Version 1.2 · Effective date: 27 April 2026 · Last updated: May 2026
1. Controller / Data Controller
The controller responsible for the processing of your personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (Datenschutzgesetz – DSG) is:
JetWise Investments GmbH
Wohllebengasse 12-14, 1040 Vienna, Austria
E-mail: info@bart-event.com
Website: www.bart-event.com
If you have any questions about data protection or wish to exercise your rights, please contact us at the address above or by e-mail at info@bart-event.com.
Data controller reserves the right to grant company related entities access to use contact data according point 3 of this privacy policy.
2. Scope of This Notice
This Privacy Policy applies to all personal data collected via:
- the BART website (www.bart-event.com) and any sub-pages;
- RSVP, registration, and contact forms embedded on the website or distributed by sponsors;
- e-mail correspondence directed to info@bart-event.com;
- attendance at the BART Vienna event (2 June 2026, Palais Coburg, Vienna).
This notice does not apply to third-party websites linked from our website. We have no control over those websites and recommend reviewing their respective privacy policies.
3. Personal Data We Collect
3.1 Website Visitors
When you visit our website, our web server and analytics tools automatically collect the following technical data:
- IP address (anonymised where possible);
- date and time of access;
- pages visited and time spent;
- browser type and version;
- operating system;
- referring URL.
This data is processed on the basis of our legitimate interest in operating a secure and functional website (Art. 6(1)(f) GDPR).
3.2 Contact via E-mail
When you contact us by e-mail, we process your name, e-mail address, and the content of your message in order to respond to your enquiry (Art. 6(1)(b) GDPR – pre-contractual measures; or Art. 6(1)(f) GDPR – legitimate interest in communication).
3.3 RSVP and Registration Forms
When you submit an RSVP or registration form, we collect:
- First name and last name;
- Company or organisation;
- E-mail address;
- Optional notes (e.g. dietary requirements);
- Data protection and image rights consent (checkbox);
- Timestamp of submission.
Forms submitted through our website are processed via Make (formerly Integromat), an automation platform. Form data is transmitted securely to Make’s servers for processing and routing to our event management workflow, and may subsequently be stored in our CRM system, Salesforce. See Section 6 for further details.
The legal basis for processing form data is Art. 6(1)(b) GDPR (performance of a contract / pre-contractual measures) and, where you have given explicit consent, Art. 6(1)(a) GDPR.
3.4 Image and Photography Consent
If you consent to photography and/or video recording at the event, images in which you may appear will be processed on the basis of your explicit consent (Art. 6(1)(a) GDPR). You may withdraw this consent at any time by contacting info@bart-event.com. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
4. Cookies and Tracking Technologies
Our website is built on WordPress. WordPress and its plugins may set the following categories of cookies:
| Category | Examples | Purpose & legal basis |
|---|---|---|
| Strictly necessary | WordPress session, PHPSESSID | Website operation and security. No consent required (Art. 6(1)(f) GDPR). |
| Analytics | Google Analytics / similar (if active) | Statistical analysis of website usage. Requires prior consent (Art. 6(1)(a) GDPR). |
| Functional | Language, preference cookies | Remembering user preferences. Requires prior consent (Art. 6(1)(a) GDPR). |
You can manage or withdraw cookie consent at any time via our cookie banner or your browser settings. Disabling cookies may affect the functionality of the website.
5. Purposes of Processing and Legal Bases
| Purpose | Legal basis (GDPR) | Retention period |
|---|---|---|
| Responding to enquiries and contact | Art. 6(1)(b), (f) | 3 years from last contact |
| Event registration and attendance management | Art. 6(1)(b) | Duration of event + 7 years (statutory) |
| Photography / event imagery | Art. 6(1)(a) – consent | Until consent withdrawn or 5 years |
| Website security and operation | Art. 6(1)(f) | 30 days (server logs) |
| Sponsor communications and invitations | Art. 6(1)(b), (f) | Duration of sponsorship + 3 years |
| CRM — contact and relationship management (Salesforce) | Art. 6(1)(b), (f) | Duration of relationship + 3 years |
6. Third-Party Service Providers and Data Processors
We engage the following third-party processors who may handle personal data on our behalf. All processors are bound by data processing agreements in accordance with Art. 28 GDPR.
6.1 WordPress (Automattic Inc.)
Our website is built on WordPress. Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, provides the WordPress software and associated services. Standard contractual clauses are in place for any international transfers. Privacy policy: automattic.com/privacy.
6.2 Make (formerly Integromat)
RSVP and contact form submissions are routed through Make, an automation platform. Make processes your form data (name, company, e-mail, notes) to deliver your submission to our internal workflow. Make operates with servers located in the EU. A data processing agreement is in place. Privacy policy: make.com/en/privacy-policy.
6.3 Web Hosting Provider
Our website is hosted by Laufwerk.it, Südrandstraße 7, 1230 Vienna, Austria. Your data is processed on servers located in Austria. A data processing agreement is in place.
6.4 E-mail Service
E-mails sent to info@bart-event.com are processed via Microsoft 365. Where applicable, standard contractual clauses apply for international transfers.
6.5 Salesforce (Salesforce, Inc.)
We use Salesforce as our customer relationship management (CRM) platform to manage contact records, sponsor relationships, guest lists, and event communications. Personal data processed via Salesforce may include your name, company, e-mail address, and records of our interactions with you.
Salesforce, Inc. is headquartered at 415 Mission Street, San Francisco, CA 94105, USA. As a US-based provider, data may be transferred outside the EEA. Salesforce participates in and complies with EU Standard Contractual Clauses to ensure an adequate level of protection for such transfers. A data processing agreement is in place. Privacy policy: salesforce.com/company/privacy.
6.6 Sponsors
BART is an invitation-only event. Invitations are issued exclusively by event sponsors on a personal, non-transferable basis. Where a sponsor shares your contact details with us in connection with your invitation, they act as a separate data controller for their own processing. We process the data received from sponsors solely for event management purposes. Sponsors are required to have an appropriate legal basis for sharing your data with us.
7. International Data Transfers
Where data is transferred to third countries outside the European Economic Area (EEA), we ensure an adequate level of protection through one or more of the following mechanisms:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission;
- Adequacy decisions issued by the European Commission;
- Binding corporate rules where applicable.
You can request a copy of the relevant safeguards by contacting us at info@bart-event.com.
8. Your Rights Under GDPR and Austrian Law
As a data subject, you have the following rights under GDPR (Arts. 15–22) and the Austrian DSG:
- Right of access (Art. 15 GDPR): You may request confirmation of whether we process your personal data and obtain a copy.
- Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17 GDPR): You may request deletion of your data where no legal obligation requires us to retain it.
- Right to restriction (Art. 18 GDPR): You may request that we restrict processing in certain circumstances.
- Right to data portability (Art. 20 GDPR): You may request your data in a structured, machine-readable format.
- Right to object (Art. 21 GDPR): You may object at any time to processing based on legitimate interests.
- Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with the Austrian Data Protection Authority (Datenschutzbehörde).
To exercise any of your rights, please contact us at info@bart-event.com. We will respond within one month in accordance with Art. 12 GDPR.
Österreichische Datenschutzbehörde
Barichgasse 40–42, 1030 Vienna, Austria
Tel.: +43 1 52 152-0
www.dsb.gv.at
9. Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:
- SSL/TLS encryption for all data transmitted via our website;
- Access controls and authentication measures;
- Regular security reviews of our systems and processors;
- Data minimisation — we collect only what is necessary for the stated purposes.
10. Minors
Our website and event are directed exclusively at professionals in the business aviation industry. We do not knowingly collect personal data from persons under the age of 18. If you believe that a minor has provided us with personal data, please contact us so that we may take appropriate action.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we use. The current version is always available on our website. Where changes are material, we will notify registered event participants by e-mail prior to the change taking effect.
Current version: 1.2 · Effective: 27 April 2026