Privacy Policy

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Ravion UG
Sieben-Schwaben-Weg 4
50997 Cologne
Germany

Email: service@ravion.me

We process personal data in particular for the following purposes:

• providing and securing the website,
• responding to email requests,
• submitting, reviewing, and managing cases,
• creating and transmitting settlement proposals,
• communicating with users and, where applicable, involved airlines,
• sending case-related emails and access links,
• complying with legal obligations and protecting legitimate interests.

When you access the website, technically required access data may be processed. This may include IP address, date and time of access, pages accessed, referrer URL, browser type, operating system, amount of data transferred, and server status codes.

This processing serves website delivery, technical stability, error analysis, and security. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest is the secure and functional operation of the website.

Ravion currently uses a simple technical cookie named site_lang to store the language selected by the user. This cookie is required for the requested language function and is not used for advertising or tracking.

When using administrative functions or login areas, additional technically required authentication or session data may be processed. The legal basis is Art. 6(1)(f) GDPR and, where the function is required for contract or case handling, Art. 6(1)(b) GDPR.

If you contact us by email, we process the data you provide, in particular name, email address, message content, time of contact, and technical communication data.

The processing is carried out to handle your request. The legal basis is Art. 6(1)(b) GDPR where the request relates to a contract or pre-contractual steps, and otherwise Art. 6(1)(f) GDPR.

If you submit a case through Ravion, we process the information required to review and handle the case. This may include:

• contact data, especially email address,
• information about the flight, booking, disruption, and claimed amount,
• communication with the airline or other involved parties,
• uploaded documents such as booking confirmations, receipts, letters, or screenshots,
• status data, case numbers, access links, and processing notes,
• assessments, estimates, and settlement proposals.

The processing is carried out to operate the Ravion process, review cases, create and transmit settlement proposals, and communicate about the case. The legal basis is Art. 6(1)(b) GDPR. Where processing is required to prevent misuse, document actions, or protect legal interests, processing is additionally based on Art. 6(1)(f) GDPR.

Personal data is shared only where necessary for the purposes described, where we are legally required to do so, or where you have consented. Recipients may include:

• involved airlines or other opposing parties where this is necessary to review a settlement,
• IT and hosting providers,
• email service providers,
• database and storage providers,
• tax advisers, authorities, or other bodies where legally required.

Ravion uses Supabase for database, authentication, and storage functions. Case data, usage data, access permissions, and uploaded files may be processed in this context.

Ravion uses Resend to send case-related emails. In this context, email address, subject, email content, and technical sending data may be processed.

Where service providers process personal data on our behalf, we conclude data processing agreements where legally required. If data is processed outside the European Union or European Economic Area, this is done only on the basis of appropriate safeguards under the GDPR, in particular adequacy decisions, the EU-US Data Privacy Framework, or standard contractual clauses.

Ravion currently does not use Google Analytics, Google Ads, or comparable marketing tracking services on the website. Fonts integrated by Next.js are provided as part of the application; no direct browser connection to Google Fonts is required when accessing the page.

Ravion may structurally evaluate case information to prepare assessments and settlement proposals. No solely automated decision with legal effect within the meaning of Art. 22 GDPR takes place. Settlement proposals are not binding and may be reviewed, accepted, rejected, or negotiated further by the involved parties.

We store personal data only for as long as necessary for the relevant purposes. Case data is stored for the duration of processing and thereafter for appropriate documentation, evidence, and limitation periods. Statutory retention obligations, in particular commercial and tax law obligations, remain unaffected.

Subject to the GDPR, you have in particular the following rights:

• right of access under Art. 15 GDPR,
• right to rectification under Art. 16 GDPR,
• right to erasure under Art. 17 GDPR,
• right to restriction of processing under Art. 18 GDPR,
• right to data portability under Art. 20 GDPR,
• right to object under Art. 21 GDPR,
• right to withdraw consent with effect for the future.

You can exercise your rights by contacting us at service@ravion.me.

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for North Rhine-Westphalia is the State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia (LDI NRW), Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany.

We take technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure. However, absolute security cannot be guaranteed for internet-based data transmission.

We may update this Privacy Policy if technical, legal, or organisational changes occur. The current version is available on this page.