Introduction

This website is operated by Gharaei GmbH. We use various personal data, such as names, e-mail addresses and other travel-related data in their daily activities. That is why we take data security and compliance with data protection laws very seriously. This privacy policy explains how we collect, store, use and disclose personal information when you use this website, and how we protect the privacy and confidentiality of your personal information. Your privacy is important to us, so whether you’re new to our service or have been using it for a long time, take the time to learn about our methods – and get in touch with us if you have any questions.

Gharaei GmbH (“we”, “us” or “us”) is the so-called “Data Controller” of your personal information and is therefore responsible for the lawfulness of what we do with your personal information.

The personal data we collect

In general, the type of personal information we collect is the information we need to enable you to make your travel arrangements and bookings. This includes information such as your first and last name, date of birth, gender, telephone number, passport information, email address and payment details. The personal data that we need to receive in order to provide you with the travel arrangement that you have booked through our website are the only data that are required to provide. Depending on the type of travel services you use, we may also collect your frequent flyer number, information about your dietary requirements and health conditions (if applicable) and other data relevant to your travel arrangements, or required by another travel service provider (such as airlines and insurance companies). This is not an exhaustive list. When you call our customer service, we collect the information you provide during the phone call. As you can see below and in our Cookie Policy, some data is also collected through our cookies on our website.

We may lawfully obtain information about you from business partners and other independent third-party sources. For example, personal information such as purchase or demographic information may be provided by our fraud detection providers.

If you make a reservation for someone else via our website, we ask for the personal details of this person. In those circumstances, we rely on you to notify these individuals of this Privacy Policy and obtain their consent. Access to view or change their details will only be available through your email address.

The sensitive personal information we collect

In some cases, we may handle so-called “special categories of personal data” about you, which are considered sensitive. This would be the case, for example, if you (i) have submitted a medical certificate for use of cancellation insurance or an airline refund (ii) have a medical or health condition affecting your trip for which you request assistance or certain approval is required, or (iii) have made a request revealing other sensitive personal information about you

Before we handle sensitive personal data about you, we need your consent. We therefore ask you to use the special contact forms on our website for the submission of sensitive data. The contact forms allow you to give us the consent required under applicable data protection law. Such consent can of course be withdrawn at any time by contacting us (see the “How to Contact Us” section of this policy). We do not handle sensitive personal information that we are not allowed to handle, or that you have not given us. A limited part of our staff has access to your sensitive personal data and after processing your sensitive data in accordance with your request,

What do we do with your personal data

In order to be able to handle your personal data, the applicable data protection law requires us to have a so-called “legal basis” for each of our purposes to process your personal data. Therefore, we have prepared the table below to determine our legal basis for each of our purposes. to show.

What we do (our purposes for handling your personal data)

Our legal basis

Storage time

Arrange the travel arrangements and bookings you have requested from us (ie booking travel services brokered by us, as well as providing our own services). This includes completing and managing your travel arrangement and booking, handling payments and sending communications via email, phone call or text message relating to the same (e.g. confirmations, changes and reminders).

Performance of our contract with you. Where you have provided us with sensitive personal data, consent is the legal basis

3 years from date of purchase. Consent to sensitive personal data can be withdrawn at any time. If you made a purchase with a credit card, your payment information will be kept for up to one hour. Other payment details are not saved.

If you have started a booking process but have not completed the purchase, we may send you an email with a link back to the search result, or to the booking started, depending on where your booking process ended on the website.

Our legitimate interest in doing business and enabling you to complete your purchase without having to re-enter all the details. If you do not want these emails, you can unsubscribe at any time in the email.

24 hours from the time you close the booking process.

Before your travel arrangement begins, we will email you additional information and offers related to your specific travel arrangement, such as possible additions such as extra baggage and other usage information for your trip. Some of the information contained in the email is based on profiling performed based on the information you provided during the booking process (e.g. the date(s) you travel, your destination, etc.).

Our legitimate interest in providing you with a more enjoyable journey and in enabling you to easily find more data that is relevant to you.

No longer than until your travel arrangement begins. Other similar processing may continue in accordance with the purposes set out below. If you do not want this information, you can unsubscribe at any time in the email or on our website (see “Managing Your Email Settings” section of this policy).

After your travel arrangement, we may provide you with our email newsletter with recommendations on other travel arrangements and travel-related products and services that may be of interest to you. Some recommendations are based on profiling conducted based on your previous choices when booking a trip and on your responsiveness to our emails

Our legitimate interest to conduct business and to enable you to make travel arrangements that are of interest to you.

2 years from date of purchase. If you do not want these emails, you can unsubscribe at any time in the email or on our website (see “Managing Your Email Settings” section of this policy).

Provide you with customer support when you contact us via email, website contact forms or website chat.

Performance of our contract with you. Where you have provided us with sensitive personal data, consent is the legal basis

2 years from the date each customer support case is closed. Consent to sensitive personal data can be withdrawn at any time.

Record telephone calls to/from our customer service team for quality assurance purposes and for future requests or questions from you. Only a limited number of people have access to your recording.

Our legitimate interest to (i) improve our service through in-house training and, where appropriate, (ii) resolve your potential requests or claims.

6 months from the date of the telephone call. If you do not want the telephone conversation to be recorded, you can object to this recording before the recording starts.

Use of cookies, for example, to improve the usability of this website, to provide a personalized experience and to collect usage statistics. We also use session cookies to improve the security of this website.

Your consent, as provided through the website’s cookie banner. You can withdraw your consent at any time.

Depending on the type of cookie. If you do not want us to store cookies on your computer, you can object to cookies when you visit our website. See our Cookie Policy for more detailed retention times.

In addition to the above purposes, we take the day-to-day measures necessary for companies that provide services to consumers, such as accounting, invoicing, complying with legal obligations (such as screening obligations), detecting payment fraud and keeping our website safe. To the extent not required by applicable law, we take these measures based on our legitimate interest. For example, we process and store certain personal data for accounting purposes. In Sweden, where Gharaei GmbH is located, the accounting records must be archived for at least seven years.

Storage times are determined based on the time needed to enable you to use or provide our services to you, to comply with applicable law, to resolve any disputes and otherwise to enable us to carry out our activities.

Share your personal information

We will only share your personal information as necessary for the purposes stated in this privacy policy. This may be to other companies, government law enforcement agencies and to our trusted business partners. We may share your personal data (including sensitive personal data where applicable) with travel service providers with whom you have booked (such as airlines), with other service providers for services you have purchased (such as insurance companies) and with global distribution systems (so-called GDSs) that technically possible to make your travel arrangements and bookings possible.

Each partner is responsible for its own handling of your personal data after receiving it from us, which means that you should contact the concerned partner for any requests regarding your rights under applicable data protection law. The partners may be located worldwide and we recommend that you read the respective privacy policies of the partners for information about their handling of your personal data.

We will also share your personal data with other companies (so-called “data processors”) that are necessary to provide the services you have requested, such as service providers who operate our call centres and other suppliers and vendors who will process your personal data when providing their services (e.g. external storage). This also includes providers of payment and fraud services, providers of IT infrastructure, software solutions and software engineers, and financial, administrative and legal services and tools. When a data processor handles your personal data, he does so only with adequate security measures and only in accordance with the instructions we have given him. This privacy policy applies to the way in which the data processors handle your personal data.

Due to the international nature of the travel industry, your personal data may be processed in various locations around the world when the parties with whom we share your personal data are located in a country outside the EU/EEA. Our exchange of personal data outside the EU/EEA requires a certain legal basis under applicable data protection law. When a country is considered by the European Commission to have an adequate level of protection for personal data, this will be our legal basis. These are:

  1. that the transfer is necessary for our performance of the contract with you, for example when you have booked a flight with an airline based outside the EU/EEA (pursuant to Article 49(1)(b) of the GDPR); and
  2. II. that we must take specific technical and organizational security measures for the transfer and sign the standard contractual clauses for international transfers approved by the European Commission.

Third-party providers

Please note that our website contains links to other websites and offers content from third-party providers. This privacy policy applies only to our website and our services. When following links to other websites or using third-party services and products, you should read their privacy policies. Also, if you choose to contact us via social media, this Privacy Policy will not apply to personal information provided by you as part of such contact. In that case, we recommend that you read the privacy policy of this social media provider.

Your rights

Under applicable data protection law, you have certain rights as a so-called “data subject”. We have set out your rights below. Your rights include the following:

  1. – You have the right to access your personal data that we process. You also have the right to receive certain information about what we do with your personal data. This information is stated in this document.
  2. Right to rectification– You have the right to have inaccurate personal data about you corrected and incomplete personal data completed. Please note that this is not an absolute right and that we may not be able to correct any inaccurate personal data you provide, for example due to airline rules, and that such a change may incur costs.
  • – You have the right to have your personal data erased. This is the so-called “right to be forgotten”. Please note that this is not an absolute right and that we may retain personal data under certain circumstances.
  1. – You have the right to restrict the way we use your personal data. It should be noted that this is not an absolute right and that we may continue to process personal data in certain circumstances.
  2. – You have the right to receive your personal data from us (or to have your personal data transferred directly to another data controller) in a structured, commonly used and machine-readable format.
  3. – You have the right to object to a certain type of use that we make of your personal data. This applies to all of our activities that are based on our “legitimate interest”, including our processing activities based on profiling, as described under “What we do with your personal data” above.

Finally, you also have the right to lodge a complaint with a data protection supervisory authority.

Data security

To safeguard your personal data, we have taken a number of technical and organizational security measures and maintain a high level of security in all systems. Such security measures include, but are not limited to:

  • traceability, disaster recovery, access restrictions, etc.;
  • pseudonymization and encryption where applicable;
  • processing payment data in accordance with the Payment Card Industry Data Security Standards (PCI DSS); and
  • using secure connections that encrypt your data over the internet, information in transit, preventing anyone from stealing your data in transit.

In addition, we have policies in place to ensure that our employees (who are subject to a duty of confidentiality) do not use personal data when it is not necessary. This policy also includes our standards for when we hire suppliers or introduce new IT systems within our operations.

How to contact us

If you have any questions about our treatment of your personal data or our use of cookies, if you wish to exercise any of your rights under applicable data protection law or if you wish to withdraw a specific consent, you can email send to: support@jadoee.com or use the following details:

Gharaei GmbH

A-1010 Wien, Kärntner Strasse 42

Austria

Privacy Policy Changes

If we change how we handle your personal data, we will immediately update this privacy policy and post it on this website.