Who is responsible for your data?
Who is the Data Protection Officer?
Why do we collect your personal data and which legal basis do we rely on?
Which kind of personal data do we collect?
Who will be the recipients of your personal data?
How do we protect your personal data?
How can you control the personal data you have given to us?
Thank you for using our website. Your trust is important to us and we are committed to protecting the privacy and security of your personal information.
This document describes how we use and process your personal data, provided in a readable and transparent manner. It also tells you how to contact us if you have questions about your personal data, which we are more than happy to answer.
We share your personal data within our group companies for internal purposes relating to management centralization. In particular, we centralize the processing of personal data through the Spanish subsidiary FRIENDS FLIGHT International Network, SL, acting as a joint-controller and main establishment for data protection matters, and has adequate internal policies to ensure that any data processing carried out in our group of companies is made under the strictest security requirements and will be processed exclusively for the same purposes for which the data had been collected, according to the applicable laws.
Data Controllers of the group of companies have a common Data Protection Officer who watches over all processing carried out with respect for your privacy and the applicable regulations at all times.
The Data Protection Officer is at your disposal to answer all the questions you may have regarding the processing of your personal data and the exercise of your rights.
Booking. During the purchase process, we ask you only for the personal data that we need to provide you with our mediation services to contract travel products. This includes completing and managing your booking, sending you communications by email, call or SMS in relation to your booking (e.g. confirmations, modifications and reminders), allowing us to respond to your queries. Such communications could be managed by us or by our travel partners. The booking process can be done on our website, our app, our customer service… We endeavour to show to you the most relevant travel information and help you in a personalized manner with your booking and post-booking.
Please bear in mind that the identification data we use is going to be your email that you introduce in your booking/account.
Legal basis: This processing is necessary for the performance of the contract (e.g. to finalize and manage your booking).
User account. Our users can create a user account on our websites or apps. We use such information you give us to manage your account and with the objective to show you the most relevant travel booking and post-booking experience, allowing you to do a number of useful things. For more information about any of our services.
Communications with you. There could be a number of reasons for different kinds of communications that we process where we get in touch with you:
a. To respond to any query or request from you or any travel provider and handle it.
b. To contact you in a personalized manner and help you to finish your booking, if you are still interested, in case you have not finalized a booking online (as we believe that this additional service benefits you as it allows you to carry on with a booking without having to fill in your reservation details again). We also keep it to recognize you when you visit our website again, in order to improve your user experience.
c. To invite you to provide a review of your experience with us or the travel provider, when you use our services. Please bear in mind that this feedback may be available to other customers to help them take decision about a product or a service.
d. To inform you how to contact us if you need assistance while you are away or other information that we feel might be useful to you in your planning or getting the best of your trip, or information of upcoming trips or a summary of previous bookings you made with us.
e. We may need to send you other administrative messages, which may include security alerts.
Marketing activities. We use your information for marketing purposes, such as for:
a. To send you regular news of travel-related products and services, which you can unsubscribe from email marketing communications easily and at any moment, just by clicking on the unsubscribe link included in each newsletter or other communication.
b. To show to you individualized offers on our website, app or third-party platforms (including social media sites) and the content of the site displayed to you may be personalized. Such offers can be booked on our site, on co-branded sites, or other third-party offers or products we think you might find interesting.
c. To administer any promotional activity where you participate.
When you book with us, we subscribe you to our newsletters, unless you say otherwise before confirming your booking. Anyway, remember that you will be able to unsubscribe at any moment.
Customers polls and surveys. You may be invited to submit a review on a trip you have booked with us or to take part in market research. In this last case, we will explain the personal data collected and how would it be used further.
Call & chat monitoring. In the event of contacting our customer services, our staff may ask for authentications, ensuring that your reservation details are kept confidential. Not all calls or chats are recorded and recordings are kept for a limited amount of time and automatically deleted thereafter (unless we have a legitimate interest to keep such recording for a longer period, including fraud investigation and legal purposes).
Improving our services or developing new services. We also use personal data for analytical purposes. This is part of our drive to enhance the user experience, but can also be used for testing purposes, troubleshooting and to improve the functionality and quality of our online travel services. The main goal here is to optimize our online platform to your needs, making our site easier and more enjoyable to use. We strive to use pseudonymized or anonymized data for theses analytical purposes.
Promotion of a safe and trustworthy service. In order to create a trustworthy environment for you, your fellow travellers, our business partners and our travel providers, we may use personal data for the detection and prevention of fraud and other illegal or unwanted activities, as well as for security purposes (e.g. authentication of users and bookings). For such purposes, we may have to stop or put on hold certain bookings.
Legal purposes. Finally, in certain cases, we may need to use your information to handle and resolve legal disputes, for regulatory investigations and compliance, to enforce our Terms or to comply with lawful requests from law enforcement.
Legal basis: This processing relies on legal obligation compliance.
We do not make automated decisions based on profiles, beyond the legitimate prevention of fraud on the internet and the customization of your user experience, marketing and advertising. In any case, such an automated decision will not produce legal effects or similarly significantly affects you.
The personal data that we may collect about you broadly fall into the following categories:
I. Information you give to us.
a. Personal and contact details (e.g. full name, email address, telephone number, date of birth…, as necessary) for enabling the booking, register an account with us, provide services and information, subscribe to our marketing communications, and/or submit enquiries to us. Please bear in mind that your email will be your identity data. We will be able to link your information based on your email.
b. Billing information (e.g. credit card number, cardholder name and expiration date) to make a payment.
c. Security data (e.g. password) when you create an account with us.
d. Travel companion details (e.g. personal information, travel preferences…) when booking, creating an account, etc. In any case, you should have previously obtained the consent of other individuals prior to providing us with their personal information and travel preferences, as any access to view or change their information will be available only through your account or email.
e. Other information (e.g. travel marketing preferences, additional information given in a survey, competition or by chat, email or call, etc.).
II. Information that we automatically collect from your use of our services.
a. Information from your device (e.g. IP address, browser type, internet service providers, geographic location, technical information about the device, the time and duration of request and visit, the method used to submit the request to the server). When you visit our websites or app, we may automatically collect certain information from your device Please note that we may associate this information with your account.
b. Other technical information such as how your device has interacted with our website or app (e.g. the pages accessed and links clicked) or by other means.
We use this information, as well as the personal data provided defined hereinafter, to analyse traffic, provide you with social media related services, customize advertising, improve quality and tailor your searches, to prevent and detect fraud. We will share it (in some cases with your email in hashed, de-identified form) with third parties; where some of them, such as payment providers and financial institutions (fraud detection, prevention or chargeback purposes) could be acting as autonomous data controllers. If you sign up for our website using your social media account, link your account on our website to your social media account, or use certain other social media features of ours, we may access information about you via that social media provider in accordance with the provider's policies. The information may include your name, email address, profile picture, gender, list of friends, and other information that you authorize us to receive.
Some of this information may be collected by using cookies or similar tracking technology. The processing of the information collected through cookies is based on a different legal basis (e.g. they can be necessary to provide our services, based on your consent). For more information, please check our Cookies Policy.
III. Information we collect from third parties. We lawfully periodically obtain personal information about you from business partners and other independent third-party sources (e.g. contact information such as email, purchase or demographic information).
In certain circumstances, we will share your personal data with third parties:
III. Third party service providers (e.g. those providing us with IT and hosting services, customer support, analytics, payment and financial service providers for chargeback, fraud detection, prevention purposes, etc.) process your personal data on our behalf and under our instructions for the purposes described hereinabove, acting as data processors or acting as autonomous data controllers. Where third-party service providers have access to data they will only collect information as needed to perform their functions. They are not permitted to share or use the information for any other incompatible purpose.
VI. Competent authorities. We disclose personal data to law enforcement insofar as it is required by law or is strictly necessary for the prevention, detection or prosecution of criminal acts and fraud or if we are otherwise legally obliged to do so. We may need to further disclose personal data to competent authorities to protect and defend our rights or properties, or the rights and properties of third parties.
VII. Others, with your consent to the disclosure.
Among other measures (e.g. protocols, internal policies, awareness, etc.), we can regroup the main protection actions we take:
I. Security measures. While no online service can guarantee absolute security, we implement reasonable procedures to protect your personal data’s confidentiality, integrity and availability (e.g. preventing unauthorized access or misuse of your data, employing technical and physical restrictions for accessing and using personal data, using firewalls, etc.).
For instance, if you provide us with your contact email address, but then you are unable to finish your booking, we will keep your email address only temporarily and, in any case, for a maximum period of seven days to help you with the booking if you are still interested.
III. International data transfers. Our servers are located within the European Union. However, to facilitate our global operations (i.e. by means of third party service providers) the transmission of personal data to the recipients described above may include overseas transfers of personal data to countries whose data protection laws are not as comprehensive as those of the countries within the European Union. In these situations, as may be required, we make contractual arrangements to ensure that your personal data is still protected in line with European standards.
We want you to be in control of how your personal data is used by us. You can do this in the following ways:
I. Managing your information. You may access and update some of your information through your account settings or Customer Services.
II. Rectification of your information. You have the right to ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself with your account settings or through our Customer Services).
III. Data access. You may request information relating your personal data and copies of such data.
IV. Data portability. You may also be entitled to request copies of your personal information that you have provided to us in a structured, commonly used, and machine-readable format where technically feasible.
V. Data erasure. You may request to have your personal information deleted. We may not be able to erase it due to the fact that the data processing may be necessary for the performance of the contract between you and us, for our legitimate business interests (i.e. fraud prevention, security enhancing), to comply with our legal obligations (i.e. legal reporting, auditing obligations). In any case, we will immediately erase it when we can do so.
Because we protect our services from accidental or malicious loss and destruction, residual copies of your personal information may not be removed from our backup systems for a limited period of time (within a week).
VI. Objection and restriction of processing. You may require us not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest, such as, for direct marketing. If you object to such processing, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the exercise or defence of legal claims.
VII. Withdrawing your consent. If we are processing your personal information based on your consent you may withdraw your consent at any time, specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.