The data controller is Flylux S.r.l., with registered office in Via Ugo Foscolo 4 - 20121 Milan, VAT 13194790963, (hereinafter the "Company" or the "Data Controller"). The Data Controller can be contacted for any information about the processing at the e-mail address: info@flylux.io
For the purposes set forth in this policy, the Owner will process data collected automatically while browsing the website www.flylux.io (hereinafter the "Website"), as well as data that you voluntarily provide to us through the Website.
a) BROWSING DATA
The computer systems and software procedures used to operate the Web Site may acquire, in the course of their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the devices used by the users who connect to the Website, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. This data is used for the sole purpose of checking the correct functioning of the site, to allow the correct provision of web services and functions requested by you, as well as to ascertain any responsibility in the event of hypothetical computer crimes to the detriment of the site or third parties. With reference to personal data collected through cookies, we invite you to read our Cookie Policy.
b) PERSONAL DATA THAT YOU VOLUNTARILY PROVIDE TO US
We collect data that you voluntarily provide when you make a contact request through the Website, or when registering and activating your account and membership on the Website (e.g., first name, last name, cell phone number, residential/legal address, social security number, e-mail address, password, etc.), and when you make reservations (e.g., gender, citizenship, ID, ID number and expiration date, photo of the first page of the ID, reservations made, payment and billing information, information about the payment method used, etc.), including in relation to other passengers for whom you make reservations.
Your personal information is acquired or will be acquired directly from you, opresso a user who makes the reservation on your behalf.
- To enable proper navigation on the Web Site, deliver the web services and features you have requested and ensure their proper functioning.
- To manage and respond to your requests for information received through the form on the Web Site. To enable registration on the site by creating an online account and membership activation.
- To manage your reservations through the Web Site. To fulfill legal obligations (e.g. accounting, tax).
- To send newsletters, marketing communications about commercial initiatives and products/services (e-couponing, advertising and promotions) and conduct market research, through automated (e.g. e-mail) and traditional (e.g. telephone with operator) contact methods.
- To protect your rights during judicial and extrajudicial proceedings
- Execution of pre-contractual measures taken at your request or of a contract to which you are a party.
- Fulfillment of a legal obligation to which the Data Controller is subject.
- Consent of the data subject.
- Consent may be revoked at any time without affecting the processing prior to revocation.
- Legitimate interest of the Data Controller in the protection of its rights.
- The provision of personal data processed for the purpose of enabling the correct navigation on the Website, delivering the web services and features requested, as well as monitoring its proper functioning is necessary. Failure to provide data for this purpose could result in the incorrect functioning of web services and the inability to properly navigate the Web Site.
- The provision of personal data processed for the for the purpose of handling and processing requests for information received is necessary. Failure to provide data for this purpose will result in the impossibility for the Data Controller to manage and follow up on the requests received
- The provision of personal data processed for the purpose of enabling registration on the site by creating an online account and activating membership is necessary. Failure to provide data for this purpose will result in the inability to create an account on our site.
- The provision of personal data processed for the purpose of handling booking requests through the Website and for the fulfillment of legal obligations of the Data Controller is necessary. Failure to provide data for these purposes means that it is impossible for the Controller to manage and follow up on the requests received.
- It is not necessary to provide your data for marketing and market research purposes, however, the consequence, in the event of failure to provide it, is the impossibility of sending you promotional and commercial communications, as well as carrying out market surveys. Failure to provide consent will in no way affect your ability to create an account on the Website or make reservations.
In order to carry out certain processing activities, data may be disclosed to external parties who act as data controllers or who process personal data on behalf of the Company as data processors. In particular, personal data may be disclosed to the following categories of recipients:
- Companies that provide us with hosting and database services;companies that provide us with IT services and IT support, including the content management system (CMS) service in relation to the Website;
- companies that provide the CRM (Customer Relationship Management) system;
- companies that provide the online payment management and electronic billing system companies that provide the service of sending transaction related e-mails to users;
- companies that provide external automation services for the management of other applications;
- companies that provide the service of managing the authentication process;
- companies that provide web analytics services;- air transportation carriers; handling companies; consultants and law firms; authorities to which the right to access data is granted by provisions of law or regulations (ex. public security authorities, police forces).
You can request the full list of personal data recipients by sending an e-mail to info@flylux.io.
The Company stores data in servers located within the European Union. Where the Company, due to requirements related to the headquarters or processing locations of its suppliers, needs to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, the Company undertakes to ensure adequate levels of protection and safeguards, including contractual safeguards, in accordance with applicable regulations, including the stipulation of standard contractual clauses, supplemented if necessary by additional technical, legal and organizational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.
In the cases provided, you may exercise the following privacy rights in relation to the processing of your data:
- the right to receive confirmation as to whether or not personal data is being processed and the right to know what personal data is being processed and how it is being used (right of access);
- the right to request that personal data be updated, amended and/or corrected (right of rectification); the right to request that data be erased (right to be forgotten);
- the right to request the restriction of processing (right to restriction);
- the right to receive a copy of the data in electronic format and request that such data be transmitted to another data controller (right to data portability);
- the right to object to processing where the processing is based on our legitimate interest or in the case of processing carried out for marketing purposes, including based on profiling (right to object).
In case you exercise any of the above rights, it will be the responsibility of the Controller to verify that you are entitled to exercise them and you will be acknowledged, as a rule, within one month.
To exercise these rights and obtain further information about the processing of your data, you may contact the Company by writing to the following e-mail address: info@flylux.io
In the event that you believe that processing violates data protection regulations, you have the right to lodge a complaint with the competent Supervisory Authority (in Italy, the Garante per la protezione dei dati personali - www.garanteprivacy.it).
