Personal Data — means any information about you as a user of this website, by which you can be identified directly or indirectly.
This website collects and processes personal data taking into account the requirements of international laws and only for the purpose of travel services sale, in compliance with the standard form contract “Terms of Website Use”. We transfer personal data only to reliable partners by means of secure protocol (for example, to international ticket reservation systems). We restrict access to personal data by using login-based authentication and security codes. We store personal data in encrypted form and only for the purpose of the service conventional use, providing the subject of personal data with the right to review, amend, and delete his\her personal data through “My profile” features.
As an individual person, you have no need to establish an account in the system to buy a ticket. In such case the access to your reservation will be limited by a unique alphanumerical code (order’s number), which will be displayed on the order page and reproduced in the letter confirming success reservation. The system limits the number of enter attempts per unit of time to prevent guessing the order number and the name.
If you establish your account in our system, all your reservations (orders) will be bound to this account and displayed in “My profile” area. We will also store data on passengers you entered for you could use the data when generating a new reservation order. No one but you will have access to passengers data saved in “My profile”.
Personal data related to orders are kept in encrypted form. Only you and specialists of our company shall have access to the data. Our specialists use your data for technical purposes only and in order to comply with the carriage terms; use of the data for any other purpose is prohibited by non-disclosure agreement signed by each of our specialists.
We send e-mail and SMS messages only:
- to inform of current status of your order;
- to confirm your e-mail at the registration;
- to change password after registration.
Our system does not receive or store banking cards data. All payments transactions are performed through reliable and certified banking systems or payment gates. We just receive and process a successful result or a failure of payment.
Rights of Personal Data Subject
You are entitled to receive, amend or delete your personal data.
You have the right to request by e-mail or phone:
- one copy of your personal data free of charge;
- detailed information of the companies (reservation systems) including the countries of their location, where your personal data were or shall be transferred to;
- any information related to the purpose and terms of processing, source of your personal data (if it is permitted by the law).
The system processes personal data not with a view to take automated decisions having effect on the order cost, or decisions limiting your rights as the subject of personal data.
The Airline does not provide information at somebody’s request if the requested information relates to third parties. Information on the cost of the carriage made shall be provided only to the carried person or to a person whose minor child was carried (against the child’s ID document).
Information collected and processed by our system
We receive from you the following information:
|Data types||Purpose of use||Transmitted to||Retention period|
|Browser language||To define site language version||Not transmitted||Not stored|
|Browser type||To define specific parameters for correct display of web-site||Transmitted to ticket reservation system if this parameter is mandatory||Kept in logs up to 3 years (only for detection and solution of technical problems)|
|Internet Protocol address (IP)||To determine the nearest to the user departure airport. To limit number of attempts critical for security of operations (protection against fitting password )||Transmitted to ticket reservation system if this parameter is mandatory||Kept in logs up to 3 years (only for detection and solution of technical problems)|
|Search query parameters||For prefilling of search form after the page reload or return to the site||Transmitted to ticket reservation systems for receiving offers (search results)||No longer than a week at the backend and 1 year in customer’s browser|
|Passenger data (when purchase)||To perform booking and ticket issue operations||Transmitted to the Airline’s system and reservation systems||3 months after service rendered (in encrypted form)|
|Passenger data (in My Profile)||To insert data into new orders||Not transmitted||Unlimited, in encrypted form|
|User’s e-mail address (when purchase)||To perform booking and ticket issue operations. To deliver electronic tickets and letters with order status.||Transmitted to the Airline’s system and reservation systems||3 months after service rendered (in encrypted form)|
|User’s telephone number (when purchase)||To perform booking and ticket issue operations. To send SMS with the order status.||Transmitted to the Airline’s system and reservation systems||3 months after service rendered (in encrypted form)|
|User’s e-mail address (when register)||To identify the user. To restore the password.||Into systems of newsletter management in case of the user’s direct consent||Unlimited|
|User password||For authentication||Not transmitted||Unlimited, in hash code form.|
Cookie files are files containing data related to our system and stored at your device. You can manage the stored data at you own and can delete the data at any moment. It is not recommended to deactivate completely functions of cookies as it may adversely affect the available functionality of our system.
We use the cookies files data only for the purpose to make the site more convenient: in the process of authentication (login and password enter) we remember you by the unique session identifier stored in cookies. It allows you not to re-enter the login and password each time when applying to operation which requires authorization.
Data Storage Policy
- Security of personal data is ensured by authentication and authorization.
- Secure access to non-registered customers’ personal data is ensured by unique access codes or identification of customer device (through cookies).
- Employees of companies who have access to personal data are under nondisclosure obligation.
- Personal data are encrypted for transmission and further storage (including in backups), and the data integrity is checked by checksums. Encryption algorithm: symmetric to 256 bit key and random vector.
- Secure storage of passwords (through hash without possibility to retrieve user original password).
- Passwords and access codes to personal data are secured against brute-force search.
- Data loss prevention is arranged through real-time replication system and daily backup.
- All personal data access operations are logged.