Privacy
Policy
Introduction
Who is responsible for your data?
Who is the Data Protection Officer?
Why do we collect your personal data and which
legal basis do we rely on?
Which kind of personal data do we collect?
Who will be the recipients of your personal
data?
How do we protect your personal data?
How can you control the personal data you have
given to us?
Thank you for using our website.
Your trust is important to us and we are committed to protecting the privacy
and security of your personal information.
This document describes how we use
and process your personal data, provided in a readable and transparent manner.
It also tells you how to contact us if you have questions about your personal
data, which we are more than happy to answer.
If you have ever
used us before, you will know that we offer online travel-related services
through our own websites and app, as well as through other online platforms
such as partners’ websites and social media. All the information that follows
applies to all of these platforms. Several platforms, one Privacy Policy.
This Privacy
Policy applies to any kind of information we collect through these platforms or
other means connected to these platforms (e.g. contacting our customer service
team via email or telephone).
We might amend the
Privacy Policy from time to time. Do not hesitate to visit this page regularly
and you will know exactly where you stand. We will note the date that revisions
were last made to this Privacy Policy at the bottom of this page, and any
revisions will take effect upon posting.
If you agree with
our Privacy Policy, then you’re all set to book your next Trip through us.
We share your
personal data within our group companies for internal purposes relating to
management centralization. In particular, we centralize the processing of
personal data through the Spanish subsidiary FRIENDS FLIGHT International
Network, SL, acting as a joint-controller and main establishment for data
protection matters, and has adequate internal policies to ensure that any data
processing carried out in our group of companies is made under the strictest
security requirements and will be processed exclusively for the same purposes
for which the data had been collected, according to the applicable laws.
Data Controllers of the group of
companies have a common Data Protection Officer who watches over all processing
carried out with respect for your privacy and the applicable regulations at all
times.
The Data Protection Officer is at
your disposal to answer all the questions you may have regarding the processing
of your personal data and the exercise of your rights.
Booking. During
the purchase process, we ask you only for the personal data that we need to
provide you with our mediation services to contract travel products. This
includes completing and managing your booking, sending you communications by email,
call or SMS in relation to your booking (e.g. confirmations, modifications and
reminders), allowing us to respond to your queries. Such communications could
be managed by us or by our travel partners. The booking process can be done on
our website, our app, our customer service… We endeavour to show to you the
most relevant travel information and help you in a personalized manner with
your booking and post-booking.
Please bear in mind that the
identification data we use is going to be your email that you introduce in your
booking/account.
Legal basis: This
processing is necessary for the performance of the contract (e.g. to finalize
and manage your booking).
User account. Our users can create a user account on our
websites or apps. We use such information you give us to manage your account
and with the objective to show you the most relevant travel booking and
post-booking experience, allowing you to do a number of useful things. For more
information about any of our services.
Other
services. We may offer
you other travel related services based on our role as a travel agent. This
Privacy Policy shall apply to such data processing based on other travel
related services. During the contracting process, prior or when filling in the
data, we will inform you if there is any specific information that you should
know apart from the one already covered in this Privacy Policy.
Communications with
you. There could be a number of reasons for different kinds of
communications that we process where we get in touch with you:
a. To respond to any query or
request from you or any travel provider and handle it.
b. To contact you in a personalized
manner and help you to finish your booking, if you are still interested, in
case you have not finalized a booking online (as we believe that this
additional service benefits you as it allows you to carry on with a booking
without having to fill in your reservation details again). We also keep it to
recognize you when you visit our website again, in order to improve your user
experience.
c. To invite you to provide a
review of your experience with us or the travel provider, when you use our
services. Please bear in mind that this feedback may be available to other
customers to help them take decision about a product or a service.
d. To inform you how to contact us
if you need assistance while you are away or other information that we feel
might be useful to you in your planning or getting the best of your trip, or
information of upcoming trips or a summary of previous bookings you made with
us.
e. We may need to send you other
administrative messages, which may include security alerts.
Marketing activities. We
use your information for marketing purposes, such as for:
a. To send you regular news of
travel-related products and services, which you can unsubscribe from email
marketing communications easily and at any moment, just by clicking on the
unsubscribe link included in each newsletter or other communication.
b. To show to you individualized
offers on our website, app or third-party platforms (including social media
sites) and the content of the site displayed to you may be personalized. Such
offers can be booked on our site, on co-branded sites, or other third-party
offers or products we think you might find interesting.
c. To administer any promotional
activity where you participate.
When you book with us, we subscribe
you to our newsletters, unless you say otherwise before confirming your
booking. Anyway, remember that you will be able to unsubscribe at any moment.
Customers
polls and surveys. You
may be invited to submit a review on a trip you have booked with us or to take
part in market research. In this last case, we will explain the personal data
collected and how would it be used further.
Call &
chat monitoring. In the
event of contacting our customer services, our staff may ask for
authentications, ensuring that your reservation details are kept confidential.
Not all calls or chats are recorded and recordings are kept for a limited
amount of time and automatically deleted thereafter (unless we have a
legitimate interest to keep such recording for a longer period, including fraud
investigation and legal purposes).
Improving
our services or developing new services. We also use personal data for analytical
purposes. This is part of our drive to enhance the user experience, but can
also be used for testing purposes, troubleshooting and to improve the
functionality and quality of our online travel services. The main goal here is
to optimize our online platform to your needs, making our site easier and more
enjoyable to use. We strive to use pseudonymized or anonymized data for theses
analytical purposes.
Promotion of
a safe and trustworthy service. In order to create a trustworthy environment for you, your fellow
travellers, our business partners and our travel providers, we may use personal
data for the detection and prevention of fraud and other illegal or unwanted
activities, as well as for security purposes (e.g. authentication of users and
bookings). For such purposes, we may have to stop or put on hold certain
bookings.
Legal purposes. Finally,
in certain cases, we may need to use your information to handle and resolve
legal disputes, for regulatory investigations and compliance, to enforce our
Terms or to comply with lawful requests from law enforcement.
Legal basis: This processing relies
on legal obligation compliance.
We do not make automated decisions
based on profiles, beyond the legitimate prevention of fraud on the internet
and the customization of your user experience, marketing and advertising. In
any case, such an automated decision will not produce legal effects or
similarly significantly affects you.
The personal data
that we may collect about you broadly fall into the following categories:
I. Information you give to
us.
a. Personal and contact details
(e.g. full name, email address, telephone number, date of birth…, as necessary)
for enabling the booking, register an account with us, provide services and information,
subscribe to our marketing communications, and/or submit enquiries to us.
Please bear in mind that your email will be your identity data. We will be able
to link your information based on your email.
b. Billing information (e.g. credit
card number, cardholder name and expiration date) to make a payment.
c. Security data (e.g. password)
when you create an account with us.
d. Travel companion details (e.g.
personal information, travel preferences…) when booking, creating an account,
etc. In any case, you should have previously obtained the consent of other
individuals prior to providing us with their personal information and travel
preferences, as any access to view or change their information will be
available only through your account or email.
e. Other information (e.g. travel
marketing preferences, additional information given in a survey, competition or
by chat, email or call, etc.).
II. Information that we
automatically collect from your use of our services.
a. Information from your device
(e.g. IP address, browser type, internet service providers, geographic
location, technical information about the device, the time and duration of
request and visit, the method used to submit the request to the server). When
you visit our websites or app, we may automatically collect certain information
from your device Please note that we may associate this information with your
account.
b. Other technical information such
as how your device has interacted with our website or app (e.g. the pages
accessed and links clicked) or by other means.
We use this information, as well as
the personal data provided defined hereinafter, to analyse traffic, provide you
with social media related services, customize advertising, improve quality and
tailor your searches, to prevent and detect fraud. We will share it (in some
cases with your email in hashed, de-identified form) with third parties; where
some of them, such as payment providers and financial institutions (fraud
detection, prevention or chargeback purposes) could be acting as autonomous
data controllers. If you sign up for our website using your social media
account, link your account on our website to your social media account, or use
certain other social media features of ours, we may access information about
you via that social media provider in accordance with the provider's policies.
The information may include your name, email address, profile picture, gender,
list of friends, and other information that you authorize us to receive.
Some of this information may be collected
by using cookies or similar tracking technology. The processing of the
information collected through cookies is based on a different legal basis (e.g.
they can be necessary to provide our services, based on your consent). For more
information, please check our Cookies Policy.
We may process calls and online
communications for quality control, analytics, staff training and legal dispute
purposes. Any personal information obtained from you during any communication
will be processed in accordance with our Privacy Policy. You can also share
your personal data with us (e.g. your contact or booking details, etc.) for
other purposes (e.g. when using any chat, call-back or other feature in order
to help you to use our website, or with a future or current booking, etc.).
Please bear in mind that, when using a third party's feature, this third party
may act as joint controller or as a processor as per its corresponding privacy
policy.
III.
Information we collect from third parties. We lawfully periodically obtain personal
information about you from business partners and other independent third-party
sources (e.g. contact information such as email, purchase or demographic
information).
In certain circumstances, we will
share your personal data with third parties:
I. Travel
partners (e.g. the
airline which has to issue your ticket and/or operate your flight, the hotel
you have booked, the car rental company you have contracted with us, etc.). In
order to provide you with our services, we need to communicate your personal
data to the Travel Providers involved, in order that they can provide you with
the products or services you have requested, as well as those other parties to
which it is necessary to disclose your personal data in order to provide you
with the requested services in a diligent manner. These third parties will be
operating as autonomous data controllers. Please note that these partners also
may contact you as necessary to obtain additional information about you in
accordance with their own independent privacy policy.
II. Our group
companies may process
your personal information, as previously referred to, for internal purposes
relating to management centralization. In any case, they will follow practices
that are at least as restrictive as the practices described in this Privacy
Policy.
III. Third
party service providers (e.g.
those providing us with IT and hosting services, customer support, analytics,
payment and financial service providers for chargeback, fraud detection,
prevention purposes, etc.) process your personal data on our behalf and under
our instructions for the purposes described hereinabove, acting as data
processors or acting as autonomous data controllers. Where third-party service
providers have access to data they will only collect information as needed to
perform their functions. They are not permitted to share or use the information
for any other incompatible purpose.
IV. Business
partners. Some of our
website or app services could be fully or partially provided by our business
partners and certain personal data that you give us (e.g. name, email address
payment details and other relevant information) will be forwarded to our
Business Partner to finalize and manage the service. The relevant information
may be shared for necessary customer service support or for the purposes
referred to above. As Business Partners will be operating as autonomous data
controllers, their independent privacy policy or a specific version of it that
shall also apply. You may find the link before booking the services.
V. Social
media providers. When
log in with your social media, clicking on a social media “like” button
integrated in our website or app by plugins, or using any social media services
to interact with us, personal data can be shared between us and the social
media providers (e.g. your user names, email address, profile pictures, your
contacts…). As the Social media providers will be operating as autonomous data
controllers, their independent privacy policy shall also apply. Furthermore,
you can manage your privacy settings on your Social media accounts.
VI. Competent
authorities. We
disclose personal data to law enforcement insofar as it is required by law or
is strictly necessary for the prevention, detection or prosecution of criminal
acts and fraud or if we are otherwise legally obliged to do so. We may need to
further disclose personal data to competent authorities to protect and defend
our rights or properties, or the rights and properties of third parties.
VII. Others, with
your consent to the disclosure.
Among other measures (e.g.
protocols, internal policies, awareness, etc.), we can regroup the main
protection actions we take:
I. Security
measures. While no
online service can guarantee absolute security, we implement reasonable
procedures to protect your personal data’s confidentiality, integrity and
availability (e.g. preventing unauthorized access or misuse of your data,
employing technical and physical restrictions for accessing and using personal
data, using firewalls, etc.).
II. Retention
procedures. We will
keep your personal data for as long as we deem it necessary to enable you to
use our services, to provide our services to you, to comply with the applicable
laws, resolve disputes with any parties and otherwise as necessary to allow us
to conduct our business (including, to detect and prevent fraud or other
illegal activities). All personal data we retain will be subject to this
Privacy Policy. If you have any question about a specific retention period for
certain types of personal data we process about you, please contact us.
For instance, if
you provide us with your contact email address, but then you are unable to
finish your booking, we will keep your email address only temporarily and, in
any case, for a maximum period of seven days to help you with the booking if
you are still interested.
III.
International data transfers. Our
servers are located within the European Union. However, to facilitate our
global operations (i.e. by means of third party service providers) the
transmission of personal data to the recipients described above may include
overseas transfers of personal data to countries whose data protection laws are
not as comprehensive as those of the countries within the European Union. In
these situations, as may be required, we make contractual arrangements to
ensure that your personal data is still protected in line with European
standards.
We want you to be in control of how
your personal data is used by us. You can do this in the following ways:
I. Managing your
information. You may access and update some of your
information through your account settings or Customer Services.
II. Rectification of your
information. You have the right to ask us to correct
inaccurate or incomplete personal information about you (and which you cannot
update yourself with your account settings or through our Customer Services).
III. Data access. You
may request information relating your personal data and copies of such data.
IV. Data portability. You
may also be entitled to request copies of your personal information that you
have provided to us in a structured, commonly used, and machine-readable format
where technically feasible.
V. Data erasure. You
may request to have your personal information deleted. We may not be able to
erase it due to the fact that the data processing may be necessary for the
performance of the contract between you and us, for our legitimate business
interests (i.e. fraud prevention, security enhancing), to comply with our legal
obligations (i.e. legal reporting, auditing obligations). In any case, we will
immediately erase it when we can do so.
Because we protect our services
from accidental or malicious loss and destruction, residual copies of your
personal information may not be removed from our backup systems for a limited
period of time (within a week).
VI. Objection and
restriction of processing. You may require us not to
process your personal information for certain specific purposes (including
profiling) where such processing is based on legitimate interest, such as, for
direct marketing. If you object to such processing, we will no longer process
your personal information for these purposes unless we can demonstrate
compelling legitimate grounds for such processing or such processing is
required for the exercise or defence of legal claims.
VII. Withdrawing your consent. If we are processing your personal information based on your consent you may withdraw your consent at any time, specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.