Privacy Policy

FlyNdeal ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our travel services.

Controller Information: FlyNdeal, registered travel agency in Sialkot, Punjab, Pakistan, operating under IATA accreditation and PCAA license.

2.1 Personal Information

• Identity Data: Full name, date of birth, nationality, passport details
• Contact Data: Email address, phone numbers, postal address
• Financial Data: Payment card details, bank account information
• Travel Data: Travel preferences, booking history, special requirements
• Emergency Contacts: Next of kin information for safety purposes

2.2 Technical Information

• IP address, browser type, device information
• Website usage data, cookies, and analytics
• Location data (with your consent)
• Communication records (emails, chat logs, phone calls)

2.3 Special Categories of Data

We may collect special category data only when necessary for travel services:

• Health information for travel insurance or medical assistance
• Dietary requirements for religious or health reasons
• Accessibility needs for disabled travelers

3.1 Service Provision

• Process bookings and manage reservations
• Facilitate payments and issue tickets/vouchers
• Provide customer support and assistance
• Manage cancellations and refunds
• Send booking confirmations and travel updates

3.2 Legal and Regulatory Compliance

• Comply with IATA regulations and reporting requirements
• Meet Pakistan Civil Aviation Authority obligations
• Anti-money laundering (AML) and sanctions screening
• Tax reporting and financial record keeping
• Respond to law enforcement requests

3.3 Business Operations

• Improve our services and website functionality
• Conduct market research and analytics
• Send promotional materials (with consent)
• Fraud prevention and security monitoring

4.1 Service Partners

• Airlines: IATA carriers for flight bookings and passenger manifests
• Hotels: Accommodation providers for reservations
• Payment Processors: Secure payment handling
• Insurance Companies: Travel insurance providers
• Ground Handlers: Local tour operators and transport services

4.2 Regulatory Bodies

• Pakistan Civil Aviation Authority (PCAA)
• International Air Transport Association (IATA)
• Immigration and customs authorities
• Financial intelligence units for AML compliance
• Tax authorities as required by law

4.3 Third-Party Services

• Customer support platforms
• Analytics and marketing tools
• Cloud storage and backup services
• Communication services (email, SMS)

Your information may be transferred internationally for the following purposes:

• Airline passenger manifests (required by aviation authorities)
• Hotel bookings in destination countries
• Payment processing through international networks
• Cloud storage with international providers

5.1 Safeguards

• Data processing agreements with all international partners
• Adequate protection standards required
• Limited to necessary travel services only
• Regular security assessments of partners

6.1 Technical Safeguards

• SSL/TLS encryption for all data transmission
• AES-256 encryption for stored data
• Multi-factor authentication for staff access
• Regular security audits and penetration testing
• Automated backup systems with encryption

6.2 Organizational Safeguards

• Staff privacy training and confidentiality agreements
• Role-based access controls
• Regular security awareness programs
• Incident response procedures
• Third-party security assessments

6.3 Payment Security

We comply with Payment Card Industry Data Security Standard (PCI DSS) and use tokenization for credit card processing. We do not store complete payment card information on our systems.

7.1 Access and Information

• Request access to your personal information
• Obtain copies of your data in portable format
• Information about how your data is processed

7.2 Correction and Updates

• Correct inaccurate or incomplete information
• Update your contact preferences
• Modify marketing communication settings

7.3 Deletion and Restriction

• Request deletion of your data (subject to legal requirements)
• Restrict processing for specific purposes
• Object to certain types of processing

We retain your information for the following periods:

• Booking Records: 7 years (tax and regulatory requirements)
• Payment Information: As required by PCI DSS standards
• Marketing Data: Until you withdraw consent
• Website Analytics: 2 years maximum
• Communication Records: 3 years for quality and training

We regularly review our retention schedules and securely delete or anonymize data when no longer required.

9.1 Types of Cookies We Use

• Essential Cookies: Required for website functionality
• Analytics Cookies: Help us improve user experience
• Marketing Cookies: Used for targeted advertising (with consent)
• Preference Cookies: Remember your settings and choices

9.2 Managing Cookies

You can control cookies through your browser settings or our cookie preference center. Note that disabling certain cookies may affect website functionality.

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or website notice at least 30 days before the changes take effect.