The data controller is Flylux S.r.l., with registered office in Via Ugo Foscolo 4 — 20121 Milan, VAT number 13194790963, (hereinafter the “Company” or the “Data Controller”).
The Data Controller can be contacted for any information on the processing at the e-mail address: info@flylux.io
For the purposes indicated in this information, the Data Controller will process the data collected automatically while browsing the website www.flylux.io (hereinafter the “Website”), as well as the data that you voluntarily provide to us through the Website.
a) Browsing data
The computer systems and software procedures used to operate the Website may acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the devices used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of checking the correct functioning of the site, to allow the correct provision of the web services and functionalities requested by you, as well as to ascertain any liability in the event of hypothetical computer crimes against the site or third parties. With reference to personal data collected through cookies, we invite you to read our Cookie Policy.
b) Personal data that you voluntarily provide to us
We collect the data that you voluntarily provide us when you make a contact request through the Website, or when registering and activating the account and membership on the Website (e.g., name, surname, mobile phone number, residence/registered office address, tax code, e-mail address, password, etc.), and when you make reservations (e.g. gender, citizenship, identity document, number and expiration date of the identity document, photo of the first page of the identity document, reservations made, data of payment and billing, data relating to the payment method used, etc.), also in relation to other passengers for whom you are making the booking.
Your personal data is acquired or will be acquired directly from you, or by a user who makes the reservation on your behalf.
- Allow correct navigation on the Website, provide the web services and functionalities you request and ensure their proper functioning.
- Manage and respond to your requests for information received through the form on the Website.
- Allow registration on the site by creating an online account and activating the membership.
- Manage your reservations through the Website.
- Comply with legal obligations (e.g. accounting, tax).
- Send newsletters, marketing communications on commercial initiatives and products/services (e-couponing, advertising and promotions) and carry out research on
market, through automated (e.g. e-mail) and traditional (e.g. telephone with operator) contact methods.
- Protect rights during judicial and extrajudicial proceedings.
- Execution of pre-contractual measures taken at your request or of a contract to which you are a party.
- The fulfillment of a legal obligation to which the Data Controller is subject.
- Consent of the interested party. The consent can be revoked at any time without affecting the processing before the revocation.
- Legitimate interest of the Data Controller in the protection of their rights.
- For a period of [●] days, except for any need for the judicial authority to establish crimes.
- For the time necessary to manage and process your request and in any case no later than [3] months from collection.
- As long as you keep your account active.
- For the entire duration of the contractual relationship.
- For the entire duration of the contractual relationship, and then only functional data will be kept
to the fulfillment of legal obligations (civil and tax/accounting) for a maximum period of 10 years starting from the termination of the existing relationship.
- 24 months from the date on which you gave your last consent or until you exercise your right of cancellation or revocation, whichever is earlier.
- In the event that it is necessary to process data for the purpose of protecting rights during judicial and extrajudicial proceedings, the same are kept for the time necessary to ascertain, exercise and defend the rights (i.e. for the entire duration of the pre-litigation phase and litigation, until the deadline for the possibility of appeal actions is exhausted).
Once the storage terms indicated above have elapsed, the data will be deleted
- The provision of personal data processed for the purpose of allowing correct navigation on the Website, providing the requested web services and functionality, as well as checking their correct functioning is necessary. Failure to provide data for this purpose could result in the incorrect functioning of the web services and the impossibility of navigating the site correctly.
- The provision of personal data processed for the purpose of managing and processing the requests for information received is necessary. Failure to provide data for this purpose makes it impossible for the Data Controller to manage and follow up on the requests received.
- The provision of personal data processed for the purpose of allowing registration on the site by creating an online account and activating the membership is necessary. Failure to provide data for this purpose makes it impossible to create an account on our site.
- The provision of personal data processed for the purpose of managing booking requests through the Website and for the fulfillment of legal obligations of the Data Controller is necessary. Failure to provide data for these purposes makes it impossible for the Data Controller to manage and follow up on the requests received.
- It is not necessary to provide your data for marketing and market research purposes, however the consequence, in case of failure to provide it, is the impossibility of sending you promotional and commercial communications, as well as carrying out market surveys. Any lack of consent does not affect in any way the possibility of creating an account on the Website or making reservations.
For the performance of certain processing activities, the data may be communicated to external parties who operate as data controllers or who process personal data on behalf of the Company, as data processors. In particular, personal data may be communicated to the following categories of recipients:
- companies that provide us with hosting and database services;
- companies that provide us with IT services and IT assistance, including the content management system (CMS) service in relation to the Website;
- companies that provide the CRM (Customer Relationship Management) system;
- companies that provide the online payment management and electronic invoicing system;
- companies that provide the service of sending emails related to transactions to users;
- companies that provide external automation services for the management of other applications;
- companies that provide the authentication process management service;
- companies that provide web analytics services;
- air transport carriers;
- handling company;
- consultants and law firms;
- authorities to which the right to access data is granted by legal provisions or regulations (e.g. public security authorities, police forces).
You can request the complete list of recipients of personal data by sending an e-mail to info@flylux.io.
The Company stores data on servers located within the European Union.
If the Company, due to needs related to the headquarters or places of processing of its suppliers, needs to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, the Company undertakes to guarantee adequate levels of protection and protection, even of a contractual nature, according to applicable regulations, including the stipulation of standard contractual clauses, possibly supplemented by additional technical, legal and organizational measures necessary to ensure that the level of protection of personal data is equivalent to that of the European Union.
In the cases provided for, you can exercise, in relation to the processing of your data, the following privacy rights:
- the right to receive confirmation as to whether or not personal data is being processed and the right to know which personal data are being processed and how they are used (right of access);
- the right to request the updating, modification and/or correction of personal data (right to rectification);
- the right to request the cancellation of data (right to be forgotten);
- the right to request the restriction of processing (right of limitation);
- the right to receive a copy of the data in electronic format and request that such data be transmitted to another data controller (right to data portability);
- the right to object to processing where the processing is based on our legitimate interest or in the case of processing carried out for marketing purposes, even based on profiling (right to object).
If you exercise any of the above-mentioned rights, it will be the responsibility of the Data Controller to verify that you are entitled to exercise it and you will receive feedback, as a rule, within one month.
To exercise these rights and obtain further information on the processing of your data, you can contact the Company by writing to the following e-mail address: info@flylux.io
If you believe that the treatments violate the rules relating to the protection of personal data, you have the right to lodge a complaint with the competent Supervisory Authority (in Italy, the Guarantor for the protection of personal data - www.garanteprivacy.it).
