Fly2Syria
|Air Mediterranean

Privacy Policy

Last updated: 10/4/2025

We appreciate your interest in our flight booking platform. The protection of your personal data is very important to us. Below, we inform you in detail about how we handle your data.

1. Name and Contact Details of the Controller

The controller in the sense of the General Data Protection Regulation (GDPR) is:

"ALADIN" Reisebüro GmbH
Mariahilferstrasse 104/2
1070 Vienna
Austria
Email: office@ata-europe.com
Website: www.fly2syria.com

For questions about data protection, you can reach us at the email address provided above.

2. Purposes and Legal Bases of Data Processing

We process your personal data for the purposes listed below and on the basis of the corresponding legal grounds of the GDPR.

a) For the Performance of a Contract (Art. 6(1)(b) GDPR)

We process the data you provide during the booking process to fulfill the contract of carriage and to carry out pre-contractual measures. Without this data, we cannot conclude the contract with you. This includes:

  • Master data: Name/company, business address, and other addresses of the customer.
  • Contact details: Contact person, telephone number, email address.
  • Passenger data: Full name, date of birth, gender, nationality, passport data (number, country of issue, expiry date).
  • Payment data: Bank details, credit card data (processed directly by our payment service provider).
  • Order data: Booked flights, baggage information, travel dates.

b) Based on Your Consent (Art. 6(1)(a) GDPR)

If you have given us your voluntary consent, we process your data for the following purposes:

  • Customer care and marketing: Sending offers, advertising brochures, and newsletters (in paper and electronic form), as well as references to your existing or former business relationship with us (reference notice).

You can revoke this consent at any time. A revocation means that we will no longer process your data for the above-mentioned purposes from that point on. To revoke your consent, please contact us using the contact details provided above.

c) For the Protection of Legitimate Interests (Art. 6(1)(f) GDPR)

We process general access data to ensure the functionality of our website and to optimize our services. This includes: browser type, operating system, referrer URL, IP address, and time of the server request.

3. Storage Duration

We store your data only for as long as is necessary for the purposes for which it was collected. After the contract has been fully processed, your data will first be stored for the duration of the statutory warranty periods and then, taking into account the statutory, in particular tax and commercial law retention periods (typically 7 years in Austria), and deleted after the period has expired. Data based on your consent will be stored until you revoke it.

4. Recipients of the Data / Data Processors

We use data processors for our data processing. We pass on your data to the following recipients or categories of recipients if this is necessary for the performance of the contract or for the provision of our services:

  • Airlines: For the performance of the flight, passenger and booking data are transmitted to the operating airline (Air Mediterranean).
  • IT Service Providers: We use Supabase Inc. (USA) to provide our website and database.
  • Payment Service Providers: We use Stripe Inc. (USA) to process payments.
  • Email Providers: We use Microsoft Office 365 (USA) to send booking confirmations and service emails.
  • Web Analytics: We use Google Tag Manager to manage website tags. This may involve the transfer of usage data to Google LLC (USA).

Your data is also processed, at least in part, outside the EU or the EEA. The appropriate level of protection for the transfer to the USA is based on an adequacy decision of the European Commission pursuant to Art. 45 GDPR (EU-U.S. Data Privacy Framework) or on standard contractual clauses pursuant to Art. 46 GDPR.

5. Automated Decision-Making

We do not use any automated decision-making or profiling procedures that have legal effects on you or similarly significantly affect you.

6. Your Rights (Legal Remedy Information)

You have the fundamental rights to information, correction, deletion, restriction, data portability, and objection . To exercise these rights, please contact us using the contact details provided above.

If you believe that the processing of your data violates data protection law or that your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, the Data Protection Authority (www.dsb.gv.at) is responsible for this.