You’ve chosen BANK TRANSFER as your payment method.
! Please note that it may take up to one business day for your payment to be processed. Once confirmed, we’ll send you an email with your ticket and payment confirmation.
Personal data protection (Privacy policy)
We at Businessfly.org take your privacy very seriously. Currently, we comply with the Regulation №. 2016/679, the General Data Protection Regulation, also known as GDPR, which sets the highest privacy and data protection standard in the world. In this Privacy Policy we explain what data we collect from you, why we collect it, how we use it and with whom we might share it. It also explains what rights you as a data subject have and how you can fulfill them.
We, as the Data Controller, are the company Businessfly LLC, with a registered office at 010010, Kazakhstan, city of Astana, Nura district, Zilkhan Nurshaiykov street, building 10/1.
Company ID №: 230340043764.
Some terms that we use in this Privacy Policy
Personal Data: any information relating to a directly or indirectly identified or identifiable natural person. That means that if we possess means to identify either you or even the device you’re using, any information that we can connect to you will be treated as Personal Data.
Data Controller: someone that determines the purposes and means of processing Personal Data. For example, we are a Data Controller when we process your Personal Data for the purposes stated in this Privacy Policy.If you choose to book a ticket through our website or app, we will be sending your Personal Data to another Data Controller – the carrier or the provider of other services – who will again use your Personal Data for its own purposes. Each Data Controller should have a Privacy Policy such as this one where you can learn about how your Personal Data is processed. You can see the overview of Data Controllers with whom we might share the data below.
Data Processor: a third party that only helps to achieve the purposes determined by the Data Controller. For example, we as a Data Controller use many third-party services to which we outsource some parts of our activities that we don’t do ourselves for various reasons such as cost-efficiency. A Data Processor is only allowed to process your Personal Data according to our documented instructions.
Third Countries: countries in which the GDPR regime is not applicable. Currently, by Third Countries, we mean all countries that lie outside of the European Economic Area.
What Personal Data do we collect?
We collect your Personal Data directly from you, either when you provide us your Personal Data or gather them by ourselves when you use our services or you are in touch with us. Depending on the processing purpose, we may process the following categories of Personal Data.
| CATEGORY OF PERSONAL DATA | DESCRIPTION |
|---|---|
| Identification information | Information used to identify you as a natural person, such as your name, surname, gender, nationality, billing address, and date of birth. |
| Contact information | Information used to contact you, such as your email address and telephone number. |
| Your online behavior while interacting with us | Your behavior on our website i.e. what you visited, how long you stayed, what you clicked on, etc. We also track your interactions with the emails and notifications that we send you, such as if you open the email or if you click on any of the links that it contains. |
| Device and network metadata | Information about the device that you used to access our website or the device on which our app is installed, your network connection metadata, and also information derived from these data. This information includes, for example, your operating system, web browser, screen resolution, IP address, etc. |
| Precise location | The precise location of your device based on the data provided by the geolocation technology of your device. We will only process this Personal Data if you give us your specific consent and it is necessary to provide you with some feature of our website or app which requires access to the precise location of your device, e.g., sending you relevant information about your trip based on your current location. It also might be necessary to access the information about your precise location in the background, i.e., even if you don’t have the app open. You will always be informed about this when giving your consent. |
| Information about your order(s) | Details of your order, i.e., all that you choose in the order form and what you later change or purchase as an addition to the original order. If you order a special assistance service or if you submit a cancellation request out of medical reasons, we will process your health data as necessary for the provision of these services. |
| Travel document information | Number and expiration date of the ID or Passport (depending on which one you give us). |
| Payment information | Information which you give us to execute the payment. Usually, this means the payment card details. We never store the payment card details in a non-encrypted form. |
| Documents necessary to be provided with the brokered service | Documents that we get from the provider of the service which we broker for you, such as the boarding passes or the e-tickets. |
| Information about your requests and your communication with us | All of the text and voice communications exchanged between you and Businessfly.org in connection to your requests (e.g., customer support cases), metadata, and notes generated by our systems and agents. |
| Your settings |
Some settings of the website or in the app which you have made, such as the language, preferred choices like currency, destination and others, or cookie settings. Your settings also include flight ancillary preferences, such as baggage and seating, stored from your previous Bookings. In subsequent Bookings, we will give you the option to apply all your saved flight ancillary preferences at once to save you time. |
For what purposes do we use your Personal Data?
Users
Whenever you access our website, we process your Personal Data for the purposes defined below:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA |
|---|---|---|
| Delivering the functionalities of the website | We will process your Personal Data so that we’re able to deliver you the functionalities of our website and also that we’re able to personalize our website to make your interaction with us easier and more efficient. |
Your online behavior while interacting with us Device and network metadata Your settings General location Identification information Information about your Booking(s) |
| Product development, service improvement, and business development | We constantly strive to improve our product and services. To be able to do that, we need precise data about your interactions with us. Therefore, we collect data about the occurrence of any technical issues, data about your device and your network identifiers along with your behavior on our website and in the app and your general use of our services. We analyze all this data and use it to create or modify our features and processes. We use data also to grow our business. Whenever we need to reach a business decision, we look at data that is generated by our most important variable — our customers. |
Your online behavior while interacting with us Device and network metadata Information about your Booking(s) Information about your requests and your communication with us |
| Direct marketing |
To provide you with the best offers and to maximize our marketing efficiency, we process your Personal Data for the purposes of direct marketing (sending commercial communication and related processing activities). We do so if you subscribed to our offers (on the basis of your consent) or if you used our services and have not rejected (opt-out) our offers. Besides your contact details, we also keep data like your transaction and travel history, travel preferences, and other data about your interaction with us that help us with customer segmentation and personalization of these offers. For example, we might tailor a special offer just for you based on your previous Bookings. We will never share your contact details with other Data Controllers without your knowledge, and we will only contact you with offers that are linked to our main business. |
Your online behavior while interacting with us Account information Device and network metadata Identification information (if entered into the fields) Contact details (if entered into the fields) Your settings |
| Online advertisement |
To provide you with the best offers and to maximize our marketing efficiency, we also display ads on Businessfly.org and third-party websites that are tailored for you based on your Personal Data. It might, therefore, happen that you will see advertisements that offer booking of transportation via Businessfly.org elsewhere on the internet. Advertisement networks. Besides our internal marketing database, we also use various third-party advertisement networks, such as Google Ads. These networks allow us to show you relevant ads on different places around the internet. This is done by assigning you an encrypted identifier and storing it in a cookie on your device. When you go to a website that is served ads via one of the companies working with our partner ad network, they will recognize this identifier and show you offers according to our specifications. Targeting on third-party platforms. To reach our users with our offers, we also use third-party platforms, such as Meta for Business or Google Ads. When you visit our website and book with us, we share an encrypted identifier (e.g. encrypted email address) with these platforms’ providers allowing them to match your profile on these platforms with our records. Because of this, we can show you tailored offers directly on these platforms using their advertising services. So, for example, if you search for a flight on Businessfly.org, don’t buy it, and the price goes down, we might show you an offer for this specific flight on third-party websites. These platforms are: Facebook (Meta for Business) by Meta Platforms Ireland Ltd, Google Search (Google Ads) by Google Ireland Limited, and TikTok by TikTok Technology Limited. If you don’t have a profile on these platforms, they won’t receive any information about you. Lookalike features. Some of the advertisement services which we use, namely Meta for Business and Google Ads, also provide the so-called “lookalike audiences” features. These features allow us to find users who might be interested in our services based on similarities to our existing users. We are then again able to target those users with our offers. This means that if you give us your consent, these services will analyze your profiles and find us other profiles based on common attributes. When using these features, we never gain direct access to any personal data or the profiles – this is all done by the service providers in the background and we only get the option to target our ads to a wider audience. |
Your online behavior while interacting with us Account information Device and network metadata Your settings |
| Marketing analytics | To improve our marketing campaigns in general, we perform analyses to help us see which campaigns work and how they contribute to our conversion rates. Additionally, we analyze your interactions with Businessfly.org to send you offers that will be relevant for you. |
Your online behavior while interacting with us Device and network metadata General location |
| Establishment and exercise of legal claims and defence against them | To be able to exercise our legal claims arising out of your use of our website/app in breach of our Terms of Service or use in breach of some statutory obligation and to be able to defend ourselves against legal claims raised by you, we will store your Personal Data for at least 4 years from the point of your use of the website / app. |
Identification information Your online behavior while interacting with us Device and network metadata Account information Contact details (if entered into the fields) Your settings |
| Information security |
To protect ourselves against various security threats that try to exploit vulnerabilities in our security and hurt our business, and to protect our users against unauthorized use of Businessfly.org, we need to process Personal Data of our users. To this end, we collect and process the Personal Data of our users and, in some cases, also share it with the providers of our third-party information security solutions, such as CloudFlare. We also process your Personal Data so we are able to show you and allow you to stop your active sessions – Account Takeover (ATO) Protection. |
Your online behavior while interacting with us Device and network metadata |
Customers
When you order any of our services, we will continue to process your Personal Data for the purposes explained above. The scope of the processed Personal Data for these purposes will, however, also include the Information about your Booking(s) and Information about your requests and your communication with us. Besides this, we will process your Personal Data for the following purposes:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA |
|---|---|---|
| Ordering & Provision of services |
The main reason we collect and use your Personal Data is to conclude an agreement with you and to provide you the services you have ordered. Depending on the extent to which you use our services, we will process your Personal Data in a way that is necessary to enter into and fulfill our Agreement as described in our Terms of Service. The services that we provide include, primarily, the brokering of a contract of carriage and related services between you and the selected carrier. We may also process your Personal Data for this purpose when providing you with the service of enforcement of your claims against carriers. To achieve this purpose, we need to share your Personal Data with the carriers with whom you will enter into a contract of carriage and, in some cases, also with operators of ticket marketplaces, such as the Global Distribution Systems. Additionally, to pay for the tickets, we will use your name and surname to generate a single-use virtual payment card, which we use for the financial settlement with the transport provider. If you order additional service Special assistance or when you ask us for a refund due to health issues, we will process your Personal Data concerning health. In the case of the Special assistance service, we will share it with the carrier of your choice. During the ordering process, you will be asked to give your explicit consent with the processing of this Personal Data. However, please note that if you withdraw the consent with the processing of your Personal Data for the purpose of the Special Assistance additional service, we won’t be able to provide you with any subsequent support related to this service. It may also happen that you choose to order another service that we or our partners offer on our website or in our app, such as insurance or accommodation. We will process your Personal Data as required to enter into a contract with you and to provide you with the ordered service or (if the service is provided by our partner) to enable you to enter into the contract with the service provider and to do our part in the contractual relationship between you and the third-party service provider. |
Identification information Contact information Information about your Booking(s) Passport or ID card information Passport or ID card copy Payment information Documents necessary to be provided with the brokered service |
| Fraud prevention |
When you book a ticket or order any other service through our website, during the payment transaction, we use a third-party service that helps us prevent fraudulent behavior. This is a very common process that happens nearly every time you order something online. For this to be possible, we will transfer your Personal Data momentarily to a third-party provider of fraud-checking service. However, this is not something to worry about, the whole transaction is completely secure, and we use one of the best and most common fraud-prevention tools. These third-party service providers (currently we use products from the company Forter, Inc. ) use the Personal Data, which they collect to build a database of online fraudulent behavior. They then compare this database with the behavior of the end-users of their clients. Whenever they detect similar behavioral signs, they can tell the clients to reject payments done by fraudsters. Furthermore, to prevent attempts for fraudulent chargebacks, if you report fraudulent purchase through your bank, we might check your social media to see, whether you have some sort of connection to the person who ordered the ticket to make sure that it is not an attempt to get the money for the ticket back by fraud. We will only process limited information about your connection to the person, who ordered the ticket, and whether you, by any chance, have not published some information connected to the journey (e.g., photos from the airport taking a flight). |
Identification information Contact information Information about your Booking(s) Payment information Your online behavior while interacting with us Device and network information Publicly available information related to your Booking |
| Customer support | Customer support is a big part of our services. We will record all of our communication through all channels, such as email, chat, and phone calls, in order to provide you with the service that you require. Part of our customer support is also helping our customers with potential legal issues with the carriers (in case of missed flights and similar situations). For this, we have partnered with a third-party service provider. When you have a legal problem, we will send this provider your email address, and you will be contacted with an offer to help you exercise your claims. We also use third-party AI services to help our agents with the resolution of your cases. For example, when you contact us, we may use these tools to summarize the previous communication between you and other agents to have a quick overview of the case’s history. For certain requests, our AI assistant may provide an immediate response. In such cases, you will always be informed about the AI assistant’s involvement. If any action is taken by the AI assistant based on your request, you will be asked to confirm that action before it is finalized. |
Identification information Contact information Information about your Booking(s) Passport or ID card information Passport or ID card copy Information about your requests and your communication with us |
| Sharing information with metasearch engines | If you get to our booking page through a third-party search engine (so-called metasearch), we will let the operator of this metasearch know that you have successfully finished the booking, which you have found on their site. |
Contact details Information about your Booking(s) |
| Establishment and exercise of legal claims and defense against them | We store and process your Personal Data to establish and exercise legal claims, or defend against them. Whenever you book a ticket or order any other service, we will keep all relevant data for potential future legal claims that you or we could have, especially in judicial and other proceedings and when recovering or selling claims you assigned to us, for at least 4 years from the point of the creation of the corresponding order. Similarly, if you send us a data protection request, we will also store all the data you give us and the data about our handling of the request for this purpose. |
Identification information Contact information Information about your Booking(s) Passport or ID card information Payment information Your online behavior while interacting with us Device and network information Publicly available information related to your Booking Information about your requests and your communication with us |
| Compliance with legal obligations | We need to process some of your Personal Data to fulfill certain legal obligations that are applicable to us. Because this is a legal necessity, we do not need to obtain your consent for it. For this purpose, we will process your identification and contact information and information about your bookings. The main legal obligations we need to do this for arise from Act No. 89/2012 Coll, the Civil Code, Act No. 634/1992 Coll, on the protection of consumers, Act No. 235/2004 Coll, on Value Added Tax and Act. 563/1991 Coll, on Accounting. If you send us a data protection request to fulfill one of your rights, we will ask you for some personal data which we will then process to achieve compliance with the applicable law. |
Information about your Booking(s) Information about your requests and your communication with us |
Co-travelers
If someone orders a service from Businessfly.org for you (for example, books a flight ticket with your name), we will process your Personal Data, even if you’re not a direct customer. Your Personal Data will be processed for the following purposes:
| NAME | DESCRIPTION | CATEGORIES OF PERSONAL DATA |
|---|---|---|
| Ordering & Provision of services | If someone orders our services for you, we will process your Personal Data as necessary for the provision of this service. |
Identification information Contact information Information about your Booking(s) Passport or ID card information Passport or ID card copy |
| Establishment and exercise of legal claims and defense against them | To be able to defend ourselves against legal claims raised by you in connection with our provision of the services, we will store your Personal Data for at least 4 years from the point of the creation of the corresponding Booking |
Identification information Contact information Information about your Booking(s) Passport or ID card information |
| Delivering the functionalities of the website | If someone interacts with the website to order services for you, we will process your Personal Data so that we’re able to personalize our website or app for this person to make their interaction with us easier and more efficient. For example, we can personalize the booking process when we know that you travel as a group. |
Identification information Information about your Booking(s) |
Who do we share your Personal Data with and why?
Sharing data with other Data Controllers
In some cases, we will share your Personal Data with third parties for their purposes. For example, we send your data to the carriers with which you, through our brokerage services, enter into a contract of carriage and whose identity will be made known to you before you enter into the agreement with us or with a provider of other services under the same conditions. In some cases, we also share your Personal Data with the operators ticket marketplaces, such as the Global Distribution Systems.
This means that your Personal Data may be disclosed to selected carriers or providers of other services in Third Countries. You can learn more about transferring your data to Third Countries.
Each selected carrier and provider of other services will treat your Personal Data in accordance with their own Privacy Policy (which is published on every carrier’s website). Disclosure of Personal Data to all service providers will be done in accordance with the applicable Personal Data laws and regulations.
If you give us your consent through our cookie settings, we will share some of your data with our partners for marketing purposes.
Sharing Data with Data Processors
There are many activities that we need completed but can’t do by ourselves. Therefore, we use third-party partners to help us. In many such situations, the partners logically couldn’t manage without your Personal Data. Because of this, we share it with them. However, in all cases like this, we remain controllers of your Personal Data and they act as processors.
That means that even though they are in possession of your data, they can only process it for our purposes and we are always in charge of it. They cannot under any circumstances use the data for their own purposes or to use the data in a way that would go against our agreement.
Furthermore, we only use partners that have given us sufficient guarantees that they comply with the legal requirements and that your data will be always kept safe.
How long do we store your Personal Data?
In general, we will process your Personal Data until we don’t need it for any of the purposes defined in this Privacy Policy. Usually, we process your Personal Data for the duration of statutory limitation period, which is generally 3 years, plus an additional 1 year because of the time reserve necessary for delayed deliveries of notices and our additional actions.
For the purpose of legal obligations fulfillment, we process your Personal Data for the duration required by the applicable law, e.g. 10 years for archiving of invoices.
For the purpose of personalized offers, you will periodically get email offers from us, and in every email, there will be a clear and easy way to unsubscribe and therefore object to this type of processing. We will keep and use your Personal Data for this purpose until you unsubscribe.
Transferring your data outside of the European Economic Area
If we need to, we may transfer your Personal Data outside of the EEA. This will happen when you want to book a ticket with a carrier from a Third Country or when you order a service from a provider based in a Third Country. Naturally, we need to transfer your data to these third parties because without it, the provision of ordered services would not be possible. We may also transfer your Personal Data outside of the EEA to Data Processors located in Third Countries.
For transfers to recipients in countries where we cannot rely on the decision of the adequate level of protection according to Art. 45 of the GDPR or appropriate safeguards according to the Art. 46 of the GDPR, we will transfer your Personal Data based on the exception in the Art. 49 Para. 1 Lett. b) of the GDPR. Each selected carrier or service provider will treat Your Personal Data in accordance with its own Privacy Policy (which is published on every carrier’s website). Disclosure of Personal Data to other service providers will be done in accordance with the applicable Personal Data laws and regulations.
Complaint with the supervisory authority
Data Protection is a serious matter and the rules are quite difficult to implement correctly. No one is perfect, and it may happen that we make a mistake. If you feel that we mishandled your Personal Data, please turn to us first and we promise that we will try our best to resolve the situation. Nevertheless, at any time, you have the right to lodge a complaint with a supervisory authority. If you are from the EU, you can complain at the authority in the member state of your residence, in the member state where you work or in the member state of the alleged infringement.
If you are a US customer, please refer to the section “Specifics for Residents of Selected States” below to learn if there are any particular provisions that apply to you regarding the submission of a complaint.
Automated data collection and cookies
The Agency may from time to time collect and receive additional data and information about you. For instance, when you use the Website there is automated collection of information on the device you use to visit the Website, software, operating system, IP address, the source of links and this Website, webpages viewed by you, preferences for a particular type of Service, links you have used to access the Website, etc. Such automated data collection takes place with the purpose of adjusting convenience of Website Services use and offers intended for you, as well as to prevent possible frauds.
Collection and processing of your personal data by means of such services shall be carried out pursuant to these Terms and the Google privacy policy. Automated collection of some data and use of “cookies” and “web beacon” technologies improve the Website functionality and development of the most convenient use of the Website Services, as well as helps us assess the implementation of advertising and marketing campaigns, and offer information that may be interesting and useful to you. Cookies are small text files that can be stored on your computer (or any other device) during your first visit of the Website and allow us to recognize your computer during you repeat visit. Cookies cannot in any way effect performance of your computer (or any other equioment) or its data, or infect your computer with a virus. We use short-term and permanent cookies on the Website which you may delete from your computer on your own. Please note that some data stored in the cookies, for example, passport information or any other data, are encrypted for security purposes. If you are not registered on the Website, cookies will not contain any confidential information. If you block cookies, some functions of the Website may be unavailable. Web beacon are small graphic data typically used with cookies and may be included on the Website or in notifications which you receive from the Website. Use of web beacon files is similar to cookies. If you block the use of cookies, web beacon files will not be applied as well.
If you have any further questions concerning the use of cookies and web beacon files, please contact our Customer Care Service.
Changes to this Privacy Policy
As our business evolves, the way we process Personal Data might change as well. In case of such changes, we will also update this Privacy Policy to comply with the principles of transparency. If future changes affect you, we will notify you via email.