Africa Elephant
Costa Rica Pure Nature
Dubai Downtown Dubai
Bavaria Mountain
Machu Picchu Peruvian Historical Sanctuary
Mauritius The Beach
New York City Brooklyn Bridge

Privacy Statement AVIAREPS BV

Introduction

AVIAREPS BV, hereinafter also referred to as ‘we’, ‘us’, and ‘our’, and ‘AVIAREPS’, is committed to protecting and respecting your privacy. This Privacy Statement explains how we collect, use, and store Personal Data from you (our privacy policy). The terms in this Privacy Statement are defined in the General Data Protection Regulation (‘GDPR’) and have the meanings assigned to them in the GDPR. Depending on your country of residence, additional privacy rules may apply. Please read this privacy statement carefully.

If you wish to review this privacy statement at a later time at your convenience, you can download it to your own computer or device below.

   Privacy Verklaring AVIAREPS BV (Dutch)

  Privacy Statement AVIAREPS BV (English)

This privacy notice contains information on the following topics related to the processing of your Personal Data:

1. Introduction

2. Collection, processing, and use of Personal Data

3. Your rights in relation to the processing of your Personal Data

4. Data Protection Officer (DPO)

5. Provision of Personal Data

6. Objecting to the processing of your Personal Data

7. Processing of Personal Data when contacting AVIAREPS.

8. Processing of Personal Data in case of a reservation order.

9. Processing of Personal Data in case of claim handling

10. Links to other websites

11. Transfer of Personal Data

12. Monitoring websites and cookies.

13. Social Media

14. Changes to this privacy statement

AVIAREPS BV, established in Hoofddorp, the Netherlands, registered with the Chamber of Commerce under no. 24362244 and AVIAREPS BV, established in Machelen (Brab.), Belgium, with company number 0880.861.552, both subsidiaries of AVIAREPS AG, established in Munich, Germany, are individually and/or jointly controllers or processors of your Personal Data.

Collection, processing, and use of Personal Data

We collect, process, and use Personal Data in accordance with the GDPR. In this context, Personal Data refers to any information about an identified or identifiable natural person (Art. 4(1) GDPR). This includes data concerning your name, address, telephone number, e-mail address, and also information about memberships or websites you have visited.

Your rights in relation to the processing of your Personal Data

You have the following rights in relation to your Personal Data:

• The right to access the Personal Data we hold about you

• The right to have your Personal Data deleted or corrected

• The right to restrict or prohibit the processing of your Personal Data

• The right to transfer your Personal Data

To ensure that the request for inspection is made by you, we ask you to send a copy of your proof of identity with the request. In this copy, make your passport photo, MRZ (machine readable zone, the strip with numbers at the bottom of the passport), passport number, and Citizen Service Number (BSN) illegible. This serves to protect your privacy. We will respond to your request as soon as possible but within a maximum of five days.

Any questions, comments, or requests regarding your Personal Data can be addressed to:

AVIAREPS BV

Capellalaan 121

2132 JM Hoofddorp

The Netherlands

Phone +31 (20) 5200280

E-mail: avg@aviareps.com

AVIAREPS BV

Jan Emiel Mommaertslaan 20B

19831 Machelen (Brab.)

Belgium

Phone +32 (2) 7120582

E-mail avg@aviareps.com

 AVIAREPS AG

Landsbergerstr. 110

80339 Munchen

Germany

Phone +49 (89) 55253355

E-mail: dataprotection@aviareps.com

Data Protection Officer (DPO)

AVIAREPS has appointed a Data Protection Officer for itself and all subsidiaries to monitor proper compliance with the privacy rules within the AVIAREPS organisation. Please find below the contact details of the Data Protection Officer:

ClearComm

Devonshire House,

60 Goswell Road

London EC1M 7AD

United Kingdom

Phone +44 (20) 8088-4923

E-mail: dataprotection@aviareps.com

Please note that this email address is for contacting the Data Protection Officer only.

If you think there is a problem with the way we handle your Personal Data, you have the right to file a complaint with the appropriate authorities.

• For the Netherlands, this is the Autoriteit Persoonsgegevens, https://autoriteitpersoonsgegevens.nl, which can be reached by phone at +31 (88) 1805250.

• For Belgium, this is the Gegevensbeschermingsautoriteit, https://www.gegevensbeschermingsautoriteit.be, which can be reached by phone at +32 (2) 27448002.

Provision of Personal Data

If you provide Personal Data to us, you consent to its use for the purposes for which you have provided it. This could be, for example, signing up for a newsletter, requesting (specific) information or an offer for which we need your Personal Data, making bookings, and so on.

If you provide us with Personal Data of persons (travellers) other than yourself, you are responsible for and warrant to AVIAREPS that such travellers:

a) have consented to the provision of their Personal Data and are familiar with our privacy policy as reflected in this privacy statement and our general terms and conditions;

b) are aware that, in the context of the execution of the reservation order, AVIAREPS may provide these Personal Data to travel service providers;

c) may have access to each other's Personal Data if they are part of the same reservation order;

d) prior to obtaining the aforementioned consent, have provided all legally required information, including at least the following information:

i. the specific Personal Data you will provide to AVIAREPS from these travellers;

ii. that the travel service providers or other third parties, including airlines, to which AVIAREPS provides Personal Data, may, for the provision of travel services, be required to provide certain Personal Data to third countries, international organisations, or travel service providers that may be located outside the European Economic Area (EEA) and which do not offer similar privacy protections as countries within the EEA pursuant to GDPR, such as, but not limited to, the US Bureau of Customs and Border Protection;

iii. that, within the limits of applicable laws and regulations, travellers have the right to request access to the Personal Data that AVIAREPS holds about them and that, if such Personal Data is factually inaccurate, incomplete, or irrelevant, or is otherwise processed in violation of any legal requirement, the traveller may request that such data be corrected, supplemented, deleted, or blocked;

iv. that other travellers may contact AVIAREPS for more information on rights related to their Personal Data;

v. any other information necessary to deliver to the traveller(s) proper and careful processing of their Personal Data by AVIAREPS.

Objecting to the processing of your Personal Data

You can always object to the processing of your Personal Data. In addition, you can always withdraw previously given consent for the processing of your Personal Data. If you do withdraw consent, this will only relate to the future processing of your Personal Data.

You may object to the processing of your Personal Data unless the processing is essential for safeguarding the legitimate interests of AVIAREPS or a third party for which AVIAREPS acts as processor (Art. 6(1)(f) GDPR). In this respect, AVIAREPS will always balance your interests against that of processing your Personal Data if this is necessary for the provision of our services such as making bookings, processing complaints or other claims, and so on. Therefore, we ask you to provide us with your objection to the processing of your Personal Data in the most reasoned manner possible. We will then examine your request and discontinue the processing of your Personal Data, modify it, or state the lawfulness of continuing the processing of your Personal Data.

You can always object to the processing of your Personal Data for advertising and marketing purposes.

Processing of Personal Data when contacting AVIAREPS.

When you contact us, we process the Personal Data you have provided to us to fulfil your request and answer possible follow-up questions. This Personal Data will be used prior to any future booking order. The

data we may collect from you includes:

• your gender

• your name

• your contact details (such as an address, telephone number, and e-mail address)

• any travel details

• other Personal Data you have provided to us (including special Personal Data as referred to in Art. 9(1) GDPR)

The basis for processing this Personal Data is Art. 6 paragraph 1 sub b GDPR and, in case of special Personal Data, Art. 9 paragraph 2 sub a GDPR. The terms under which your Personal Data are processed will be limited until this data is no longer relevant, taking into consideration a possible legal minimum and maximum period.

Processing of Personal Data in case of a reservation order.

If you make reservations for flights, hotels, or other services through our website, the relevant Personal Data requested during the reservation process is essential for carrying out your reservation order. The Personal Data we may collect from you includes:

• your gender

• your name (first name and surname)

• your date of birth

• your contact details (such as an address, telephone number, and e-mail address)

• travel document data (such as passport details)

• your travel details

• any memberships of customer programmes

• your payment details

• other Personal Data you have provided to us (including special Personal Data as referred to in Art. 9(1) GDPR)

The basis for processing this Personal Data is Art. 6 paragraph 1 sub b GDPR and, in the case of special Personal Data, Art. 9 paragraph 2 sub a GDPR.

Within a maximum of 3 days after the completion of your travels, your Personal Data will be deleted. We are required by law to retain a limited amount of your Personal Data (including your name, contact details, and travel details) for 10 years. However, processing of other Personal Data will be limited to a maximum of 48 months.

Processing of Personal Data in case of claim handling

AVIAREPS has been appointed by some airlines to process claims originating from passengers domiciled in the Benelux. These claims may relate to, for example, baggage damage, delays, cancellations, or other complaints. In this capacity, AVIAREPS acts as a data processor on behalf of the airline.

In processing these claims, we require you to provide Personal Data. This is necessary to establish that you are submitting this claim yourself (or with the authorisation of another passenger). The Personal Data that we may collect from you for this purpose includes:

• your gender

• your name (first name and surname)

• your contact details (such as an address, telephone number, and e-mail address)

• details of travel documents (such as passport details)

• your travel details

• your payment details

• other Personal Data that may be relevant for handling the claim (including special Personal Data as referred to in Art. 9(1) GDPR

The basis for processing this Personal Data is Art. 6 paragraph 1 sub b GDPR and, in the case of special Personal Data, Art. 9 paragraph 2 sub a GDPR.

All non-essential Personal Data will be deleted after a maximum period of 48 months. The duration of this period depends on the basis and content of your claim, the airline(s) involved, and the (partial) acceptance or rejection of your claim. We are required by law to retain a limited amount of your Personal Data (including your name, contact details, and travel details) for 10 years. However, processing of other Personal Data is limited to a maximum of 48 months.

Links to other websites

Our websites may contain links to the websites of our business partners such as hotels, airlines, and other providers or advertisers. If you follow a link to any of these websites, please note that they have their own privacy policies and that AVIAREPS has no influence on these and therefore accepts no responsibility or liability for them. Therefore, we advise you to check the privacy policies of these websites before providing any personal data to them.

Transfer of Personal Data

We will only disclose your Personal Data to third parties if this is relevant in preparation for – or for the performance of – the agreement that is (to be/can be) concluded between you and this third party in accordance with Art. 6(1)(b) GDPR.

Please note that these third parties, which also include airlines, may be located in a country outside the European Economic Area (EEA) which may not offer comparable privacy protection to countries within the EEA pursuant to GDPR. In addition, these third parties themselves may be required to provide certain Personal Data to third countries, international organisations, or other parties that may be located outside the European Economic Area (EEA) which do not provide privacy protection comparable to the countries within the EEA pursuant to GDPR, such as, but not limited to, the US Bureau of Customs and Border Protection.

Monitoring websites and cookies.

We use various technical features to monitor the use of our websites. This provides us with insights into how visitors use our websites. Such monitoring is based on (anonymous) reports and cookies. This information allows us to improve our offer and better tailor our services to you as a user. The basis for processing this Personal Data is Art. 6(1)(f) GDPR. The following sections elaborate on the different methods we use.

a) Server log files

With every visit to our website, your IP address will be registered in a log file. This registration is provided with (among other things) a date and time, information about your browser and operating system, and the pages you visited. The purpose of processing this data is to ensure the stability and security of our websites.

b) Cookies

Our websites make use of so-called cookies. A cookie is a small file stored on your device (computer, smartphone, tablet, etc.) by your internet browser. A cookie helps us to monitor the use, effectiveness, and security of our websites and improve them where necessary, and to recognise you as a (returning) visitor. In addition, these cookies allow us to collect statistical data on the use of our website which enables us to further improve our services. Cookies do not contain viruses and do not affect your device.

In most cases, we use so-called ‘session cookies’. These are cookies that are automatically deleted after you close your browser. Other cookies remain on your device until you delete them.

You can set your browser not to store cookies on your device. To a certain extent, you can control cookies stored by a website yourself.

More information on blocking cookies can be found at https://veiliginternetten.nl and https://www.safeonweb.be. Please note that some functions on our website may not work properly if you block cookies.

c) Google (Universal) Analytics

Cookies from the US company Google are placed via our websites as part of the ‘Analytics’ service. Google may provide this information to third parties if it is legally required to do so, or insofar as third parties process the information on Google's behalf. We have no influence over this.

The information collected by Google is anonymised as much as possible. Your IP address is expressly not provided. The information is transferred to and stored by Google on servers in the United States. Only in exceptional cases is the full IP address transferred to a Google server in the United States and anonymised there. In these exceptional cases, Google is subject to the Privacy Shield Framework (https://www.privacyshield.gov/welcome).

You can disable the collection of data by Google via our website (including your IP address) and the processing of this data by downloading and installing the Google Analytics Opt-Out plugin via the following link: https://tools.google.com/dlpage/gaoptout?hl=nl or by clicking on this link. In the latter case, an opt-out cookie will be stored on your device. You must click on this link again if you delete your cookies.

d) Sovrn (formerly: VigLink)

Our websites participate in the affiliate programme of Svorn Inc, located at 5541 Central Ave Suite 100, Boulder, CO 80301, United States (hereinafter ‘Svorn’). This affiliate programme enables us to display offers for third-party products and services. Svorn uses cookies to determine the origin of visitors to our websites. More information on Svorn's privacy policy is available in their privacy statement via the following link: https://www.sovrn.com/legal/privacy-policy/.

Social Media

Our websites use so-called plug-ins from the social media platform of Meta Inc, located at 1 Hacker Way, Menlo Park, California 94025, USA. You can recognise these plug-ins by the Facebook logo or the ‘like’ button on our website. An overview of all plug-ins for Facebook is available via the following link:

https://developers.facebook.com/docs/plugins/.

When you visit our website, a connection is established between your browser and the Facebook server via this plug-in. This enables Facebook to receive information about your visit to our website. If you click the Facebook ‘Like’ button on our websites while logged in to Facebook via your browser, you can link the content of our website to your Facebook profile. Please note that we have no influence over the content of the information sent to Facebook or how Facebook uses this data. For this and other information about Facebook's privacy policy, you can read the information via the following link:

https://www.facebook.com/privacy/explanation.

If you do not want Facebook to associate your visit to our website with your Facebook profile, please log out of your Facebook account.

Changes to this privacy statement

We will regularly review our privacy statement and change or amend it where or when necessary. This right is expressly reserved for this privacy statement. This privacy statement was last updated on 17 October 2022.

© AVIAREPS BV