Privacy Policy

Data Controller’s Information

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR), we provide the following information. This Privacy Policy governs the data processing of the following websites:

⮚ https://jetnfly.com/

The Privacy Policy is available on the aforementioned website.

DEFINITIONS

1. a) Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
2. b) Data Processing: Any operation or set of operations performed on personal data or datasets, whether automated or not. This includes collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of making data available, as well as alignment, combination, restriction, erasure, or destruction.
3. c) Data Controller: A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. If the purposes and means of processing are defined by Union or Member State law, the law may also specify the data controller or the criteria for its designation.
4. d) Data Processor: A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the data controller.
5. e) Recipient: A natural or legal person, public authority, agency, or other body to whom personal data is disclosed, whether or not they are a third party. However, public authorities that receive personal data as part of a specific inquiry under Union or Member State law are not considered recipients. The processing of such data by public authorities must comply with applicable data protection rules in accordance with the purposes of the processing.
6. f) Third Party: A natural or legal person, public authority, agency, or other body that is not the data subject, data controller, or data processor, and is not authorized to process personal data under the direct authority of the controller or processor.
7. g) Filing System: Any structured collection of personal data that is accessible based on specific criteria, whether centralized, decentralized, or distributed on a functional or geographical basis.

1. h) Data Breach: A security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access to personal data that is transmitted, stored, or otherwise processed.
2. i) Representative: A natural or legal person established in the European Union, designated in writing by the data controller or processor pursuant to Article 27, who acts on their behalf concerning their obligations under this regulation.
3. j) Enterprise: A natural or legal person engaged in economic activity, regardless of its legal form, including partnerships and associations that regularly conduct economic activities.

PRINCIPLES OF DATA PROCESSING

1. Lawfulness, Fairness, and Transparency

The enterprise processes personal data lawfully, fairly, and in a manner that is transparent to the data subject (lawfulness, fairness, and transparency).

2. Purpose Limitation

The enterprise collects personal data only for specified, explicit, and legitimate purposes and does not process it in a manner that is incompatible with those purposes (purpose limitation).

3. Data Minimization

The enterprise ensures that data processing is adequate, relevant, and limited to what is necessary for the purposes for which it is processed (data minimization). Consequently, the enterprise does not collect or store more data than is strictly necessary to achieve the purpose of processing.

4. Accuracy

The enterprise ensures that personal data is accurate and kept up to date. It takes all reasonable measures to promptly delete or correct inaccurate personal data in relation to the purposes of processing (accuracy).

5. Storage Limitation

The enterprise stores personal data in a form that permits identification of data subjects only for as long as necessary to fulfill the purposes of processing, considering legal retention obligations (storage limitation).

6. Integrity and Confidentiality

The enterprise implements appropriate technical and organizational measures to ensure the security of personal data, protecting it from unauthorized or unlawful processing, accidental loss, destruction, or damage (integrity and confidentiality).

7. Accountability

The enterprise is responsible for ensuring compliance with the above principles and must be able to demonstrate such compliance (accountability). To this end, the enterprise enforces this internal policy continuously, regularly reviews its data processing practices, and modifies or supplements them as necessary. The enterprise maintains documentation to demonstrate compliance with legal obligations.

8. Privacy by Design

This principle advocates for a proactive approach to data protection. It requires the Data Controller, both when determining the means of processing and during processing itself, to implement appropriate technical and organizational measures—such as pseudonymization—to effectively enforce the principles, fulfill obligations, and integrate legal safeguards. These measures are systematically and thoroughly documented. In practice, this approach is supported by employee training, raising awareness of data protection, and conducting impact assessments, risk analyses, and legitimate interest assessments when introducing or regularly reviewing data processing activities.

DATA PROCESSING ACTIVITIES

1. Contacting via the email address provided on https://jetnfly.com/

2. Booking or contracting through https://jetnfly.com/ and Jet’n’Fly’s platforms.

3. Newsletter Related to https://jetnfly.com/

4. Use of “Google Ads” Conversion Tracking

The data controller uses the online advertising program “Google Ads” and, within its framework, utilizes Google’s conversion tracking service. Google Conversion Tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).

When a user accesses a website via a Google advertisement, a cookie necessary for conversion tracking is placed on their computer. These cookies have a limited validity period and do not contain any personal data, meaning the user cannot be identified through them.

When the User browses certain pages of the website and the cookie has not yet expired, both Google and the data controller can see that the User has clicked on the advertisement. However, individual users cannot be identified from the aggregate data, meaning no personal data processing takes place.

Each Google Ads customer receives a different cookie, so tracking across the websites of different Ads customers is not possible.

The information obtained through conversion tracking cookies is used to generate conversion statistics for Ads customers who have opted for conversion tracking. This allows customers to see the number of users who clicked on their advertisement and were redirected to a page with a conversion tracking tag. However, they do not receive any information that could be used to identify individual users.

If you do not wish to participate in conversion tracking, you can opt out by disabling the installation of cookies in your browser settings. In this case, you will not be included in the conversion tracking statistics.

For more information and to view Google’s privacy policy, please visit: www.google.de/policies/privacy/

5. Use of “Google Analytics”

Jet’n’Fly Limited Liability Company uses Google Analytics on its websites, a web analytics service provided by Google Inc. (“Google”). Google Analytics utilizes “cookies,” which are text files stored on your computer to help analyze how users interact with the website. These cookies enable the collection of data regarding website usage, which is then processed to generate analytical reports.

The information generated by cookies regarding the user’s interaction with the website is typically transmitted to and stored on a Google server in the USA. However, with IP anonymization enabled on the website, Google shortens the user’s IP address within the member states of the European Union or other states party to the European Economic Area Agreement before storing it. (https://support.google.com/analytics/answer/2763052?hl=en)

The full IP address is only transmitted to and shortened on Google’s servers in the USA in exceptional cases. On behalf of the website operator, Google will use this information to analyze how the user interacts with the website, generate reports on website activity for the operator, and provide other services related to website and internet usage.

Within Google Analytics, the IP address transmitted by the user’s browser is not combined with other data from Google. Users can prevent cookies from being stored by adjusting their browser settings; however, please note that in this case, some features of the website may not function fully. Additionally, users can prevent Google from collecting and processing data related to their website usage (including the IP address) by downloading and installing the browser plugin available at the following link. https://tools.google.com/dlpage/gaoptout?hl=hu

6. The Use of “Cookies”

7. The Social Media Pages

8. Other data processing activities

If the data controller receives any questions or if the data subject encounters any issues while using our services, they can contact the data controller through the provided means on the website (phone, email, social media, etc.).

The data controller will delete the emails, messages, and data provided via phone, Facebook, etc., including the data subject’s name, email address, and any other voluntarily provided personal data, within a maximum of 2 years from the date of communication.

For data processing activities not listed in this notice, we will provide information at the time of data collection.

In the case of exceptional requests from authorities or when authorized by law, the service provider is obliged to provide information, share data, transfer data, or make documents available to other bodies.

In such cases, the Service Provider will only disclose personal data to the requesting party to the extent and for the purposes necessary to fulfill the request, provided that the purpose and scope of the data are clearly specified.

The Data Controller has separate regulations (PCI DSS A, B, C) regarding the forms, methods, and data security used for payment of service fees.

9. The hosting service provider and website operator
10. Activity performed by the data processor: Hosting service, website operation
11. Name and contact information of the data processor:

Milcomp Services Kft.

Headquarters: 2030 Érd, Csaba utca 67

Company Registration Number: 13-09-192367

Tax Number: 26283535-2-13

Website: http://www.travelgate.hu/

Email: [email protected]

3. The fact of data processing, the scope of data processed: All personal data provided by the data subject.

4. The scope of the data subjects: All individuals using the website.
5. The purpose of data processing: To make the website accessible and ensure its proper operation.

6. Duration of data processing, deadline for data deletion: The data processing lasts until the termination of the agreement between the data controller and the hosting provider, or until the data subject submits a deletion request to the hosting provider.

7. Legal basis for data processing: The user’s consent, Section 5(1) of the Infotv., Article 6(1)(a) of the GDPR, and Section 13/A(3) of Act CVIII of 2001 on certain issues of electronic commerce services and services related to the information society.

RIGHTS OF THE DATA SUBJECT

The data subject may request information about the processing of their personal data, as well as request the correction of their personal data, or – with the exception of mandatory data processing – their deletion, withdrawal of consent, restriction of processing, and may exercise their right to data portability and objection in the manner indicated at the time of data collection, or through the data controller’s customer service.

For the data processing described in this notice, the data controller is Jet’n’Fly Limited Liability Company.

Right to Information

At the request of the data subject, Jet’n’Fly Limited Liability Company will take appropriate measures to ensure that all information related to the processing of personal data, as mentioned in Articles 13 and 14 of the GDPR, and all notifications pursuant to Articles 15–22 and 34 are provided to the data subject in a concise, transparent, comprehensible, and easily accessible form, clearly and understandably worded.

Right of Access by the Data Subject
The data subject has the right to obtain confirmation from the data controller as to whether their personal data is being processed, and if such processing is ongoing, the right to access the personal data and the following information: the purposes of the data processing; the categories of personal data concerned; the recipients or categories of recipients to whom or with whom the personal data have been or will be disclosed, including in particular third-country recipients and international organizations; the planned duration of the storage of personal data; the right to rectification, erasure, or restriction of processing, and the right to object; the right to lodge a complaint with a supervisory authority; information on the sources of the data; the fact of automated decision-making, including profiling, as well as meaningful information about the logic involved and the significance and the anticipated consequences of such processing for the data subject. In case of the transfer of personal data to a third country or an international organization, the data subject has the right to be informed of the appropriate safeguards regarding the transfer.
Jet’n’Fly Limited Liability Company will provide the data subject with a copy of the personal data subject to processing. For any additional copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

Upon request by the data subject, Jet’n’Fly Limited Liability Company will provide the information electronically. The right of access may be exercised in writing through the contact details provided on page 2 of this notice.

Upon request, the data subject may also receive oral information after verifying their identity and confirming their identification.

Right to Rectification

Jet’n’Fly Limited Liability Company will rectify personal data if it is inaccurate and if the correct personal data is available to them.

Right to Erasure

The data subject has the right to request the erasure of their personal data by Jet’n’Fly Limited Liability Company without undue delay if any of the following reasons apply:

• Personal data is no longer needed for the purposes for which it was collected or otherwise processed
• The data subject withdraws their consent, and there is no other legal basis for the data processing;
• The data subject objects to the processing of their data, and there are no overriding legitimate grounds for the processing;
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the data controller;
• The personal data was collected in connection with the offering of information society services.

Data deletion cannot be initiated if the data processing is necessary for the following purposes: the exercise of the right to freedom of expression and the right to information; the fulfillment of a legal obligation imposed on the data controller under Union or Member State law, or the performance of tasks carried out in the public interest or in the exercise of official authority vested in the data controller; public health purposes, or archiving, scientific, historical research, or statistical purposes in the public interest; the establishment, exercise, or defense of legal claims.

Right to Restrict Processing

Upon the data subject’s request, Jet’n’Fly Limited Liability Company shall restrict the processing of personal data if any of the following conditions are met:

• The data subject contests the accuracy of the personal data; in this case, the restriction will apply for the period necessary to verify the accuracy of the personal data;
• The processing is unlawful, and the data subject opposes the deletion of the data and instead requests the restriction of its use;
• The data controller no longer needs the personal data for processing purposes, but the data subject requires the data for the establishment, exercise, or defense of legal claims;
• The data subject has objected to the processing; in this case, the restriction will apply until it is determined whether the legitimate grounds of the data controller override the rights and freedoms of the data subject.

If the processing is restricted, the personal data may only be processed, apart from storage, with the data subject’s consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of substantial public interest of the Union or a Member State. Jet’n’Fly Limited Liability Company shall notify the data subject in advance about the lifting of the restriction on processing.

Right to Data Portability

The data subject has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used, machine-readable format, and to transmit those data to another data controller.

Right to Object

The data subject has the right to object at any time, on grounds relating to their particular situation, to the processing of their personal data carried out in the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller, or for the purposes of the legitimate interests pursued by the data controller or a third party, including profiling based on these provisions.

In the event of an objection, the data controller may no longer process the personal data unless there are compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If the personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing, including profiling related to such direct marketing. In the case of an objection to the processing of personal data for direct marketing purposes, the Jet’n’Fly Limited Liability Company will no longer process the data for this purpose.

Automated Decision-Making in Individual Cases, Including Profiling

The data subject has the right not to be subject to a decision based solely on automated data processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. This right does not apply if the processing is necessary for the performance of a contract between the data subject and the data controller; if the decision is authorized by Union or Member State law applicable to the data controller, which also provides appropriate measures to protect the data subject’s rights and freedoms and legitimate interests; or if the decision is based on the explicit consent of the data subject.

Right to Withdraw Consent

The data subject has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the data processing based on consent before its withdrawal.

Procedural Rules

The data controller will inform the data subject about the measures taken in response to a request under Articles 15–22 of the GDPR without undue delay, but no later than one month from the receipt of the request. If necessary, considering the complexity of the request and the number of requests, this deadline may be extended by an additional two months.

The data controller will inform the data subject about the extension of the deadline, including the reasons for the delay, within one month of receiving the request. If the data subject submitted the request electronically, the information will be provided electronically, unless the data subject requests otherwise.

If the data controller does not take action based on the data subject’s request, they will inform the data subject without undue delay, but no later than one month from the receipt of the request, about the reasons for the lack of action, as well as the data subject’s right to lodge a complaint with a supervisory authority and to exercise their right to judicial remedy.

Jet’n’Fly Korlátolt Felelősségű Társaság will provide the requested information and clarification free of charge. However, if the request is clearly unfounded or, in particular, excessive due to its repetitive nature, the data controller may charge a reasonable fee based on the administrative costs involved in providing the requested information or taking the requested action, or may refuse to take action on the request.

The data controller informs all recipients with whom the personal data has been shared about any corrections, deletions, or data processing restrictions made, except where this proves impossible or would require an unreasonable amount of effort. Upon the data subject’s request, the data controller will inform them of these recipients.

The data controller provides a copy of the personal data subject to processing to the data subject. For any additional copies requested by the data subject, the data controller may charge a reasonable fee based on administrative costs. If the data subject submitted the request electronically, the information will be provided in electronic format, unless the data subject requests otherwise.

Compensation and damages

Any person who suffers material or non-material damage as a result of a violation of the data protection regulation is entitled to compensation for the damage suffered from the data controller or the data processor. The data processor is only liable for damages caused by the data processing if it failed to comply with the specific obligations imposed on data processors by the applicable law, or if it disregarded or acted contrary to the lawful instructions of the data controller. If multiple data controllers or multiple data processors, or both the data controller and the data processor, are involved in the same data processing and are liable for the damage caused by the data processing, each data controller or data processor is jointly and severally liable for the full amount of the damage. The data controller or data processor is exempt from liability if it proves that it is not responsible for the event that caused the damage in any way.

Complaint

If you have any questions or concerns regarding the data processing by Jet’n’Fly Korlátolt Felelősségű Társaság, please feel free to contact us using the contact details provided on page 2 of this privacy notice.

Complaint Filing Opportunity

If you believe there has been a violation of your rights by the data controller, you can file a complaint with the National Authority for Data Protection and Freedom of Information:

This notice will come into effect on October 24, 2024.

Privacy Policy – Hungarian Version