Privacy Policy
Privacy Policy constitutes an annex to the Terms of Service. The terms
3) the controller no longer needs the personal data for the purposes of the processing, but they are required
by the User for the establishment, exercise or defense of legal claims;
4) the User has objected to processing (pursuant to Article 21 paragraph 1) pending the verification whether
the legitimate grounds of the controller override those of the User.
If the User requests restriction of processing of personal data, Airly will refrain from processing them without the
consent of the User, except for storing them or processing them in order to establish, exercise or defend claims,
protect the rights of another natural or legal person, or due to important reasons of public interest of the Union or
a Member State. The User will be informed about this before the restriction of processing is lifted.
The User has the right to object in case of processing of the personal data for the purposes of direct marketing,
including profiling, to the extent that it is related to such direct marketing. After submitting the objection, Airly
will refrain from processing the personal data of the User for direct marketing purposes (including profiling). The
User has the right to submit objections by automated means using technical specifications.
The User has the right to receive in a structured, commonly used and machine-readable format, the personal data
that the User has provided to Airly, as well as the right to transfer his or her personal data to another controller
without interference on Airly's part, if:
1) processing takes place on the basis of the User’s consent or a contract, which performance needs
processing of data; and
2) the processing is carried out by automated means.
Airly is obliged to send the User's data directly to another controller (if it is technically possible) at the User's
The user has the right to withdraw the consent to the processing of personal data at any time, but the withdrawal
does not affect the lawfulness of processing based on consent before its withdrawal.
With regard to the processing of the personal data, the User has the right to lodge a complaint to the President of
the office for the protection of personal data.
What personal data does Airly collect?
In order to create and maintain an account of the User, the following data are collected:
• To create a User account:
o an email address;
o in case of logging in using Facebook: name, surname, photo; e-mail address,
o in case of logging in using Google: name, surname, photo, e-mail address;
o in case of logging in using Github: username, e-mail address.
• Data provided during contacts with Airly (most often first and last name, e-mail address, telephone number);
• Data about current location of a User’s device, allowing Airly to send push notifications about air quality in
the location of a device.
The User's personal data are collected and processed on the basis of the Terms of Service and within the range
provided by the User during the creation of the account.
How long are the personal data stored?
Airly stores personal data from the moment when the User registers the account or when the User starts using other
Services until he or she stops using them. After sending an e-mail requesting to delete an Account or to cease
providing other Services, the permanent removal of data from servers belonging to Airly may last up to 7 business
Exceeding the time limit indicated in the previous sentence is permitted only for the purpose of Airly's performance
of obligations arising from the law, e.g. for accounting purposes in relation to Users who have used paid services
and in order to defend Airly's interests related to, for example, complaints.
Who does Airly transfer personal data to?
Airly transfers the personal data of the Users only to companies which provide Services that enable proper
operation of the Platform:
• MS Outlook, Microsoft 365 (Microsoft Ireland Operations Ltd., Attn: Privacy Officer, Carmenhall Road,
Sandyford, Dublin 18, Ireland) – used to send and receive emails from the User.
• Amazon Web Services (AWS) (address: 410 Terry Ave. North, Seattle, WA, 98109-5210), platform’s
servers hosting operator: collects e-mail addresses provided by the Users during the registration process
of the API User's account and Sensor’s registration data.
• MailChimp: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE Suite 5000, Atlanta, GA
30308 USA: collects e-mail addresses provided by the Users during the registration process of the API
User's account.
Airly informs that the data provided during the registration of the API User’s account is transferred to a third
country - the United States of America. This is caused by the fact that servers belonging to Amazon Web Services
and MailChimp are located in the United States of America. AWS and he MailChimp system ensure the
confidentiality of data transferred to the territory of the United States of America. Moreover, the United States of
America has been recognized as a state that meets high standards in the field of the protection of personal data.
Airly cooperates with Service Providers who meet the requirements specified in the EU-US Privacy Shield
In addition, the following programs are used within the Platform:
• GitHub; address: 88 Colin P Kelly Jr. St, San Francisco, CA 94107, USA: used to verify the API User;
• Fabric, Firebase and Google Analytics by Google LLC; address: Mountain View, California, USA: collects data
about the User's device (such as the hardware model, operating system version and unique device ID, as well as
information about the mobile network, including the telephone number), location information, unique application
number, of which some data, including personal data, are stored in the cache of the User's device or application -
the so-called Cookies.
• Facebook, Inc. 1 Hacker Way (9,606.83 km), 94025 Menlo Park, California, USA collects data such as app name,
app version, the device opt-out setting, the user agent string and the client IP address. It also collects the following
device related metrics: time zone, device OS, device model, carrier, screen size, processor cores, total disk space,
remaining disk space, used to monitor conversions and custom audiences from the website and from the mobile
Cookies and server logs
In order to facilitate the use of the Platform and to monitor its use, the management mechanism uses a technology
called Cookies – data saved by the Platform’s server, a hosting operator Amazon Web Services on the user's
computer or mobile device.
The Platform uses three types of Cookies:
• Session cookies – temporary files, saved on the User’s device until he or she signs out, leaves the website
or shut downs the browser;
• Permanent cookies – saved on the User’s device for the time specified in its parameters or until its
deletion by the User;
• Local storage- stored on the User's device for a definite or indefinite period or until its deletion by the
The Cookies are not used to collect any personal data about the users visiting the Platform.
The User may at any time disable the option of accepting cookies in the settings of his web browser, however, that
might cause malfunctions in the functioning of the Platform.
The links to guides concerning disabling the option of accepting cookies in the most popular browsers are
presented below:
• Chrome
• Firefox
• Safari
• Microsoft Edge
The cookies are used in order to:
• create statistics helping to understand the use of the Platform so as to improve its content;
• maintain the User’s session, thanks to which signing in every time is not required;
• personalize the commercials;
• generate statistics that help in administering the Platform and improve the quality of services offered.
These summaries are consolidated and do not contain data identifying visitors of the Platform. These data
are not disclosed to other persons and entities.
Collected server logs, containing, among others the User's IP address, time of arrival of the request, the first line
of the http request, the http response code, number of bytes sent by the server, information about the user's browser,
information about errors that occurred during the HTTP transaction, information about the type of devices are
stored indefinitely.