Fly with Flightpadi

FLIGHTPADI PRIVACY POLICY

Effective Date: January 1, 2024

I. Introduction

This Privacy Policy describes how Flightpadi (“Flightpadi,” “we,” “us,” or “our”) collects, uses, stores, shares, and protects information about users (“you” or “your”) of our website [Insert Website Address] (the “Website”), mobile application (if applicable), and all related services we offer, including through messaging channels (such as WhatsApp), email, and phone communications (collectively, the “Services”).

Flightpadi is committed to protecting your privacy and complying with the Nigerian Data Protection Act (NDPA) 2023, the Nigeria Data Protection Regulation (NDPR) 2019, its Implementation Framework, and other applicable data protection laws. Our data collection, processing, security, storage, and erasure practices are designed to comply with the following Nigerian laws and regulations, including but not limited to:

  • The Constitution of the Federal Republic of Nigeria 1999 (as Amended);
  • Nigeria Data Protection Act 2023 (“NDPA”);
  • Nigeria Data Protection Regulation 2019 (“NDPR”);
  • NDPR 2019 Implementation Framework;
  • Nigeria Cybercrimes (Prohibition, Prevention, Amendment) Act 2024;
  • Nigeria Money Laundering (Prevention and Prohibition) Act, 2022;
  • Nigeria Federal Competition and Consumer Protection Act, 2018 (FCCPA);
  • Nigeria Freedom of Information Act 2011;
  • Central Bank of Nigeria Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions 2022.

This Privacy Policy explains our data practices and the choices you have regarding your information.

By accessing or using our Services, you consent to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with our practices, please do not use our Services.

II. Information We Collect

We collect and process various types of information in connection with our operations and the provision of our Services. This information relates to individuals who can be identified directly or indirectly, including current, past, and prospective employees, guarantors, referees, suppliers/vendors, customers, and other individuals whom we communicate or deal with (“Data Subjects”).

A. Personal Information

“Personal Information” is information that can be used to identify you, either directly or indirectly. We may collect the following types of Personal Information, depending on our relationship with you and the Services you use:  

  • Individual Personal Information:
    • Name
    • Previous names
    • Date and place of birth
    • Photo ID
    • Nationality
  • Individual Contact Details:
    • Address
    • Email address
    • Mobile and telephone numbers
  • Identifying Information:
    • Photo ID
    • Nationality
    • Utility bill
    • National ID card and/or number
    • Guarantor’s details
    • Referee details
    • Vendor’s personal data  
  • Travel and Booking Information:
    • Passport details (number, expiry date, nationality) – required for international travel bookings
    • Travel preferences (e.g., seating preferences, dietary requirements)
    • Emergency contact information
  • Financial Information:
    • Payment information (credit/debit card details, bank account details) – Note: We use secure third-party payment processors, and sensitive payment details are encrypted and not stored on our servers long-term.
  • Information About Your Interactions with Us:
    • Channels used
    • Geographic information
    • Software used
    • Information concerning your complaints
  • Information from Customer Documentation or Data Exchange:
    • Application forms
    • Advisory documents
    • Telephone records (e.g., records of advice)
  • Information from Cookies and Similar Technologies:
    • Information about your preferences and online behavior to tailor content (See Section VIII. Cookies and Tracking Technologies)
  • Data or Records of Correspondence:
    • Emails and other communications related to relevant exchanges of information.
  • Information to Fulfill Regulatory Obligations:
    • Transaction details
    • User activity
  • Information from Other Entities:
    • Relevant transaction information from partners or affiliates
  • Information from Third Parties Providing Information to Identify and Manage Fraud:
    • Information from anti-fraud databases or agencies.
  • Data from Closed Circuit Television (CCTV):
    • Photos or videos of you collected in and around our facilities.
  • Email Account Credentials (Optional): In specific cases, to facilitate flight refund requests, and only with your explicit voluntary consent, we may request temporary access to the email account used for your flight booking. We understand that this involves sensitive information, and we have implemented strict procedures to protect your privacy and security, as detailed in Section XII below.
  • Other Voluntarily Provided Information: Any other information about you that is voluntarily provided by filling in online forms or by communicating with us, whether face-to-face or via other available channels (e.g., by phone, email, or online).  

B. Non-Personal Information

“Non-Personal Information” is information that does not directly identify you. We may automatically collect the following types of Non-Personal Information when you use our Website or Services:

  • IP Address: Your computer’s IP address, which may provide general location information.
  • Browser Type and Operating System: To optimize our Website for different browsers and operating systems.
  • Device Information: Information about the device you use to access our Services (e.g., device type, model, operating system).
  • Website Usage Data: Information about how you interact with our Website, such as pages visited, links clicked, time spent on pages, and other browsing behavior.
  • Aggregated and Anonymized Data: We may aggregate and anonymize data for statistical analysis and to improve our Services. This data does not identify individual users.

C. Sources of Information

We collect information from the following sources:

  • Directly from You or Your Authorized Representatives: When you create an account (if applicable), make a booking, fill out forms on our Website, communicate with us through messaging channels, email, or phone, or otherwise interact with our Services. When you apply for a job with us. When you enter into a contract with us.
  • Automatically Through Cookies and Other Tracking Technologies: When you use our Website, we may automatically collect certain information through cookies, web beacons, and similar technologies. Please see Section VIII, “Cookies and Tracking Technologies,” for more details.
  • From Third Parties: We may receive information about you from third parties, such as:
    • Travel Providers: Airlines, hotels, and tour operators may provide us with information related to your bookings.
    • Payment Processors: Payment processors may provide us with information related to your payment transactions.
    • Analytics Providers: Services like Google Analytics, Facebook Pixel, and Microsoft Clarity may provide us with information about your interaction with our website.
    • Embassies and consulates: as it relates to visa processing.
    • Background check providers (for employees, vendors): if applicable and legally permissible, and with appropriate notice and consent.

III. How We Use Your Information

We use the information we collect for various purposes related to our operations and the provision of our Services, including:

  • Processing Bookings and Payments: To process your travel bookings, including flights, hotels, and vacation packages, and to collect payment for these services. The legal basis for this processing is the performance of a contract with you.
  • Providing Customer Support: To respond to your inquiries, provide assistance with your bookings, and address any issues you may encounter. The legal basis for this processing is the performance of a contract with you or our legitimate interests in providing quality customer service.
  • Communicating with You: To send you important information about your travel arrangements, such as booking confirmations, flight updates, and itinerary changes. We may also send you service-related messages, such as security alerts or updates to our Terms of Service or Privacy Policy. The legal basis for this processing is the performance of a contract with you or our legitimate interests in keeping you informed about your bookings or changes that affect you.
  • Managing User Accounts: If you create an account on our Website or app, we use your information to manage your account, provide you with access to account features, and personalize your experience. The legal basis for this processing is the performance of a contract with you or our legitimate interests in providing and managing user accounts.
  • Personalizing Your Experience: To tailor our Services to your preferences and interests, such as recommending destinations or travel deals that may be of interest to you. The legal basis for this processing is our legitimate interests in providing a personalized user experience or your consent, where required by law.
  • Improving the Website and Services: To analyze how users interact with our Website and Services, identify areas for improvement, and enhance the overall user experience. This may involve using aggregated and anonymized data. The legal basis for this processing is our legitimate interests in improving our Website and Services.
  • Conducting Market Research and Analysis: To understand travel trends, user preferences, and market demands, which helps us improve our service offerings. The legal basis for this processing is our legitimate interests in conducting market research.
  • Sending Marketing Communications: To send you promotional emails, newsletters, or other marketing communications about our Services or special offers from our partners, but only if you have given your consent to receive such communications, as required by the NDPR. You can opt-out of receiving marketing communications at any time. The legal basis for this processing is your consent.
  • Complying with Legal Obligations: To comply with applicable laws, regulations, legal processes, or governmental requests, such as responding to subpoenas or court orders, or meeting tax reporting requirements, anti-fraud requirements, or anti-money laundering requirements. The legal basis for this processing is compliance with a legal obligation.
  • Preventing Fraud and Enhancing Security: To detect, investigate, and prevent fraudulent transactions, unauthorized access to accounts, and other illegal or harmful activities, including through the use of CCTV in and around our facilities. The legal basis for this processing is our legitimate interests in protecting our business and our users from fraud and security threats and ensuring a safe environment.
  • Processing Visa Applications: To assist you with the visa application process, which may involve collecting and sharing your information with relevant embassies or consulates. The legal basis for this processing is the performance of a contract with you or your consent, where required.
  • Processing Flight Refunds: To assist you with obtaining flight refunds from airlines. The legal basis for this processing is the performance of a contract with you.
  • Processing Flight Refunds (Using Email Account Credentials When Voluntarily Provided): To assist you with obtaining flight refunds from airlines, where you have voluntarily provided us with temporary access to your email account used for booking, we will use those credentials solely for the purpose of submitting and managing the refund request on your behalf. We will not use your credentials for any other purpose and will delete them immediately after the refund request has been processed. The legal basis for this processing is your explicit consent.
  • Managing Our Business Operations: We use the information for internal purposes such as auditing, internal record keeping and carrying out due diligence. The legal basis for this processing is our legitimate interest in operating our business.
  • Recruitment and Employment: If you apply for a job with us, we will use your information to assess your suitability for the role. If you become an employee, we will use your information for purposes related to your employment, such as payroll, benefits administration, and performance management. The legal basis for this processing is the necessity to take steps at your request prior to entering into a contract, the performance of an employment contract or our legitimate interests in managing our workforce.
  • Vendor Management: If you are a vendor or supplier, we will use your information to manage our relationship with you, process payments, and communicate about our business dealings. The legal basis for this processing is the performance of a contract with you or our legitimate interests in managing our supplier relationships.

IV. How We Share Your Information

We may share your information with the following categories of third parties for the purposes described in Section III:

  • Travel Providers: We share your information with airlines, hotels, tour operators, and other travel providers as necessary to fulfill your bookings and facilitate your travel arrangements. This may include sharing your name, contact details, passport information, travel preferences, and payment details. We may share this information with travel providers both within and outside Nigeria. The legal basis for this sharing is the performance of a contract with you.
  • Payment Processors: We use third-party payment processors to securely process your payments. We may share your name, contact details, and payment information with these processors to facilitate transactions. We do not store your sensitive payment card details on our servers. The legal basis for this sharing is the performance of a contract with you.
  • Embassies and Consulates: If you engage us to assist with your visa application, we will share your information with the relevant embassy or consulate as required for processing your application. This may include sharing your name, contact details, passport information, travel itinerary, and other supporting documents. The legal basis for this sharing is the performance of a contract with you or your consent, where required.
  • IT Service Providers: We may use third-party service providers to assist us with various IT functions, such as website hosting, data storage, and email services. These providers may have access to your information as necessary to perform their services for us. We have contractual agreements in place with these providers to ensure they protect your information in accordance with applicable data protection laws. The legal basis for this sharing is our legitimate interests in operating and maintaining our Website and Services.
  • Marketing and Analytics Providers: We use third-party marketing and analytics providers, including Google Analytics, Facebook Pixel, and Microsoft Clarity, to help us understand how users interact with our Website and Services, improve our marketing efforts, and personalize your experience. These providers may collect information about your browsing activity through cookies and other tracking technologies. Please see Section VIII for more details on cookies and tracking technologies. The legal basis for this sharing is our legitimate interests in improving our Website and Services or your consent, where required by law.
  • Legal and Regulatory Authorities: We may disclose your information to legal or regulatory authorities, such as law enforcement agencies, courts, or government bodies, if required to do so by law or in response to a valid legal request, such as a subpoena or court order. We may also disclose your information to protect our rights, property, or safety, or the rights, property, or safety of others. The legal basis for this sharing is compliance with a legal obligation or our legitimate interests in protecting our rights and safety.  
  • Fraud Prevention Agencies: We may share information with agencies that help identify and manage fraud. The legal basis for this sharing is our legitimate interest in preventing fraud.
  • Professional Advisors: We may share information with our professional advisors, such as lawyers, auditors, and consultants, for the purpose of obtaining professional advice. The legal basis for this sharing is our legitimate interest in obtaining such advice.
  • Business Partners: We may share information with our business partners in the context of corporate transactions such as a merger, acquisition, or sale of assets, subject to appropriate confidentiality agreements. The legal basis is our legitimate interest in managing our business.

V. International Data Transfers

As part of providing our Services, we may transfer your information to recipients located in countries outside Nigeria, including to Travel Providers, Embassies/Consulates and service providers. When making such transfers, we will take steps to ensure that your information is protected to an adequate standard in accordance with the NDPA and NDPR. This may include transferring data only to countries that have been deemed to provide an adequate level of data protection by the Nigerian authorities or by implementing appropriate safeguards, such as Standard Contractual Clauses approved by the relevant authorities, or confirming that such third party abides by other approved certifications or codes of conduct.

VI. Your Rights and Choices

Under the NDPA, you have certain rights regarding your Personal Information. These rights may include, depending on the circumstances:

  • Right to Access: You have the right to request access to the Personal Information we hold about you and to receive a copy of that information in a commonly used electronic format.  
  • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete Personal Information we hold about you.
  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we erase your Personal Information in certain circumstances, such as when the information is no longer necessary for the purposes for which it was collected, or if you withdraw your consent (where consent is the legal basis for processing).  
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your Personal Information in certain circumstances, such as when you contest the accuracy of the data or when the processing is unlawful.  
  • Right to Data Portability: You have the right to receive your Personal Information in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible. This right applies where the processing is based on your consent or on a contract and is carried out by automated means.  
  • Right to Object to Processing: You have the right to object to the processing of your Personal Information in certain circumstances, including where the processing is based on our legitimate interests or for direct marketing purposes.  
  • Right to Withdraw Consent: Where we rely on your consent to process your Personal Information (e.g., for marketing communications or for using your email credentials for flight refunds), you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact us using the details provided in Section XI. We may need to verify your identity before processing your request. We will respond to your request within the timeframe required by the NDPA.

Please note that we may not always be able to comply with your request for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Marketing Communications: You can opt-out of receiving marketing communications from us at any time by clicking the “unsubscribe” link in any marketing email or by contacting us directly.  

VII. Data Security

We take the security of your information seriously and have implemented appropriate technical and organizational measures to protect it from unauthorized access, use, disclosure, alteration, or destruction. These measures include:  

  • Encryption: We use encryption to protect sensitive information, such as payment details, during transmission.
  • Access Controls: We restrict access to your Personal Information to authorized personnel who need to know that information in order to process it for us.  
  • Data Security Policies: We have internal policies and procedures in place to ensure the confidentiality, integrity, and availability of your information.
  • Regular Security Assessments: We regularly assess and update our security practices to address evolving threats.

However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

VIII. Data Retention

We will retain your Personal Information for as long as is necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria we use to determine retention periods include:

  • The duration of our relationship with you and the provision of Services to you: For example, we will retain your information for as long as you have an active account with us or as long as needed to provide you with the travel services you have booked.
  • Legal and regulatory obligations: We may need to retain your information to comply with applicable laws, regulations, or legal processes, such as tax laws, anti-money laundering regulations, or to respond to valid legal requests from authorities.
  • Statute of limitations: We may retain your information for a period of time that allows us to defend ourselves against any potential legal claims.
  • Business needs: We may retain your information for legitimate business purposes, such as fraud prevention, data analysis, and improving our Services, provided that such retention is proportionate and respects your privacy rights.

Once your Personal Information is no longer needed for the purposes for which it was collected, we will securely delete or anonymize it in accordance with our data retention policies and applicable laws.

IX. Cookies and Tracking Technologies

We and our third-party partners use cookies and similar tracking technologies (e.g., web beacons, pixels) on our Website to collect information about your browsing activity.

  • What are Cookies?: Cookies are small text files that are stored on your device when you visit a website. They are widely used to make websites work more efficiently, as well as to provide information to the website owners.
  • Types of Cookies We Use:
    • Essential Cookies: These cookies are necessary for the Website to function properly and enable you to navigate the site and use its features.
    • Functional Cookies: These cookies allow the Website to remember choices you make (such as your language or region) and provide enhanced, more personalized features.
    • Analytical Cookies: These cookies are used by third-party services like Google Analytics, Facebook Pixel, and Microsoft Clarity to collect information about how you use our Website. This helps us understand user behavior, improve our Website’s performance, and tailor our marketing efforts.
    • Advertising Cookies: These cookies are used to deliver advertisements that are more relevant to you and your interests.
  • Purpose of Cookies: We use cookies for various purposes, including:
    • Authenticating users
    • Remembering user preferences and settings
    • Analyzing website traffic and usage patterns
    • Delivering targeted advertising
    • Improving the Website and Services
  • Third-Party Cookies: We use third-party cookies from services such as Google Analytics (to analyze website traffic and usage), Facebook Pixel (to measure, optimize, and build audiences for advertising campaigns), and Microsoft Clarity (to understand user interactions on our website through heatmaps and session recordings). These services have their own privacy policies, which we encourage you to review:
    • Google Privacy Policy: https://policies.google.com/privacy?hl=en-US
    • Facebook Data Policy: https://www.facebook.com/privacy/policy/
    • Microsoft Privacy Statement: https://www.microsoft.com/en-us/privacy/privacystatement
  • Cookie Management: Most web browsers allow you to control cookies through their settings preferences. You can usually choose to accept or reject cookies, or to be notified when a cookie is set. However, if you disable cookies, some features of the Website may not function properly. You can also opt-out of specific third party cookies through their respective opt-out mechanisms or by using industry tools such as the Network Advertising Initiative opt-out page or the Digital Advertising Alliance’s opt-out page.

X. Children’s Privacy

The Website and Services are not intended for or directed at children under the age of 18. Flightpadi does not knowingly collect Personal Information from children under 18. Consistent with Section 8 of the Nigeria Child Rights Act (“the Act”), Cap C50, Laws of the Federation of Nigeria 2010, and Section 31 of the Nigeria Data Protection Act 2023, we will never knowingly request Personally Identifiable Information from anyone below the age of 18 without prior verifiable parental consent.

If we become aware that a child under the age of 18 has provided us with personal data without verifiable parental consent, we will use our best efforts to remove such information from our files. If as a parent or guardian, you become aware that your child or ward has provided us with any information without your consent, please contact us immediately using the contact details provided in Section XI “Contact Us” below. We will take steps to delete the information as soon as reasonably practicable.

XI. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will post the updated Privacy Policy on the Website and update the “Effective Date” at the top of this page. We may also notify you of such changes via email, through our messaging channels, or through other means reasonably calculated to reach you. Your continued use of the Website or Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

XII. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or if you wish to exercise your rights under the NDPA, please contact us at:

Flightpadi

1 Oluwafemi Street, Mowe, Ogun State, Nigeria

[email protected]

Data Protection Officer (DPO): [email protected]

XIII. Specific Provisions Regarding Email Account Credentials for Flight Refunds

  • 13.1 Voluntary Provision: Providing Flightpadi with access to your email account credentials for flight refund processing is entirely voluntary. You are not required to provide this information to use our Services.
  • 13.2 Alternative Guidance: If you are not comfortable sharing your email account credentials, we will provide you with detailed guidance and support to submit the refund request directly to the airline yourself.
  • 13.3 Limited Purpose: If you choose to provide your email account credentials, we will use them solely for the purpose of submitting and managing your flight refund request with the airline on your behalf. We will not access, use, or share your credentials for any other purpose.
  • 13.4 Security Measures: To enhance the security of your credentials, we strongly recommend that you share them with us using a secure password management tool such as 1Password or Dashlane. These tools allow you to grant temporary access without revealing your actual password to us.
  • 13.5 Temporary Access and Revocation: We will only access your email account for the limited time necessary to process your refund request, typically around 30 minutes. You can revoke our access to your credentials at any time through the password management tool you have used.
  • 13.6 Data Deletion and No Storage: We do not store your email account credentials. Once the refund request is processed, any record of your credentials is deleted from our systems immediately.

XIV. Complaints and Remedies

Flightpadi is committed to resolving any complaints or concerns you may have about our collection or use of your Personal Information.

If you believe that any provision of this Privacy Policy or your privacy rights have been violated in respect of your Personal Information, or if your access to our Services has been compromised, we encourage you to contact us first so that we can attempt to resolve the issue directly.  

Contacting Flightpadi for Complaints:

Please send all complaints and inquiries in writing to our Data Protection Officer at:

Email: [Insert DPO Email Address] or [Insert Physical Address if applicable]

Data Protection Authority:

While we hope to address your concerns effectively, you also have the right to lodge a complaint with the relevant data protection authority, the Nigerian Data Protection Commission (NDPC), if you believe your data protection rights have been infringed upon.

Contacting the NDPC:

Address: NDPC: No. 5, Donau Crescent, Off Amazon Street, Maitama, Abuja, Nigeria.

Email: [email protected]

Remedies:

We will investigate all complaints received within a reasonable timeframe and take appropriate steps to remedy any confirmed violations. This may include, but is not limited to:

  • Rectifying inaccurate or incomplete data
  • Erasing data that is no longer necessary or has been unlawfully processed
  • Restricting the processing of data
  • Providing you with access to your data
  • Taking disciplinary action against employees who have violated this Privacy Policy or applicable data protection laws

You may also be entitled to seek redress in a court of competent jurisdiction in Nigeria for any violation of your data protection rights.

Empowering the top 1% to escape the stress of planning and rediscover the joy of travel.

Facebook Instagram Youtube X-twitter Linkedin

Company

  • About Us
  • Contact Us

Legal

Services

Resources

© 2023. Flightpadi is part of the GorillaZap portfolio.