Legal & Policies
GDPR Policy
General Data Protection Regulation — EU & UK Privacy Notice
Last updated: May 20, 2025
This GDPR Policy applies to individuals in the European Economic Area (EEA) and the United Kingdom (UK) and supplements our Privacy Policy. It explains how PEOPLE INFORMATION LLC (BookAeroFare.com) processes personal data in compliance with the EU General Data Protection Regulation (GDPR) and UK GDPR.
1. Data Controller
PEOPLE INFORMATION LLC (BookAeroFare.com)
2101 W San Juan Ave Suite 2, Phoenix, Arizona 85015, USA
Privacy contact: privacy@bookaerofare.com
Phone: +1 (800) 903-1468
2. Legal Bases for Processing
We process your personal data under the following GDPR legal bases:
| Legal Basis | When We Rely on It |
|---|---|
| Art. 6(1)(b) — Contract | Processing your booking, issuing tickets, and providing customer support |
| Art. 6(1)(c) — Legal Obligation | Complying with tax, aviation, and other regulatory requirements |
| Art. 6(1)(f) — Legitimate Interests | Fraud prevention, website analytics, and service improvement |
| Art. 6(1)(a) — Consent | Marketing emails, non-essential cookies, and optional data processing |
3. International Data Transfers
As a US-based company, your personal data is transferred to and processed in the United States, which may not offer the same level of data protection as your home country. We ensure adequate safeguards are in place for such transfers, including:
- ▸Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to non-adequate third countries
- ▸The UK International Data Transfer Agreement (IDTA) for UK data subjects
- ▸Data Processing Agreements (DPAs) with all third-party processors including Google LLC and Ringba Inc.
4. Data Retention
We retain personal data for no longer than necessary for the purposes for which it was collected. Booking and transaction records are retained for up to 7 years to comply with tax and accounting obligations. Marketing data is retained until you withdraw consent. Call recordings are retained for up to 90 days. You may request earlier deletion subject to legal retention obligations.
5. Your GDPR Rights
Right of Access (Art. 15)
Request a copy of all personal data we hold about you, including the purposes of processing and any third parties it has been shared with.
Right to Rectification (Art. 16)
Request correction of inaccurate or incomplete personal data without undue delay.
Right to Erasure (Art. 17)
Request deletion of your personal data where it is no longer necessary, consent is withdrawn, or processing was unlawful.
Right to Data Portability (Art. 20)
Receive your personal data in a structured, machine-readable format and transmit it to another controller.
Right to Restriction (Art. 18)
Request that we restrict processing of your data while accuracy is contested or a legal claim is pending.
Right to Object (Art. 21)
Object to processing based on legitimate interests or for direct marketing purposes at any time.
Rights re: Automated Decisions (Art. 22)
We do not make solely automated decisions with legal or significant effects on you.
Right to Withdraw Consent
Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.
To exercise any right, email privacy@bookaerofare.com. We will respond within 30 days (extendable by 2 months for complex requests, with notice). There is no charge for reasonable requests.
6. Right to Lodge a Complaint
If you believe we have handled your personal data unlawfully, you have the right to lodge a complaint with your local supervisory authority:
- ▸EU residents — contact your national Data Protection Authority (DPA). A full list is available at edpb.europa.eu
- ▸UK residents — contact the Information Commissioner's Office (ICO) at ico.org.uk
We encourage you to contact us first at privacy@bookaerofare.com so we can resolve any concerns directly.