Last modification: 15/12/2022
Entity: CANARYFLY, S.L.
Corporate Tax ID No. B76013481
Entry in the trade register:Volume:1912; Book:0; Sheet:76; Page:GC-41361
This section includes all the information on personal data processing carried out by Canary Fly S.L. (hereinafter, Canaryfly) during the process of providing its services, as well as during interactions with the users of its website and other contact channels.
To facilitate your right to information and comply with the principle of transparency required by data protection regulations, this content is divided into sections that provide the desired information in a clear, direct and concise manner. If you have any questions or if you would like additional information, please don't hesitate to contact us via email lopd@canaryfly.es
The main rules that have been taken into account in configuring this content are:
The website https://www.canaryfly.es is owned by Canaryfly and its main activity is air transport ticket sales and bookings for passengers. Multiple complementary purposes or those necessary for the company's operation and continuity are associated with this purpose. Pursuant to article 13 of the GDPR, please be advised that for the aforementioned activities, the person responsible for processing the personal data collected is CANARY FLY S.L., with Tax ID No. B76013481 and address at C/ Aeropuerto de Gran Canaria, Hangar L. 35230, Las Palmas de Gran Canaria, Spain.
The Canaryfly website, among its features, facilitates users' access to third-party websites that provide complementary services such as hotel bookings, holiday activities and car rental. In these cases, users will be redirected to third-party websites where they can purchase the desired service, for example, hotel bookings, car rental or booking holiday activities. In all cases, these third parties are responsible for processing the data they collect pursuant to their own conditions and privacy policies.
Canaryfly collects data during the purchase process, in person or online, of its products or services, as well as during the provision of the service or subsequent support tasks. The data is mostly provided by customers and passengers, although others, such as website browsing data (collected through cookies or tags) are the product of Data Subjects' interaction with Canaryfly's channels and, in the case of those associated with flights and itineraries, the product of automated tasks or tasks resulting from the normal development of the company's aeronautical activity.
Some data is essential for the provision of services, which is why it appears as required on forms or during interactions with company personnel. Other data such as preferences, or the data needed for personalised advertising or flight preferences, is only collected if Data Subjects agree to it.
Any required data that is not completed, or is completed incompletely or falsely, could prevent the correct provision of the service and exempt Canaryfly from any liability.
The types of data that can be processed during the provision of Canaryfly services are those that appear below, without prejudice to the variations that may be applied in specific cases. It is important to know that in each situation, only the data strictly necessary for the corresponding purpose is collected:
Personal data processing is essential for the correct provision of the services offered by Canaryfly. This section informs of the purposes for which Canaryfly could process your data, depending on the reason for your interaction with the company.
Pursuant to article 13 of the GDPR, this section also includes the legal bases (which enable Canaryfly to process your data lawfully), as well as the recipients of the data associated with each of them and in some cases the period during which the data will be retained.
The purposes for which the data is collected
Legal basis: formalising agreements or the application of pre-contractual measures.
Description: the data provided during the booking management process and tasks associated with the sale of air transport tickets for passengers is used to manage the booking/purchase process and to carry out all the associated administrative tasks (seat allocation, sending automatic information, flight reminders, verifying the boarding process, itinerary management, communication with other operators, etc.), managing payment for and the administrative management of the services (payment, invoicing, identity verification of the holders of the payment methods, returns, compensation, among other related procedures); managing grants and other benefits; provision of the service and management of its quality; physical, online and telephone customer service (provide information, manage change requests, returns, complaints, claims, incidents, queries and various other actions).
Data communications: communication of data to other airlines in the event of connections with flights managed by third parties other than Canaryfly.
Communications to competent authorities pursuant to the airline's legal obligations (see next section).
Ticket acquisition and purchase data may be communicated to third-party payment service provider companies (among others, banks, savings banks, rural banks, issuers or managers of cards or payment methods) so that these providers can verify the transactions carried out in the purchase of tickets.
In cases of lost or delayed luggage incidents, flight delays or acceptance of flight change and other related actions, your identification and contact data may be communicated to entities such as courier companies, hotels and others that provide a compensatory or corrective service for the incident.
Legal basis: Compliance with legal obligations.
Description: Some personal data of passengers may be processed for the purpose of compliance with Canaryfly's legal obligations. These obligations include:
Data communications: In these cases, the data necessary to comply with the legal obligation, including managing the subsidy that the customer or passenger has enjoyed, are communicated to the public administration body or to the competent authority on the matter.
Legal basis: consent from Data Subjects or their legal representative. In the event of an emergency during the flight, the actions taken will be carried out in the name of the vital interest of Data Subjects or of third parties if they or their representative are not in a position to provide their consent.
Description: Managing medical cases always requires the processing of health data of the affected passengers so that the medical staff who assist Canaryfly can assess the suitability of taking the journey, as well as the requirements and adaptations that must or can be made on the plane, as well as during the flight by the crew.
Emergency situations during the flight will be managed by the crew unless there are medical personnel on board.
Data communications: In medical emergency situations during the flight, the data of the case and of the patient and of the people who attend to the case, whether or not they are members of the crew, are communicated to the Canary Islands Health Service so that they can continue with patient care and managing the case.
Legal basis: Canaryfly's legitimate interest to carry out service quality controls, as well as to maintain proof of the content of the call.
Description: It is informed that calls received to customer service will be recorded for the purpose of service quality and verification of the services provided.
Data communications: Data communications are not foreseen, although they may be provided to competent authorities that request a copy of it in a specific, weighted and limited way pursuant to the applicable legislation.
Legal basis: Consent from Data Subjects.
Description: Data is collected that Data Subjects provide during the process of creating their Canaryfly account, as well as those that they include at a later time or those that are created from their relationship with the company, as well as their interests and preferences. It includes the purchase history, the requested invoices, information on flights made, etc.
Data communications: Data communications are not foreseen, although they may be provided to competent authorities that request a copy of it in a specific, weighted and limited way pursuant to the applicable legislation.
Data deletion: if you request the deletion of the user account, this action does not imply total or partial deletion of the data. The data will continue to be retained in the Canaryfly database pursuant to the data retention criteria in section IV.
Legal basis: Consent from Data Subjects.
Description: Through the use of tags, the data provided by Data Subjects during the unfinished purchase processes will be collected in order to send reminders and offers to complete the purchase started.
Data communications: Data communication to third parties is not foreseen.
Data retention: the data will be deleted after six months.
Legal basis: legitimate corporate interest.
Description: Some Canaryfly customer data may be used to find out their interests and preferences to send them commercial information, offers and promotions, invitations to events and activities based on their purchases of products or services, as well as to carry out surveys related to interest, improvement and sales prospecting. Communications will be made by the usual channels at all times, email or post, telephone call, SMS or through instant messaging applications and even through the Canaryfly App.
Data communications: data communications to third parties are not foreseen.
Legal basis: Consent from Data Subjects.
Description: Data Subjects may provide their identification, contact and other data in order to receive direct advertising from Canaryfly or third parties.
Data Subjects may also consent to personalisation of the offers that they will receive. In this case, browsing data will be used to personalise the advertising shown on the website, as well as to configure personalised direct marketing actions.
Communications will be made by the usual channels at all times, email or post, telephone call, SMS or through instant messaging applications and even through the Canaryfly App.
Data communications: data communications to third parties are not foreseen. Any advertising actions that involve information from third parties do not entail the communication of personal data to them.
Legal basis: Consent from Data Subjects.
Description: The data collected during the process of registration, participation and development of events, activities and other participatory actions organised by Canaryfly will be governed by the bases of each of them.
Data communications: he data of raffle and contest winners, as well as of participants, could be published on social networks and on the Canaryfly website. If the event has a co-organiser or the prize is associated with a third party, the co-organiser or the third party will receive the data. Extended information will be provided in each activity, go to its publication.
Legal basis: Consent from Data Subjects.
Description: while browsing the website, Data Subjects may or may not consent to the installation of different types of cookies or tags. The purpose of data processing in most cases is embedded in the purposes listed above: personalisation of the website, customer service, personalisation of service offerings, recovery of shopping carts, sending direct advertising.
Data communications: The data collected by cookies, tags and other technologies managed directly by Canaryfly or its service providers is not communicated to third parties. However, if the installation of third-party cookies is accepted, Data Subjects will be allowing them to access their data directly and therefore in these cases are invited to visit their privacy policies before accepting them.
Legal basis: legitimate interest and compliance with legal obligations.
Description: The data associated with the situations of this purpose will be retained for as long as the processes opened by the Data Subjects persist.
Data communications: communication to the competent authorities on the matter of the claim, complaint or denouncement, as well as solicitors, prosecutors and other members of the judiciary that are related to the case.
Legal basis: Consent from Data Subjects.
Description: The personal data associated with this purpose is used to assess the information included in Data Subjects' CVs and to take them into account in personnel selection processes.
Data communications: data communications to third parties are not foreseen.
The data collected by Canaryfly is retained associated with the purposes for which it is collected. A customer can provide data used for several purposes. Therefore, it will not be deleted until the need or obligation, linked to all of them, ends.
Provided that the legislation changes continuously and the obligations imposed on companies vary equally, it is not possible to provide a fixed table of data retention periods. However, pursuant to the GDPR, these are the data retention criteria applied by Canaryfly:
The data will be retained:
If you would like further information on this point or if you would like to specify a specific term related to specific processing and a specific owner, please don't hesitate to contact us via email
If you provide data from third parties during your communications with CANARYFLY, please be advised that:
CANARYFLY is not responsible if the user who completes the forms or requests does not comply with the above points.
Like most companies, Canaryfly subcontracts services to third parties that allow the development of the company's daily activity. Among others and by way of example, financial and accounting advice and management, insurance and reinsurance, call centres and customer service, physical security and video surveillance, logistics, ground handling for passengers, cleaning, IT services, marketing, among others, can be subcontracted.
In all cases in which personal data is processed on behalf of Canaryfly, the principles of privacy by design and default are applied, choosing only providers that guarantee a level of compliance with data protection regulations and formalising the corresponding personal data processing agreements. Additionally, clear instructions are provided on the obligations and limitations of their service providers. The security and confidentiality requirements that must be established and for which the application is audited and controlled are also established.
The aeronautical sector requires very special service providers and technologies that in many cases have a presence outside of the EEA and therefore their use represents an international data transfer. Among them, Canaryfly performs the following:
There may be other transfers. If you wish to know about them, please request additional information by writing to lopd@canaryfly.es
Canaryfly is highly committed to the rights and freedoms of the Data Subjects whose data it processes. It therefore informs you that, at all times and as applicable to each specific case, you have the right to exercise your:
To exercise your data protection rights, please contact Canaryfly via email lopd@canaryfly.es or by letter to C/ Aeropuerto de Gran Canaria, Hangar L. 35230, Las Palmas de Gran Canaria, Spain.
These rights can be exercised by means of written communication, attaching a copy of your national identity document, passport or other legally valid document that proves the identity of the Data Subject, addressed to lopd@canaryfly.es or by post to C/ Aeropuerto de Gran Canaria, Hangar L. 35230, Las Palmas de Gran Canaria, Spain. To ensure that your request can be processed correctly, please provide the following information:
The exercise of these rights is very personal, so only Data Subjects can exercise them with respect to the personal data for which they are the legitimate owner. However, in the cases in which it is admitted to do so, Data Subjects' authorised representatives may exercise the rights that apply to them in the terms set forth, provided that the aforementioned communication is accompanied by the document accrediting such representation.
CANARYFLY has adopted multiple administrative and security measures, both physical and online, that guarantee a high standard of security for the personal data that it processes in its own logical and analogue facilities and those of third parties from which it receives services.
The measures applied are aimed at guaranteeing the permanent confidentiality, integrity, availability and resilience of the processing systems and services and quickly restoring the availability and access to personal data in the event of a physical or technical incident. And, above all, in any case, guarantee the right to protection of the Data Subjects' personal data and all their associated rights and freedoms.
This content may be modified at any time either to update it in relation to new processing purposes, as well as legislative changes, guidelines or jurisprudence of the EU Data Protection authorities or for reasons of improving transparency and quality of the service.