Purposes of Processing

When EEA Individuals make a booking, purchase services, or inquire (including conducting searches) through the Website (including desktop and mobile web versions) or contact centers, Fareportal will process EEA Individuals’ personal data for the following purposes:

  • Provide the travel services and products that you have requested (e.g., flight booking, hotel stays, car rentals, provision of ancillary products and services), including generating your PNR and transfer of such PNR and other personal data to other travel suppliers or service providers as needed for travel arrangements or payment processing/refunding;
  • Fraud detection and prevention;
  • Respond to customer inquiries and provide support (e.g. interfacing with contact centers for issue resolution or recommendations based on search history and previous bookings, outbound ‘flight failure’ team calls if there is a booking or purchase checkout issue, submission and resolution of Customer Support Requests via the Customer Support link); and
  • Email direct marketing when you become a Fareportal customer or enter into negotiations for a sale (e.g., actively express an interest in our products and services by significantly completing booking/checkout path or requesting a quote).
Legal Basis of Processing

Fareportal processes EEA Individuals’ personal data (1) in the case of providing travel services or fraud detection and prevention, as necessary for the performance of a contract to which such EEA resident is a party or in order to take steps at the request of such EEA resident prior to entering into a contract, and (2) in the case of responding to customer inquiries/providing support or direct marketing to Fareportal customers (or those who have entered into negotiations for a sale), Fareportal’s legitimate interest in providing such services which, after careful assessment, Fareportal has determined are not overridden by the interests and fundamental rights and freedoms of EEA Individuals since such EEA Individuals expect customer support for their travel plans and are likely interested in other products and services from Fareportal, respectively. EEA Individuals can opt-out of email direct marketing at any time by clicking ‘Unsubscribe’.

PNR Data

A Passenger Name Record (PNR) is the record of your itinerary that is generated after booking through a Website or contact center; it is the primary information submitted by you in order to enjoy our core services. This information is provided by you during the check-out process and passed on to the relevant supplier, such as airline or hotel, in order to enable your reservation. This information includes, as relevant, name, telephone number, email address, mobile number, date of birth, gender, age, payment details, co-traveler details, passport details, accommodation and special meal requests flight or other service details, and/or TSA Known Traveler Number.

Contact Centers

When calling our contact centers, we receive your telephone number (to the extent it has not been blocked or masked on your end, in which case we may request it) and ask for your email address; these are used primarily in case of dropped calls or for confirming details about your bookings or other purchases. However, once you have made a booking or other purchase with us, we will associate such booking or purchase with the telephone number and/or email address provided to us. In such case, our contact center agents will be able to view such booking or purchase history upon next call to better assist you.

We also associate your email address or telephone number when you make bookings or purchases on the Website. Upon calling a contact center, the contact center agent may be able to input the telephone number or email address you provide to them in order to see your previous bookings or purchases on the Website (such as by looking up previous PNR Data associated with such email address or telephone number) in order to provide recommendations or generally better assist you with issues or inquiries.

Right to Object

For more information regarding your data subject rights, such as your right to object, please click here and scroll to the Your Rights and Objecting to Legitimate Interest/Direct Marketing sections, respectively.

Consequences of Not Providing Necessary Information

As stated above, Fareportal relies on the “necessary for performance of a contract” legal basis for provision of travel services and products that you have purchased. All fields during the booking process are considered mandatory and failure to provide such information will result in not being able to make such booking. Further, to the extent such information is inaccurate, please correct it immediately (including by contacting Fareportal customer support) in order to ensure that the validity of your booking or other purchase is not affected.

Categories of Recipients

Given the nature of the travel business, Fareportal will transfer EEA Individuals’ personal data to the following categories of recipients (with examples) located worldwide when fulfilling bookings or other travel services purchased through the Website or contact centers:

Airlines : American Airlines, United Airlines, Delta Airlines, Southwest Airlines
GDS : Amadeus, Sabre
Flight Aggregators : Travelfusion, Pyton, Mystifly, Kiwi, PKFARE
Flight Consolidators : Ezeego1, AERTICKET, Consolid, GM Tours, GTA, PKFARE, Fareportal India PVT, Fareportal Europe LTD
Hotel Aggregators : Hotelbeds Group (HBG), Tourico, GTA, Expedia Affiliate Network, Booking.com, Getaroom
Car Rentals : Enterprise Holdings, AutoEurope,
Credit Card Payment Processors : Chase, Bank of America, American Express, PayPal
Other : Mozio (transfers), CIBT (visa passport services), Viator (activities/tours), Park ‘N Fly (parking), Wayblazer (content personalization)
Automated Decision-making

Fareportal has implemented measures to detect and prevent financial fraud that, for a very small subset of transactions, involve automated decision-making that may result in the rejection of a booking made by such EEA Individual.

There are thousands of transactions on CheapOair websites each day. Approximately 6% of these transactions are put in a queue (based on rules established by Fareportal) for further analysis by an application licensed to Fareportal and hosted on a PCI-compliant server operated by a third party vendor. The application “scores” each transaction for risk using a set of rules created by Fareportal.

Approximately 1% of these transactions are auto-canceled when multiple rules for declining are triggered. The other transactions (approximately 5%) are investigated by our fraud team before being declined or accepted. For example, they may contact the bank, cardholder, etc. and conduct follow-up.

For the 1% of transactions described above, Fareportal allows affected EEA Individuals to request human intervention by Fareportal and provide their point of view by reaching out to feedback@CheapOair.com.

General Privacy Policy

For more information regarding Fareportal’s general privacy and security practices in connection with your personal data (such as retention, storage, and transfer), please click here.