GDPR Compliance Policy

(General Data Protection Regulation)

Effective Date: December 21, 2025
Last Updated: December 21, 2025

This GDPR Policy explains how My Flights Portal, Inc. (“My Flights Portal,” “we,” “us,” or “our”) processes personal data of individuals located in the European Union (EU) and United Kingdom (UK) in compliance with Regulation (EU) 2016/679 (GDPR) and UK GDPR.

1. Data Controller Information

Data Controller: My Flights Portal, Inc.
Registered Address:
1142 Hicksville Rd, Massapequa, NY 11758 | US
Website: www.myflightsportal.com
Email (GDPR Requests): Support@myflightsportal.com

My Flights Portal acts as a Data Controller for personal data collected in connection with flight booking and travel-related services.

2. Scope of This GDPR Policy

This Policy applies to:

• EU & UK residents (“Data Subjects”)
• Website visitors, customers, and users
• Data collected online, offline, by phone, email, or live chat

This Policy supplements our Privacy Policy and applies where GDPR or UK GDPR is legally required.

3. Lawful Basis for Processing (Article 6 GDPR)

We process personal data only under one or more lawful bases:

• Contractual Necessity – to process bookings and provide travel services
• Legal Obligation – to comply with airline, ARC, tax, accounting, or regulatory requirements
• Legitimate Interest – fraud prevention, service improvement, operational security
• Consent – where explicitly required (e.g., marketing communications)

We do not process personal data without a valid lawful basis.

4. Categories of Personal Data Processed

4.1 Standard Personal Data

• Full name
• Email address
• Phone number
• Billing address
• Travel itinerary and passenger details
• Communication records

4.2 Special & Payment Data (Strict Controls)

• No full credit/debit card numbers, CVV codes, or authentication data are stored
• Payments are processed through PCI DSS–compliant systems
• Our infrastructure is scanned by an Approved Scanning Vendor (ASV), Backbone Security, Inc.
• Payment data is processed transiently and never retained

5. Purpose of Processing

Personal data is processed strictly to:

• Facilitate and manage flight bookings
• Issue airline tickets and manage reservations
• Provide customer support and post-booking assistance
• Meet airline, settlement, and legal requirements
• Detect fraud, misuse, or unauthorized activity

Data is never sold, rented, or monetized.

6. Data Sharing & International Transfers

Personal data may be shared with:

• Airlines and Global Distribution Systems (GDS)
• Payment processors (PCI-compliant only)
• Settlement and compliance entities
• Contracted customer support providers

Data may be transferred outside the EU/UK, including to the United States and India, under:

• Standard Contractual Clauses (SCCs)
• Contractual confidentiality and security obligations
• Technical safeguards and access controls

7. Data Retention

We retain personal data only as long as necessary for:

• Contract fulfillment
• Legal and regulatory compliance
• Dispute resolution and enforcement

Payment card data is never stored.

8. Data Subject Rights (Articles 12–23 GDPR)

EU and UK residents have the right to:

• Right of Access – obtain a copy of personal data
• Right to Rectification – correct inaccurate data
• Right to Erasure (“Right to be Forgotten”), subject to legal limits
• Right to Restrict Processing
• Right to Data Portability
• Right to Object to processing based on legitimate interest
• Right to Withdraw Consent (where applicable)

Requests may be sent to Support@myflightsportal.com.
We respond within 30 days, as required by GDPR.

9. Automated Decision-Making

My Flights Portal does not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals.

10. Data Security Measures

We implement strong safeguards, including:

• Encrypted data transmission
• Access-controlled systems
• Regular security scans and audits
• PCI DSS-compliant payment processes
• Limited data access on a need-to-know basis

Despite best practices, no system is fully immune; however, we maintain industry-leading protections.

11. Data Breach Notification

In the event of a personal data breach:

• We will assess risk promptly
• Notify relevant supervisory authorities where required
• Inform affected individuals when legally mandated

12. Supervisory Authority & Complaints

EU/UK data subjects have the right to lodge a complaint with their local Data Protection Authority (DPA) if they believe their rights have been violated.

13. Children’s Data

Our services are not intended for individuals under 16 years of age in the EU/UK. We do not knowingly process children’s personal data.

14. Policy Updates

This GDPR Policy may be updated periodically. Changes will be published on this page with a revised effective date. Continued use of our services constitutes acceptance of updates.

15. Contact for GDPR Matters

📧 Email: Support@myflightsportal.com
📍 Address: 1142 Hicksville Rd, Massapequa, NY 11758 | US

Final GDPR Notice

By using www.myflightsportal.com, you acknowledge that your personal data may be processed in accordance with this GDPR Compliance Policy and applicable data-protection laws.