Privacy Policy

Data Security & Privacy Policy

Effective Date: February 1, 2021 | Last Updated: March 7, 2025

AirtimeBA and Online Work Solutions (“we,” “us,” “our”) are committed to protecting user data and ensuring compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) (EU) and the California Consumer Privacy Act (CCPA) (USA).

This policy outlines how we collect, store, process, and protect personal data while maintaining user rights and data security.

Data Collection

We collect the following types of data:

Personally Identifiable Information (PII): First name, last name, email address (provided by clients).
Behavioral Data: Verbal behavior observations from meetings (18 behavior behaviors).
Survey Responses: Responses to five Likert-scale questions on professional development.

We do not use cookies, tracking pixels, or behavioral profiling technologies.

Legal Basis for Data Collection (GDPR Compliance)

Legitimate Interest: Data is collected to provide professional development services.
Participant informed consent: Participants provide informed consent before behavioral data is collected.

Data Storage and Processing

Where Is Data Stored?

Hosted on www.airtimeba.net, maintained by Xecu.net (Frederick, MD, USA).
Data backups are stored on Xecu.net’s cloud services and offline encrypted drives.
All data is encrypted at rest and in transit using AES-256 encryption.

Who Has Access?

Owner and Developer: Have access to backend servers via VPN, SSH, and Google Authenticator 2FA.
Consultants and Performance Coaches: Have access to cohort-level and anonymized group data but do not have access to individual participant-level data unless explicitly enabled by the Performance Coach.
Participants: Have access to their own behavior data and individual reports but do not have access to data from other participants.
Clients: Have access only to anonymized and aggregated cohort-level reports; they do not have access to individual participant data unless explicitly agreed upon.

Data Retention and Deletion

Data is retained for up to six months for program evaluation and professional development.
After six months, identifiable participant data is permanently deleted once it has been integrated into anonymized norm data.
Participants may request access to or deletion of their data at any time.

Security Measures

Access Protection: Server access is restricted via SSH, OpenVPN, and two-factor authentication (2FA).
Data Encryption: All stored data is encrypted using AES-256 encryption. Data in transit is protected using TLS 1.2+ encryption.
Data Backups: Weekly SFTP-encrypted backups are stored on encrypted drives.
Third-Party Data Sharing: We do not sell, rent, or share personal data with third parties. Limited access is granted only to essential service providers (e.g., cloud hosting, email delivery).

User Rights (GDPR and CCPA Compliance)

Users may:

Request access to stored personal data.
Request correction of inaccurate data.
Request deletion of personal data once it is no longer needed.
Opt out of data collection under CCPA (for California residents). To make a request, Participants need to inform their Performance coach and the Client.

Data Breach Response

If a data breach occurs:

Users will be notified within 72 hours, in accordance with GDPR Article 33.
Immediate security measures will be taken to prevent further risks.
Affected clients and regulators will be informed, where required by law.

Compliance with GDPR, CCPA, and Other Regulations

GDPR Compliance (EU Users): Users have the right to be forgotten and the right to data portability. Data processing is lawful, fair, and transparent.
CCPA Compliance (California Users): Users can request a full record of their stored data and have the right to opt out of data collection and request deletion.
Other Compliance Considerations: AirtimeBA follows ISO 27001 security frameworks for data protection. Data processing agreements (DPAs) are established with all third-party service providers.

Changes to This Policy

This policy may be updated periodically. Users will be notified at least 14 days in advance of significant changes.

Contact Information

For data privacy concerns or requests, contact: martingross@airtimeba.net (Developer) or andrekotze@airtimeba.com (officer AirtimeBA LLC).

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_9TBCPSC4V4	2 years	This cookie is installed by Google Analytics.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.