Controller Details

Fareportal Inc. (“Fareportal”), owner and operator of CheapOair.co.uk, is the controller of personal data collected regarding individuals located in the European Economic Area (“EEA Individuals,” “you,” or “your”) through the CheapOair.co.uk website (the “Website”), including both the desktop and mobile web version, and our contact centers. This Privacy Policy describes our general privacy and security practices in connection with your personal data. Throughout your Website experience or when speaking with a contact center agent, you will also receive ‘just-in-time’ notifications (e.g., legal basis for processing, categories of recipients, retention, etc.) at the time personal data is obtained for a particular processing activity, along with a link to this Privacy Policy.

Except as otherwise defined in this Privacy Policy, all terms shall have the same meaning set forth in the European Union General Data Protection Regulation (EU) 2016/679 (the “GDPR”).

Controller’s EU Representative

Fareportal’s representative in the European Union is Duke’s Court Travel, located at Mill House, 216-218 Chiswick High Rd., Chiswick, London W4 1PD, UK.

Data Storage

Fareportal stores EEA Individuals’ personal data within its U.S. data centers.

Data Transfer

Fareportal has a valid certification to the E.U.-U.S. and Swiss-U.S. Privacy Shield that it relies upon, pursuant to Article 46(1) of the GDPR, to import EEA Individuals’ personal data to these data centers for its various processing activities. When transferring such data to Fareportal’s agents (such as Fareportal’s contact centers or service providers) or other controllers (such as airlines, hotel chains, or other suppliers) in countries that have not received an ‘adequacy decision’ by the European Commission, Fareportal ensures that such agents and controllers also commit to upholding the Principles of the Privacy Shield. Fareportal may also rely on appropriate Standard Contractual Clauses with such entities to ensure adequate protection for your personal data.

Please note, however, that transfers of personal data to non-EEA based travel suppliers specifically for the purpose of fulfilling your various bookings or purchases (such as flight, hotel, or car accommodations) will be based on the following derogations in GDPR Article 49, as applicable: (i) for the performance of a contract between the data subject and the controller or the implementation of pre-contractual measures taken at the data subject's request (Article 49)(1)(b)); and/or (ii) for the conclusion or performance of a contract concluded in the interest of the data subject between the controller and another natural or legal person (Article 49)(1)(c)).

Sales and Marketing

More information regarding our sales and associated email marketing activities upon becoming a customer can be found in our ‘Sales Privacy Notice’ here. We provide additional information regarding our other marketing activities through appropriate ‘just-in-time’ notifications.

Retention

We will retain your Personal Information for the periods outlined in our retention policy, unless a longer retention period is required by law (including the establishment, defense, or exercise of potential legal claims). Our data retention policy, including retention of sales data, can be found here.

Information Security

Fareportal has a legitimate interest in ensuring cyber security and detecting possible criminal acts or threats to public security (including to prevent unauthorized access to networks and stopping damage to computers and systems), and employs a variety of technical and organizational measures to do so, which requires processing certain data to fulfill such purposes.

We follow all PCI-DSS requirements and implement additional generally accepted industry standards (e.g., ISO 27001). For example, your credit card information is encrypted using secure socket layer technology (SSL).

Our web servers will also log your requesting IP address, the page requested, request time, referrer information, what URL you came from, browser information, and the status of the request (for example, if a page does not exist, a 404 error code will be returned). Such information is used to help maintain the Website, ensure that our services are available, and prevent malicious or otherwise harmful attacks to our back-end systems.

Governmental Access Requests

Fareportal may be required to disclose personal data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose personal data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

Corporate Restructuring

In the event of a merger, reorganization, dissolution or similar corporate event, or the sale of all or substantially all of our assets, we expect that the information that we have collected, including personal data, would be transferred to the surviving entity in a merger or the acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such personal data as set forth in this Privacy Policy. This Privacy Policy shall be binding upon Fareportal and its legal successors in interest.

Your GDPR Rights

Natural persons have a right to: (i) request access to, correction and/or erasure of their personal data; (ii) object to processing of their personal data; (iii) restrict processing of their personal data; and (iv) request a copy of their personal data, or have a copy thereof sent to another controller, in a structured, commonly used and machine readable format under the right of data portability. These rights may be exercised by contacting feedback@CheapOair.com with the subject line, "GDPR Notice," or our address given below.

Objecting to Legitimate Interest/Direct Marketing

Natural persons may object to personal data processed pursuant to Fareportal’s legitimate interest. In such case, Fareportal will no longer process their personal data unless Fareportal demonstrates appropriate overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. Natural persons also may object at any time to processing of their personal data for direct marketing purposes. In such case, their personal data shall no longer be used for that purpose. In cases of direct marketing, natural persons often will be able to fulfill such rights directly via an ‘Unsubscribe’ link or similar mechanism (e.g., device settings for push notifications), but may always reach out to feedback@CheapOair.com (such as for opting-out of profiling) with the subject line, "GDPR Notice," or our address given below.

Please note that if you opt-out of receiving direct marketing from us, we may still send you important administrative messages via email, from which you cannot opt out (unless an applicable retention schedule or right to erasure request requires deletion of such email address).

Right to Lodge a GDPR Complaint

In accordance with GDPR Article 77, natural persons also have the right to lodge a complaint about Fareportal’s processing of their personal data with a competent supervisory authority, in particular in the member state of their habitual residence or place of work, or where an alleged GDPR infringement took place, as applicable.

Further, as applicable, natural persons may exercise their third-party beneficiary rights under Fareportal’s Standard Contractual Clauses.

Contact details for the EU data protection authorities can be found at:
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Use of Our Services by Minors

Fareportal’s services are not directed to individuals under the age of eighteen (18), and we request that they not provide personal data to Fareportal through any means.

Updates to this Privacy Policy

If, in the future, we intend to process your personal data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately (either within this Privacy Policy or elsewhere), and the “Effective Date” at the top of this page will be updated accordingly.

Contacting Us

If you have any questions regarding our privacy practices, please contact us via email at feedback@CheapOair.com with the subject line, "GDPR Notice," or write to us at:

CheapOair
c/o Fareportal Inc.
135 West 50th Street, Suite 500
New York, NY 10020
Attn: Customer Service/Privacy

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

E.U.-U.S. and Swiss-U.S. Privacy Shield

Note: This E.U.-U.S. and Swiss-U.S. Privacy Shield section applies only to personal information processed pursuant to the Privacy Shield.
Important Notice for Individuals of the European Economic Area and Switzerland Fareportal complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland transferred to the United States pursuant to Privacy Shield. Fareportal has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

Fareportal is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
EU-US and Swiss-US Privacy Shield Complaints In compliance with the EU-US and the Swiss-U.S. Privacy Shield Principles, Fareportal commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to the Privacy Shield Principles. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact Fareportal at feedback@CheapOair.com with the subject line, “Privacy Shield.”

Fareportal has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint. This service is provided free of charge to you.

If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
Onward Transfer to Third Parties Like many businesses, we hire other companies to perform certain business-related services. We may disclose personal information to certain types of third party companies but only to the extent needed to enable them to provide such services. The types of companies that may receive personal information and their functions are: hosting services, technical assistance, database management/back-up services, information security and fraud detection services, analytics and marketing providers, and contact centers. All such third parties function as our agents, performing services at our instruction and on our behalf pursuant to contracts which require they provide at least the same level of privacy protection as is required by this Privacy Policy and implemented by Fareportal. We may also disclose personal information to our affiliates in order to support marketing, sale and delivery of any services.

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Fareportal’s accountability for personal data that it receives under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, Fareportal remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless Fareportal proves that it is not responsible for the event giving rise to the damage.
Opt-In and Opt-Out to Certain Onward Transfers Individuals have the opportunity to opt-out of sharing of their personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. To limit the use and disclosure of your personal information, please submit a written request to feedback@CheapOair.com, with the subject line “Privacy Shield.”

We will not disclose your sensitive personal information to any third party without first obtaining your opt-in consent. You may provide your consent by sending us an email at feedback@CheapOair.com.

In each instance, please allow us a reasonable time to process your response.
Your Privacy Shield Rights Upon request to feedback@CheapOair.com with the subject line, “Privacy Shield,” we will provide you with confirmation as to whether we are processing your personal data pursuant to the Privacy Shield, and have such data communicated to you within a reasonable time. You have the right to access, correct, amend, or delete the personal data processed pursuant to the Privacy Shield where it is inaccurate or has been processed in violation of our privacy disclosures to you. We may require payment of a non-excessive fee to defray our expenses in this regard. Please allow us a reasonable time to respond to your inquiries and requests.
Retention of Personal Information We will retain the personal information processed pursuant to the Privacy Shield in a form that identifies you pursuant to our retention policy above. We may continue processing such personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of our privacy disclosures. After such time periods have expired, we may either delete your personal information or retain it in a form such that it does not identify you personally.
How We Protect Your Information Fareportal takes very seriously the security and privacy of the personal information that it collects pursuant to the Privacy Shield. Accordingly, we will implement reasonable and appropriate security measures to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in processing and the nature of such data, and comply with applicable laws and regulations.