Mystifly (“We”) are committed to protecting your privacy and information security. We have put in place policies and procedures to protect any personal information we collect about you to comply with the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679; and any subsequent amendments. Details of how we collect, use and disseminate your personal data are described here to demonstrate our commitment to protecting your privacy.
Personal data means any information that may be related to an identified or identifiable natural person (the ’data subject’). Personal data includes all types of information that is direct or indirect (i.e., used in conjunction with other data) referable to the data subject, such as name, date of birth, addresses, e-mail addresses, telephone numbers, passport information, frequent flyer information.
Collection of Personal Data
We obtain traveler information from travel agencies, travel suppliers, corporate travel departments, and other travel related companies with whom we have a legal or business relationship. This information includes names, passport information, telephone numbers etc.
We also collect information about you that you share with us when you register with us as a client.
Legal Basis for Processing of Data
We take your privacy seriously and will only use a data subject’s personal information to provide the services requested from us, as detailed in the engagement contract.
We may retain this information for as long as your account is active or as needed to provide services, complying with our legal obligations. Access to personal data is strictly limited to personnel of Mystifly, who have appropriate authorization and a clear business need for the data. We will only use this information subject to your instructions, data protection law and our duty of confidentiality. We will not process your personal data further in a manner that is incompatible with these purposes.
We may use personal information held about you in a variety of ways including the following:
- To communicate with you and to carry out our obligations under any contracts entered into between you and us, to provide you with information, products and services that you request from us;
- To provide you with the best possible level of service;
- To notify you about changes to our services;
- To perform billing and accounting functions and other internal business processes;
- To monitor, carry out statistical analysis and benchmarking, provided that in such circumstances it is on an aggregated basis which will not be linked back to you or any living individual;
Disclosure to Third Parties
We will not disclose your data to any third parties except where necessary for the purposes of fulfilling any bookings, purchases or requests that you make using any of our products or through our customer service team. The information thus shared, would be to the extent of making possible the fulfillment of these requests.
When we engage with a third party to process personal information of a data subject, they will be bound by our data privacy policies and will be compliant with GDPR.
The following describes some of the ways in which any personal information may be disclosed:
We do not share, sell, rent or trade personal information with third parties for any promotional purposes.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. These measures include policies, procedures, employee training, physical access control, and technical elements relating to data access controls. In addition, access to your personal information is limited to those employees, agents, and other third parties who have a business need to know. They will process your personal information only upon our instructions and they are subject to a duty of confidentiality.
We regularly audit our security measures and review our security controls against international standards. These audits help us to further improve our security levels.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Cookies and Other Technologies
Our website may contain electronic images known as web beacons (also called single-pixel gifs) that we use to help deliver cookies on our websites and count users who have visited those websites. We also include web beacons in our promotional email messages or newsletters to determine whether you open and act on them.
We generally use all these information in statistical and aggregate formats to assess the effectiveness of our website content and booking application and to better understand your priorities and interests.
When you access our website or utilize any of our booking applications, our servers may record data regarding your device and the network you are using to connect with us, including your IP address. An IP address is a series of numbers which identify your computer, and which are generally assigned when you access the internet.
We may use IP addresses for system administration, investigation of security issues and compiling anonymized data regarding usage of our website and/or mobile applications. We may also link IP addresses to other personal information we hold about you.
International Data Transfers
As part of the services offered to you (on fulfillment of your booking request), the information which you give us may be transferred to countries outside the European Union (“EU”) to our selected vendors. We will take necessary steps to ensure the right security measures are taken so that your privacy rights continue to be protected as outlined in this policy. By submitting the personal data in the booking request, you’re agreeing to the transfer, storing or processing of this data.
If it is necessary to transfer your data to a third party, we will instruct such companies to process your personal data in accordance with all applicable rules and regulations. We will also take any other required measures to ensure that such transfer is lawful.
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. We will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Under certain circumstances, by law, you have the right to:
- Update, modify, delete or obtain a copy of the personal information that we hold on you; or
- Restrict or stop us from using any of the personal information which we hold on you, including by withdrawing any consent you have previously given to the processing of such information; or
- Request a copy of personal information in a suitable format, where any such information has been processed based on your consent or as necessary to perform a contract to which you are a party.
You can request this by contacting the Client Services Manager associated with you.
You can, at any time, opt-out of our Marketing Communications by email by clicking on the unsubscribe link within the marketing emails you receive from us.
If you have any enquiries, comments or complaints about this Notice or our handling of your personal information, please get in touch with your Client Services Manager.