GDPR Compliance Policy

Effective Date: December 30, 2025
Last Updated: December 30, 2025

This GDPR Compliance Policy explains how My Flights Portal, Inc. (“My Flights Portal,” “we,” “us,” “our”) processes personal data of individuals located in the European Economic Area (EEA), United Kingdom (UK), and Switzerland (together, “Europe”) when they use www.myflightsportal.com or contact our support team. It is intended to describe your rights and our practices under the EU GDPR and, where applicable, the UK GDPR.

This policy should be read together with our Privacy Policy, Cookie Policy, Terms & Conditions, and related policies available on our website.

1) Who We Are (Data Controller)

For the purposes of GDPR, My Flights Portal, Inc. is the data controller for personal data processed through our website and customer support operations.

Company Information

Legal Entity: My Flights Portal, Inc.
Company Number: 7421435
Registered Address: 1142 Hicksville Rd, Massapequa, NY 11758 | US
Website: www.myflightsportal.com
Email (Privacy Requests): Support@myflightsportal.com

If you are contacting us specifically about data protection, please write “GDPR Request” in the subject line.

2) Scope

This policy applies when you:

• Visit or use our website (including browsing, searching, booking, and chat)
• Contact us by phone, email, or live chat
• Request post-booking support (changes, cancellations, ticket status, etc.)
• Interact with our advertisements or marketing campaigns (where permitted)

3) What Personal Data We Collect

Depending on how you use our services, we may collect:

A) Identity & Contact Data

• Name, email address, phone number
• Billing contact information
• Account or booking identifiers (order/booking reference)

B) Booking & Travel Data

• Itinerary details (routes, dates, airline, passenger counts)
• Passenger details required for booking/ticketing (such as name as on passport, date of birth, nationality, gender, passport details if required by airline/supplier for international travel)
• Special service requests (e.g., assistance requests) if you provide them

C) Payment & Transaction Data

• Payment status, transaction identifiers, timestamps, fraud-screening results

We do not intend to store full card numbers/CVV in our systems. Payments are processed through payment services and secure systems.

D) Technical & Usage Data

• IP address, browser type, device identifiers, operating system
• Pages visited, time spent, clicks, referral URLs
• Cookies and similar technologies (see Cookie Policy)

E) Communications Data

• Emails, chat messages, call recordings (where permitted by law), and support notes
• Verification or security checks (when required to prevent fraud)

4) Why We Use Your Data (Purposes)

• Provide flight search and booking services
• Process reservations and support ticket issuance through suppliers/partners
• Send booking updates, confirmations, and service communications
• Provide customer support (including after-sales services)
• Prevent fraud, secure transactions, and protect users
• Improve website performance and user experience
• Comply with legal obligations (accounting, tax, regulatory requests)
• Conduct advertising measurement and marketing (only where permitted and based on your choices)

5) Legal Bases for Processing (GDPR Article 6)

A) Performance of a Contract

To provide booking services, manage reservations, and support post-booking requests.

B) Legal Obligation

To meet legal, regulatory, tax, accounting, and compliance requirements.

C) Legitimate Interests

To operate our business safely and efficiently, such as:

• Fraud prevention and transaction security
• Quality assurance and service improvement
• IT security and abuse prevention
• Limited marketing and measurement (where appropriate)

We balance our legitimate interests against your privacy rights.

D) Consent

Where required (especially for non-essential cookies/advertising technologies) we rely on your consent. You may withdraw consent at any time.

6) Ticketing, Suppliers, and Partners

My Flights Portal is an independent Online Travel Agency (OTA). We facilitate bookings as an intermediary between travelers and airlines/suppliers.

• Fares and availability may be retrieved in real time via supplier systems/APIs.
• Ticket issuance may be fulfilled through airline consolidators and ticketing partners.
• To complete a booking and provide support, we may share relevant booking data with airlines, suppliers, consolidators, or partner systems as required to fulfill your request.

7) Customer Support & Offshore Operations

To provide timely assistance and 24/7 coverage, customer service and back-office support operations may be handled by trained teams, including offshore support operated by:

Sky Rebate Travels Pvt Ltd (www.skyrebate.com)

These operations are conducted under strict privacy, security, and access-control guidelines defined by My Flights Portal. Access is limited to what is necessary for support and servicing.

8) Payment Security & PCI Practices

We take payment security seriously. Our environment follows PCI-focused security practices and includes external scanning/validation activities by ASV Backbone Security, Inc. This supports ongoing vulnerability monitoring and secure system maintenance.

9) Cookies, Analytics, and Advertising

We use cookies and similar technologies to operate the site, keep it secure, and (where permitted) measure and improve performance and advertising.

• Essential cookies are required for core functionality and security.
• Non-essential cookies (analytics/advertising) are used only where allowed and, when required, based on your consent.

You can manage cookie preferences through browser settings and, where available, our cookie controls. Please see our Cookie Policy for details.

10) Who We Share Data With

• Airlines, GDS/suppliers, consolidators, ticketing partners (to fulfill bookings)
• Payment processors and fraud-prevention providers (for secure transactions)
• Customer service tools (live chat, ticketing/helpdesk systems)
• Hosting, security, and IT service providers
• Analytics and advertising providers (where permitted and based on your choices)
• Legal/regulatory authorities where required by law

We do not sell personal data. We do not allow vendors to use your data for their own unrelated purposes.

11) International Data Transfers (Outside Europe)

Because we are based in the United States and may use global service providers, your data may be processed outside the EEA/UK/Switzerland.

When we transfer personal data internationally, we take steps intended to apply appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs) or other approved mechanisms (where applicable)
• Vendor security and confidentiality obligations
• Access controls and data minimization

12) Data Retention

We retain personal data only as long as necessary for:

• Booking fulfillment and support
• Legal, accounting, tax, and compliance obligations
• Fraud prevention and dispute handling

Retention periods can vary depending on the type of data and legal requirements. When data is no longer needed, we delete it or anonymize it where appropriate.

13) Security Measures

• Access controls and role-based permissions
• Secure systems and monitoring
• Encryption and secure transmission where appropriate
• Security reviews and vulnerability monitoring
• Staff and vendor confidentiality requirements

No method of transmission or storage is 100% secure, but we work to maintain reasonable protections.

14) Your GDPR Rights

If you are in Europe, you may have the right to:

• Access your personal data
• Rectification (correct inaccurate data)
• Erasure (“right to be forgotten”), where applicable
• Restriction of processing, in certain cases
• Data portability, where applicable
• Object to processing based on legitimate interests or direct marketing
• Withdraw consent at any time (for processing based on consent)
• Lodge a complaint with your local data protection authority

Some rights are subject to exceptions (for example, legal obligations or fraud prevention).

15) How to Exercise Your Rights

To submit a GDPR request, contact us at Support@myflightsportal.com with:

• Your full name
• The email/phone used for booking or contact
• Booking reference (if available)
• The right you want to exercise (access, delete, correction, etc.)

For security, we may need to verify your identity before processing the request. We may refuse or limit requests where permitted by law (e.g., to protect others’ rights or comply with legal obligations).

16) Automated Decision-Making

We may use automated tools to help with fraud prevention, security screening, and risk checks. These tools are designed to protect customers and the business. If you believe a decision significantly affects you and you want human review, contact us and we will review where applicable.

17) Children’s Data

Our services are intended for users who can legally enter into contracts. We do not knowingly collect personal data from children without appropriate consent. If you believe a child has provided personal data, contact us to request deletion.

18) Updates to This Policy

We may update this GDPR Compliance Policy periodically. Updates will be posted on this page with revised dates.

19) Contact

My Flights Portal, Inc.
1142 Hicksville Rd, Massapequa, NY 11758, United States
Website: www.myflightsportal.com
Email: Support@myflightsportal.com