Delayed Again views data privacy as a fundamental component of doing business. Our data protection policy and practices are focused on processing, sharing and storing personal information appropriately and lawfully, while providing confidentiality, integrity and availability.
Delayed Again processes and stores personal data within the EU and will at any given time be able to demonstrate compliance with the EU legislation as well as our principles set out herein.
Our website is governed in accordance with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679), which is a directly binding legislative act. The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under Directive 95/46/EC. Directive 95/46/EC will be repealed with effect from May 25, 2018. This policy is made compliant with the GDPR and is therefore also compliant with Directive 95/46/EC and national implementations thereof until they become obsolete on May 25, 2018.
The privacy statement is under the responsibility of the Data team at Delayed Again, who has the overall responsibility to ensure compliance. The data protection officer (DPO) is responsible for the implementation of our data protection policy, which is intrinsically linked to the privacy statement. The DPO is ensuring compliance on a daily basis and is involved in all issues related to the protection of personal data.
Delayed Again is to be considered the data controller and will determine the purposes and means of the processing of personal data submitted and collected online.
Delayed Again’s data protection policy is based on the following data protection principles:
Personal data means any information that may be related to an identified or identifiable natural person (the “data subject”). Personal data includes all types of information that is direct or indirect (that is, used in conjunction with other data) referable to the data subject, such as names, date of birth, addresses, e-mail addresses, telephone numbers etc.
The users of the website who likes to benefit from our services and submit information to us may be asked to provide personal data in order for Delayed Again to operate and improve our business and services. We primarily collect personal data such as names, date of birth, addresses, e-mail addresses, telephone numbers, passport/ID; (i) to help customers pursue their rights according to EC 261 or any other applicable air passenger rights regulation, when their flights have been delayed, cancelled or overbooked; (ii) inform travelers, free of charge, by e-mail about air passenger rights, flight data, airport data and other air traffic related services of relevance. This is the core activity of Delayed Again as a business. This means that the initial process consist of collecting personal data to determine whether the claim is eligible. If the claim is assessed as viable Delayed Again contacts the air carrier on behalf of the customer, and if it is deemed necessary help the customer to pursue legal action, all in the interest of the customer. We may also collect applicant’s physical address when applying for a position. Furthermore we collect personal data for other purposes such as statistics, administration and communication, IT and security administration, physical security, authentication and authorization systems, support systems, collaboration of internal projects and organizational teams and activities. We will process personal data only to the extent required for a specified, explicit and legitimate purpose or for a purpose required by law in places where we operate.
Delayed Again purchases flight data from third parties, e.g. information on delayed or cancelled flights within a given time etc. This information is non-private data, which we combine with the private data submitted by our customers. This is only used to notify customers about eligible claims and claim filing purposes in order to collect potential compensation on behalf of our customers.
We will use personal data for the purpose it is collected, and keep the data only for as long as it is necessary for that purpose. We may retain the customer’s information for as long as the customer’s account is active or as needed to provide services, comply with our legal obligations or any of the purposes listed above. Access to personal data is strictly limited to personnel of Delayed Again and its nominated solicitors and affiliates who have appropriate authorization and a clear business need for the data, with regards to helping the customer get compensation.
Personal data will not be shared with third parties except in circumstances where such sharing is necessary to provide our services. Occasionally we sign up with other companies and business partners to work on our behalf, such as external lawyers to pursue a claim for flight compensation, or technology companies for processing and delivery of systems and technologies to enhance our products and services, and we will share necessary information in these cases. Service providers will be permitted to obtain only the personal data that they need to deliver their service. We will not disclose personal data to third parties for the purpose of allowing them to market their products or services to our customers. If users do not want us to share personal information with these companies, please contact the DPO, Frazer Fisher, e-mail: [email protected]
In certain situations, Delayed Again may be required to disclose personal information in response to lawful requests by supervisory authorities to meet the requirements of the GDPR. We may also disclose personal information if required by law, such as to comply with a subpoena or other legal processes, when we believe in good faith that disclosure is necessary to protect our rights, protect customer safety or the safety of others, investigate fraud, or to respond to a government request.
We will process personal data securely, apply and maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Questions about the security of personal data, can be directed to the DPO, Frazer Fisher, e-mail: [email protected]
Customers have the right to access, rectify or request erasure or restriction of processing of any information we have collected, at any time. To help us keep personal data updated, we advise users to inform us of any changes or discrepancies. To view and/or edit personal data, or receive information on how long Delayed Again intends to retain personal data or other questions related to the access of personal data, or if you would like to request that we provide you with information about whether we hold, or process on behalf of a third party, any of your personal information, please contact the DPO, Frazer Fisher, e-mail: [email protected]
For job applications we use a third party recruitment tool for management purposes. When applying for a job position at Delayed Again personal data will be processed and controlled by Delayed Again. Applications shall not be stored for longer than necessary or shared with any third parties. If applicants wish to access, rectify, or erase personal data, please contact the DPO, Frazer Fisher, e-mail: [email protected]
Delayed Again is upon consent allowed to send the customers marketing e-mails. This specific form of consent must be freely given, specific informed and unambiguous. These requirements are fulfilled when customers have opted-in to receive marketing e-mails (actively agreed).
Customers will always have the right to object, on request and free of charge, to the processing of personal data relating to the customer for purposes of direct marketing activities without having to provide specific justifications. A customer can do so by using the “Unsubscribe” link found in emails received from us or by contacting us at [email protected]. Once a customer has objected, the personal data of that customer will no longer be processed for direct marketing.
The marketing e-mails contain information which we believe may be of interest to our customers such as the latest news on our products and services.
Delayed Again is responsible for and will at any given time be able to demonstrate compliance with the GDPR as well as our principles set out herein. Delayed Again shall maintain records of processing activities under its responsibility containing the information required by the GDPR and where applicable make the records available to the supervisory authority on request.
The privacy statement is under the responsibility of the Data team at Delayed Again. Any inquiries concerning this policy can be directed to the DPO, Frazer Fisher, e-mail: [email protected]
Customers have the right to file a complaint concerning our processing of their personal data. All queries and complaints shall be handled in a timely manner by the DPO in accordance with internal procedures.
In the unlikely event that customers have suffered harm due to a breach of their rights under the data protection policy and Delayed Again has not handled the complaint in a sufficient manner, customers may lodge a complaint with the supervisory authority.
Complaints can be submitted to the DPO, Frazer Fisher, e-mail: [email protected]
This policy may be updated from time to time, e.g. due to modifications of relevant legislation or changes to Delayed Again’s corporate structure. If any material changes are made, customers will be notified by e-mail or by mean of notice on the website prior to the change becoming effective. We encourage all our users to periodically review this page for the latest information on our privacy practices.
C2o Media Ltd T/A Delayed Again
2 The Old Grain Store, 1st Floor, Moseley's Farm Business Centre, Fornham All Saints, Bury Saint Edmunds IP28 6JY, UK
E-mail: [email protected]
Phone number: +44 1638 563690
Effective Date: March 1, 2018