Privacy Policy

Privacy Policy (UAE-based controller)

Last updated: September 2, 2025

Fly Reclaim FZ-LLC (“Fly Reclaim”, “we”, “us”, “our”) is a company registered in the United Arab Emirates. We are committed to protecting your personal data and complying with the UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) (“PDPL”), as well as the EU General Data Protection Regulation (GDPR) and UK GDPR, where applicable.

1) Controller identity

• Controller: Fly Reclaim FZ-LLC
• Registered address: Dubai
• Email: [email protected]

2) Data we collect

• Identification: name, surname, date of birth, nationality.
• Contact: email, phone, address.
• Travel info: booking references, flight numbers, boarding passes, receipts.
• Payment info: IBAN or bank account for compensation payouts.
• Communications: emails, messages, documents shared with us.
• Technical info: IP, device, browser, usage logs, cookies.
• Special category: medical/disability docs (only when required for legal claims).

3) Purposes & lawful bases

• Process and manage claims (contractual necessity, Art. 6(1)(b) GDPR).
• Legal representation vs. airlines (legal obligation, Art. 6(1)(c); legal claims Art. 9(2)(f)).
• Customer support & communications (contract / legitimate interest).
• Payment processing (contract/legal obligation).
• Fraud prevention & security (legitimate interest / PDPL art. 5).
• Marketing (opt-in only) (consent).
• Cookies & analytics (consent in EU/UK; legitimate interest in UAE unless otherwise required).

4) Sharing your data

• Airlines, travel operators, and courts/authorities when required.
• Payment providers (for disbursement of compensation).
• IT/hosting/support vendors under strict contracts.
• Legal advisors if escalation is necessary.

5) International transfers

Since we are based in the UAE, your data may be transferred outside the EU/UK.

• For EEA data, we rely on Standard Contractual Clauses (SCCs) + supplementary measures.
• For UK data, we rely on the International Data Transfer Agreement (IDTA) or UK Addendum to the SCCs.
• Under UAE PDPL, transfers outside the UAE require either an adequacy decision (not yet granted with the EU/UK) or contractual/legal safeguards.

6) Retention

• Claims & legal records: 6 years after case closure.
• Financial/tax records: 7 years.
• Customer support: 3 years after last contact.
• Marketing: until consent withdrawn.
• Cookie/analytics: per consent duration (max 24 months).

7) Your rights

Under GDPR/UK GDPR:

• Access, rectify, erase, restrict, port, object, withdraw consent.
• Right to lodge a complaint with your local authority (EDPB list).

Under UAE PDPL:

• Access, correction, deletion, restriction, and data portability rights.
• Right to withdraw consent at any time.
• Right to complain to the UAE Data Office.

8) Security

We apply encryption, access controls, monitoring, and vendor due diligence. In case of a breach, we notify authorities and affected individuals where required by law.

9) Children

Our services are not directed to children under 16.

10) Cookies

We use cookies for site functionality, analytics, and (with consent) marketing.

• In the EU/UK: non-essential cookies are only set with prior consent.
• In the UAE: cookies are used in line with PDPL and your browser preferences.

11) CCPA/CPRA (California)

California residents have the right to know, access, correct, delete, and opt-out of the sale/sharing of personal data. We do not sell personal information in the conventional sense.

12) Changes

We may update this Privacy Policy. Any material changes will be communicated.

13) Contact

• Privacy inquiries: [email protected]
• Support: [email protected]