1. General Information

This Privacy Policy governs the collection and processing of personal data by FLYGROUP SRL, operating under the brand TRAVELONE (hereinafter “the Agency”), in accordance with Law no. 133 of 08 July 2011 on Personal Data Protection of the Republic of Moldova and all other applicable data protection legislation.

The Agency is committed to protecting the privacy and personal data of all clients.

By accessing or using our services, the Client confirms that they have read, understood, and agreed to this Privacy Policy.

2. Categories of Personal Data Collected

The Agency may collect and process the following categories of personal data:

  • Identification data: full name, date of birth, nationality;
  • Contact data: email address, phone number;
  • Travel data: booking details, itinerary, ticket information;
  • Identification documents: passport or ID number, country of issue, expiry date, where required by the airline or regulatory authority;
  • Payment data: processed securely via certified third-party payment service providers; no card data is stored by the Agency;
  • Technical data: IP address, browser type, device information, cookies and similar tracking technologies.

3. Purpose of Data Processing

Personal data is processed for the following specific purposes:

  • booking and issuing flight tickets;
  • managing reservations and providing customer support;
  • processing payments and administering refunds;
  • sending transactional notifications related to bookings, changes, or cancellations;
  • complying with legal, regulatory, and tax obligations;
  • preventing fraud, money laundering, and ensuring platform security;
  • improving website functionality, usability, and user experience;
  • conducting statistical analysis in aggregated and anonymized form.

4. Legal Basis for Processing

The processing of personal data is based on one or more of the following legal grounds, as applicable:

  • Performance of a contract: processing is necessary for the execution of a flight booking or service requested by the Client;
  • Compliance with legal obligations: processing is required under applicable Moldovan or international law;
  • Legitimate interests: processing is necessary for the legitimate interests of the Agency, provided such interests are not overridden by the Client's rights;
  • Consent of the Client: where processing is based on consent (e.g., for marketing communications), consent is obtained explicitly and separately, and may be withdrawn at any time without affecting prior processing.

5. Data Sharing and Disclosure

Personal data may be shared with the following categories of recipients, to the extent strictly necessary:

  • airlines and global distribution systems (GDS) required to complete the booking;
  • payment service providers (PSP) certified under applicable PCI-DSS standards;
  • IT, hosting, and cloud infrastructure providers;
  • public authorities, courts, or regulators, when required by applicable law or court order.

All third parties engaged by the Agency are contractually required to ensure confidentiality and compliance with applicable data protection laws. Data transfers outside the Republic of Moldova are carried out only where appropriate safeguards are in place.

6. Data Retention

Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected. The following indicative retention periods apply:

  • Booking and transaction data: 5 years from the date of the transaction, in accordance with accounting and fiscal legislation;
  • Identity and travel documents: deleted within 6 months of the completion of travel, unless a longer period is required by law;
  • Customer support communications: 2 years from the date of the last interaction;
  • Technical and log data: 12 months from collection;
  • Consent records: retained for the duration of consent and 3 years thereafter for evidentiary purposes.

After expiration of the applicable retention period, data is securely deleted or irreversibly anonymized.

7. Data Security

The Agency implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of personal data, including:

  • SSL/TLS encryption for all data transmissions;
  • encrypted storage of personal data at rest;
  • strict role-based access controls limiting data access to authorized personnel;
  • internal data protection policies and staff training;
  • regular monitoring for unauthorized access, security breaches, or system vulnerabilities.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, the Agency will notify the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with applicable law.

8. Client Rights

Under Law no. 133/2011 on Personal Data Protection, the Client has the following rights:

  • Right of access: to obtain confirmation of whether personal data is being processed and to receive a copy;
  • Right to rectification: to have inaccurate or incomplete data corrected;
  • Right to erasure (“right to be forgotten”): to request deletion of data where processing is no longer necessary;
  • Right to restriction of processing: to request a temporary halt on processing in certain circumstances;
  • Right to data portability: to receive personal data in a structured, commonly used format;
  • Right to object: to object to processing based on legitimate interests;
  • Right to withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise any of the above rights, the Client may contact the Agency at helpdesk@travelone.eu. The Agency will respond within 30 calendar days of receiving the request.

9. Cookies Policy

The website uses cookies and similar technologies to improve user experience, ensure functionality, and support analytics.

The following categories of cookies may be used:

  • Strictly necessary cookies: essential for the website to function and cannot be disabled;
  • Performance and analytics cookies: help understand how visitors interact with the website (e.g., Google Analytics or equivalent);
  • Preference cookies: remember user settings and personalization choices;
  • Marketing cookies: used only where explicit consent has been obtained.

Users can manage or withdraw cookie preferences at any time via their browser settings or the cookie consent panel on the website. Withdrawing consent for non-essential cookies does not affect website access.

10. Complaints

Clients may contact the Agency regarding any concern related to the processing of their personal data at helpdesk@travelone.eu.. The Agency will investigate and respond within 30 calendar days.

Clients also have the right to lodge a complaint with the competent supervisory authority, which in the Republic of Moldova is the National Center for Personal Data Protection (Centrul Național pentru Protecția Datelor cu Caracter Personal – CNPDCP):

  • Website: www.datepersonale.md
  • Address: Str. Serghei Lazo 48, MD-2004, Chișinău, Republic of Moldova
  • Phone: +373 22 820 801

11. Governing Law

This Privacy Policy is governed by Law no. 133 of 08 July 2011 on Personal Data Protection of the Republic of Moldova and other applicable national and international data protection legislation.

12. Contact Information

Company: FLYGROUP SRL

Brand: TRAVELONE

Registered address: MD-2012, Vasile Alecsandri 91 str., ap. 10, Chişinău, Republica of Moldova

Data protection queries: helpdesk@travelone.eu

Phone: +373 76 500 112

© 2026 TRAVELONE