This Privacy Statement applies to www.secretclaims.com, owned and operated by:
PO Box 6945
Data Protection Officer (“DPO") e-mail: email@example.com
For the purpose of this Privacy Statement, the terms "SC", "we", "us", or "our", refers to the whole company group or each of the companies as the case may be.
We process personal data within the EU. Our activities are governed in accordance with the General Data Protection Regulation (EU) 2016/679 (the “GDPR"), which is a directly binding legislative act. The GDPR protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
SC is considered to be the data controller and will determine the purposes and means of the processing of personal data.
Personal data means any information relating to an identified or identifiable natural person. Personal data includes all types of information that directly or indirectly identify a person, such as names, dates of birth, addresses, e-mail addresses, telephone numbers etc.
Our Privacy Statement is based on the following data protection principles:
The processing of personal data shall take place in a lawful, fair and transparent way.
The collection of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
The collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed.
The personal data shall be accurate and where necessary, kept up to date.
Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay.
Personal data shall be kept in a form which permits identification for no longer than it is necessary for the purpose for which the personal data are processed.
All personal data shall be kept confidential and stored in a manner that ensures appropriate security.
Personal data shall not be shared with third parties unless the transfer is necessary in order for SC to deliver the services in the Agreement.
You have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability.
Collection and Use of personal data
If you would like to benefit from our services and submit information to us, you may be asked to provide personal data in order for us to operate and improve our business and services. Personal data may be submitted via our website, email, other electronic or software solutions supported by us, postal service or phone. All personal data is collected in accordance with the GDPR. We will process personal data only to the extent required for a specified, explicit and legitimate purpose or for a purpose required by law in places where we operate.
We primarily collect personal data such as names, dates of birth, addresses, e-mail addresses, telephone numbers, passports/IDs and national identification numbers. We collect this personal data for the purpose of delivering our Eligibility Service, Information Service and Justice as a Service in accordance with the Agreement. This is the core activity of SC as a business.
Furthermore, we collect personal data for other purposes such as statistics, administration and communication, IT and security administration, physical security, authentication and authorization systems, support systems, collaboration of internal projects and organizational teams and activities.
We purchase flight data from third parties, e.g. information on delayed or cancelled flights within a given time etc. This information is non-personal data, which we combine with personal data. This Eligibility Service is only used to inform about the likelihood of having an eligible Claim. We will provide our Justice as a Service for eligible Claims on request.
Use of personal data
We will use personal data for the purpose it is collected, and keep the data for no longer than necessary for that purpose. We may retain your information for as long as your account is active or as needed to provide services, comply with our legal obligations or any of the purposes listed above. Access to personal data is strictly limited to personnel of SC and its controlled subsidiaries and affiliates who have the appropriate authorization under a corporate binding agreement with SC, and a clear business need for the data.
Sharing of personal data
We will only transfer the personal data to third parties under the conditions as listed below:
if you have given consent.
if it is for a purpose directly related to the original purpose for which the personal data was collected.
if it is necessary for the preparation, negotiation and fulfilling the Agreement with you.
if it is required due to legal obligation, administrative or court order.
if it is required for the establishment or protection of legal claims or in defense of court actions.
if it is required for responding to lawful requests by public authorities, including to meet national security or law enforcement requirements
if it serves the prevention of misuse or other illegal activities, such as deliberate attacks, to ensure data security.
Occasionally we sign up with other companies and business partners, in and outside the European Economic Area, to work on our behalf, such as legal representatives, to take Legal Action, or technology companies for processing and delivery of systems and technologies to enhance our products and services, and we will share necessary information in these cases. Before we share personal information, we enter into written agreements with the recipients which contain data protection terms that safeguard your data.
Service providers will only be permitted to obtain the personal data that they need to deliver their service. We will not disclose personal data to third parties for the purpose of allowing them to market their products or services to you. If you do not want us to share personal data with these companies, please contact the Data Protection Officer (“DPO") by e-mail.
Security of processing
The security of your personal data is important to us. We will process personal data securely, apply and maintain appropriate and generally accepted standards of technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Questions about the security of personal data, can be directed to the DPO by e-mail.
Your data protection rights
You have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability, at any time. To help us keep personal data updated, we advise you to inform us of any changes or discrepancies. To view and/or edit personal data, or receive information on how long we intend to retain personal data or other questions related to the access of personal data, or if you would like to request that we provide you with information about whether we hold, or process on behalf of a third party, any of your personal data, please contact the DPO by e-mail. We will respond to your request within a reasonable timeframe.
Marketing e-mails and Advertising Preferences
Upon consent we are allowed to send marketing e-mails. This specific form of consent must be freely given, specific informed and unambiguous. These requirements are fulfilled when you opt-in to receive marketing e-mails (actively agreed).
You will always have the right to object, on request and free of charge, to the processing of your personal data relating for purposes of direct marketing activities without having to provide specific justifications. You can do so by using the “Unsubscribe" link found in emails received from us or by contacting us by email. If you object, your personal data will no longer be processed for direct marketing.
The marketing e-mails contain information which we believe may be of interest, such as the latest news on our products and services.
The Privacy Statement is under the responsibility of our Legal Team, who have the overall responsibility to ensure compliance. The DPO is ensuring compliance with the Privacy Statement on a daily basis and is involved in all issues related to the protection of personal data.
We are responsible for and will at any given time be able to demonstrate compliance with the GDPR as well as our principles set out in this Privacy Statement. We shall maintain records of processing activities under our responsibility containing the information required by the GDPR and where applicable make the records available to the supervisory authority on request.
Any inquiries concerning this Privacy Statement can be directed to the DPO by e-mail.
You have the right to file a complaint concerning our processing of your personal data. All queries and complaints shall be handled in a timely manner by the DPO in accordance with internal procedures. Complaints can be submitted to the DPO by e-mail.
In the unlikely event that you consider that our processing of your personal data infringes the GDPR, or any other data privacy law, you may also lodge a complaint with a supervisory authority.
Changes to this Privacy Statement
This Privacy Statement may be updated from time to time, e.g. due to modifications of relevant legislation or changes to our corporate structure. If any material changes are made, you will be notified by e-mail or by means of notice on the website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Updated: 9 July 2018