CrazyLlama Platform Privacy Policy

This Privacy Policy explains what information Easylinkz Limited (here and further “the Company”) collects as well as how the information that is provided to or is collected by the Company is used, shared, stored, and protected in the context of CrazyLlama Platform usage

V1.3 Last revised on 03 May 2022. Updates in the respect of the GDPR best practices

We, at Crazy Llama, respect your privacy and are committed to protecting your personal data.

Overview

We, at Crazy Llama, respect your privacy and are committed to protecting your personal data. We believe that you have a right to know our practices regarding the data we may collect and use about you when you use our service. Please read the following carefully to understand our views and practices regarding your personal data and regarding how we treat it.
In summary, when using the service, we may collect some personal data, all in order to provide you with the services and to improve our performance.
We may use third party services to run the service; they have access to some of your personal data under a confidentiality obligation.
We use industry standard practices to ensure that your data is kept secure, and we allow you to exercise your personal data rights granted under the GDPR even if you live outside the EU.
Also, we never sell your data or use it for direct marketing purposes.
And now for the full legal text

About this Privacy Policy

This privacy policy was set up to let you know what personal data is collected. Personal data is defined in the GDPR, which is the EU Directive for data protection. We decided to grant all our users the best protections available under law, which provide them equal rights to the persons residing in the EU, even if they are not residents of the EU. Also, we’ve done our best to adhere to the California Consumer Privacy Act of 2018, and therefore we do not sell your data; and we give you Californian rights even if you do not reside in California.

Who Are We?

Easylinz Limited is the legal entity operating the service. Easylinz Limited . Registration number: HE 384231 resides at 1 Stasinou Avenue, MITSI BUILDING, 1st floor, Flat/Office 4, Plateia Eleftherias, P.C., 1060 Nicosia, Cyprus. Our offices and employees are located in Cyprus, Ukraine, Israel, and Spain. 

Your Acknowledgment of this Policy

You are not legally required to provide us with any personal data. This means that if you provide us with data, you are doing so out of your own volition and consent; we cannot force you to provide any personal data, but without your personal data we cannot provide you with the services.

You have the right to withdraw from this consent at any time, and in such case request that we either cease processing your personal data, or that we delete whatever personal data is no longer required to retain under law.

Which Personal Data Do We Collect About You?

We collect these types of personal data :

Non-personally identifiable Data. The first type is non-personally-identifiable data and statistical information. Non-personally identifiable data that is being gathered is comprised of technical information and behavioral information that does not pertain to a specific individual (“Non-Personal Data”).

Technical Data that might be de-anonymized. Technical information, such as the type and version of your device and its operating system, the type of browser, screen resolution, keyboard language, Wi-Fi connectivity and the type and name of your device and/or browser, and similar data are collected and retained according to this policy.

Additional information that may include your click-stream on the services, your activities on the services, including time spent on various screens and additional information of a similar nature.

We may retain your browsing history in websites that our browser extension operates at.

While it is not specifically personally identifiable, it may be reverse-engineered to be identifiable and therefore is considered personal data.

Personal Data. The other type of data we collect is individually identifiable data. To put it simply, this data identifies an individual or is of a private and/or sensitive nature, such as your contact information, including: (i) Personal Data that is provided by you voluntarily, such as your username, email address and other data you filled when signing up; and (ii) Personal Data we learn from your use of the services; such as your bookings and payment information.

Agency Related Data. We retain agency related data passed through our service, which includes: your agency credentials, accounts, usernames, bank accounts, search and order history, payment information, as well as personal data required to validate your identities to process payments or provide the access to the system data, such as a scanned passport or photo.

Passenger Related Data. When you make a booking for your customers or when you browse a third party website and type such data, we may retain passenger related data, such as First and last name, patronymic, date of birth, gender, nationality, phone number, street address and email address, passport details and scan, contact details, passenger social media and messenger accounts, payment information and frequent flyer data, , origin and destination, validation carrier, segment details, marketing airline,flight number, booking class, date of issue, departure date, passenger type (adult, infant, child), and additional services. You are required to obtain the passenger’s consent before submitting it via our services. The data collected needs will be transferred to the suppliers to process the services. In this case, we act as a data processor as stated in this Privacy Policy. 

How Do We Collect Personal Data?

Personal data is collected from your use of the services. We do not buy personal data from third parties and do not collect it in any other way.

 

What Are The Purposes of the Collection and Processing of Data?

The purposes of collecting and processing the data are to provide you with the services, to allow you to make bookings on third party services.

If you provide no objections to do so, we may also use the personal data, as well as aggregated data, to create statistical data which helps us to improve the services.

As a part of our services, we may use the data to contact you (or the passengers) with service related messages, as well as promotional material relating to the service. Like for the purpose above, this processing relies on the legitimate interests to enter into, perform and enforce Company contracts with the customers ( GDPR Article 6(1)(f) )

As a part of our services, we may use the data to contact you (or the passengers) with service-related messages, as well as promotional material relating to the service. Such Marketing activities are based on your consent (GDPR Article 6(1)(a))

Given the nature of the services provided by the Company, Personal Data is also used to resolve disputes or for protection from legal claims. That is done based on the legitimate interest to protect the Company in Court ( ( GDPR Article 6(1)(f) ). 

In case you have an objection regarding the purposes of the data processing please contact us by email dpo@easylinkz.com.

Your Personal Data Rights

Right of Access and Rectification

You have the right to know what personal data we collect about you and to ensure that such data is accurate and relevant for the purposes for which we collected it. You can receive a copy of your personal data, and to rectify such personal data if it is not accurate, complete, or updated. However, we may first ask you to provide us with certain credentials to permit us to identify you before rectifying, deleting, or reviewing.

Right to Delete Personal Data or Restrict Processing

You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.

Right to Withdraw Consent. You have the right to withdraw your consent to the processing of your personal data. Exercising this right will not affect the lawfulness of processing your personal data based on your consent before its withdrawal. Please note that in most cases, withdrawal of your consent would most likely cause us to delete your personal data rather than cease processing.
You have the right to delete your personal data or restrict its processing by ourselves and third parties. We may postpone or deny your request if your personal data is in current use for the purposes for which it was collected or for other legitimate purposes such as compliance with legal obligations.

Your California Privacy Rights and Do Not Track Notices. We do not convey your personal data to third parties for direct marketing purposes.
However, if we did, then the California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding its disclosure of personal data to third parties for their direct marketing purposes.
To make such a request, please send an email to dpo@easylinkz.com and we will let you know that none of your personal data was shared. We are only required to respond to one request per customer each calendar year.

We respond to “Do Not Track” signals. If you do not wish your browser to allow us to use trackers, please use your browser’s “Do Not Track” option.

Exercising Your Rights. We acknowledge you have the right to access and change the Personal Data we collect and process. If you wish to access or to correct, amend, or delete Personal Data, please send us an email to: dpo@easylinkz.com and we will respond within a reasonable timeframe, but in any event no later than permitted by applicable law.
Additionally, please note that in order to ensure that you have as much control over your Personal Data and other information as possible, you may modify certain parts of your information by yourself in the service.

Right of Data Portability.

Where technically feasible, you have the right to ask to transfer your personal data in accordance with your right to data portability. In order to apply for this, please contact us at dpo@easylinkz.com

Right to Object

Where your personal data is processed on the basis of our Legitimate Interest, you have the right to object, on grounds relating to your particular situation, at any time. In this case, we will no longer process the personal data unless the data is still required for the establishment, exercise or defense of legal claims.

The Right to Lodge a Complaint.

You also have the right to lodge a complaint with a data protection supervisory authority regarding the processing of your personal data.

 

Sharing Personal Data with Third Parties

We respect your privacy and will not disclose, share, rent, or sell your Personal Data to any third party.

In case we collect the personal or operational information in terms of cooperation with our suppliers to provide you with the requested products and services we act as a data processor. The information about our suppliers, which act as a data controllers we publish by the link: https://crazyllama.com/crazyllama-platform-supplier-provider-list

The sharing of your Personal Data is made upon your specific, explicit, request.

Moreover, in order to operate the service, we need to share your personal data with third parties. These are:

Travel operators (content providers, payment providers and airlines), which are listed CrazyLlama Platform Supplier & Provider List and receive the passenger information required for booking. The travel operators receive passenger and agent data which is required for the booking.

Technical operators, which include Amazon and Google, which provide us with a cloud and hosting platform.

Service Providers, which include Google Analytics, Google tag manager, HotJar, Facebook, GitHub, Facebook, Twitter, Instagram and YouTube. These services are used to provide you with our services and to better understand how you use the services, as well as present you with advertisements.

Zendesk services are used to provide you with our services in the terms of Customer Care centre support.

Messaging Services, which include Telegram and Facebook messenger, that are used to contact both you and the passenger with travel related notices.

Compliance Control Ltd., and our external accounting services, which provide us with services relating to our ongoing operation.

The agency that placed the booking on passengers’ behalf, including their third party system (payment providers, accounting systems and other systems provided by the agency: we act as a processor on behalf of our client). 

Location of Your Data

The personal data collected from you, as detailed in this Privacy Policy, may be transferred to, and stored at, servers that may be located in countries outside of your jurisdiction and in a country that is not considered to offer an adequate level of protection under your local laws.

Our hosting facilities are situated in the Frankfurt region of the AWS hosting provider in Germany. The data, you provide us, is processed in all our locations noted above (section “Who we are”).

It may also be processed by us and our suppliers, service providers or partners’ staff operating outside your country. The detailed list is published by the link: https://crazyllama.com/crazyllama-platform-supplier-provider-list

We are committed to protecting your Personal Data and will take appropriate steps to ensure that your Personal Data is processed and stored securely and in accordance with applicable privacy laws, as detailed in this Privacy Policy. Such steps include putting in place data transfer agreements or ensuring our third-party service providers comply with our data transfer protection measures.

We will ensure the confidentiality, integrity and availability of your Personal Data by Transferring your personal data only to (i) countries approved by the European Commission as having adequate data protection laws; (ii) entities that executed standard contracts that have been approved by the European Commission and which provide an adequate level of high-quality protection, with the recipients of your Personal Data; and (iii) Transferring your Personal Data to organizations that are Privacy Shield Scheme certified, as approved by the European Commission.

By submitting your personal data through the service, you acknowledge, and agree, in jurisdiction where such consent is required, to such transfer, storing and/or processing of personal data.

Minors / Children

The service is intended for users over the age of eighteen, or children over thirteen who obtained parental consent.

Therefore, we do not intend and do not knowingly collect directly Personal Data from children under the age of thirteen (13) and do not wish to do so.

We reserve the right to request proof of age at any stage so that we can verify that minors under the age of thirteen (13) are not using the service.

If we learn that we collected Personal Data from minors under the age of thirteen (13) we will delete that data as quickly as possible.

If you have reasons to suspect that we collected Personal Data from minors under the age of thirteen (13), please notify us at dpo@easylinkz.com , and we will delete that personal data as quickly as possible.

If you are a resident of the European Union, then the age under this section will be sixteen, and not thirteen.

This section does not relate to passengers. In cases where passengers are minors or children, then you as the agent are in charge of obtaining all relevant consent.

Security

We take appropriate measures to maintain the security and integrity of our service and prevent unauthorized access to it or use thereof through generally accepted industry standard technologies and internal procedures.

Please note, however, that there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use will never occur.

We will comply with applicable law in the event of any breach of the security, confidentiality, or integrity of your Personal Data and will inform you of such breach if required by applicable law.

To the extent that we implemented the required security measures under applicable law, we shall not be responsible or liable for unauthorized access, hacking, or other security intrusions or failure to store or the theft, deletion, corruption, destruction, damage, or loss of any data or information included in the personal data.

Data Retention

We will retain the Personal Data for as long as we believe that it is accurate and can be relied upon. The basic retention period is 6 years after the last user activity into the system or after the last booked flight segment is arrived (for the passenger data).  Personal Data that is no longer required for the purpose for which it was initially collected will be deleted unless we have a valid justification to retain it that is permitted under applicable law, such as to resolve disputes or comply with our legal obligations. The data retention review is performed within a 3 month period.

Automated decisions

We neither use automated decision-making nor your personal data to automatically assess aspects of your personality (automated profiling).

Complaints and Arbitration.

If you feel or believe that your personal data rights were harmed in any way or form, you may contact our data protection officer at dpo@easylinkz.com and lodge a complaint. Such complaints shall include how and why you believe your personal data rights were harmed, and the required evidence. Our data protection officer will respond to most complaints within 14 days, and shall offer the required remedies.

We will resolve all complaints according to the applicable regulations. We also agree to resolve all complaints and deal with disputes with the local data protection authorities.

Updates to the Privacy Policy.

We reserve the right to amend this Privacy Policy at any time; we will provide you with updates on any change, and such updates shall not have a retroactive effect.

Versions registry