PRIVACY POLICY

1. General provisions.

1.1. ClaimOut respects the privacy of Users (hereinafter referred to as Customers) of the www.claimout.com website and/or the Application.

1.2. The confidentiality of personal data is one of the most important principles of ClaimOut's work. The data provided to ClaimOut will be stored only on secure servers.

1.3. Personal data is understood to be any information referring to an identified or identifiable natural person.

1.4. This Privacy Policy (the Policy) and the practices of ClaimOut have as their sole objective the correct and legal processing of personal data and to guarantee its confidentiality, security and availability.

1.5. This Policy is a complete statement of the online privacy policy applicable to the business of ClaimOut. This policy explains what types of personal information are collected, used, transmitted and protected by ClaimOut. It also describes what customers can do regarding the use, access and rectification of personal data.

1.6. ClaimOut is regulated by the Spanish legislation and by the General Data Protection Regulation (CE) 2016/679 (GDPR), which is directly binding, as well as by Organic Law 3/2018 of 5 December on the protection of personal data and guarantees of digital rights.

1.7. Should you have any questions about this Policy, please contact ClaimOut at the designated email address of the responsible person: [email protected].

2. Privacy and data protection policy.

2.1. In accordance with the applicable legislation, ClaimOut undertakes to take all necessary technical and organisational measures according to the level of security appropriate to the level of risk of the data collected.

2.2. The Confidentiality Policy is adapted to the Spanish and European regulations regarding the protection of personal data on the Internet. In particular, the following European rules, regulations, laws and decrees are observed:

- Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 of April of 2016, relative to the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as RGPD);

- The Organic Law 3/2018, of 5 December, on the protection of personal data and the guarantee of digital rights;

- The Royal Decree 1720/2007, of 21 December, which approves the development Regulation of Organic Law 15/1999, of 13 December, of Protection of Personal Data (hereinafter referred to as RDLOPD);

- The Law 34/2002, of 11 July, Services of Information Society and Electronic Commerce (hereinafter referred to as LSSI-CE).

3. Responsible for the treatment.

3.1. EU-ClaimOut, SLU, fiscal identification number B42664334, registered in the Mercantile Registry of Alicante, address: Gran Sol, 6F-03710, Calpe, Alicante, Spain, contact email: [email protected] is responsible for the processing of the Customers’ personal data.

4. Principles of personal data protection.

4.1. ClaimOut processes personal data in a legal, fair and transparent manner.

4.2. The Personal Data is collected by ClaimOut solely for the purpose of achieving the strictly defined, unambiguous and legitimate purposes set out in the Terms and Conditions and this Policy.

4.3. The collection of personal data is limited only to the relevant information necessary to achieve the purpose for which the data is processed.

ClaimOut takes all reasonable steps to ensure that in the event of any inaccuracy being revealed in any personal data that affects its processing, steps will be taken to delete or rectify it.

4.5. ClaimOut stores data in such a way that it allows identification of the Customer only for the period of time necessary to achieve the purpose for which the data is processed.

4.6. All personal data of the Customer will not be disclosed and will be stored in such a way as to guarantee its security.

4.7. The Customer has the right to access, modify or delete personal data, to restrict or oppose the processing of the data and to transfer data.

5. Composition of personal data.

5.1. ClaimOut undertakes to provide the Customer with a service which, in accordance with Regulation (EC) No 261/2004, aiming to protect the rights of passengers of airlines, including obtaining financial compensation from the airline.

5.2. To receive a compensation through ClaimOut, the Customer submits a Claim through the Site and/or the Application. When submitting a Claim, the Customer must provide the following personal data:

- name and surname;

- e-mail address;

- contact telephone number;

- address;

- date of birth;

- copy of identity card.

5.3. By submitting a Claim, each Customer will receive a personal account on a secure site, which contains all the Customer's personal data. The Customer can always add a description or upload the necessary documents. The Customer may delete his/her personal data at any time if he/she so wishes.

Subject to the Terms and Conditions of Service (Terms and Conditions), this Policy and the Assignment Agreement, the Customer transfers ownership of the Claim to ClaimOut. The following personal data will be used in the preparation of the Agreement:

- name and surname;

- flight number;

- date of departure;

- reservation code;

- residence address;

- date of birth;

- signature.

5.5. If a positive decision is made on the payment of compensation to the Customer, ClaimOut will ask the Customer for the details of the bank account to which the compensation will be transferred. The list of the bank data (personal data) requested from the Customer:

- name of the bank;

- bank address;

- name and surname of the account holder;

- currency of the account;

- account number or bank card number;

- international bank account number (IBAN);

- unique bank code in the international classification (SWIFT).

6. Personal data use and storage period.

6.1. ClaimOut uses personal data for the purposes for which it was collected and stores it only for the time necessary to achieve its objectives. Afterwards, the personal data is irrevocably deleted.

7. Personal data processing and storage.

7.1 The data collected by ClaimOut may be stored and transmitted both within the European Union and outside the European Economic Area.

7.2. Personal data may be processed by persons who cooperate with ClaimOut in the processing of applications, the submission of claims, the processing of payments and the provision of other auxiliary services within the European Union and outside the European Economic Area. By submitting personal data, the Customer agrees to the transfer, storage and processing of such data. In the event that ClaimOut discloses the Customer's personal data to such persons, ClaimOut shall take all measures necessary and prescribed by law to ensure that the Customer's confidentiality is duly protected.

7.3. ClaimOut makes all reasonable efforts to protect the Customer's personal data, but cannot guarantee the secure transmission of data through communication channels, should they be used. Any data transfer procedure is at the Customer's risk. When processing personal data on the site, ClaimOut uses secure organisational and technical means to ensure that customer data is adequately protected against accidental or unlawful destruction, alteration, disclosure or any other unlawful activity.

7.4. ClaimOut is not responsible for the processing of personal data through third party websites. ClaimOut is not responsible for the Terms of Use of such sites, their privacy policies or their cookie policies, content or activities, even if the customer accesses such sites through links on the ClaimOut website.

8. Principles applicable to the processing of personal data.

8.1. The processing of the Customer's personal data will be carried out in strict compliance with the following principles set out in Article 5 of the RGPD:

- principle of legality, loyalty and transparency;

- principle of purpose limitation;

- principle of data minimization;

- principle of precision;

- principle of limitation of retention;

- principle of integrity and confidentiality;

- principle of active liability.

9. Personal data categories.

9.1. The categories of data considered in the application are merely identifying data. Under no circumstances shall special categories of personal data within the meaning of Article 9 of the RGPD be considered.

10. Legal basis for the processing of personal data.

10.1. The legal basis for the processing of personal data is the consent of the Customer.

11. Personal data of minors.

11.1. In accordance with the Article 8 of the RGPD and the Article 13 of the RDLOPD, only persons over the age of 14 may legally authorise the processing of their personal data by means of an agreement. In the case of children under 14 years of age, the consent of the parents or, where appropriate, guardian or custodian, will be required for the processing of their data, and the processing will be considered legal only to the extent that they consent.

12. Personal data confidentiality and security.

12.1. ClaimOut undertakes to take all necessary technical and organisational measures in accordance with the level of security appropriate to the group of data collected, in such a way as to guarantee the security of the personal data and to prevent its accidental or unlawful destruction, loss or alteration.

12.2. The site has an SSL certificate (Secure Socket Layer) which ensures that the personal data is transmitted securely and confidentially. The transmission and loading of the data between the ClaimOut website and the Customer is fully encrypted.

12.3. As ClaimOut cannot guarantee the absence of hackers or other persons who may fraudulently access personal data, ClaimOut undertakes to inform the Customer immediately of such incidents.

13. Customer rights arising from the processing of personal data.

13.1. The Customer has the following rights:

- access rights;

- right of rectification;

- right to deletion (right to be forgotten);

- right to restrict processing;

- right to data portability;

- right of opposition.

13.2. The Customer has the right to revoke his/her consent to the processing of his/her personal data at any time. The revocation of consent shall not affect the legality of the processing until the revocation of consent.

13.2. If you wish to exercise any of the above rights, please send your request to the following address and/or email: Gran Sol, 6F-03710, Calpe, Alicante, Spain / [email protected].

14. Supervisory Authority.

14.1. If the Customer considers that a violation of the rules governing the processing of your personal data has taken place, he/she has the right to lodge a complaint with the supervisory authority. In the case of Spain, such authority is the Spanish Agency for the Protection of Personal Data. (http://www.agpd.es).

15. Information disclosure.

15.1. The Customer's personal data may be transmitted to third parties when necessary to obtain monetary compensation according to the Customer's Claim and to fulfil ClaimOut's contractual obligations. In such cases, ClaimOut will only disclose to third parties the personal information that is necessary to provide the service.

15.2 ClaimOut will not disclose such information to third parties to enable them to advertise their products and services to the Customer.

15.3 ClaimOut may disclose the Customer's personal data when required to do so by applicable law and there is reason to believe that ClaimOut has an obligation to protect its rights, the security of its Customers or the third parties involved.

16. Adoption and modification of the Privacy Policy.

16.1. The Customer confirms having read the Terms and Conditions relating to the protection of personal data before submitting the Claim via the Website and/or the Application.

16.2 ClaimOut reserves the right to modify this Policy at its own discretion or in accordance with legislative, legal or doctrinal changes of the Spanish Data Protection Agency. Changes or updates to the Privacy Policy will be expressly made available to the Customer through publication on the Site.

17. Cookies policy.

17.1. The Customer agrees to the use of ClaimOut cookies to access the Site and/or the Application.

17.2. The information collected through cookies may include the date and time of the visit to the Site, the pages visited, the length of the stay on the Site and the length of the visit to the Sites immediately before and after the visit. No cookie file allows for contacting the Customer via a telephone number or any other method of personal contact. No cookie file can extract information from the Customer's hard drive or steal personal information.

18. Other provisions.

18.1. In the event that any provision of the Privacy Policy loses its validity, the remaining provisions shall remain in force.

 

Updated: October 16, 2019