Accessibility Tools

PANSA services:

Personal data protection in PANSA

I have the honor to serve as the data protection officer (DPO) at the Polish Air Navigation Services Agency (PANSA). You may contact me on any matters related to the processing of personal data at PANSA, including if you wish to exercise one of your rights.

Below I am providing you with the most important information regarding the protection of personal data at PANSA.

Jakub Wietrzyński
PANSA Data Protection Officer

Who is the Controller of your personal data?

The Controller of your personal data is the Polish Air Navigation Services Agency with its headquarters at Wieżowa 8, 02-147 Warsaw.

Why do we need personal data?

PANSA each time before the start of personal data processing activities, identify the purpose, the legal basis for processing, and specify the data retention period. When we are bound by a contract, we process personal data for the purpose of executing the contract or for the purpose of concluding the contract, and we will process the data for at least 6 years after its termination due to the requirements of tax law.

We may also process your data due to legal requirements imposed on us by Polish or European law, e.g. if there is an accident at work at one of our facilities, we will process the personal data of the accident participants due to legal requirements in the area of health and safety at work, and we will process it for the period required by them. There are also times when we process your personal data in our legitimate interests, e.g. to ensure the security of persons and property on PANSA’s premises, in which case we will process your name and ID number. We will make every effort to ensure that you are informed about the purpose of the processing of your personal data, the legal basis for this processing, the data retention period and all other information required by the GDPR – fulfillment of the information obligation.

Information clauses

Information clause – Persons entering the premises and receiving a security pass (PDF)

Information clause – Employee candidates (PDF)

Information clause – Candidates for the ATCO or FIS course (PDF)

Information clause – Persons participating in commercial training (PDF)

Information clause – People buying navigation services (PDF)

Information clause – People buying non-navigation services (PDF)

Information clause – Persons implementing the contract – contractor’s employees (PDF)

Information clause – Persons submitting a complaint or request (PDF)

Information clause – Persons applying for a temporary aerodrome arrangement in the area of a controlled aerodrome (PDF)

Information clause – Persons designated in contracts and agreements (PDF)

Information clause – Entities authorized to procure flexible airspace structures (PDF)

Information clause – People submitting a show using light, balloons, lanterns, sounding the atmosphere, airspace reservation (PDF)

Information clause – Persons declaring their intention to fly in an unmanned aircraft – PANSA UTM (PDF)

Information clause – Contractor (PDF)

Information clause – Contractor – Public Procurement Law (PDF)

What matters does the Personal Data Protection Officer deal with?

The Data Protection Officer has been appointed at PANSA pursuant to Article 37 of GDPR. The Data Protection Officer verifies the correctness of the processing of personal data in the organization where he has been appointed. As part of his activities, he is also the point of contact for any reports related to possible irregularities in processing. You can therefore turn to the DPO, for example, if you want to exercise one of your rights under the GDPR.

These rights, with the limitations indicated in the GDPR, relate in particular to:

  • the right of access to personal data,
  • the right to rectify personal data,
  • the right to erasure of personal data (“right to be forgotten”),
  • the right to restrict processing,
  • the right to portability of personal data,
  • the right to object to further processing,
  • the right to object to automated decision-making, including profiling,
  • the right to notify the occurrence of a breach to the supervisory authority ( – Stawki 2, Warsaw)


What is the procedure for your application?

The application may be submitted through PANSA Employees or directly to the Data Protection Officer. We will process it immediately and respond within one month. if the execution of your request takes more than a month, you will be informed of the extension of the deadline for responding in separate message. Such an extension is possible due to the complexity of the request, or the number of requests submitted. If the request does not allow you to be identified, the Data Protection Officer will make a request to you to supplement it within one month of receipt of the request. If the request is submitted electronically, further correspondence will also be conducted in this form. If the request is obviously unreasonable or frequently repeated, the Personal Data Administrator may:

  • impose a reasonable fee, considering the reasonable administrative costs of recognizing the request, communicating or carrying out the requested operations, or
  • refuse to recognize the request.

How to Contact the Data Protection Officer?

Via e-mail: or in writing to: Data Protection Officer, Wieżowa 8, 02-147 Warszawa.

What are the principles of personal data processing in PANSA?

For the safety, respect and fulfilment reasons of your rights at PANSA, your personal data is:

  • processed lawfully fairly and transparently,
  • collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes,
  • adequate, relevant and limited to what is necessary for the purposes, i.e. data minimization,
  • correct and updated as necessary,
  • kept in a form that allows identification of the data subject for no longer than necessary for the purposes for which the data are processed,
  • processed in a manner that ensures adequate security of personal data: protection against unauthorized or unlawful processing and accidental loss, destruction or damage by means of appropriate technical and organizational measures.


At PANSA, based on the risk assessment process, we have also implemented safeguards that minimize the likelihood of a personal data protection breach. The safeguards we have implemented cover both the area of personal security (e.g., we implement training on personal data protection), physical security (e.g., we store documentation in supervised premises and additionally place them in locked cabinets) and ICT security (e.g., we encrypt the hard drives of our computers).

Will we transfer your data?

As part of the processing activities carried out, your personal data may be transferred to our trusted partners. Recipients of your personal data may include

  • providers of IT systems and services with which the Administrator cooperates,
  • companies providing security services for our facilities,
  • external law firms and consulting companies,
  • other authorized entities upon their documented request,
  • companies providing delivery services,
  • other entities upon documented request.


Data transfer outside the European Economic Area and profiling

As a rule, your personal data will not be transferred outside the European Economic Area and no profiling will take place on the basis of your data.

If you do not find an answer to your questions arising in this information, please contact me via the indicated email address: