Privacy Policy
The present Privacy Policy shall be deemed to form, read and construe as part of the Public Offer Agreement for the provision of services of reservation, issuance and sale of airline tickets and any other services offered on the Agency’s site (hereinafter referred to as the Offer), available on the Internet at: https://www.kiyavia.com. The present Privacy Policy applies with respect to the personal data of the passengers, including cases when purchase of airline tickets and supplementary services on theirs behalf is carried out by another person (for example, their colleagues or relatives or one of the parents of a child).
Private Joint Stock Company “KIY AVIA”, code 01130578, registered address: 1, Dmytrivska Str., Kyiv, 01054 (hereinafter referred to as the Agency) is committed to protect the privacy of personal information of its customers (hereinafter referred to as the User or the Passenger) who visit Internet site www.kiyavia.com (hereinafter referred to as the Site), make use of the Agency's services and could be identified by any means.
The Agency respects the rights of visitors to the Site. We unambiguously acknowledge the importance of the privacy of personal information of visitors to the Site.
By visiting our Site, registering on the Site as the User, submitting orders and requests for selection of airline tickets, booking and purchasing airline tickets and other services, you accept this Privacy Policy in its entirety.
The present Privacy Policy shall apply to any information about the User that may be available to the Agency during the use of the Agency’s service located in the domain kiyavia.com
The Agency is an “owner of personal data” within the meaning of the Law of Ukraine “On Protection of Personal Data” No. 2297- VI as of June 01, 2010, as well as a “data controller” for the purposes of the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the GDPR) and other applicable European data protection legislation.
The Agency shall process personal data only provided that one of the conditions referred to in Article 6 GDPR is fulfilled, including but not limited to:
- processing is necessary for the conclusion and performance of an agreement which you are a party to or in order to take steps at your request prior to entering into an agreement;
- processing is required by legislation of the countries where air transportation offered by the Agency is prepared.
The mentioned provisions apply to the relationships arising from the provisions of transportation agreement and the public offer agreement for the provision of services of reservation, issuance and sale of airline tickets and supplementary services concluded between the Contractor represented by the Agency and the User — a private individual, subject of personal data.
1. TERMS AND DEFINITIONS
The following terms used in the present Privacy Policy shall have the following meanings:
Personal Data shall refer to any personal information that allows a third party to identify a private individual (subject of personal data).
Identifiable private individual shall mean a person who can be identified, either directly or indirectly, in particular by a reference to identifiers such as name, identification number, location data, online identifier or one or more of the factors unique to physical, physiological, genetic, intellectual, economic, cultural or social identity of a particular private individual.
Subject of personal data is a private individual whose personal data is processed in compliance with the legislation.
Cotroller shall refer to a private individual or a legal entity, a state government body, an agency or any other authority that is authorized to access personal data belonging to the subjects of personal data, and to define the purpose and ways of using personal data.
Personal Data Processing – any action (operation) or a range of actions (operations) performed with personal data with or without the use of automation tools, including collection, recording, systematization, accumulation, storage, refinement (updating, modification), sorting, viewing, exploitation, dissemination or any other type of providing access to the third parties, including employees of a controller, as well as depersonalisation of personal data, blocking, deletion, destruction of personal data.
Privacy of Personal Data – a requirement binding on the Agency or any other person who gained an access to the personal data to prevent its dissemination without the consent of the subject of personal data or other valid grounds.
Site User (hereinafter referred to as the User) is a person who has an access to the Site through the Internet and uses services offered on the Site.
Cookies — a small piece of data sent by a web-server and stored on user's computer that the web-client or web-browser sends to the web-server each time through an HTTP request while attempting to open the page of the corresponding site.
“IP-address” — a unique network address of a node in a computer network built on the IP protocol.
2. GENERAL PROVISIONS
The usage of the services offered on the Site by the User shall mean acceptance of this Privacy Policy and the terms of User's personal data processing.
In case of disagreement with the terms of the Privacy Policy the User must stop using the services offered on the Site.
The present Privacy Policy applies only to the Agency’s Site. The Agency does not control and bear no responsibility for the third party sites which the User can visit by clicking on the links available on the Agency’s Site.
The Agency does not check the authenticity of the personal data provided by the User of the Reservation System.
3. PRIVACY POLICY SUBJECT
The present Privacy Policy sets forth the obligations of the Agency to protect and not to disclose the privacy of the personal data that the User provides when placing order for the services of reservation, issuance and sale of airline tickets and any other services offered on the Agency’s Site.
Personal data of the User authorized for processing under this Privacy Policy includes the following information:
- the surname, first name and patronymic;
- date of birth;
- sex;
- e-mail address;
- telephone number;
- passport details (passport series and number, passport country, passport expiration date);
- place of residence (country, city, address);
- payment card details;
- other information required for the issuance and sale of airline tickets, order of tourism and supplementary services.
The system for reservation, issuance and sale of airline tickets safeguards the information, which is automatically provided in the use of reservation system by the User:
- IP-address;
- information from cookies;
- information about browser;
- time of access;
- address of the current page;
- referrer (address of the previous).
The Site uses the Users identification technology based on the use of cookie files. Сookies shall refer to the small text files that are stored on your computer by web browser.
When the User uses the Site, cookie files can be saved on the computer used by the User to access the Internet that will be further used for automatic authorization at the Site, as well as for collection of statistical data, in particular the Site traffic. Herewith, personal data or passwords are never saved in cookie files by the Agency.
In case the Users consider that the use of cookies technology for one reason or another is unacceptable to them, they are entitled to prevent the saving of cookie files on their computers used to access the Site through the relevant setting in a browser. Herewith, it should be noted that all services in the Internet using the mentioned technology will be unavailable. The Site may contain links to other web-sites. The Agency, first of all, shall bear no responsibility for the privacy policies of such sites. The Agency encourages the Users to be careful when they are leaving the Site, and carefully read the rules on confidentiality of each site, collecting personal information on the User. The present Privacy Policy applies exclusively to the information collected by the Site www.kiyavia.com
The Agency’s Site collects statistics on the visitors’ IP-addresses. This information is used to identify and solve technical problems, to improve the quality and enhance security of the Site.
Any other personal information not specified above (purchase history, browsers and operating systems used, etc.) is to be securely stored and non-distributed, except for cases described in Clause 5 of this Privacy Policy.
4. PURPOSES OF THE USER’S PERSONAL DATA COLLECTION
The Agency collect and can use the User’s personal data in order to:
- Identify the User registered on the Site for the purpose of for placing the Order and entering into an air transportation agreement, introduction of changes to the airline ticket reservation, providing the User with the full range of services offered by the Agency.
- Provide the User with an access to the personalized resources of the Site.
- Establish a feedback with the User, including sending notifications and requests regarding the use of the services of the Site, rendering services, processing requests and applications from the User.
- Determinate user's location in order to ensure security and fraud prevention.
- Confirm the authenticity and completeness of personal data provided by the User.
- Create an account to make purchases, if the User has agreed to create an account.
- Notify the User about the status of the Order.
- Handle and receive payments, contest payments.
- Provide the User with effective client and technical support in case of problems related to the use of the Site.
- Provide the Users with their consent with the information on product updates, special offers, details on prices, newsletters and other information on behalf of the Agency of the Agency’s partners.
Information which is collected and processed by our system
The Agency shall receive the following information from the User:
Types of data | Purpose of use | Where it is transmitted | Retention period |
---|---|---|---|
Browser language | To determine language versions of a site | Not transmitted | Not retained |
Browser type | In order to determine specific parameters to view the site correctly | Transmitted to the reservation systems, if it is a mandatory parameter | Retained in log files for up to 3 years (only for addressing and solving technical problems) |
Internet Protocol address (IP) | To approximately determine a departure airport, closest to the user. In order to restrict the number of attempts required for the security for the operation (protection against guessing) | Transmitted to the reservation systems, if it is a mandatory parameter | Retained in log files for up to 3 years (only for addressing and solving technical problems) |
Search request parameters | To prefill a search form after the page reload or return to the site | Transmitted to the reservation systems in order to receive proposals (search results) | For a week at the most, on the backend, 1 year in the customer’s browser |
Passanger information (upon purchase) | To make a reservation and issue tickets | To the reservation systems and airline companies | 3 months after the service is completed (in encrypted form) |
Passanger information (in personal account) | For data substitution in new orders | Not transmitted | During unlimited period of time, in encrypted form |
The User’s e-mail address (upon purchase) | To make a reservation and issue tickets. To send electronic tickets and letters with orders status | To the reservation systems and airline companies | 3 months after the service is completed (in encrypted form) |
The User’s telephone number (upon purchase) | To make a reservation and issue tickets. To send sms with orders status | To the reservation systems and airline companies | 3 months after the service is completed (in encrypted form) |
The User’s password | For authentication | Not transmitted | During unlimited period of time (until users delete themselves), as a hash sum. |
5. METHODS AND TERMS OF PERSONAL DATA PROCESSING
5.1. The User's personal data processing is carried out without any time limit, in any legal way, including in personal data information systems with or without the use of automation tools.
5.2. The User agrees that the Agency has the right to transfer personal data to the reservation systems and airline companies.
5.3. The User agrees that the Agency has the right to transfer personal data to third parties, in particular courier services, postal organizations, telecommunication operators, only for the purpose of fulfilling the User's order made on the Site.
5.4. The User's personal data can be transmitted to the competent authorities only on the valid grounds and in the order established by the current legislation of Ukraine.
5.5. In case of loss or disclosure of personal data, the Agency shall inform the User about the loss or disclosure of personal data.
5.6. The technical personnel involved in the development and support of the Site shall take all the necessary organizational and technical measures to protect the User's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
5.7. The Angency in collaboration with the User shall take all necessary measures in order to prevent losses or other negative consequences caused by loss or disclosure of the User's personal data.
6. The rights of subjects of personal data
6.1. The rights of the subjects of personal data in accordance with the legislation of Ukraine are as follows:
The personal non-property rights to personal data enjoyed by every individual shall be inalienable and unchangeable.
The Agency hereby informs you that the following rights regarding the personal data processing belong to you in accordance with the legislation of Ukraine:
- to know about the data collection sources, location of yout personal data, purposes of its processing, location or place of residence (stay) of an owner or an administrator of personal data or to to give the relevant instruction for obtaining the mentioned information by the authorized persons, except for the cases prescribed by the legislation;
- to obtain information on conditions on the granting of access to the personal data, including information on the third parties that are provided with your personal data;
- to have access to your own personal data;
- to receive within thirty calendar days from the date of receipt of request, except for the cases prescribed by the legislation, a reply on whether your personal data is being processed, as well as to obtain the contents of such personal data;
- submit a reasoned request to an owner of personal data expressing objection against your personal data processing;
- to submit a reasoned request to any owner or administrator of personal data calling on them to change or destroy your personal data, if such data is processed illegally or is unreliable;
- to protection of personal data against illegal processing and unintentional loss, destruction, damage because of intentional hiding, non-submission or intimely submission, as well as protection against submission of information being unreliable or dishonor, threaten dignity and business reputation of private individual;
- submit complaints against your personal data processing to the Commissioner for Human Rights of the Verkhovna Rada of Ukraine or to the court;
- to apply means of legal defence in the event of violation of personal data protection legislation;
- to submit warning on the restricted right for processing personal data, should the consent be provided;
- to withdraw consent to personal data processing;
- to be enquired with the mechanism of automated processing of personal data;
- to protection against automated decision, which has legal consequences for you.
6.2. Other rights of the subjects of personal data in accordance with the GDPR.
In addition to the Ukrainian personal data protection legislation, the Agency shows consideration for enforcement of your rights established by the GDPR.
Right to know.
We are ready to provide the subjects of personal data with information on which of your personal data is processed by us.
If you want to get to know which of your personal data is processed by us, you can make a request for such information at any time, including by appealing to info@kiyavia.com. You can find the list of data we must provide you in Articles 13 and 14 of the GDPR. Thus, when applying you must state your specific requirements, so we could legitimately consider your request and provide a response.
Please, note that if we are unable to verify your identity by e-mail messages or at your application to the Call Center, or in the case of reasonable doubts concerning your identity, we may ask you to provide a proof of identity, including by personal appearance in the Agency’s office. This is the only way we can avoid disclosing your personal data to a person who can perpetrate your identity.
The Agency shall process your request in the shortest possible time, but at the same time please remember that it is a complex process to provide you a full and legitimate answer in relation to your personal data, that can take up to a month.
7. OBLIGATION OF THE PARTIES
7.1. The User is obliged to:
7.1.1. Provide information on the personal data necessary for the use of the services offered on the Site.
7.1.2. As soon as possible, update and expand the provided personal data in case of its changing.
7.2. The Agency is obliged to:
7.2.1. Use the information received only for the purposes specified in Clause 4 of this Privacy Policy.
7.2.2. Ensure that confidential information is kept secret, not disclosed without the User's prior written permission, as well as does not sell, exchange, publish or otherwise disclose the provided personal data of the User, except for the cases stipulated by Clauses 5.2. and 5.3. of this Privacy Policy.
7.2.3. Take precautions to protect the confidentiality of the User's personal data in accordance with the procedure normally used to protect such information in the existing business.
7.2.4. Block the personal data relating to the relevant User from the moment of the relevant request or application of the User, legal representative of the User or competent authority for the protection of the rights of personal data subjects for the verification period in case of revealing unreliable personal data or illegal actions.
8. LIABILITY OF THE PARTIES
8.1. The Agency, that failed to fulfill its obligations as a resukt of its actus reus, shall be liable for the losses incurred by the User in connection with the misuse of personal data, in accordance with the current legislation of Ukraine, except for cases stipulated by Clauses 5.2., 5.3. and 7.2. of this Privacy Policy.
8.2. In case of loss or disclosure of confidential information, the Agency shall bear no responsibility provided that this confidential information:
8.2.1. Became publicly available before its loss or disclosure.
8.2.2. Was received from a third party before its obtaining by the Agency.
8.2.3. Was disclosed upon the User’s consent.
9. SECURITY
9.1. The Agency shall take reasonable and prudent administrative, physical and technological security measures to protect the User’s personal information from unauthorized access, unauthorized use, and unauthorized or accidental destruction, modification or disclosure. Notwithstanding that the Agency takes commercially reasonable measures to ensure an appropriate level of security, we cannot guarantee the security of information which is provided via the Internet or maintained in our databases.
10. ADDITIONAL CONDITIONS
10.1. The Agency shall have the right to make changes to this Privacy Policy without the consent of the User.
10.2. The new Privacy Policy shall enter into force from the moment it is posted on the Site of the reservation system, unless otherwise is provided for in the new edition of the Privacy Policy.
Contact information
PJSC “KIY AVIA”
Telephone number +38 044 490-490-1
E-mail: info@kiyavia.com
Date of publication: 22/11/2018
Personal Data Protection Authority in Ukraine
The administrative authority in charge of the personal data protection in Ukraine is the Department for Personal Data Protection of the Secretariat of the Commissioner for Human Rights of the Verkhovna Rada of Ukraine. You may submit your complaints or comments thereto if you believe that your rights are violated due to the processing of your personal data.