This General Data Protection Regulation ("GDPR") Privacy Notice ("Notice") supplements the Privacy Policy of FLIGHTbdx and applies specifically to the collection and processing of personal data, as defined by the GDPR, of individuals located within the European Economic Area ("EEA") and the United Kingdom ("UK"). These individuals are referred to herein as “you” or “your.” Capitalized terms not otherwise defined in this Notice shall have the meanings assigned in our Privacy Policy or the GDPR. In any situation where this Notice conflicts with another section of our Privacy Policy, this Notice shall govern with respect to EEA/UK users and their personal data.
If you are located outside of the EEA or UK, please refer to our general Privacy Policy.
Who is Responsible for Your Data
FLIGHTbdx is the data controller responsible for processing personal information collected via our websites, customer support operations, and travel-related services (collectively referred to as the "Services").
Where Your Information is Stored
We host and store personal data of EEA/UK individuals on secure servers located in the United States, and implement protective measures to maintain data integrity and security.
International Data Transfers
FLIGHTbdx participates in the following frameworks:
• The EU-U.S. Data Privacy Framework (EU-U.S. DPF),
• The UK Extension to the EU-U.S. DPF,
• The Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF).
If these mechanisms are invalidated, we will rely on legally recognized safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), to ensure compliant cross-border data transfers.
Where required to provide services (e.g., airline or hotel bookings), we may transfer data to third parties outside the EEA/UK under GDPR Article 49(1)(b) or 49(1)(c).
How Long We Keep Your Data
Your data will be retained for a period based on:
• How frequently you interact with our services;
• Analysis of travel trends to improve our offerings;
• Whether you have opted into marketing;
• Fraud prevention, legal, and regulatory obligations;
• Customer service interactions or disputes;
• Applicable legal retention periods and statutes of limitations.
How We Keep Your Information Safe
FLIGHTbdx uses a range of technical and organizational safeguards to protect your data. This includes secure data transmission (SSL encryption), adherence to PCI-DSS for payment security, and monitoring tools to detect suspicious activity. We collect diagnostic data such as IP addresses and device details to help protect our services from cyber threats.
Government Disclosures
We may be legally required to share your information with government or law enforcement agencies for reasons such as national security, legal compliance, or regulatory inquiries.
Business Transfers
In the event of a merger, acquisition, reorganization, or asset sale, your personal data may be transferred to the acquiring entity, provided that it continues to be protected under terms consistent with this Notice.
Your Rights Under GDPR
As a resident of the EEA or UK, you have the right to:
1. Request access to your personal data;
2. Ask for corrections or deletions;
3. Restrict or object to certain types of processing;
4. Request a copy of your data in a portable format;
5. Withdraw your consent where applicable.
To exercise any of these rights, please email support@flightbdx.com with the subject line: “GDPR Notice.”
Objecting to Processing
You can object at any time to the processing of your data based on our legitimate interests, including for direct marketing purposes. We will cease such processing unless compelling legitimate grounds exist. You can opt out of promotional emails via unsubscribe links or by contacting us.
Note: Transactional communications, such as booking confirmations, are not subject to opt-out.
Lodging a Complaint
If you believe your rights have been infringed, you can file a complaint with your local data protection authority. A list of authorities is available at:
You may also enforce rights granted under any Standard Contractual Clauses applicable to your data.
Children’s Privacy
FLIGHTbdx does not target or knowingly collect personal data from individuals under the age of 18. If we discover such data has been collected, we will delete it promptly.
Changes to This Notice
Should our use of your data change in a material way, we will provide notice and revise this Notice accordingly. The latest version will reflect the updated “Effective Date.”
Data Privacy Framework Compliance
FLIGHTbdx complies with the principles set out under:
• The EU-U.S. Data Privacy Framework for EU personal data;
• The UK Extension to the EU-U.S. DPF for UK personal data;
We are subject to enforcement by the U.S. Federal Trade Commission and cooperate with BBB National Programs for dispute resolution. If unresolved, you may initiate a complaint here:
Certain issues may be eligible for binding arbitration.
Sharing with Third Parties
We may share personal data with vendors and service providers who act on our behalf, including for hosting, analytics, or customer service support. These third parties are bound by contractual obligations to maintain equivalent levels of data protection.
We may also share limited data with affiliates for internal business operations.
Your Options for Data Sharing
You may opt out of data sharing with external third parties (not acting as service providers) by contacting us. We do not share sensitive personal data without your explicit opt-in consent.
Your Rights Under the DPF
To access, correct, or delete data covered under the DPF, email us at support@flightbdx.com. We will respond within a reasonable time-frame.
Retention of DPF Data
Personal data processed under the DPF is retained only as long as needed for business or legal purposes. Once it is no longer necessary, we securely delete or anonymize it.
Safeguarding DPF Data
We maintain strong security protocols to prevent unauthorized access, use, or disclosure of any personal data subject to the DPF.
Contact Information
If you have questions or wish to exercise your GDPR or DPF rights, contact us at:
