FlyFirefly Sdn. Bhd. (referred to as the “Company”, “we”, “our” or “us”) is committed to the protection of your Personal Data and takes the matter of protecting your privacy as high priority.
This Privacy Statement explains general terms on how we collect, use and protect the privacy of your Personal Data under the Personal Data Protection Act 2010 ("PDPA"). Please note that the Privacy Statement is streamlined to common principles of data privacy in most jurisdictions although there may be some slight variations due to local requirements.
What Personal Data do we collect?
The types of Personal Data that we collect directly from you or from third parties depend on the circumstances of collection and on the nature of the service requested or transaction undertaken. It may include (but is not limited to):
(a) personal information that links back to an individual, e.g., name, gender, date of birth, passport, other government issued National Identification card numbers and other personal identification numbers;
(b) contact information, e.g., address, phone number and email address;
(c) payment information, e.g., credit or debit card information, including the name of cardholder, card number, billing address and expiry date;
(d) travel information, e.g., flight information, loyalty program membership details, seating, dietary or other service preferences;
(e) health information, e.g., health issues relevant to your travel arrangement or medical records and requests;
(f) technical information, e.g., IP address; and
(g) statistical data, e.g., number of passengers, and hits to website.
Where another person makes reservations on your behalf, you undertake and will ensure that you have authorized the disclosure of your Personal Data and consent to the terms and conditions of this Privacy Statement. Where you are booking on behalf of another person, you represent and warrant that you have the consent of those persons to provide their Personal Data. In addition where you are booking on behalf of children (those below 18 of age), please ensure that you are over 18, has appropriate authority and consent of their consent whose Personal Data is submitted to the Data User.
How do we collect your Personal Data?
(a) via any online sites operated by us and our contractors;
(b) under any other contractual agreement or arrangement;
(c) via a third party, e.g., travel agent or our service provider.
Some of the other ways we may collect Personal data shall include (but is not limited to):
(a) communications with you via telephone, letter, fax and email;
(b) when you visit our website or one of our contractors’ websites;
(c) when you contact us in person;
(d) when we contact you in person;
(e) when we collect information about you from third parties; and other channels including our ticketing counters and airport operations;
(f) when you interact with us via social media or interactive applications including but not limited to Facebook, Twitter, Instagram etc;
(g) from publicly available sources;
(h) mobile services.
How do we collect your Personal Data from our website?
From our website, we collect your Personal Data in the following ways:
(a) IP Address
We use your IP address to help diagnose problems with our server, and to administer our website. IP addresses are not linked to personally identifiable information.
You can adjust settings on your browser so that you will be notified when you receive a cookie. Please refer to your browser documentation to check if cookies have been enabled on your computer or to request not to receive cookies. As cookies allow you to take advantage of some of the Website’s essential features, we recommend that you accept cookies. For instance, if you block or otherwise reject our cookies, you will not be able to book flights or use any products or services on the Website that require you to log-in.
It is important that you prevent unauthorised access to your password and your computer. You should always log out after using a shared computer.
(c) Online Reservation System
Our online reservation system resides in a secure server that encrypts your purchase information using Secure Socket Layers. We use all reasonable endeavours to protect Personal Data from loss, misuse and alteration. Only authorized employees and agents will have access to your Personal Data. However, you are responsible for your user ID or password that is used on our web site. You should take due care to protect them.
(d) User Feedback Form
Our Customer Care Feedback Form requires you to give us contact information (e.g. your name and email address) so that we can respond to your comments. We use your contact information from the registration form to send you information about our company. Your contact information is also used to contact you where necessary. Demographic and profile data are also collected at our site. We use your Personal Data to tailor your experience at our site by showing you contents that we think you may be interested in contents according to your preferences.
(e) Site Tracking
We use tracking software to monitor customer traffic patterns and site usage to help us develop the design and layout of the websites. This software does not enable us to capture any personal passenger information.
What do we use your Personal Data for?
We may use your Personal Data for the following purposes:
(a) to enable us to provide our services and perform our services to you;
(b) to facilitate your travel (e.g., making a booking) and freight arrangements;
(c) to verify identity of passengers and perform luggage check-ins;
(d) to provide flight alert messages;
(e) to facilitate internet check-in;
(f) to process any commercial transaction (e.g. In-flight sales);
(g) to facilitate your participation in our or third parties’ loyalty programs;
(h) to protect the safety and well-being of yourself and/or other customers;
(i) to investigate and respond to claims and inquiries from you;
(j) to remind you to complete your booking and/or offer our assistance (in case, for instance, failure to complete due to technical difficulties). This is an optional service. You can choose not to receive these emails at any time by following the link at the bottom of each such email;
(k) to provide in-flight catering and other services that best meet your preferences and needs;
(l) for financial purposes such as credit or other payment card verification, accounting, billing and audit; and / or
(m) for business development purposes such as statistical and marketing analysis, systems testing, maintenance and development, customer surveys, customer relations to advise on alterations to flights or to help us in any future dealings with you, for example by identifying your requirements and preference;
(n) to comply with any legal or regulatory requirements; and/ or
(o) for all other purposes ancillary to any of the purposes stated above.
(p) to communicate promotions, offers, product, services and information on products and activities, offers to upgrade or other notifications in relation to your booking;
(q) marketing/cross-marketing and communicating with you in relation to products and services offered by us and our service partners as well as our appointed agents; and/or
(r) for all other purposes ancillary to any of the purposes stated above.
Accessing / Limiting / Correcting / Updating your Personal Data
You may request to obtain information of your Personal Data, limit the processing of your Personal Data and also update or make amendments to your Personal Data as below:
(a) for online registered customers, you may login to your online account and update your Personal Data; or
(b) for every other customer, you may forward your request to the contact person as detailed below at clause 12.
Please note that depending on the information requested, a nominal fee may be charged. We will endeavour to provide the information back to you as soon as practicable. However we also reserve the right to validate all requests for the authenticity of the request. We may refuse to comply with data access request in circumstances as provided by the law (under section 32 of the PDPA). If we are not able to comply with your request, we will notify you of the reasons.
Please note that it is obligatory for the Company to process your Personal Data for the Core Purpose as stated above, without which we will not be able to make travel arrangements for you. If we do not have your consent to process your Personal Data for the Ancillary Purposes, we will not be able to keep you updated about our future, new and/or enhanced services and products.
Nevertheless, you may stop receiving promotional activities by:
(a) unsubscribing from the mailing list;
(b) editing the relevant account settings to unsubscribe; or
(c) sending a request to firstname.lastname@example.org
To whom do we disclose your Personal Data?
We will not trade or sell your Personal Data to third parties. Your Personal Data shall only be disclosed or transferred to the following third parties appointed or authorised by the Company, who may be located within or outside Malaysia for the fulfilment of the Purpose:
(a) our travel and freight service providers or travel-related businesses;
(b) our partner airlines and other carriers;
(c) airport authorities;
(d) our other affiliates and subsidiaries where it is necessary to facilitate your travel;
(e) credit card verification providers,
(f) data warehouse;
(g) IT service providers;
(h) data analytics and/or marketing agency;
(i) other third parties in order to process your commercial transactions;
(j) legal bodies as permitted or required by law such as in compliance with a warrant or subpoena issued by a court of competent jurisdiction; and/or
(k) customs, immigration or other regulatory authorities applicable to you; and/or
(l) safety and security personnel.
In addition to the above, your personal data may also be disclosed or transferred to any of the Company’s actual and potential assignee, transferee or acquirer (within or outside Malaysia) (including our affiliates and subsidiaries) or our business, assets or group companies, or in connection with any corporate restructuring or exercise including the restructuring to transfer the business, assets and/or liabilities.
We shall take practical steps to ensure that their employees, officers, agents, consultants, contractors and such other third parties mentioned above who are involved in the collection, use and disclosure of your Personal Data will observe and adhere to the terms of this Privacy Statement.
How long may we retain your Personal Data?
We will store the Personal Data in the country in which we are based ie Malaysia. However, the Company may have back up and storage servers, which are located overseas. Additionally, the Company will secure the storage in following ways in compliance with the minimum security measures prescribed under the PDPA, its regulation and standards:
(a) register all those who are allowed access;
(b) control and limit access based on necessity;
(c) maintain proper record of access and transfer of Personal Data;
(d) ensure all employees of the Company protect confidentiality;
(e) conduct awareness programmes to all employees (if necessary) on responsibility to protect Personal Data;
(f) establish physical security procedures;
(g) bind third parties involved in processing of Personal Data; and
(h) do not use removable device and cloud computing service to transfer or store Personal Data unless with written consent from top management of the Company.
We will not retain your Personal Data longer than necessary for the fulfilment of the Purpose. However, relevant Personal Data may be retained subject to the conditions below:
(a) as and when required under legislation; or
(b) where legal actions have arisen and are pending.
(c) commercial/operational purposes of Malaysia Airlines
The Company shall take all reasonable steps to ensure that all Personal Data is destroyed or permanently deleted when no longer required for the Purpose and prepare disposal schedule for inactive data with 24 month period.
Changes to Privacy Statement
Please note that this Privacy Statement may be amended from time to time in accordance to applicable laws and regulations and such variations may be applicable to you. The latest version of this Privacy Statement will be made available to all customers. Do revisit our website from time to time for updates on our Privacy Statement.
Links to third party website
We may link this website and/or our applications to other companies or organizations websites (collectively, “Third Party Sites”). This Privacy Notice does not apply to such Third Party Sites as those sites are outside our control. If you access Third Party Sites using the links provided, the operators of these sites may collect your personal information. Please ensure that you are satisfied with the privacy statements of these Third Party Sites before you submit any personal information. We try, as far as we can, to ensure that all third party linked sites have equivalent measures for protection of your personal information, but we cannot be held responsible legally or otherwise for the activities, privacy policies or levels of privacy compliance of these Third Party Sites.
Designation : Customer Care
Phone no. : 603-7845 4543
Email Address : email@example.com