Privacy Policy

At INFINITY FLIGHTS d.o.o., we recognize the importance of protecting the personal data you entrust to us, and we carefully safeguard and manage your personal information.

This privacy policy applies to the processing of personal data by INFINITY FLIGHTS d.o.o., Ponoviška cesta 11b, 1270 Litija, Slovenia, and Infinity flights d.o.o. Serbia, Vudroa Vilsona 12B, 11000 Belgrade, Serbia. It informs customers and website visitors about the processing purposes, types of personal data we process, the rights we ensure, and the legal basis for personal data processing.

Personal Data Protection
Your personal data is protected in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC) (hereinafter referred to as “GDPR”), the Personal Data Protection Act (ZVOP-2), and other applicable laws governing personal data protection.

Data Controller
The data controller for personal data obtained through the website or via email that we process is INFINITY FLIGHTS d.o.o., Ponoviška cesta 11b, 1270 Litija, Slovenia, and Infinity flights d.o.o. Serbia, Vudroa Vilsona 12B, 11000 Belgrade (hereinafter referred to as “the controller”).

Sharing Personal Data with Third Parties, Third Countries, or International Organizations
We may need to share your data with airline operators who work with us. In the case of transportation to third countries, the controller may also need to share your data with third-country providers, such as airline companies. The controller will not share your data with unauthorized third parties.

Contractual personal data processors will have access to your data in cases of website inquiries, with web hosting service providers and electronic messaging tools. An exception is statistical data on website visits and usage for which we use Google Analytics.

Types of Personal Data, Legal Bases, and Purposes for Processing
The controller collects and processes personal data based on: individual consent, concluded contracts or activities before concluding a contract, legitimate interests we pursue, and to meet legal obligations that apply to us.

  • Processing Based on Consent
    Individuals whose personal data is processed based on consent can give consent for each specific purpose separately, such as signing up for electronic communications about news and offers. Based on consent, the controller collects and processes the following personal data: email address. Consent can be withdrawn at any time, and individuals can unsubscribe from electronic communications by following the “Unsubscribe” link in the message footer.
  • Processing Based on Contracts
    Infinity flights d.o.o. collects and processes personal data based on contracts or activities before concluding a contract to perform contractual obligations. The personal data processed for contract execution includes: name, surname, full address, email, phone number, passport number, and expiration date.
  • Processing Based on Legitimate Interests
    The controller collects and processes personal data based on legitimate interests for which we strive, such as:
    – Statistical analysis of website visits,
    – Ensuring and improving our services.
    For these purposes, we collect and process the following personal data: statistical data on website visits, click counts, click times, data on inbound and outbound websites, client type data, which are statistically processed and aggregated so they cannot be linked to specific individuals.
  • Processing Based on Legal Obligations
    Infinity flights d.o.o. collects and processes personal data based on legal obligations that apply to the controller for purposes such as accounting records, invoicing, and debt collection. The personal data collected for these purposes includes: name, surname, address, email address, phone number, passport number, and expiration date.

Personal Data Protection Measures
The controller applies all necessary physical, technical, logical, and organizational procedures and measures to protect personal data. This includes:
– Protecting application software used to process personal data,
– Preventing unauthorized access to personal data during transmission, including telecommunication means and networks,
– Ensuring efficient archiving, destruction, erasure, or anonymization of personal data,
– Protecting premises, hardware, and software,
– Providing traceability to determine when and by whom personal data was processed.

Retention Periods for Personal Data
Personal data obtained based on consent is retained for one year after consent is withdrawn. Personal data processed based on contracts is retained:

  • For 10 years after the end of the calendar year in which they were created for financial transactions,
  • For 10 years after the conclusion of court proceedings in case of debt collection, and
  • For 5 years after the end of the calendar year for other contract-related purposes.

Personal data collected based on legitimate interests is retained as long as the original purpose for which they were collected persists.

Rights of Individuals
Under current data protection laws, individuals have the following rights:

  • **Right of Access**: The right to confirm whether personal data is being processed, and if so, access to it.
  • **Right to Rectification**: The right to correct inaccurate personal data without undue delay.
  • **Right to Erasure**: The right to have personal data erased without undue delay.
  • **Right to Restriction of Processing**: The right to restrict processing when individuals contest data accuracy, processing is unlawful, or when data is required for legal claims.
  • **Right to Data Portability**: The right to receive personal data in a structured, machine-readable format and to transmit it to another controller.
  • **Right to Object**: The right to object to processing based on legitimate interests.
  • **Automated Decision-Making and Profiling**: The right not to be subject to decisions based solely on automated processing or profiling.
  • **Right to Lodge a Complaint**: The right to lodge a complaint with the supervisory authority, which in Slovenia is the Information Commissioner.

Cookie Policy
This website uses cookies for proper functionality. These are files stored on the user’s device, containing unique data or settings selected on the website.

Effective Date
This privacy policy is effective from April 8, 2024.