounts: Personal information is retained for as long as the account is active and for 5 years after account closure, unless a longer period is required by law.
- Training records: Flight logs, simulator logs, and certificate records are retained for a minimum of 7 years to comply with SACAA regulatory requirements.
- Financial records: Invoice and payment records are retained for 5 years as required by the South African Revenue Service (SARS).
- Activity logs: Security and audit logs are retained for 12 months by default.
- Contact form submissions: Retained for 24 months then deleted unless converted to an active account.
8. Your rights as a data subject
Under POPIA, you have the following rights:
- Right to access: You may request a copy of the personal information we hold about you.
- Right to correction: You may request that we correct inaccurate or incomplete personal information.
- Right to deletion: You may request the deletion of your personal information, subject to our legal retention obligations.
- Right to object: You may object to the processing of your personal information for direct marketing purposes.
- Right to data portability: You may request a machine-readable copy of your personal information where technically feasible.
- Right to complain: You have the right to lodge a complaint with the Information Regulator of South Africa.
To exercise any of these rights, email info@flightcontrol.co.za. We will respond within 30 days. Some rights may be limited by legal obligations or by the nature of the service we provide.
9. Cookies and tracking
We use strictly necessary cookies to operate the Platform (session management, CSRF protection). We do not use third-party advertising or tracking cookies. Google reCAPTCHA is used on the contact form โ this is subject to Google's Privacy Policy.
10. Security
We implement appropriate technical and organisational measures to protect personal information against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include:
- TLS encryption for all data in transit
- Encrypted storage for sensitive fields
- Role-based access controls with least-privilege principles
- Audit logging of all significant user actions
- Regular backups and disaster recovery procedures
- SHA-256 integrity hashes on signed flight and simulator logs
No system is completely secure. In the event of a data breach that is likely to affect your rights, we will notify you and the Information Regulator as required by POPIA.
11. Children
The Platform is not directed at persons under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided personal information without parental consent, we will delete it promptly.
12. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. We will notify registered users of material changes by email and by displaying a notice on the Platform. Continued use after notification constitutes acceptance of the updated Policy.
13. Contact the Information Officer
For any questions, complaints, or requests relating to your personal information or this Privacy Policy, please contact:
- Email: info@flightcontrol.co.za
- Subject line: POPIA Data Request
You also have the right to lodge a complaint with the Information Regulator of South Africa:
Website: inforegulator.org.za
Email: inforeg@justice.gov.za