Legal & Policies

1. Information We Collect

Account information: name, email address, and password when you register.

Booking information: passenger names, dates of birth, passport/ID numbers, contact phone number, and billing address collected at checkout.

Payment information: credit/debit card details. Card numbers are processed directly by our payment processor and are never stored on our servers.

Usage data: IP address, browser type, pages visited, search queries, and device information collected automatically when you use our website.

Location data: approximate location inferred from your IP address to personalise flight search results (e.g., nearest airport). We do not access precise GPS location.

2. How We Use Your Information

• Process and confirm flight bookings on your behalf.
• Send booking confirmation, itinerary, and e-ticket emails.
• Notify you of flight schedule changes, cancellations, or status updates.
• Verify your identity and prevent fraud.
• Personalise your experience (e.g., show flights from your nearest airport).
• Improve our platform through analytics.
• Comply with legal obligations.

3. Sharing Your Information

We share your personal data only as necessary:

• Duffel Technologies Ltd — our flight booking technology provider. Passenger data (names, dates of birth, passport details) is transmitted to Duffel and onward to airlines to complete your booking.
• Airlines — your booking details are shared with the operating carrier as required to issue your ticket.
• Payment processor — billing details are shared with our payment processor to complete your transaction.
• Internal PostgreSQL Database — our secure database infrastructure stores your account and booking data safely.
• Legal obligations — we may disclose information if required by law or court order.

We do not sell, rent, or share your personal information with third parties for marketing purposes.

4. Legal Basis for Processing (EU/UK Users)

If you are located in the European Union or United Kingdom, we process your personal data under the following legal bases (GDPR Art. 6):

• Contract performance — processing your booking information, passenger details, and payment to fulfil your flight booking contract.
• Legitimate interests — fraud prevention, security monitoring, and improving our platform.
• Legal obligation — retaining financial records as required by applicable law.
• Consent — analytics cookies and marketing communications (where you have opted in). You may withdraw consent at any time.

5. Data Retention

We retain your personal data for as long as your account is active and for up to 24 months after account closure or last activity, unless a longer retention period is required by law (e.g., financial records).

6. Your Rights

You have the following rights regarding your personal data:

• Access — obtain a copy of the personal data we hold about you.
• Rectification — correct inaccurate or incomplete data.
• Erasure ("right to be forgotten") — request deletion of your data, subject to legal obligations.
• Restriction of processing — ask us to limit how we use your data in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.
• Object — object to processing based on legitimate interests or for direct marketing.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, email [email protected]. We will respond within 30 days (one calendar month as required under GDPR).

EU/UK residents also have the right to lodge a complaint with your national data protection authority (DPA). A list of EU DPAs is available at edpb.europa.eu. UK residents may contact the ICO.

7. California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following additional rights:

• Right to know — request disclosure of the categories and specific pieces of personal information we collect, use, and share.
• Right to delete — request deletion of personal information we have collected from you (subject to exceptions).
• Right to correct — request correction of inaccurate personal information.
• Right to opt-out of sale/sharing — we do not sell or share your personal information for cross-context behavioural advertising.
• Right to non-discrimination — we will not discriminate against you for exercising any CCPA rights.

To submit a CCPA request, email [email protected] with the subject line "CCPA Request." We will respond within 45 days.

8. Cookies

We use cookies and similar technologies to operate our website, remember your preferences, and analyse traffic. Please see our Cookie Policy for full details.

9. Security

We use industry-standard security measures including HTTPS encryption, hashed passwords, and access controls to protect your data. However, no method of transmission over the internet is 100% secure and we cannot guarantee absolute security.

10. Children's Privacy

Our Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe we have collected data from a child, please contact us and we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries outside your own, including the United States and the United Kingdom (where Duffel is headquartered). Transfers are carried out using appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring your data receives an equivalent level of protection wherever it is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on our website. The "Last updated" date at the top reflects the most recent revision.

13. Contact Us

For privacy-related questions or requests, contact:
[email protected]
palapavibez.com