Privacy rules

 

DATA PROTECTION CRITERIA

 

Data protection items are discussed in detail as follows:

 

1. General Information

2. Policies of Use of Personal Data and Cookies

3. Which Personal Data is Collected and Processed?

4. Recording of the Clients' Calls

5. When and Why do We Collect Special Types of Personal Data?

6. Minors

7. How do We Use the Data?

8. What is the Legal Basis for Personal Data Collection?

9. To Whom do We Transfer Personal Data?

10. How Long do We Retain Personal Data?

11. What are Your Rights?

12. Security Measures

13. Marketing

14. Cookies

15. Other Web Page

16. Changes to the Data Protection Terms and Conditions

17. How to Contact Us?

 

1. General Information

 

JSC airline company Transaviabaltika (registry code 15997381, located in Karmelava, Kaunas District, LT-54460, the Republic of Lithuania, hereinafter referred to as the "Air Carrier") applies to its data processing the following data protection terms and conditions (hereinafter Data Protection Terms and Conditions).

 

The tickets buying and sale terms and conditions for buying tickets through the online tickets booking system are prepared in accordance with the Consumer Protection Act, the recommendations of the Estonian and Lithuanian Chambers of Commerce and Industry, the legislation concerning international e-commerce and the Air Carrier's Passenger and Baggage Carriage Rules. As to data protection, the General Data Protection Regulation is followed.

 

Tickets are sold through the web page https://sll.flights/ by using the business name “Saartelennuliinid”.

 

The tickets selling and buying service is organised and provided by the Air Carrier's authorised representative and cooperation partner OÜ Razoone (registry code 11010237, located at Lõõtsa 8, 11415 Tallinn, Estonia, the Republic of Estonia, hereinafter referred to as the “Seller“). The application of selling and buying tickets through the online tickets booking system of the Air Carrier's (at the address https://sll.flights/is managed by OÜ Razoone who is an authorised representative of Transaviabaltika. In the ticketing process and the provision of services also the third parties are involved, whose data are given in item 9.

 

2. Policies of Use of Personal Data and Cookies

 

In the Data Protection Terms and Conditions it is explained how we collect, use, process, transfer and retain personal data. While buying a ticket, it is necessary to tick the box regarding the acceptance of the General Terms and Conditions before paying. If you tick off that you agree with the General Terms and Conditions and start to pay for the booked tickets, you thereby confirm, among other things, that you agree with the Data Protection Terms and Conditions. A detailed description of the Data Protection Terms and Conditions is available at https://sll.flights/andmekaitsetingimused

 

In the case of ordering the service by phone, you are giving us the verbal consent for processing your personal data so that we could offer you the necessary product/service.

 

In the case of ordering from the web page or during a personal meeting, the Seller applies a consent principle for obtaining the client’s consent, i.e. your explicit written consent is asked for a collection of your personal data (e.g. by signing a form or ticking a box).

 

When making a booking on behalf of another person, you are responsible and guarantee that the person whose personal data is presented to the Seller, has allowed their disclosure, is aware of this and agrees with the policies of personal data protection and the use of cookies.

 

3. Which Personal Data is Collected and Processed?

 

In the course of providing a service, we will collect, process and retain personal data needed to provide you with a service. In addition, the collection of data is necessary in order to ensure a safe, smooth, efficient and organised travel experience that is in compliance with the conditions of carriage of passengers by air and the safety and security requirements laid down in legislation.

 

We collect your personal data each time you use the services we provide (including through the Seller or through a representative on behalf of the Seller), order or book tickets through our systems, use our web pages or make a phone call to the Seller's call centre.

 

We collect your personal data when you use our contact forms, book a flight with us, order our products or services, or our newsletter. We also collect information when you participate in a voluntary user survey, give feedback, or participate in campaigns. We record the client's calls and service calls made to the call centre for the provision of better service, including for the resolution of the client's claims. The web pages usage information is collected with the help of cookies, but this is non-personalised electronic information.

 

We collect, use, process and retain the following personal data about you and your travels:

3.1.         number of transactions (number of transactions and record number)

3.2.         sales date (sales date)

3.3.         booking number (reg loc)

3.4.          ticket number (TKNE)

3.5.         price of the flight ticket (payment total)

3.6.         benefits information (Pax type)

3.7.         gender identity by title (title)

3.8.         first name (first name)

3.9.         last name (last name)

3.10.      flight origin (org)

3.11.      flight destination (dst)

3.12.      flight number (flight)

3.13.      departure date (departure date)

3.14.      e-mail

3.15.      mobile phone number (mobile number)

3.16.      country of residence (country)

3.17.      information about the fact of payment (payment status)

3.18.      invoice number (invoice number)

3.19.      payment solution option details* (payment by)

3.20.      booking status (booking status)

3.21.      the fact of calling to the call centre and the call recording

3.22.      for travellers with a travel fare concession, the date of birth for verification of the age benefits validity

 

* in the case of a bank link on the payment solution page Maksekeskus AS. The cash payment means a ticket is bought from the Seller's agent. As a rule, the Seller does not process or store any other information about the data of the payment solution option. A limited number of data may be obtained from the payment intermediary on the basis of a special request, but the Seller does not process or collect these data each time. The limited number of data, which may be received from Makesekeskus AS includes the name of the person, the fact of making the payment, the amount of payment, the date and the booking number and when paying with credit card the two (2) last digits of the person's payment card. As to the rest, the person's payment card data are hidden.

 

The above-mentioned data you disclose must be relevant, accurate and complete. This is necessary to observe obligations stipulated by the security and safety legislation. If you need to make any changes to the data presented in the list above, please contact the Seller OÜ Razoone at the contact details below, which are listed in item 17.

 

4. Recording of the Clients' Calls

 

A call means your call to OÜ Razoone Customer Service Centre and it is an electronic set of recorded voice calls. Service calls made to the Customer Service Centre are recorded for ensuring better service and, if necessary, for the purposes of information collection, specified in item 7, including for resolving your claims.

 

4.1.    You will be notified about the recording of the call at the beginning of the call.

4.2.    We guarantee that the recording will not be accessible to any person who does not have the right to gain access to the recording.

4.3.    When processing and handling the recording, we guarantee the retention of integrity, confidentiality and authenticity of the origin of the data by the processor of the recording.

4.4.    You have the right to decline the recording of the call at any time by terminating the service call.

4.5.    In the case of legitimate interest, you will be guaranteed access to the recording.

4.6.    In order to obtain access to the recording, you must submit a request to the contacts listed in item 17. The request must include the time of the recording.

4.7.    We reserve the right to refuse the data subject's request and deny the access to the recording unless it is possible to re-submit to the data subject the data collected about them without damaging the interests of other persons.

4.8.    We provide access to the recording in our office after identification of the person on the basis of an identity document. Granting access to the person is registered.

4.9.    The recording is retained for 2 months. After the retention period of the recording has expired, the recording is deleted automatically.

 

 

5. When and Why do We Collect Special Types of Personal Data?

 

Special types of personal data are the data about racial or ethnic origin, political views, religious or philosophical beliefs, or trade-union membership, genetic data, biometric data used for unique identification of a person, health data and the data concerning the private life of a person.

 

As a rule, we do not process the special types of personal data. This is only necessary on the basis of a specific request of a person if:

5.1.         you have requested specific medical care from us and/or the airport operator, such as a wheelchair or an oxygen mask,

5.2.         you have otherwise provided such information to us or to a third person (such as the tour operator via who you made the booking),

5.3.         you may have made other requests related to your travel. which may indicate or imply your religious beliefs or health status, e.g. you have ordered specific food.

 

By submitting personal data, which are or may imply special types of personal data, you agree that we may collect, use, share with third persons and transfer such personal data according to the Policies of Use of Personal Data and Cookies within the European Union and the European Economic Area, and outside, subject to the terms and conditions provided for in the General Regulation on Data Protection.

 

 

6. Minors

 

The Seller cannot identify the age of the persons visiting and using our web pages unless it is requested in order to verify the validity of the travel fare concession. If a minor (under applicable law) has presented us personal data without the consent of a parent or guardian, the parent or guardian must contact us to remove and delete such personal data.

 

 

7. How do We Use the Data?

 

In general, we collect personal data directly from you or your authorised agents (i.e. the persons whom you have authorised), from third persons (i.e. your tour operator or service provider) and other channels, including our ticket offices and the data of airport services.

 

The purposes of information collection include:

7.1.         provision of services to you, such as transactions processing (making a booking),

7.2.         provision of technical assistance,

7.3.         assisting you with the transaction,

7.4.         sending flight information,

7.5.         facilitation of check-in through the web page and by means of an appropriate device at the airport,

7.6.         provision of customised services and responding to your inquiry or request,

7.7.         provision of the airport services, such as information processing for connecting flights,

7.8.         performance of airport activities and handling inquiries of customs and immigration authorities,

7.9.         provision of luggage services, such as processing any luggage inquiry, including claims of damaged or lost luggage,

7.10.      provision of in-flight catering and other services that meet your preferences and needs in the best way (with reference to which we may have got information during communication with you),

7.11.      marketing and communication aimed at you, regarding the products and services offered by the Seller or an authorised representative,

7.12.      for communication of information and news and other business activities related to the provision of services to you,

7.13.      for contacting you for customer satisfaction or product surveys,

7.14.      R&D and analysis, including market research,

7.15.      compliance with safety, security and legal requirements.

 

 

8. What is the Legal Basis for Personal Data Collection?

 

Handling of personal data is carried out in accordance with the EU General Regulation on the Protection of Personal Data (REGULATION 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL).

 

We process only such data:

8.1.         which are necessary for the provision of the services you have requested, for the performance of a contract or for its preparation,

8.2.         with reference to which you have given your consent for data processing for one or more specific purposes in connection with the provision of the service,

8.3.         the processing of which is necessary for the performance of a task carried out in the public interest or for exercising public authority, vested in us;

8.4.         which are needed to protect the persons’ vital interests, to help them in their status,

8.5.         the processing of which is made our duty in order to meet the requirements established by legislation, based on legitimate interest.

 

 

9. To Whom do We Transfer Personal Data?

 

Your personal data is transferred only for the purpose of providing and securing the service for you, in strictly limited cases, strictly observing the principles of processing personal data, set out in legislation.

 

We make it clear that in order to ensure the smooth operation of your flights, we sometimes need to share your personal data with those, associated with your travel: our subsidiary and associated undertakings, as well as third persons, such as air carriers and airport operators, security staff and tour operators.

 

We share your personal data also with third persons who participate in providing the services to you that you ordered from us, such as airport services providers.

 

We may also disclose your personal data to law enforcement authorities and government for meeting the security, customs, and immigration requirements. For example, the legislation may oblige an air carrier to give border control authorities access to your booking information or flight itinerary. In which connection, such data may be transferred within and outside of the European Union and the European Economic Area. With reference to the above mentioned, your data will not be processed in another way than in accordance with the General Regulation on the Protection of Personal Data.

 

The Seller may also use and disclose your personal data for a relevant transaction or inquiry to persons whose sameness has been validly identified by you or your authorised representative(s).

 

In addition to Transaviabaltika, the following persons process your data when providing the service:

9.1.1.     OÜ Razoone (Estonian company with registry code 11010237) for the arrangement of ticketing process;

9.1.2.   due to the specific character of ticketing and the aviation rules, it is not possible for Transaviabaltika for the arrangement of the ticketing process through OÜ Razoone to have a completely separate independent sales channel or booking system. The booking system in use is the Worldticket International Booking System. The Worldticket International Booking System has an exit control system interface for airports, which allows airports to check their booking data in order to do check-ins and allow the persons who have bought the ticket to board an aircraft.

9.1.3.   In the ticketing process in the WorldTicket A/S (Danish company with registry code 29794626) booking environment, there are also used Makesekeskus AS (Estonian company with registry code: 12268475) bank link payment service  and card payment solution within a framework of which the payment information of ticket buyers is processed.

9.1.4.     Following the ticketing process, the data is processed by AS Tallinna Lennujaam (Tallinn Airport Ltd), when a person turns to the airport for receiving the air service, and its check-in staff will verify the data of the client who bought the ticket through the Worldticket Booking System, identify them and on the basis of this allow them to the flight at the corresponding airport.

9.1.5.     Ticket sales agents from whom you buy the ticket directly (Estravel AS [Estonian company with registry code 10325720], Tiit Reisid OÜ [Estonian company with registry code 10055108], AS Wris [Estonian company with registry code 10280259], Estair OÜ [Estonian company with registry code 10303109] and AS Tallinna Lennujaan [Estonian company with registry code 10349560]).

 

 

10. How Long do We Retain Personal Data?

 

We keep your personal data only as long as it is necessary for the purpose for which it was collected, such as obligations connected with providing you air service, the legal or commercial needs of the Seller or fulfilling the requirements of the applicable legislation. As a general rule, booking data will be deleted after 5 years unless there is a specific reason to retain them longer.

 

The issued invoices shall be kept for 7 years for the purpose of maintaining the accounting obligation connected with settlements.

 

Personal data collected from surveys, campaigns, notifications, etc. will be deleted within 1 month.

 

 

11. What are Your Rights?

 

If you have expressed consent for collection, processing and use of your personal data in a way, you may revoke this consent in the future at any time.

 

Revocation of the consent will not affect the validity of the processing carried out on the basis of this consent prior to its revocation. Tähelepanu! With this reasoning, you cannot cancel or claim a refund of fees, which were already paid.

 

In addition, you may object the use of your personal data for marketing purposes without bearing any costs other than transfer costs in accordance with basic rates.

 

In accordance with applicable data protection legislation, you have the right to:

10.1       request access to your personal data,

10.2       request correction of your personal data,

10.3       request erasure of your personal data,

10.4       request a restriction of processing of your personal data,

10.5       request the data portability,

10.6       object your personal data processing.

10.7       For exercising your rights, please contact us in the manner set forth in item 17 (see item 17).

10.8       In case of complaints, you have the right to present a complaint to the competent data protection authority, which is the Data Protection Inspectorate (see item 17).

 

 

12. Security Measures

 

The Seller has implemented appropriate technical and organisational security measures to protect your personal data processing. For example, we have security measures in place to protect personal data from loss, theft, unauthorised access and unjustified disclosure.

 

Examples of technical security measures include encryption, firewalls and Secure Sockets Layer (SSL). More detailed information on the technical security measures for personal data collected from our web page can be found here.

 

An example of security measures of work organisation is that the Seller has implemented several authentication procedures in the company and at the external service providers, which may consist in asking you more specific details for verification of your identity before handling a request for a specific service, product, or transaction.

 

The Seller also monitors the web traffic for any attempts of unauthorized uploading or changing personal data, fraud or illegal activity, or other attempts to cause the damage.

 

If you have any questions about security, please contact us at the contacts given in item 17.

 

 

13. Marketing

 

We would like to send you any information that may be of interest to you about our company and our partners' products and services. You can later withdraw your consent to receive marketing messages. You have the right at any time to ban us from contacting you for marketing purposes or transferring your data to the Seller's partners. If you no longer wish to receive marketing messages, please write to the contacts given in item 17.

 

We do not transfer outside of service provision or sell your personal data to any third person.

 

 

14. Cookies

 

Cookies are the text files that are saved in your computer, by means of which ordinary Internet log information and the visitor behaviour information is collected. This information is used for monitoring the behaviour of web page visitors and for preparing statistical reports on web page activity. Additional information on cookies is available on the web pages www.aboutcookies.org and www.aboutcookies.org.

 

If you wish that our web page would not leave cookies at all, you need to disable cookies in your browser. Then it is not possible to use also other functions, in which case the web page must remember your selection.

 

The information collected through the use of cookies is strictly non-personalised.

 

 

15. Other Web Pages

 

Our web page contains links to other web pages (e.g. payment service providers). These data protection terms and conditions apply only to this web page. If you navigate to other web pages, please read the data protection terms and conditions, which are valid there.

 

 

16. Changes to the Data Protection Terms and Conditions

 

We monitor the timeliness of the Data Protection Terms and Conditions constantly and publish all updates on this web page. The policies of personal data protection and the use of cookies were last updated on 18 June 2019.

 

 

17. How to Contact Us?

 

The Seller is the authorised personal data processor for Transaviabaltika, and if you have any questions about our privacy policy or the information regarding you at our disposal, you can always contact us at the address:

 

www.aboutcookies.org

Subject: Personal data protection

 

or

 

OÜ Razoone

Registry number 11010237

Lõõtsa 8, 11415 Tallinn, Estonia

 

If you are not satisfied with our response, or if you suspect that we are not processing your personal data in accordance with the law, you may turn to the Estonian Data Protection Inspectorate [www.aki.ee, call centre: +372 56202341, e-mail: info@aki.ee].