Privacy Policy

Introduction

This Privacy Policy explains how superflisg B.V. ("we", "us", or "our") collects, uses, and protects your personal information when you use our travel services, visit our website at superflisg.live, or interact with us in any way. We are committed to protecting your privacy and ensuring transparency about how we handle your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

As a registered company in the Netherlands (Registration: 28573469, VAT: NL237586419B135), superflisg operates as the Data Controller for all personal information processed through our services.

Data Collection

The data we collect includes personal information that you provide directly to us and information we gather automatically through your use of our services. This includes but is not limited to:

• Personal identification information (name, email address, phone number, postal address)
• Travel preferences and requirements
• Passport and visa information when required for bookings
• Payment information (processed securely through our payment partners)
• Communication records and correspondence
• Website usage data, cookies, and analytics information
• Emergency contact details and special requirements
• Feedback and review information

We collect this information when you contact us, make bookings, subscribe to our newsletter, use our website, or engage with our services in any capacity.

How We Use Your Information

We explain how we use your information to provide and improve our travel services. The use of your data is based on legitimate business interests, contractual necessity, and your consent where required. We use your personal information for:

• Processing travel bookings and managing your reservations
• Providing customer support and responding to enquiries
• Communicating important travel information and updates
• Processing payments and managing financial transactions
• Complying with legal and regulatory requirements
• Improving our services and website functionality
• Sending marketing communications (with your consent)
• Preventing fraud and ensuring security
• Conducting business analysis and market research

The legal basis for processing your data includes contract performance, legitimate interests, legal compliance, and consent where applicable under GDPR.

Data Sharing and Disclosure

We may share your personal information with trusted third parties who assist us in providing our services:

• Travel suppliers (airlines, hotels, car rental companies, tour operators)
• Payment processors and financial institutions
• Insurance providers
• Technology service providers and website analytics
• Legal and professional advisors
• Government authorities when required by law

All third parties are contractually bound to protect your data and use it only for the specified purposes. We do not sell your personal information to third parties.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected and to comply with legal obligations:

• Booking and travel records: 7 years after completion of travel (for financial and legal compliance)
• Marketing communications: Until you unsubscribe or withdraw consent
• Website analytics: 26 months maximum
• Customer support records: 3 years after last contact
• Financial records: As required by Dutch tax and accounting laws

When retention periods expire, we securely delete or anonymise your personal information unless we have a legal obligation to retain it longer.

Your Rights

Under GDPR and applicable data protection laws, you have the following rights regarding your personal information:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing for direct marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing
• Right to Lodge a Complaint: Contact supervisory authorities about data protection concerns

To exercise these rights, please contact us at privacy@superflisg.live. We will respond within 30 days of receiving your request.

Cookies and Website Analytics

Our website uses cookies and similar technologies to enhance your browsing experience and analyse website performance. For detailed information about our cookie usage, please refer to our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Note that disabling certain cookies may affect website functionality.

Data Security

We implement appropriate technical and organisational security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL encryption for data transmission
• Secure data storage with access controls
• Regular security assessments and updates
• Staff training on data protection procedures
• Incident response procedures

While we strive to protect your data, no method of transmission or storage is 100% secure. We encourage you to take precautions when sharing personal information online.

International Data Transfers

As a travel agency, we may transfer your personal information to countries outside the European Economic Area (EEA) when necessary for booking accommodations, flights, or other travel services. We ensure adequate protection through:

• European Commission adequacy decisions
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Your explicit consent for specific transfers

We carefully assess the data protection standards of destination countries and implement appropriate safeguards.

Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16 without verifiable parental consent. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete such information.

For family bookings involving minors, we require appropriate parental or guardian consent and supervision.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our website

Your continued use of our services after any changes constitutes acceptance of the updated Privacy Policy.

Contact Information

If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to contact us regarding data protection matters, please reach out to us:

You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data appropriately.