FlightConnections

Privacy Policy

Last modified: June, 2019.

Your privacy is important for FlightConnections and an essence to our service. This Privacy Policy explains what information we collect about you and why, what we do with that information, and how we handle that information At FlightConnections, we care about the confidentiality and privacy of your data and are fully committed to protecting it. This is something that will never change. FlightConnections is not in the business of selling or renting your information. FlightConnections shall not sell your personal data to third parties and shall only share it when necessary for the rendering of the FlightConnections service as stated below.

Table of contents

Introduction

Processing of personal data of Users by FlightConnections (as Controller)

Processing of personal data on behalf of Users by FlightConnections (as Data Processor)

Security

Exclusion of the FlightConnections service

Frequently asked questions about privacy

1. Introduction

This Privacy Policy establishes the conditions for the processing of personal data of users (the “User” or “you”) of the FlightConnections service (the “Service”) by FlightConnections (“FlightConnections ” or “we”) as well as the conditions for the processing of personal data by FlightConnections on behalf of Users within the Service.

FlightConnections shall process personal data in accordance with European Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and applicable data protection laws.

2. Processing of personal data of Users by FlightConnections (as Controller)

2.1. This Section explains the processing of personal data of Users by FlightConnections as a controller, that is, when FlightConnections decides about the purposes and means for the processing of the data. This only happens regarding the data of the User used by FlightConnections to render the Service (having an account, invoicing…). This does not include the communications sent by the User through the Service and related-data, which shall only be processed in accordance with Section 3 below.

FlightConnections shall process as controller your personal data to provide you with the Service and to manage and improve the Service, including sending of communications regarding the Service or with information about the Service or FlightConnections.

2.2. Personal data of Users processed by FlightConnections for the above purposes may include contact information, such as name or email address, language preferences, current location for the proper price/currency displaying, payment data, and other personal data provided by the User in the context of the provision of the Service.

2.3. The legal basis for the processing of personal data of Users is the contractual relationship between the Users and FlightConnections for the Service and also the legitimate interest of FlightConnections of informing registered Users about the Service and the company, unless they opt out to receive this information .

2.4. Personal data of the Users will be processed by FlightConnections throughout the term of the contractual relationship for the Service and subsequently for the period during which applicable regulations require such personal data be he held thereafter.

2.5. FlightConnections may share the personal data with third parties, some of which may be located outside of the European Economic Area, only for the provision of the Service and at all times subject to the guarantees and requirements provided by applicable data protection laws.

2.6. The User may at all times exercise his rights to access, rectification, erasure and restriction of processing and data portability as provided in the GDPR and applicable regulations by contacting FlightConnections at Bruggertstraat 1, 7545 AP, Enschede, Netherlands; or, by sending an email to contact@flightconnections.com. The User may also lodge a complaint before the Dutch Data Protection Authority at https://autoriteitpersoonsgegevens.nl/en.

If at any time the User wishes to stop receiving communications regarding FlightConnections or with commercial information about the Service, the User may request so by sending an email to contact@flightconnections.com.

3. Processing of personal data on behalf of Users by FlightConnections (as Data Processor)

3.1. This Section explains the processing of personal data by FlightConnections on behalf of Users, as a data processor, that is, when the purposes and means for the processing of the data are decided by the User and FlightConnections only access the data for the rendering of the Service and on behalf of the User.

The Service may imply the access and processing by FlightConnections of personal data controlled by the User and generated within the Service in relation to each electronic mail sent by the User through the Service (“Accessed Data”). In such cases, FlightConnections shall be deemed as the data processor and shall process such personal data only on behalf of the User and not for its own purposes.

The Accessed Data shall comprise:

Information required to identify You as a FlightConnections member:

Login information: firstname, lastname, email address and password;

Information required to charge You as a FlightConnections member:

Payment information: last 4 digits of the User’s credit card, brand of the User’s credit card, expiration date of the User’s credit card;

Accessed Data is the only information to which FlightConnections shall access to provide the Service.

The processing of the above personal data is only carried out for the provision of the Service within the terms and duration stated in the Service Terms and Conditions .

3.2. Accordingly, FlightConnections shall:

(i) not process the Accessed Data for a purpose other than the provision of the Service requested by the User and shall not transfer such data, not even for their storage, to unauthorized parties;

(ii) process the Accessed Data only on documented instructions from the User; and if FlightConnections is aware that or of the opinion that any instruction given by the User breaches the data protection regulations, FlightConnections shall immediately inform the User;

(iii) notify the User promptly if it becomes aware of any data breach and shall provide full details of the relevant breach;

(iv) ensure that persons authorized to process the Accessed Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

(v) taking into account the nature of the processing, assist the User by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Users’ obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR;

(vi) take all measures required pursuant to Article 32 of the GDPR (Security of Processing);

(vii) assist the User in complying with its obligations pursuant to Articles 32 to 36 of GDPR taking into account the nature of processing and the information available to FlightConnections, including but not limited to, assisting the User with:

(viii) at the choice of the User, delete or return all the Accessed Data to the User after the end of the provision of Service, unless the storing of the data is required by applicable law; and

(ix) make available to the User all information necessary to demonstrate compliance with the obligations laid down in Article 28 of GDPR and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User.

3.3 FlightConnections shall not subcontract third parties for the processing operations which may imply access to the Accessed Data without the authorization of the User.

In this respect, the following sub-processors are deemed as authorized by the User:

HostEurope GmbH: as provider of the hosting of the Service, through servers located in Germany. To view HostEurope GmbH's privacy policy, click here.

Google services: Google Apps, Google Analytics, Webmaster Tools, Google Ad Manager. To view Google's privacy policy, click here. If you do not wish to see any targeted, interest-based advertisements, you can deactivate Google’s use of cookies here. If you do not wish to see any targeted, interest-based advertisements from other providers, you can deactivate their use of cookies here.

Intent: as a provider of personalized shopping experiences and advertising, which uses online identifiers to identify visitors. To view Intent’s privacy policy, click here. To opt out, click here.

Stripe: for the provision of the online payment service. To view Stripe's privacy policy, click here.

3.4. FlightConnections shall guarantee the confidentiality of the Accessed Data, even after the termination of the Service.

3.5. The User is the data controller of the processing of the Accessed Data within the meaning in GDPR. The User is the only one deciding the purposes and means for the processing of Accessed Data, so FlightConnections does not use Accessed Data for its own purposes and only uses them for the rendering of the Service and on behalf of the User. To such extent, the User shall have to comply with applicable obligations under data protection regulations, including relying on an appropriate legal basis for the processing of personal data of the recipients of the emails sent through the Service. The User, and not FlightConnections, shall be solely responsible for the compliance with such obligations.

3.6. The User acknowledges and agrees that the use of the Service and the processing of the Accessed Data as a result of the same is its own free and exclusive decision and has verified that the conditions of the Service and the processing of the Accessed Data are in line with its interests.

4. Security

FlightConnections shall process all personal data in the strictest confidentiality and implement the appropriate technical and organisational measures as required by applicable regulations. We use industry-standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology.

5. Exclusion of the FlightConnections service

5.1. The recipient of an email sent by the User of the Service may be excluded of the monitoring conducted by the User if the recipient selects the checkbox “Opt-out” available on the “User Privacy" section.

5.2. Due to technical limitations, the only way to exclude the recipient of the Service from the Service implies the installing of a cookie from the website mailtrack.io. Therefore, in case the recipient proceeds to delete cookies from his browser, the recipient will be included once again in the Service.

5.3. The aforementioned cookie will only work on the browser used by the recipient to select the exclusion. Therefore, in the event of using a different browser, the recipient will have to carry out the exclusion process on such browser.

6. Frequently asked questions about privacy

6.1. Does FlightConnections sell or rent my personal data?

No, FlightConnections does not sell or rent your personal data.

6.2. Do you need a data privacy agreement?

This Privacy Policy constitutes a binding data processing agreement (DPA) in case you need it.

6.3. Where is my information stored?

Information submitted to FlightConnections will be transferred to, processed, and stored in HostEurope.de server facilities in Germany.

6.4. How can I delete my personal data from the Service?

You can remove your Personal Data from the Service at any time by deleting your account.

6.5. How safe is my credit card information?

Your credit card information is safe. FlightConnections does not have access to your credit card information at any point during the transaction, so we do not store your credit card information. We process every payment via Stripe, certified Level 1 third party payment processing services.