As the policy is in a layered format, you can re-route to the particular areas set out below with just a click. For better clarification about the meaning of some of the terms mentioned in this policy document, please check the Glossary at the end.
- Important information about who we are
- Ways we use to collect your data
- How is your personal data collected?
- Ways we use your personal data
- Disclosures of your personal data
- International transfers
- Data retention
- Data security
- Your legal rights
1. IMPORTANT INFORMATION AND WHO WE ARE
PURPOSE OF THIS PRIVACY NOTICE
Full name of legal entity: MyFlightPal
Email address: firstname.lastname@example.org
Postal address: 85
GREAT PORTLAND STREET
Telephone number: 0203-034-0247
In case of any concern regarding our usage of your personal data, you may send a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority accountable to protect and manage the data, and address issues related to it (www.ico.org.uk). We, although, would like to deal with your issues and address them before you contact the ICO. So if you have any concern, please contact us first.
DATA WE COLLECT ABOUT OUR CUSTOMERS
The definition of personal information explains that any data about an individual with which we, as a service provider, can identify that individual. It does not comprise the identity in case it has been removed which is called anonymous data. We gather, store, use and transfer personal data which has been grouped as follows:
- Identity Data has information including a username, first name, last name along with the passport number, title, marital status, gender and date of birth. To get all this information, we may need your passport’s copy.
- Contact Data has details that comprise your delivery address, billing address, email address and contact number.
- All the Financial Data has information including payment card and bank account details. Payments are made via WorldPay and we do not retrieve your financial details.
- Transaction Data comprise payments details and other data of the services purchased from us.
- Technical Data includes login data, IP address and the type of browser with the version, operating system, time zone setting and location and other technologies on the device used by you to access this website.
- Profile Data comprise username and password, your preferences, interests, feedback and survey responses.
- Usage Data has information regarding your website use and services.
- Marketing and Communications Data includes information about your communication and receiving marketing preferences.
We gather, use and share Aggregated Data such as demographic or statistical data for marketing and other purposes. Aggregated Data is normally obtained from personal data which is not considered personal data as according to the law, it does not reveal your identity. For example, we may have your Usage Data and from that, we are capable of calculating the percentage of users using a specific website feature. But if we accumulate personal data and Aggregated Data, and try to identify you, then it will be treated as the combined data including your personal data which will be used in this privacy notice.
Under Special Categories of Personal Data, we gather the relevant details to serve you with the services that you purchase with us. These services include crucial information about your dietary requirements, health or any requirement for special medical support (e.g. wheelchairs or oxygen). Additionally, we may also need a clearance prescription from your doctor to travel with a medical condition which includes pregnancy for more than 28 weeks. In spite of that, we do not gather any data about your ethnicity or race, sexual life, religion, or orientation, political opinions etc.
IF YOU FAIL TO SHARE YOUR PERSONAL DATA WITH US
By law, if we need to gather your personal data to complete your booking request and due to any reason, you fail to provide it, we may not be held accountable for our inability to provide our services or to offer you with your requested bookings. However, you will be notified in this particular case about your request being cancelled by us at that point in time.
3. HOW IS PERSONAL DATA COLLECTED?
Various methods are used to gather data from you, which includes:
- Direct interactions: You give us your Name, Contact and Financial Details while you fill in forms with us by post, phone, email or otherwise including:
- Services booked through us;
- Account creation on the website;
- Sign up or subscribe with us;
- Request marketing e-mailers to be sent; or
- Give us some feedback
We share your data about the requirements and travel arrangements from third-party suppliers. This is needed to co-ordinate with flights booked directly with the airline.
• When you use our website, your Technical Data including actions on the site, your browsing device and patterns are automatically collected by us with the help of cookies and similar technologies about which you can read in our updated Cookies Policy. If you visit other websites using our cookies, we get your Technical Data.
• Third-party or publicly available sources. We at MyFlightPal may attain your personal data from third parties, as set out below:
• Technical Data:
(a) analytics [such as Google];
(b) advertising networks; and
(c) search information providers
• Financial, Contact and Transaction Data from delivery and payment services such as WorldPay
When you book on behalf of someone else through MyFlightPal, we ask for travel preferences along with personal information of everyone whose booking is being made. Before sharing these details with us, you should ask for their consent and only after that share that information and preferences with us. If they feel like deleting or modifying their information, they can directly contact us otherwise their data will be accessible through your account only.
4. HOW WE USE YOUR PERSONAL DATA
Based on the law, we are permitted to process your personal information. However, we use your personal data only if the law allows us to do so. We use your personal details in the below-mentioned cases:
Legitimate interest refers to our interest in conducting and managing our business, enabling us to give you excellent service and secure experience. Before using and processing your personal data, we try and balance any potential impact on you and your rights. Although, we make sure your personal details are not used by us for our interests that are overridden by the impact on you (unless we have your permission). You can collect further details about how we evaluate our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance Of Contract
This means in order to process your data to perform and deliver your service to which you are a party or to take steps to fulfil your request before entering into such a contract. Comply with a regulatory or legal obligation intends at processing your personal information where necessary that we are subject to.
We do not rely on a permission only as a legal basis to process your personal details other than sending you third-party direct marketing communications via emails. If you do not want to receive that, you must withdraw the permission to market at any time by contacting us on the given details.
The below-mentioned are the ways we plan to utilize your personal data. Under the same, we have listed our legitimate interests for your details. We process your personal information for more than lawful grounds depending on the purpose of data use.
Type of data
Lawful basis for data processing including legitimate interest
New customer registration
Complete the requested services with you
To complete your travel booking including:
Managing payments, fees and charges
Providing you with information such as status updates about the service you have booked through us
Sharing booking information with suppliers so that they can fulfil your booking
Collecting any payments that you owe us
(e) Marketing and Communications
(a) Complete the requested services
(b) Necessary for legitimate interests or to recover due payments
Customer relationship management including:
(b) Asking you to write a service review
(d) Marketing and Communications
(a) Complete the requested services
(b) Necessary to comply with but under a legal obligation
(c) Necessary under legitimate interests to keep our data updated and insights on how customers use our services.
To protect our business or the website (which includes troubleshooting, data analysis, testing, system maintenance, support, data hosting)
(a) Necessary for our legitimate interests to run our business, network security, fraud prevention
(b) Necessary to comply with under a legal obligation
Deliver website content and advertisements to customers and to measure or understand the effectiveness of the served advertisement
(e) Marketing and Communications
Necessary for legitimate interests to know how the customers use our services, to grow the business and to enhance our marketing strategy
Use data analytics to improve our website, services, marketing, customer relationships
Necessary for legitimate interests to define types of customers, to keep the website updated and relevant, business development
Suggestions and recommendations about services of your interest
Necessary for our legitimate interests to develop our services and business growth
We give you the choice concerning personal data uses, specifically for advertising and marketing. We at MyFlightPal let you make the decision what marketing material you wish to receive from us or if you want to opt-out of receiving it.
PROMOTIONAL OFFERS FROM US
We utilize your usage, name, contact and profile data. All this data collection is used to create a view and decide what you want, need or what is your interest. With this important data, we decide the offers and services that may be necessary for you. We send marketing communications you have asked details from us or information about the booked travel services on the details you shared with us. In these cases, you have accepted of receiving our marketing emails.
We will get an opt-in permit and only after receiving it, we share your personal information with any company outside the MyFlightPal for any purpose.
To opt-out of receiving our updated emails, you can ask us or the third-party to stop sending emails by logging into the website and changing your marketing preferences. This can also be done by contacting us on the provided information.
When you opt-out to receiving marketing messages, the same will not apply to personal details that we receive to make a booking or any other transactions.
CHANGE OF PURPOSE
We use your personal information for the reasons we reasonably consider that we require it or for the purposes similar to the original reasons. In case you need any explanation related to the process for another reason, please feel free to contact us.
In case we use your personal information for an unrelated purpose, we will notify you.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your details with the parties listed below for important reasons:
Internal Third Parties: Companies in the MyFlightPal acting as joint controllers and to provide IT and system administration services or undertake leadership reporting.
External Third Parties
- Travel service provider companies comprising hotel operators, airlines and similar businesses to complete your booking request.
- Data processors or service suppliers which are based out in the United Kingdom, European Economic Area (EEA).
- Specific third parties that are listed in the table in [paragraph 4]
- Third parties to whom we transfer, sell, or merge our assets or our business. We may acquire other businesses or collaborate with them and share your information with their employees.
All the third parties connected with us respect the security of your personal information and to treat it by the law or as mentioned under this policy. We do not permit third parties to use your personal details for any other purpose except the one specified under our instructions.
6. INTERNATIONAL TRANSFERS
We share your personal information within the MyFlightPal. This includes transferring your data outside the EEA.
We ensure that your personal information is safeguarded by us and we follow the same instructions while processing your personal data. They are called “binding corporate rules”. For more details, see European Commission: Binding corporate rules.
Our external third parties such as hotels and airlines are based outside the EEA. They may process your personal details and transfer it outside the EEA. If we transfer your personal data out of the EEA, we make sure that a similar degree of protection is offered and ensures the following safeguards are executed:
• Personal data transfer to countries deemed to offer a sufficient level of protection for personal information by the European Commission.
• If we use service suppliers, we may use the approved use of details by the European Commission. Under this policy, you will get the exact level of protection as it persists in Europe. For any further details, read the European Commission: Model contracts for the transfer of personal information to the third-party countries.
• If we make use of service suppliers of the U.S., we transfer details to them only if they are a part of the Privacy Shield. If yes, they offer a similar level of protection to personal information shared between the U.S. and Europe.
In certain situations, we believe that the transfer is compulsory for our contract with you. For example, if a booking has been made from our side through a service provider outside the EEA or with your consent, which we seek and inform you about the circumstance. In case you require any further details on the particular procedure used by us to transfer your personal information out of the EEA, feel free to contact us.
7. DATA SECURITY
We have sufficient security measures helping in intercepting your personal data from being accidentally accessed or used in an unethical way. We limit our employees and third parties connected with us from accessing and using your personal details by any means. If they actually require your personal data, they utilize it on our instructions and are liable to a duty of confidentiality under this policy. We practise various procedures to deal with breach of the suspected data and notify you in case of any such activity.
8. DATA RETENTION
We keep your personal data for as long as needed. This is done to provide services you requested for, comprising any accounting, legal or reporting requirements. To determine the precise retention period for personal details, the potential risk of harm from unethical usage is considered as the deciding factor for disclosure of your personal data. We make use of your personal details used in previous transactions in order to offer the best possible service when you book with us again. As per the law, we are compelled to keep your basic personal information for six years. After that, you cease the information being customers and this is done completely for tax purposes. In case you do not book with us again for more than six years, your data will be deleted from our servers.
In certain conditions, you are permitted to ask us to delete your details. Sometimes we may anonymize your personal data and use it for statistical or research purposes. In such cases, we use these details without any further notice to you.
9. YOUR LEGAL RIGHTS
Under some situations, you have certain rights under data protection policies concerning your personal data. With this, you may:
Request to access your personal information (generally known as 'data subject access request'). Under this policy, you receive a copy of your personal details we hold and check if we are processing it ethically and according to the laws.
You can ask us to modify or correct your personal data. Under this, you have the complete right to get any inaccurate or incomplete data corrected. We will authenticate the accuracy of the new details and then do the required process.
Request to delete your personal information from our servers. You do not require any reason for the same and ask us to stop processing it.
Note, although we may not be able to act in accordance with your request of deleting your personal details for any legal reasons and we will notify you if applicable, at the time of the request.
When processing your personal information, we bank on a legitimate interest and your specific situation under which you want to question the processing. This objection should have the ground that you think it might impact on your fundamental right or freedom. If you have problems against direct marketing, your right to object can also be accepted. In scenarios like this, we may demonstrate that we have legitimate grounds to process your data.
Also, you may request the processing of your personal data restriction. On the following grounds, you may request us to stop the processing of your personal details: (a) to establish the accuracy of the data; (b) unlawful use of the personal data; (c) to keep hold of the data even if we no longer need it, exercise or defend legal claims; or (d) you have an objection for the use of your personal information but we are needed to verify a legitimate grounds to use it.
You may withdraw your permission any time to process your personal information. Although, this will not affect the authority of any processing carried out before your withdrawal. Your withdrawal may lead to our lack of ability to offer you certain services to you. At the time you withdraw your consent, we will inform you about the same. If you still want to go ahead and practice any of the rights mentioned above, please contact us.
WHAT WE MAY NEED FROM YOU
We request/ask you for specific data to confirm your identity and ensure that you have the right to access your personal data (or any of your rights). For us, this is a security measure to make sure that personal information is not disclosed to any other individual who has no legal rights on it. We will contact you to ask you for further details about your request in order to speed up the response and process.
TIME LIMIT TO RESPOND
We respond to all the legitimate requests within one month of the time from where the request has been initiated. However, it may take longer than a month if your request is complex or you have made multiple requests. In these kinds of cases, we will keep you updated.