When EEA Individuals make a booking, purchase Services, or inquire (including by conducting searches) through the Websites (including desktop and mobile web versions), Apps, contact centers, or otherwise through the Services, Fareportal will process EEA Individuals’ personal data for the following purposes:

• Provide the travel services and products that you have requested (e.g., flight booking, hotel stays, car rentals, provision of ancillary products and services), including generating your PNR and transfer of such PNR and other personal data to other travel suppliers or service providers as needed for travel arrangements or payment processing/refunding/dispute resolution;
• Allow you to register as a member (“Member”) and provide Member-only account functionality (e.g., booking details, travel preferences, billing details, etc.);
• Administer the OneTravel Rewards Program;
• Provide user personalization and more relevant features or content;
• Fraud detection and prevention;
• Respond to customer inquiries and provide support (e.g., interfacing with live agents, such as through contact centers, for issue resolution or recommendations based on search history and previous bookings, elicit feedback and comments, outbound ‘flight failure’ team calls if there is a booking or purchase checkout issue, submission and resolution of Customer Support Requests via the Customer Support link, travel confirmations and other important updates);
• Understand and improve the user experience through leveraging of analytics and metrics;
• Direct marketing (e.g., special offers, deals, sweepstakes, etc.) that may be of interest to you, such as through our newsletter and advertisements (including advertisements from third parties);
• Comply with applicable law and enforce our rights (e.g., intellectual property rights, prevent suspicious or potentially illicit activities, enforce our Privacy Policy or Terms and Conditions); and
• As otherwise described or expanded upon within this Notice (and, to the extent not conflicting, our Privacy Policy) or at the time of collection;

Fareportal’s legal basis for processing an EEA Individual’s personal data will depend on the context in which we collect such data and our relationship with such EEA Individual. Primarily, Fareportal processes EEA Individuals’ personal data (1) as necessary for the performance of a contract to which such EEA Individual is a party or in order to take steps at the request of such EEA Individual prior to entering into a contract (e.g., providing travel services, fraud detection and prevention), (2) pursuant to Fareportal’s legitimate interest in certain processing activities, which Fareportal has determined are not overridden by the interests and fundamental rights and freedoms of EEA Individuals given such EEA Individuals’ relationship with, and expectations of, an online travel service such as Fareportal (e.g., customer support, more relevant content and marketing), (3) where Fareportal has your consent (which may be withdrawn at any time), and (4) as needed for compliance with applicable law.

A Passenger Name Record (PNR) is the record of your itinerary that is generated after booking through our Services; it is the primary information submitted by you in order to administer your latest bookings and travel plans. This information is provided by you during the check-out process and passed on to the relevant supplier, such as airline or hotel, in order to enable your reservation. This information includes, as relevant, name, telephone number, email address, mobile number, date of birth, gender, age, payment details, co-traveler details, certain passport details, itinerary, and/or TSA Known Traveler Number.

When calling our contact centers, we receive your telephone number (to the extent it has not been blocked or masked on your end, in which case we may request it) and ask for your email address; these are used primarily in case of dropped calls or for confirming details about your bookings or other purchases. However, once you have made a booking or other purchase with us, we will associate such booking or purchase with the telephone number and/or email address provided to us. In such case, our contact center agents will be able to view such booking or purchase history upon next call to better assist you.

We also associate your email address or telephone number when you make bookings or purchases on the Websites or Apps, or when registering as a Member. For example, upon calling a contact center, the contact center agent may be able to input the telephone number or email address you provide to them in order to see your previous bookings or purchases on the Websites (such as by looking up previous PNR Data associated with such email address or telephone number) in order to provide recommendations or generally better assist you with issues or inquiries.

For more information regarding your data subject rights, such as your right to object, please click here and scroll to the Your Rights and Objecting to Legitimate Interest/Direct Marketing sections, respectively.

As stated above, Fareportal relies on the “necessary for performance of a contract” legal basis for provision of travel services and products that you have purchased. Failure to provide information for all mandatory fields during the booking process will result in not being able to make such booking. Further, to the extent such information is inaccurate, please correct it immediately (including by contacting Fareportal customer support) in order to ensure that the validity of your booking or other purchase is not affected.

Given the nature of the travel business, Fareportal will transfer EEA Individuals’ personal data within its group of companies and to the following categories of recipients (with examples) located worldwide when fulfilling bookings or other travel services purchased through the Services:

Fareportal has implemented measures to detect and prevent financial fraud that, for a very small subset of transactions, involve automated decision-making that may result in the rejection of a booking made by such EEA Individual.

There are thousands of transactions on the Websites each day. Approximately 6% of these transactions are put in a queue (based on rules established by Fareportal) for further analysis by an application licensed to Fareportal and hosted on a PCI-compliant server operated by a third party vendor. The application “scores” each transaction for risk using a set of rules created by Fareportal.

Approximately 1% of these transactions are auto-canceled when multiple rules for declining are triggered. The other transactions (approximately 5%) are investigated by our fraud team before being declined or accepted. For example, they may contact the bank, cardholder, etc. and conduct follow-up.

For the 1% of transactions described above, Fareportal allows affected EEA Individuals to request human intervention by Fareportal and provide their point of view by reaching out to privacy@fareportal.com.

For more information regarding Fareportal’s general privacy and security practices in connection with your personal data (such as retention, storage, and transfer), please click here.