Data and data protection are at the heart of everything we do. As such, our business is built on security, compliance and accountability, enabling us to protect the company’s most valuable people and assets. We are committed to delivering products and services that are secure and compliant with all requirements, including the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.

This Privacy Policy sets out details of the information we may collect about you and how we may use that information. This Privacy Policy should be read in conjunction with Jet Dreams & Travel's Cookie Policy. Please read this Privacy Policy carefully.

1. ABOUT US

1.1 In this Privacy Policy, when referring to “we” we mean Jet Dreams & Travel Srl (2020) and any subsidiaries and branches. Jet Dreams & Travel is a company incorporated in Italy (whose head office is at Via Del Viminale 38, Roma, RM 00184, Italy), which shall be the “Controller” of the personal data processed as described in this Privacy Policy.

1.2 If you have any questions about your personal information, please click Contact Us using the details on our website or email us directly at info@jetdtravel.com .

1. APPLICATION OF THIS PRIVACY POLICY

This Privacy Policy applies to the personal data of users of our website, our blog or our branded web pages referenced on social media services or other websites, through clients, suppliers, potential employees and other persons whom we may contact in order to provide our services, which we offer in the European Union, the United States or any other country or territory around the world.

1. COLLECTION OF INFORMATION

3.1 When you access the website through any means, register or submit an application, respond to or participate in any survey or questionnaire sent to you by us, provide feedback to us, purchase our services or contact us from anywhere in the world, using any means of communication, we may collect, store, use and share certain personally identifiable information in line with this policy.

3.2 When you register or make an enquiry on the Website or by any other means, we will ask you for your name and email address. As part of your profile you may also provide us with your location and other information to help us tailor the service appropriately for you. We may also ask you about your gender and about your employment history or qualifications to understand more about you. The answer to these questions is always optional. When you make a purchase by credit card, we, and/or our payment service provider as well, will collect and process your credit card or other payment information and the necessary proof of identity. If you contact us, we may also keep a record of that correspondence.

3.3 We may also collect data relating to your visits to the website which does not identify you but which records your use of our website, for example, details of how long you have been using the website.

3.4 We may also collect your computer's IP address in order to help us tailor the service to your location.

3.5 If you choose to verify your identity through our website, we will receive, process and store your personal information and documentation of your identity for this purpose.

3.6 Finally, we may receive information about you from third parties (such as credit reference agencies) who are legally authorised to disclose such information.

1. USE OF INFORMATION RELATED TO YOU

4.1 By accessing our website through any means, registering or submitting a request, providing feedback, or purchasing a service, you agree that your personal information may be collected, stored, used and shared by us and our partners or third parties we work with, for any of the following purposes:

• Comply with any contractual agreement between you and us.
• Provide, maintain, protect and improve the quality of the Website, including by carrying out anonymised market research, and protect ourselves and our users.
• To provide you with a personalized browsing experience when using the website.
• Send you detailed information about our products and services which we think may be of interest to you, unless you opt out of such service as described in section 9.1.3 below. You can control your email preferences on the settings page, which you can access through any email we send you.
• To tailor our social media advertising to your personalized use of the website.
• To allow you to use the full range of features on or through our website.
• To comply with legal and regulatory requirements.
• To contact you occasionally to invite you to share your opinions and experiences about Jet Dreams & Travel, and to provide you with third party products or services available through our website.

4.2 We may use your email address to send you updates about our services. You can control your email preferences on the settings page, which you can access through any email we have sent you.

1. DATA STORAGE AND DATA SECURITY

5.1 Secure hosting of Jet Dreams & Travel's use in Tier 1 data centers. Our servers are backed up via nightly backups at an off-site location to ensure that if anything were to happen – to the server or on-premises – your data would remain completely secure. At Jet Dreams & Travel we fully maintain all of the servers we provide, along with dedicated support team, in our data center, thereby ensuring we offer the best uptime and quickest response possible.

All servers are monitored 24/7, alerting key personnel within the company in the event of a data breach. This allows us to easily notify users in the event of something happening on the server.

Jet Dreams & Travel ensures that the servers and their applications and security packages are fully updated at all times, in order to offer the best performance and security for our customers. In addition, we operate our own dedicated firewall that sits in front of the server to help protect against denial of service (DDoS) attacks and other attacks.

Additionally, we have implemented a DDoS mitigation software platform, which provides always-on Layer 3/4 DDoS mitigation to ensure the availability of our network when under attack. Each DDoS mitigation center in our network is based on a Juniper MX480 routing platform and a high-capacity packet filtering Arbor TMS mitigation platform. This software is managed 24x7 by ACC and third-party cybersecurity teams in our Tier 1 data centers.

5.2 We (or a third party acting on our behalf) may also store or process the information we collect about you in countries outside the European Economic Area, which may have lower standards of data protection. We have put in place technical and organisational security measures, including two-step verification (or authentication) access, to prevent loss of or unauthorised access to your personal information. However, although we have used our best efforts to ensure the security of your data, you should be aware that we cannot guarantee the security of information transmitted over the internet.

1. LEGAL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION

6.1 Our legal basis for collecting and using the personal information described above will be legitimate interests. Article 6(1)(f) of the GDPR is relevant here, which says that we may process your data where “…it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data…”

6.2 However, we will normally collect personal information from you only (i) where the processing is in our legitimate interests and not overridden by your own rights, (ii) where we need the personal information to perform a contract with you, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you.

6.3 If we ask you to provide personal information to comply with a legal requirement or to enter into a contract with you, we will do so in a clear and timely manner and advise you whether the provision of your personal information is mandatory or not (and of the possible consequences if you do not provide your personal information). This will include the provision of air transport services when you travel or work as a passenger or crew member on charter or leased flights; this may require the transfer of personal information overseas. This may be necessary for regions and territories around the world and Jet Dreams & Travel is required to ensure that where we need to do so, we comply with the Data Protection Authorities.

6.4 In some of the jurisdictions in which we operate, a different legal basis for data processing and consent will apply, and if we collect and use your sensitive personal data, such as medical and dietary information, your express consent will always be sought at the relevant time.

We do not believe that any of our activities harm individuals in any way. In fact, they help us to provide you with a more personalized and efficient service. However, you have the right to object to the processing of your personal data in accordance with this policy.

1. DISCLOSURE OF YOUR INFORMATION

We may disclose your personal information to third parties where authorized by law, including:

1. With your consent.
2. To our suppliers to help us provide our services to you, including:

• Jet Dreams 6 Travel and its subsidiaries and branches.
• The contracted air operators of Jet Dreams & Travel and its subsidiaries, branches and agents.
• Our customer relationship management services (which allow us, for example, to send you personalized email communications).
• Our file management and storage service provider if you contact us directly.
• Our payment service provider (as explained in paragraph 3.2 above) when you make a purchase to manage your payment.
• Our identity verification partner (as explained in paragraph 3.5 above) to verify your identity, where you may choose to select this option; and
• Our customer service software if you want to contact our support team.

1. If we wish to sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets, provided that they continue to use your information substantially in accordance with the terms of this Privacy Policy;
2. If all, or substantially all, of our assets are acquired by a third party, provided that your information will continue to be used substantially in accordance with the terms of this Privacy Policy, in which case information maintained by us will be one of the transferred assets.
3. If we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our policies as a Data Protection Authority and other agreements; or in order to protect our rights, property or safety, our users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
4. DATA RETENTION

8.1 We retain personal information we collect about you where we have an ongoing legitimate business need to do so (for example, to provide you with the service you have requested, or to comply with applicable legal, tax or accounting requirements).

8.2 When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

1. YOUR RIGHTS

9.1 You have the following data protection rights:

• You can request a copy of your personal data from us in a readable and commonly used digital format.
• You may edit your personal data by contacting us using the contact information provided in section 12 below at any time. We maintain a procedure to help you confirm that your personal information is correct and up to date or to choose whether or not you wish to receive material from us. We will respond to each email message as soon as possible.
• In addition, you may object to the processing of your personal data, ask us to restrict the processing of your personal information or request portability of your personal information. Again, you may exercise these rights by contacting us using the contact information provided in section 12 below.
• You may request the erasure of personal information we hold about you where there is no good reason for us continuing to process it, where you have exercised your right to object to processing, where we may be processing your information unlawfully or where we are required to erase your personal data to comply with local law.
• You may object to processing of your personal data if, although we may be relying on a legitimate interest (or those of a third party), there is something about your particular situation which makes you want to object to processing on this ground as it overrides your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• You may opt out of certain email communications by following the unsubscribe link in the email communication itself.
• Similarly, if we have collected and processed your information in reliance on your consent, then you may withdraw that consent at any time. When you withdraw your consent, this will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted that relies on legitimate processing grounds other than consent.
• If you have any privacy-related questions or unresolved concerns, you may contact us using the information provided in Section 12 below.
• You have the right to lodge a complaint with a Data Protection Authority about our collection and use of your personal information. For more information, please contact your local Data Protection Authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and some non-European countries including the US and Canada are available online.)
• The Website may, from time to time, contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please review these policies before you submit any personal information to these websites.

1. CHILDREN

We strongly believe in the need to protect the privacy of children. Consistent with this belief, we do not knowingly collect or maintain personal information from persons under the age of 13, and no part of the Website is directed to persons under the age of 13. If you are under the age of 13, then please do not use or access the Website at any time or through any means. We will take reasonable steps to delete any personal information from persons under the age of 13.

1. UPDATE OF THIS PRIVACY POLICY

We may update or modify this Privacy Policy from time to time, to comply with the law or to meet our ever-changing business needs. When we update our Privacy Notice, we will take appropriate steps to inform you, consistent with the significance of the changes being made. Any updates or modifications will be posted on the Website. By continuing to access the Website, your access and use of the Website will be subject to these updates and modifications.

1. CONTACT JET DREAMS & TRAVEL

If you have any questions, comments or complaints about this Privacy Policy, please contact our Privacy Officer at info@jetdtravel.com or via our website jetdtravel.com.