FlightCash™

PRIVACY POLICY

I. ABOUT THIS DOCUMENT

Salamol International Ltd incorporated as a BVI Business Company on the 21st day of June, 2021, (hereinafter referred to as the "Company", "the Operator", "we", "us" or other similar names) own and manage the flight.cash website (the "Website").

This Privacy Policy is designed to provide you with detailed information about how your personal data is collected, processed, and protected when using our Website. We may update this document periodically, and any changes will be published in the dedicated sections of the Website. We encourage you to review this Privacy Policy regularly to stay informed about how we handle your data.

Please read this Privacy Policy carefully before browsing the Website or providing any personal data to us. It explains how we process your personal data and outlines your rights regarding its protection and management.

This Privacy Policy aims to inform you about:

The processing activities of your personal data as a visitor/user to the Website; and
The personal data processing activities carried out by the Company as part of its operations, as described below.

II. THE MEANING OF CERTAIN TERMS USED IN THIS PRIVACY POLICY

Personal Data refers to any information that directly or indirectly identifies you, particularly by reference to an identifier such as your name, surname, contact details, or other similar information.

Processing means any operation or set of operations performed on personal data or sets of personal data, with or without the use of automated means, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making available, aligning or combining, restricting, erasing, or destroying.

Data Controller refers to the role of the Company in determining the purposes and means of processing your personal data in accordance with this Privacy Policy.

Data Subject is the individual whose personal data is processed by the Company, as outlined in this Privacy Policy.

When we refer to the GDPR, we are referring to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

III. PURPOSES, GROUNDS AND CATEGORIES OF PERSONAL DATA PROCESSED

In the context of your use of the Website, we process your personal data for the following purposes:

3.1. Data processed in the context of the use and ensuring the operation and security of the Website

When you access the Website, certain information is automatically transmitted by the browser on your device to the server hosting our Website, without any action required on your part. This includes:

IP address of your Internet-connected terminal;
The date and time of access;
The name and URL of the file accessed;
The web page/application from which you accessed the Website, if applicable;
The browser you are using, and if relevant, the operating system of your device, as well as the name of your network provider.

In addition, we may process technical or usage data to ensure the proper functionality and security of the Website, optimize its performance, diagnose technical issues, and provide support and maintenance services, where applicable. Such data may include:

Information related to activity on the Website, such as browsing behavior, navigation across displayed sections, and details of access to the Website;
Data derived from the above-mentioned categories, including usage history of the Website's services;
Access logs that will record the actions taken by users on the Website, how to log in to the Website, as well as access credentials.

The Company uses cookies and similar technologies for data processing. For a detailed overview of the cookies used, along with the purpose of processing, storage duration, and third-party providers involved, please refer to our Cookie Policy. We will process this data on the basis of our legitimate interest to ensure the security and proper functioning of the Website (according to Art. 6 para. 1 lit. f) of the GDPR).

3.2. Data processed in the context of your submission of a claim compensation form

If you wish to contact us, and use the contact form provided to you on the Website, you provide and the Company processes the following personal data:

First name;
Last name;
Email address;
Flight details, including departure and arrival airports, airline, flight number, and date;
Information about the disruption, such as the type of disruption (delay, cancellation, or denied boarding) and its duration;
Uploaded documents, such as your boarding pass, e-ticket, and passport or ID copy;
Preferred language for communication;
Information about whether you have contacted the airline directly regarding your claim;
Any additional details you choose to provide about the flight disruption, including comments or notes entered into the form.

We will process this personal data on the basis of the performance of a contract with you, namely the General Terms and Conditions of Use of the Website, which you accept when activating your account on the Website (according to Art. 6 para. 1 lit. b) of the GDPR).

3.3. Data processed in the context of the creation and administration of the account within the Website

To create an account on the Website, the following personal information is required:

Name and surname;
Email address.

In addition, when you register a claim through your account, the data processed within the user account includes:

The history of claims submitted and their current status (e.g., pending, approved, or rejected);
Flight-related information for each claim, such as flight number, date, and airline;
Uploaded documents, including a copy of your identification (e.g., passport or ID) and your boarding pass or e-ticket;
Details of the disruption, including the reason for the claim (e.g., delay, cancellation, or denied boarding) and additional information you may provide.

3.4. Data processed in the context of concluding contracts regarding the services made available on the Website

In the context of processing compensation claims for flight delays, cancellations, or denied boarding, the Company may collect and process additional data necessary for verifying eligibility, managing claims, and fulfilling contractual obligations. This may include the following categories of data:

(i) Login Information

In order to access the free materials, it is necessary to provide the following information:

First name and last name;
Email address;
Account details (e.g., user ID, claim history).

(ii) Flight-related data

This may include:

Detailed flight information (departure and arrival times, airline, flight number, delay duration);
Supporting documents, such as boarding passes, e-tickets, or correspondence with the airline regarding the incident.

(iii) Additional Data for claim verification and processing

This may include:

Information related to your interactions with the airline (e.g., whether you received compensation directly from the airline or any offers made by them);
Bank account details for the transfer of compensation amounts, where applicable;
Any additional information you may voluntarily provide during the claim process (e.g., through correspondence or optional notes fields).

(iv) Data related to the performance of the contract

This may include:

Communications and correspondence regarding the claim process;
Data related to legal representation, if the Company acts on your behalf with the airline;
Records of payments made to or from the Company, including invoices and receipts;
Information necessary for dispute resolution, should it arise (e.g., details of claims rejected by airlines).

We will process this personal data based on the performance of a contract with you, namely the General Terms and Conditions of Use of the Website, which you accept when activating your account on the Website. Additionally, your personal data will be processed under the Assignment Agreement, which you sign to authorize us to act on your behalf in pursuing your compensation claim, as per Art. 6 para. 1 lit. b) of the GDPR. Furthermore, we will process your personal data to comply with legal obligations applicable to the Company, such as the obligation to include mandatory details on invoices or other legal documentation related to the services you purchase, in accordance with Art. 6 para. 1 lit. c) of the GDPR.

3.5. Receiving commercial communications

If you choose to receive commercial communications from us, you may opt to receive emails containing updates, special offers, and information related to flight compensation services. By subscribing, you will also receive our periodic newsletter with useful tips, recommendations, and other relevant content tailored to your interests.

We will process this personal data based on your consent, expressed by ticking the relevant boxes when expressing your choices in connection with the receipt of commercial communications/newsletters (as described above) (according to Art. 6 para. 1 lit. a) of the GDPR).

You can change your mind and withdraw your consent at any time by:

Updating your preferences in the settings of your account on the Website;
Clicking the "unsubscribe" link included in every email you receive from us; or
Contacting us directly at the email address: [email protected].

3.6. Other purposes

We may also process your personal data for the following purposes:

To respond to requests received from authorities, according to the legal obligations we have, pursuant to Art. 6 para. 1 lit. c) of the GDPR.
To settle any disputes, pursuant to Art. 6 para. 1 lit. f) of the GDPR, in order to achieve our legitimate interest in exercising or defending our rights. In this case, we will retain the data according to the applicable statute of limitations.
To carry out anti-fraud checks or other checks on illicit or immoral activities, actions, or attempts to violate the General Terms and Conditions or to defraud the Website, based on our legitimate interest, to protect ourselves and our partners and to ensure the integrity, security, and proper functioning of the Website (Art. 6 para. 1 lit. f) of the GDPR).

IV. RECIPIENTS OF PERSONAL DATA AND TRANSFERS OUTSIDE THE EEA

As part of the processing activities carried out as described above, your personal data may be transferred or disclosed to certain categories of third parties, such as:

Airlines: To submit and process your compensation claims for flight delays, cancellations, or denied boarding.
Legal representatives or partners: To assist with claim verification, legal representation, or dispute resolution in cases where additional support is required.
Payment service providers: To facilitate compensation payouts or refunds, where applicable.
Third-party service providers: Including IT service providers, data storage providers, and communication platforms necessary for the secure and efficient operation of the Website.
Regulatory authorities: Where required, to comply with legal obligations or respond to requests from competent authorities.

All data transfers mentioned above are carried out in compliance with the principles related to the processing of personal data, in particular the principle of minimization of personal data – the Operator transmits to third parties only the personal data that are strictly necessary for the achievement of the aforementioned purposes.

By using this Website, you explicitly consent to the transfer of your personal data outside the European Union (EU) and the European Economic Area (EEA). This includes, but is not limited to, transfers to the jurisdiction of the Company’s headquarters and other countries where our independent contractors or service providers operate.

This consent includes the transfer of any third-party data you provide to us as part of the services. Such transfers are strictly limited to categories of data and recipients necessary to provide the requested services, comply with contracts, or fulfill legal obligations.

Data transfers outside the EU/EEA are conducted under the European Commission's standard contractual clauses or other mechanisms ensuring GDPR compliance.

V. HOW LONG WE KEEP YOUR DATA

Personal data will be processed and retained by the Company only for as long as necessary to fulfill the purposes for which it was collected, in compliance with legal obligations.

5.1. General data retention policy

Messages: Retained for six months after we have responded, unless additional retention is necessary due to legal or business requirements.
Newsletter data: Retained for the duration of your subscription or until you withdraw your consent.
Browsing history: Stored only for the lifetime of the cookie. Details can be found in the Cookie Policy.

5.2. Specific retention periods by data category

Data processed for Website operation and security (3.1): This data is retained for the duration of the browsing session or up to 2 years, depending on the nature of the data and its processing purpose. This includes data collected for technical purposes, such as logs, and data used for ensuring security and functionality of the Website.
Data processed in the context of submitting a claim compensation form for flight delays and cancellations (2.2): Data submitted in connection with a claim, such as flight details, supporting documents, and correspondence, is retained for the duration of the claim's processing. After the claim has been resolved, data will be stored for an additional 3 years to address potential disputes or legal requirements.
Data processed in the context of the creation and administration of the account on the website (3.3): Personal data related to user accounts, including account credentials, preferences, and claim history, is retained for the duration of the account’s existence. After account deletion, data will be retained for an additional 3 years to resolve potential disputes or comply with legal obligations.
Data processed in the context of concluding contracts regarding services provided on the website (3.4): Data collected during the execution of contracts, such as personal and transaction details, is retained for the duration of the contract and for an additional 3 years after the contract's conclusion. In cases where a dispute arises, the data will be retained until the dispute is resolved.
Data related to transactions: Transaction data, including payment details and receipts, is retained for 5 years from the date of the transaction to comply with legal and accounting requirements. If any dispute arises, the data will be retained until the resolution of the conflict.

After the expiry of these deadlines, the personal data are deleted and/or anonymized in the Operator's records/databases.

VI. DATA SECURITY

The Company places the utmost importance on ensuring the protection of your personal data and is committed to safeguarding it throughout all processing activities. To this end, we implement appropriate security measures to ensure a level of security appropriate to the risks associated with the types of data processed and the processing operations performed. These measures aim to maintain the confidentiality, integrity, and availability of your data, as well as to protect it against unauthorized or unlawful processing, and to reduce the risks of accidental loss, alteration, disclosure, or unauthorized access.

Users of the Website who have created an account are responsible for all activities conducted under their account. You must notify us immediately of any unauthorized use of your account or any security breach of which you become aware or reasonably suspect. While we will take reasonable measures to protect your account, we cannot be held liable for any losses you may incur as a result of unauthorized account use unless such use is attributable to the Company.

To protect your personal data, we have adopted robust procedures and advanced technologies, ensuring that all information collected through our Website is handled securely and in accordance with this Privacy Policy and strict data protection standards.

VII. USERS' RIGHTS IN RELATION TO PERSONAL DATA

We respect your rights under applicable data protection laws and are committed to ensuring that you can exercise them regarding the personal information we process about you. These rights include, among others, the right to access, rectify, or delete the personal information we hold about you, the right to object to its processing, the right to withdraw your consent where applicable, and the right to data portability. You also have the right to lodge a complaint with the relevant data protection authority if you have concerns about how we handle your data.

The personal data we request during registration is mandatory unless otherwise stated in the forms as optional. This information is necessary for processing your registration, providing services, and fulfilling our legal obligations. If you choose not to provide this information, we may not be able to offer you our services.

As a data subject, you have specific rights in relation to the personal data we process about you. We will respect your rights and respond to any requests appropriately.

7.1. Right to information

You have the right to receive information regarding the personal data processing operations carried out by the Controller. Compliance with this right by the Controller is achieved through this information.

7.2. Right to withdraw your consent

If you have given your consent to the processing of your personal data, you can withdraw your consent at any time.

7.3. Right of access

You have the right to request and receive confirmation from the Controller regarding whether your personal data is being processed. If such processing is taking place, you are entitled to access the data and receive detailed information about the processing activities.

7.4. Right to rectification

You have the right to request and receive from the Controller the correction of any inaccurate personal data concerning you, as well as the completion of incomplete personal data, without undue delay.

7.5. Right to erasure of data

You have the right to request that we erase the personal data we process about you. We must comply with this request if:

Personal data is no longer necessary for the fulfillment of the purposes for which it was collected;
You object to the processing for reasons related to your situation;
The personal data has been processed unlawfully;
Personal data must be deleted in order to comply with a legal obligation incumbent on us;

Exceptions to this right include situations where data is required for the following purposes:

For the exercise of the right to free expression and information;
To comply with a legal obligation;
For archiving purposes in the public, scientific, historical, or statistical interest;
For the establishment, exercise, or defense of a right in court.

7.6. Right to restriction of processing

You have the right to request that the Controller restricts the processing of your personal data in any of the following cases:

You contest the accuracy of the data being processed. Processing will be restricted for a period that allows the Controller to verify the accuracy of the data.
The processing is unlawful, and you request restriction instead of erasure.
The Controller no longer needs your data, but you require it for the establishment, exercise, or defense of legal claims.
You object to the processing, and processing will be restricted while it is verified whether the Controller’s legitimate grounds override yours.

7.7. Right to data portability

You have the right to receive your personal data that you have provided to us, and where technically feasible, to request that we transmit your data to another organization. This right applies if:

Your data is processed by automated means;
The processing is based on your consent or is necessary for the performance of a contract;
The data is provided to us by you; and
Transmission of your personal data does not have a negative effect on the rights and freedoms of other people.

7.8. Right to object

You may object at any time to the processing of your personal data where it is based on our legitimate interests or those of a third party. If you object, we will stop processing your data unless we demonstrate compelling legitimate grounds for processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

To exercise the above rights, you may submit a written request via e-mail at [email protected]. After receiving your request, we will respond free of charge and without undue delay, within 1 month of receiving your request. This period may be extended, in cases justified by the complexity of the application, by an additional period of no more than 2 months.

7.9. Right to lodge a complaint

If you have a complaint about the way we process your personal data, we encourage you to contact us directly so that we can address and resolve your concerns. Alternatively, you also have the right to lodge a complaint with the data protection authority in your country of residence, workplace, or where the alleged infringement occurred.

For users residing in the European Union, you can contact your national data protection authority. A list of data protection authorities for each EU member state, including their contact information, can be found on the official European Data Protection Board (EDPB) website: https://edpb.europa.eu.

Other information

For any questions, requests for clarification, or doubts regarding the aspects included in this information, you can contact us at: [email protected].