1 Who is responsible for your personal data
This Privacy Notice explains how Trafundo (“Trafundo”, “we”, “us” or ”our”) collects, uses, shares and otherwise processes your Personal Data in connection with your relationship with us as a Tradunfo’s client, acting for a client or being generally interested in our services and our publications in accordance with applicable data privacy laws and the General Data Protection Regulation 2016/679 (“GDPR”) which is applicable as of 25 May 2018.
We control the ways your Personal Data are collected and the purposes for which we use your Personal Data acting as a “data controller” for the purposes of the GDPR.
2 Personal data we collect about you
When using the term “Personal Data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details, bank details or information on how you interact with us.
We will process your Personal Data if and to the extent applicable law provides a lawful basis for us to do so. Pursuant to article 6 of the GDPR, we will process your Personal Data only:
a) if you have consented to us doing so, or
b) if we need it to perform the contract we have entered into with you, or
c) if we need it to comply with a legal obligation, or
d) if we need to perform a task carried out in the public interest, or
e) if we (or a third party) have a legitimate interest which is not overridden by your interests or fundamental rights and freedoms.
Categories of data we collect
Data category Type
Personal identification data • Name and surname
• Postal and/or e-mail address
• Phone number
• Passport/ID card,
• Date of birth
• Salutation (Mr/Mrs/Ms)
• Travel Details, such as booking code and/or ticket information
Financial Data • Payment account information
Professional information • Job title
• Department and name of organization
Sensitive personal data
Special categories of personal data, personal data relating to children, personal data relating to criminal convictions and offences are considered as sensitive personal data under the GDPR, and are governed by specific rules. In the course of providing our services, we do not foresee processing of sensitive personal data relating to you.
However, in the event we are obliged to process sensitive personal data, we shall provide you all the necessary information as required by the GDPR, such as purposes of processing activities and legal basis for processing. If this is necessary, we shall ask for your explicit consent prior to where processing of sensitive data takes place.
The processing of sensitive data, if any, shall take place in accordance with the provisions of the GDPR.
3 How and why we use your Personal Data
We use your Personal Data for the following purposes:
• To provide our services to you, namely in relation to claim compensation for travel disruptions on behalf of passengers
• To communicate with you and manage our relationship with you
• To personalize and improve your customer experience
• To improve our services, fulfil our administrative purposes and protect our business interests
• To comply with our legal obligations
We will only use your Personal Data for the purposes for which we collected it and which we informed you about, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
4 Your rights in relation to your Personal Data
Under the GDPR you have rights as an individual which you can exercise under certain circumstances in relation to your Personal Data that we hold. These rights are to:
• request access to your Personal Data (commonly known as a “data subject access request”) and request certain information in relation to its processing;
• request rectification of your Personal Data;
• request the erasure of your Personal Data;
• request the restriction of processing of your Personal Data;
• object to the processing of your Personal Data;
• request to transmit your Personal Data to another data controller where the processing of personal data is carried out by automated means (commonly known as a “right to data portability”).
If you want to exercise one of these rights please contact us at firstname.lastname@example.org.
You also have the right to lodge a complaint at any time with the National Commission for Data Protection (“CNPD”), the Luxembourg supervisory authority for data protection issues, or, as the case may be, any other competent supervisory authority of an EU member state.
5 Security of your Personal Data
We are committed to taking appropriate technical and organisational measures to protect your Personal Data against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Your Personal Data is stored in the European Union in electronic and physical form. Any physical documentation is kept under lock and key in a secure location at our premises which are located in the European Union. Copies of this documentation are kept securely. Electronic files that contain Personal Data are stored within a secured IT infrastructure.
You will be informed prior to where your Personal Data is processed using automated means, and will have the ability to restrict this processing activity.
6 Retention period
We will only retain your Personal Data for as long as we need it in order to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements. The retention period of your Personal Data shall not exceed 7 years provided we are not required by law to retain the data for a longer period of time.
In some circumstances we may anonymise your Personal Data so that it can no longer be associated with you, in which case it is no longer considered as Personal Data. Upon expiry of the applicable retention period we will securely destroy your Personal Data in accordance with applicable laws and regulations.
7 Sharing your Personal Data
Please note that we may use or disclose Personal Data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process.
In addition, we may disclose Personal Data to other third parties when this is necessary to provide our services to you. Such third parties may be lawyers and travel services providers & operators.
Your personal data may be shared on a case by case basis to entities outside of the EEA in order to fulfill your compensation claim request. Where this is required, your personal data will be processed in line with the applicable data protection law.
You will in general not have to pay a fee to exercise any of your individual rights mentioned in this Privacy Notice. However, we may charge a reasonable fee if your request to exercise your individual rights is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
9 Updates to our Privacy Notice
We reserve the right to update the Privacy Notice at any time, and we will make an updated copy of the Privacy Notice publicly available.
10 Contact information
If you have any concerns or require any further information, please do not hesitate to contact us at email@example.com or send your request to the following address:
Attn. DATA PROTECTION
rue Jean Jaurés 23
Disclaimer Our company complies with all privacy regulations relative to confidentiality. Regarding GDPR, we must inform you of certain facts about your personal data, and you must confirm your agreement, by accepting the initial message that appears the first time you enter our site.
In our form, you will not provide personal data to verify whether you are entitled to an indemnity.
Then, if you decide to file a claim, you must, of course, provide us with some basic information such as the name, email and flight details, your booking code and/or ticket information. Later, you will also be asked to inform us of your bank account’s IBAN so that we can process your refund.
We will keep your data on our servers (all based in the EU) for 7 years to allow an audit by the authorities.
We will only use this data to claim refunds from carriers, and we may also share them with certain courts, lawyers or aeronautical law enforcement agencies. In some cases, we may transfer your file to another company that requests it, in which case you will be notified.
We will never use any personal data for advertising purposes or other purposes not mentioned here.
If you do not agree to these terms, you MUST NOT send us your personal data, which means that you CANNOT submit your claim.
This website complies with all EU privacy laws and requirements relative to user confidentiality.
If you wish to refuse the use and registration of cookies, you must take the necessary measures in the security settings of your web browser to block all cookies from this website and its external suppliers.