At flypop we take your privacy very seriously. We use the data to ensure that our flights are safe, your journey with us is made as easy as possible and to help us to make it as affordable for you as we can. When you fly with us we collect a small amount of data about you: for example your name, email address, payment details, passport information, your baggage requirements. We share this information with our partners at the airport and with the security and border control authorities. This helps us and them keep you and other travellers safe.
We are happy to provide any additional information or explanation needed and/or answer any questions you may have.
We suggest and encourage all users to read the policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website, flypop.com you are accepting and consenting to the practices described in this policy.
What information do we collect?
When you use flypop services, you will need to give us your personal details and/or the details of any other individual(s) who will be travelling with you. We collect the following personal information:
- Information you provide to complete and manage a booking you have made with us or a service you have requested from us. This will include your name, address, contact details, email, date of birth, gender and payment information.
- Information collected during your travel with us.
- Information about your travel arrangements.
- Information about the services we have provided to you in the past.
- Information about online registration and other interactions.
- Information about your use of our website, contact centre and mobile applications.
- Information about your device and your location, e.g. if you have been browsing on our website or using our mobile application.
When and why do we collect ‘sensitive personal data’?
Some personal information is sensitive, for example race, ethnicity, religion, health, sexuality or biometric information. Sensitive data are a special category of data requiring additional protection under European Union and UK data protection law. As a general rule, we try to limit the collection and processing of sensitive personal data, however examples of where we may collect and process ’sensitive personal data’ includes the following:
- You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
- You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
- You have otherwise chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through whom you made your booking.
- Biometric information (for example, facial recognition) may be collected during the security clearance process prior to, and after, flying with us.
In addition, you may have requested services (such as a meal) which is not ’sensitive data’ but may imply or suggest your religion, health or other information.
How do we collect information?
We collect personal information about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website or mobile applications, or interact with us via email or use our contact centres.
In addition, we may receive personal information about you from third parties, such as:
- Companies contracted by us to provide services to you.
- Companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
- Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
- Companies who provide details to us under privacy polices providing information to be shared with flypop.
How and why do we use personal information?
We process your personal data for several reasons:
- To manage your account, your booking and your orders.
- To send you status updates and service communications.
- To ensure that we fulfil your travel arrangements and deliver the services you have asked for.
- To manage the boarding process.
- To keep track of you in advance of your flight and at the airport.
- To ensure your safety if you have
- To send status updates and service communications to you.
- To help keep you safe when you fly with us and to meet certain legal and regulatory requirements which apply to flypop as an airline.
- To provide you with additional services that we can tailor to your requirements.
- To carry out marketing and online advertising and keep you informed of flypop products and services.
- To carry out analysis and market research.
- To improve our websites, products and services.
- To improve and monitor our management and administrative processes.
What legal basis do we have for processing your personal data?
The General Data Protection Regulation (GDPR) protects your rights in regard to data and flypop will only process your personal information where we have a legal basis to do so. Under EU and UK data protection laws (GDPR) in almost all cases the legal basis will be because:
- We need to use your information to process your booking, fulfil your travel arrangements and perform our contract with you.
- We need to use your personal information to comply with a legal obligation.
- It is in flypop’s legitimate interests as an airline to use your personal information to operate and improve our business as an airline and travel provider.
- We need to protect your vital interests or those of another person.
- You have consented to flypop using your information.
When do we share personal data?
You will only send you marketing emails where you have provided your consent to so.
We do not sell personal information to third parties, and we only allow third parties to send you marketing information where we have your consent to do so.
We may also share your personal information, or get your personal data from, third parties such as:
- Airports, Government authorities such as Customs and immigration authorities. flypop and other airlines are required by laws in the UK and other countries to give border control agencies and customs authorities access to booking and travel documents when you fly to and from countries and where you may overfly countries to your destination.
- Travel Agents or other companies or organisations through which you made your flypop booking.
- Credit and debit card companies, credit reference agencies. To protect you and us against fraud we will usually share your information with our fraud screening partner to prevent or detect fraudulent transactions.
- Government and law enforcement agencies such as customs and immigration authorities following a valid, legal request.
Third party service providers we use who help us run our business and improve our services and your customer experience. This may include, for example, services that involve data processing to carry out marketing initiatives or run customer surveys on our behalf, ground handling services companies that operate in the airports we fly to, or the company that provides IT support to us.
Third parties, such as law firms and law courts, to enforce or apply any contract with you. Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets. We may provide usage information but not your personal details to other websites so that they know that you have visited our websites
The UK Civil Aviation Authority (CAA) or other national Aviation Authorities may also require us to disclose your personal data to ensure compliance with and enforcement of ATOL regulations and other regulatory requirements.
We may provide usage information including your personal details to marketing agencies to deliver online advertising on websites or social networks.
When required to comply with a legal or regulatory obligation in any jurisdiction we fly to, or over which we fly, whether that obligation arises because of a voluntary act or decision on our part.
Our partners who offer travel related products and services through our website, promote offers or co-organise competitions on our website
From time to time, we make certain third party offers available through our website or we may publish competitions co-organised by third parties. If you choose to purchase products or services offered through our website by third parties, accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party.
Below you will see a list of the parties that offer their products or services through our website and as such your information may be collected by or transferred to them when you purchase their products or services. Please note that this list is not exhaustive and is subject to change:
Where do we store and process personal data?
All information you provide to us is stored on our secure servers. All payment transactions will be encrypted. Where we have given you, or where you have chosen, a password for accessing more secure parts of the Website, you are responsible for keeping this password confidential. Please do not share your password with anyone.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How do we secure personal data?
flypop works closely with our web services partner, Serenity Digital, to make the data we collect is safe and secure and to prevent accidental loss, ensure business continuity and enable disaster recovery. All website and application developments are made following the Open Web Application Security Project (OWASP) standards.
To protect data against accidental loss daily onsite back ups are made in multiple locations (Linode, London and offsite to Amazon S3 in Dublin) to ensure data is secure against accidental loss.
To prevent unauthorised access, use, destruction or disclosure of personal data, access to our web server is restricted to a very limited number of employees and requires public-key authentication on a non-standard port.
To ensure business continuity and disaster recovery our servers are monitored for downtime 24/7 and secure offsite back up ensures capability for disaster recovery.
Only 2 flypop employees have access to Serenity Source CMS which is penetration tested on a regular basis.
We regularly review our systems, processes and chosen technology partners to ensure our strict standards are maintained, the Law is adhered to and our requirements are met.
We regularly conduct privacy impact assessments in accordance with the law and our business policies.
How long do we keep your personal data?
When you book a flight with us we will keep the information related to your booking so we can fulfil the specific travel arrangements you have made. We will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be kept so we can continue to improve your experience with us.
We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. This information is kept by us in all cases for a period of 7 years except in exceptional cases as listed below:
- Payment Card details 2 years
- Advanced Passenger Information 2 years
- Legal Claims and related information 10 years from the date of settlement/judgement
How do we dispose of personal data when we no longer need it?
We will remove your data from our site within 24 hours. It may take up to 14 working days to remove the information from our servers.
Your rights in relation to personal data
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at flypop Ltd, 3rd Floor Endeavour House, Coopers End Road, Stansted, Essex, CM24 1SJ.
You have the right to request us to stop using your personal information where we are doing so under legitimate interests unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.
You have the right to access the personal information we hold on you.
There are some limited exceptions to this right, such as information relating to others who have not consented to the disclosure of their information and information which is legally privileged.
You have the right to correct the personal information that you have shared with us (the 'right of rectification’) if that information is inaccurate. You may be able to update much of it yourself through your own flypop account, including personal and contact details. If you spot any inaccuracies in the report that you can’t fix yourself, please email the details to firstname.lastname@example.org or write to us.
You have the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.
You have the right to ask for personal information which identifies you to be removed (anonymised).
To do this the information that identifies you will be removed our active systems. However, a separate and restricted copy of the identifying information will be kept for 7 years to meet the obligations we have to law enforcement, national authorities and legal proceedings.
Considerations for removing data
We may need to retain certain elements that relate to a contract between you and us because we need it for our own legal and auditing purposes.
We cannot erase your personal information if you have either flown with us in the past 13 months or you hold a forward booking with us. For legal reasons, we need to keep information linked to these flights. You may come back to us once this time period has passed and submit a request.
We cannot erase your personal information if we have identified that you either have an open complaint with us or we hold a previous case for you within the past 6 years. We are required to retain this information in case there is a need to re-open the complaint.
Use of automated decision-making and profiling
How to contact us
All about cookies
Links to other websites and third party content
Latest update: 12 March 2021