Last updated: November 8, 2021
Interpretation and Definitions
The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
- Company (referred to herein as either “the Company”, “We”, “Us” and/or “Our” in this Agreement) refers to TUS AIRWAYS LTD, with its registered office situated at of 3-5 Artemidos, ARTEMIDOS TOWER, 6020 Larnaca, Cyprus.
- Cookies are small files that are placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
- Country refers to: Cyprus
- Data Controller, for the purposes of the GDPR, refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of personal data.
- Device means any device that can access the service such as a computer, a cellphone, or a digital tablet.
- Personal Data is any information that relates to an identified or identifiable individual, which may include standard personal data, specific person data, cookies, and similar technologies. For the purposes of GDPR, Personal Data means any information relating to you such as a name, an identification number, location data, online identifier or to one or more
factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity.
- Service refers to the Website.
- Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the service, to provide the service on behalf of the Company, to perform services related to the service or to assist the Company in analyzing how the service is used. For the purpose of the GDPR, service providers are considered data processors.
- Usage Data refers to data collected automatically, either generated by the use of the service or from the service infrastructure itself (for example, the duration of a page visit).
- Website means https://www.tusairways.com
- You/Your means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under GDPR, you can be referred to as the data subject or as the user as you are the individual using the service.
Our commitments regarding your Personal Data
Privacy is one of our major concerns and is at the heart of the experience we wish to offer, through using our services. We are committed to guarantee high level protection for your personal data.
We undertake to comply with all regulations applicable when processing personal data, in particular the provisions on the Protection of Natural Persons Against the Processing of Personal Data and the free Circulation of this Data, Law 125(I) / 2018, http://www.cylaw.org/nomoi/arith/2018_1_125.pdf and the General Data Protection Regulation (EU Regulation 2016/679) or the “GDPR” https://eur- lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679 , as well as any other data protection regulation of any Third World Country we operate in and provided serves.
We are committed to the following:
- Processing your personal data fairly, lawfully, and transparently.
- We collect your personal data for specific, explicit, and legitimate purposes only.
- We further collect your personal data in an adequate and relevant manner and is limited to the purpose for with the data is processed.
- Your personal data is accurate, kept up to date and every reasonable step is taken to ensure that inaccurate data, having regard to the purpose for which the data is processed, is deleted and/or updated accordingly.
We are committed to implement internal procedures and policies to ensure we raise the necessary awareness of all our employees and to ensure internal compliance within our Company and to make use of technical and organizational measures to ensure an adequate level of security is maintained and to protect your personal data.
Finally, we impose the same level of personal data protection in all our contracts with any third parties and/or subcontractors we use.
To ensure compliance with the necessary rules, we have appointed a Data Protection Officer (DPO), being J. Zenonos & Associates LLC.
Collecting and using of your Personal Data
- Types of data collected
- Standard Personal Data
While using our service, we may ask you to provide us with certain standard personally identifiable information that can be used to contact or identify you personally, identifiable information may include, but is not limited to:
Address, State, Province, ZIP/Postal code, City Contact information
First name and last name
Information about your bookings, ticket purchases or other service Information about your trip
Passport number Usage Data
The data we collect may also include the name of the person booking the ticket in the case that this person is different from the passenger, address, date of birth, email address, data available on the travel document (type and number of travel document (Passport or National Identity Card), nationality, issuing country, expiration date of the travel document, date of birth), telephone number, gender of the passenger, flight number, date of departure and arrival, origin, transit country and destination, record locator code, PNR, date of ticket issuance, seat number and particular requests and information related to the seat, number of and data related to the hold luggage and hand luggage of the passenger, name and number of travelling companion(s), contact information provided by the passenger, especially the permanent and temporary address, phone number and email address of the traveler and the traveler companions, ticketing details, especially the number of the flight ticket and the name of the issuing airline, information related to the circumstances of the flight and any special requests, travel agency, name of the travel agent, purchase history, how you navigate on our website.
In the case of unaccompanied minors, we collect the identification data of the parents and/or legal guardian, as well as the persons responsible for dropping the minor off at the airport of departure and picking the minor up at the airport of arrival.
We save exchanges with you, when you communicate with us by email, online chat or on social networks that include channels such as (WhatsApp, Facebook, Messenger or WeChat). We may also record telephone calls with our customer services department or reservation call center, as part of our service quality monitoring or for evidentiary or fraud prevention purposes.
Due to the health content linked to the Covid-19 epidemic and for some destinations, we may have to collect and verify some documents required, which includes but is not limited to vaccination certificates, safe passes, supporting documents, questionnaires and/or negative Covid19 test results (PCR/rapid) by the authorities of your country of destination for public health purposes prior to boarding or disembarkation.
Special Personal Data
As mentioned above, in order to provide you with the appropriate service, we may need to collect information that is sensitive under applicable data protection laws. Data as specific assistance needs and/or meal preference, may indirectly give information about your ethnic origin, your religious beliefs or your state of health and may fall under the regulations of Article 9 of the GDPR.
This data is only collected with your consent and when you select the corresponding service at the time of your booking and is only used to provide you with the relevant service during your trip. When you refuse your consent, it will result in you not being able to benefit from these services or benefits.
Biometric data is also a subject to stricter rules, we only collect confirmation of the verification of your identity at the various stages of your journey, which is limited to check-in, baggage drop-off, and boarding. We do not collect or process any biometric data about you, when these types of devices are used at airports we operate to and from. To better understand the personal data used via a biometric system we invite you to read the privacy policies of the entities and/or authorities responsible for the processing of the data.
Usage data is collected automatically when using the service. Usage data may include information such as your device’s internet protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique
device identifiers and other diagnostic data. We may also collect information that your browser sends whenever you visit our service or when you access the service by or through a mobile device.
Tracking technologies and cookies
- Flash cookies. Certain features of our service may use local stored objects (or Flash Cookies) to collect and store information about your preferences or your activity on our service. Flash cookies are not managed by the same browser settings as those used for browser cookies. For more information on how you can delete flash cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at https://helpx.adobe.com/flash-player/kb/disable-local-shared-objects- flash.html
- Web beacons. Certain sections of our service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “persistent” or “session” cookies. Persistent cookies remain on your personal computer or mobile device when you go offline, while session cookies are deleted as soon as you close your web browser. Learn more about cookies: What are cookies?.
We use both persistent and session Cookies for the purposes set out below:
Necessary / Essential cookies Type: Session Cookies Administered by: Us
Purpose: These cookies are essential to provide you with services available through the website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. Cookies policy / Notice acceptance cookies
Type: Persistent Cookies Administered by: Us
Functionality cookies Type: Persistent Cookies Administered by: Us
Purpose: These cookies allow us to remember choices you make when you use the website, such as remembering your login details or language preference. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website.
How we collect your Personal Data
The Personal Data you provide directly to us
We collect personal data when you book a flight with us, make a purchase, check-in, create an online account with us, make a request or complaint, respond to a satisfaction survey, leave us a message on social networks, contact our customer service department, reservation call center, or when you sign up for one of our specific events, competitions or campaigns through our marketing initiatives and direct communications and when you use or view our website via your browser’s cookies.
Your Personal Data received from your tour operator or travel agency, our airline partners involved in the organization and management of your travel
We receive your personal data from third parties through a booking system, to enable us to provide you with our services and benefits. When booking a flight through a travel agency or any online booking platform, we receive all the data necessary to manage your booking. These third parties are also responsible for the processing of your personal data. We invite you to familiarize yourself with their respective privacy policies.
We may receive personal data from your social network provider. We invite you to familiarize yourself with their respective privacy policies.
Use of your Personal Data
The Company may use personal data for the following purposes:
To provide our services to you which includes without limitation:-
- Processing of booking confirmations.
- Providing flight-related services and information.
- Carrying out the check-in process.
- Collection and transmission of your contact data, required by applicable local rules and regulations.
- Making reservations and issuing flight tickets.
- Verification and screening of credit cards or other payment methods.
- Perform statistical studies to improve our products and services.
- To send you updates and special offers.
To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
To manage your requests: To attend and manage your requests to us.
We also process your data for the purposes of our legitimate interests pursuant to Article 6(1), subparagraph 1(f) of the GDPR:-
- so that we can provide you with relevant information about your booked flight and travel destination.
- for the purpose of preventing, investigating, and prosecuting criminal offences, such as fraud.
- to enforce legal claims, including debt collection and defence in the event of legal disputes.
- for auditing purposes.
- to safeguard the airline’s IT security and operations.
- to guarantee flight safety.
- for advertising, provided that you have not objected to the use of your data for the said purpose.
- To communicate with you, to the extent that an ongoing business relationship with you or your employer already exists, or it is intended to be established (business contacts).
Your information may be passed to and used by TUS Airways and third parties. These may include the Civil Aviation Authority for the purposes of ensuring compliance with and the enforcement of European Aviation Safety Agency regulations. TUS Airways may also pass your information on to governmental authorities and/or enforcement bodies e.g. for compliance with Advanced Passenger Information and/or immigration requirements. Third parties may also include our service providers who will need to have access to your personal information to provide us with their services. However, a Data Processing
Agreement is signed between TUS Airways and our service providers which ensures your personal data is safeguarded and protected.
Retention of your personal data
The Company will also retain usage data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain this data for longer time periods.
Once you cease using our service, we will delete your information after seven (7) years.
Transfer of your Personal Data
Your information, including personal data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Disclosure of your Personal Data
- Business transactions
Under certain circumstances, the Company may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose your personal data in the good faith belief that such action is necessary to:-
- Comply with a legal obligation.
- Protect and defend the rights or property of the Company.
- Prevent or investigate possible wrongdoing in connection with the service.
- Protect the personal safety of users of the service or the public.
- Protect against legal liability.
d) Security of your Personal Data
The security of your personal data is very important to us but remember that no method of transmission over the internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
Who Can Access your Personal Data
- General information
TUS Airways services are provide in different countries and/or locations and in order for us to provide our services and to offer you the same experience across all of our destinations, we would need to share your personal data with internal and external parties.
Sharing your Personal Data with third parties
We may transfer or share your personal data with third parties for the following purposes:-
Facilitate your bookings and travel arrangements
For us to manage your purchases, bookings or travel arrangements, we may share your personal data with third parties, who would process this information on our behalf or assist us in providing our services in different countries and/or locations, such as customers service department, reservation call center, airport operators, as well as other companies involved, airport managers, booking system providers or travel agents.
Your personal data might also be shared with other airlines that operate some of these flights, as external airline partners.
Assisting our operations
For us to provide our service, we also make use of other third parties, providing services in IT, social networks, marketing or fraud detection and prevention services. These third parties are at all times required to adequately safeguard your personal data. The third parties may only
Refunds and process payments
For us to process refunds and make payments relating to your purchases and bookings, we may transfer some data to third parties such as financial institutions or payment service providers. These third parties will have their own privacy policies as to how they use your data.
Enabling our partners to provide you with their services
Your personal data may be shared with third parties who provide services or products that can be accessed via our website (car rental). These services are provided via trusted third parties that will also have their own privacy policies.
In accordance with applicable Cyprus and international laws and regulations, we may be legally required to collect and share your identification data (Passport and/or National Identity Card) and booking and travel information with the public authorities of Cyprus which will include, customs, immigration, police, etc. or of the countries from or to which you are traveling for the purpose of border control, immigration formalities, entry into a country or the fight against terrorism or any other serious crime.
Links to other websites
Detailed information on the processing of your Personal Data
The service providers we use may have access to your personal data. These third- party vendors collect, store, use, process, and transfer information about your activity on our service in accordance with their privacy policies.
We may use your personal data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.
We may use Email marketing service providers to manage and send emails to You.
Personal Data transferred outside of the European Union
We may transfer your personal data to recipients who may be located in countries that is not part of the European Union, or countries other than your country of residence.
These transfers are carried out to offer you our services and to manage your booking, more generally for the proper performance of your contract of carriage or because our partners or our service services providers operate from different countries and/or locations. On our website you can view our destinations where we operate in. We undertake to guarantee the same level of protection when we transfer your personal data when necessary and in accordance with the provisions under the GDPR, in particular by signing, on a case-to-case basis, standard contractual clauses defined by the European Commission, or any other mechanism described in the regulations.
This data may also be shared with public or governmental authorities of countries that falls outside of the European Union.
GDPR Privacy and Protection of Natural Persons Against the Processing of Personal Data and the free Circulation of this Data, Law 125(I) / 2018
- Legal basis for processing Personal Data under GDPR
We may process personal data under the following conditions:-
- Consent: You have given your consent for processing personal data for one or more specific purposes.
- Performance of a contract: Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- Legal obligations: Processing personal data is necessary for compliance with a legal obligation to which the Company is subject.
- Vital interests: Processing personal data is necessary in order to protect your vital interests or of another natural person.
- Public interests: Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Company.
- Legitimate interests: Processing personal data is necessary for the purposes of the legitimate interests pursued by the Company.
In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Your rights under the GDPR
The Company undertakes to respect the confidentiality of your personal data and to guarantee you can exercise your rights.
- Request access to your Personal Data. The right to access, update or delete the information we have on you. Whenever made possible, you can access, update or request deletion of your personal data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you. This also enables you to receive a copy of the personal data we hold about you.
- Request correction of the Personal Data that we hold about you. You have the right to have any incomplete or inaccurate information we hold about you corrected.
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes. You also have the right to object to the recording of your telephone call when you are in contact with our customer services department or reservation call center, by notifying the advisor directly.
- Request erasure of your Personal Data. You have the right to ask us to delete or remove personal data. This right can only be exercised in certain cases where one of the grounds set out in Article 17 of the GDPR applies. TUS may concur when there is no good reason for us to continue processing your personal data. When exercising this right and your request is successful, we will immediately erase your personal data, within reasonable time.
Right to restriction of processing
You have the right to obtain the restriction of processing of your personal data. This means that we will mark the data stored to temporarily suspend its processing. This right can be exercised in terms of the grounds provided for in Article 18 of the GDPR, in particular when you dispute the accuracy
of your personal data. This right does not give rise to data erasure. We have to inform you before the restriction of processing is lifted.
- Request the transfer of your Personal Data. We will provide to you, or to a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. You have the right to withdraw your consent on using your personal data. If you withdraw your consent, we may not be able to provide you with access to certain specific functionalities of the service.
The rights as described hereinabove are not applicable in all situations. We may be entitled to refuse certain requests in accordance with regulations. For each request we receive we will carefully access whether such an exemption apply and inform you accordingly of the outcome. Refusal may be given when it is necessary to protect the rights and freedoms of others or refuse to erase your personal data if the processing is necessary to comply with legal requirements.
Exercising of your GDPR data protection rights
You may exercise your rights of access, rectification, cancellation, and opposition by contacting us. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible, any requests that are not related to the protection of personal data cannot be processed.
Simply send your request to TUS Airways Data Protection Officer or call us on the number below:
J.ZENONOS & ASSOCIATES LLC
80 Athinon Street, Akinita Leras Mitropoleos, 340, Limassol, Cyprus Email address: [email protected]
Tel: +357 25 312580
For us to process your request in the best possible way, you are requested to complete our customer data request form and to include the following necessary details, which will include your name, surname, email, copy of an official identity document (Passport and/or National Identity Card) as well as any other information necessary to confirm your identity and to allow us to process your request.
You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA. You may report a complaint or if you feel that we have not addressed your concern in a satisfactory manner you may lodge a complaint with the office of the Commissioner for Personal Data Protection at http://www.dataprotection.gov.cy
We secure your Personal Data
Our commitment is to ensure the security and confidentiality of the personal data you share with us is our priority. To ensure the aforementioned we implement all appropriate technical and organizational measures in accordance with the legal provisions, more in particular Article 32 of the GDPR, with regards to the nature of the personal data that you communicate to us, and the risk presented by its processing, in order to preserve its security and, in particular to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorized access to this data.
We implement various organizational measures to increase the awareness and accountability of our employees. Dedicated programs and training within our organization ensure awareness and compliance. A rich corpus of documentation an information security and privacy issues are made available to them.
We control physical and logical access to our internal servers hosting and/or processing of your personal data. For our onsite premises hosting we protect our infrastructure with access control, malware system(s), physical access, UTM with IDS, IPS and restrictions in rules. For our Cloud base server hosting, we protect our infrastructure with access control (PDC BizCloud Cloud Security) in our attempt to prevent and limit the risk of cyber-malware and or cyber-crime.
Internally we make use of best practices and standards available to maintain a level of security in line with our best practices, some of the standards are equivalent as to the practices adopted in the ISO 27001/ISO27002 standards. We rely on dedicated experts to ensure the highest possible levels of protection of your personal data.
This version is applicable as from 8 November 2021. It replaces the version of 20 June 2019.
How can you protect yourself
Security and confidentiality of personal date are based on individual best practices.
Always try to follow the following practices:-
- Your booking reference must remain confidential.
- When traveling with other individuals on the same booking and you would like to keep your personal information safe, rather make your own separate booking.
- Do not disclose your password you would use to access our services to third parties’. Try to use different passwords if possible, regularly.
- Always disconnect from your profile and your social account when using internet from a shared computer.
- Do not communicate or publish on any social media platforms any document issued by TUS Airways, which might contain your personal data.