top of page

Privacy Policy

A legal disclaimer

KAMBLER HOLDING LTD, a legal entity incorporated and acting under the law of Cyprus, with its principal office located at Antheon,13, Aradippou, 7103, Larnaca, Cyprus, company registration number HE464871 (hereinafter referred to as the "Company") considers it its duty to protect the confidentiality of personal information of its customers (hereinafter referred to as the "User", "Passenger") who visit the Website (hereinafter referred to as the "Website"), use its services and can be identified in any way.

The Company respects the rights of Website visitors. Protecting your personal information is very important to us, and we treat the security of the data collected and processed while using the Company’s services with special care.

By visiting the Website, filling out the form and sending applications and requests for upgrades and modifications of airline tickets, using free of charge or purchasing our services, you fully agree with this Privacy Policy.

This Privacy Policy applies to all information that the Company may obtain about the User while using the Company’s Website.

This Privacy Policy is also an integral part of the Public Offer Agreement for the provision of the service “Upgrades and Modifications of Airline Tickets” No. 1-25, posted and/or available online at: https://www.altitudeupgrade.com/public-offer. This Privacy Policy applies to the personal data of clients, including cases where upgrades and modifications of airline tickets are performed on their behalf by another person (e.g., a colleague, relative, or a parent acting on behalf of their child, or a legal entity).

The Company is a "data controller" for the purposes of the EU General Data Protection Regulation 2016/679 (hereinafter referred to as the "GDPR") and other applicable European data protection legislation.

The Company processes your personal data only if at least one of the conditions set out in Article 6 of the GDPR is fulfilled, including but not limited to:

the data subject has given consent;

  • the processing is necessary for the conclusion and performance of the Public Offer Agreement for the provision of upgrades and modifications of airline tickets, to which you are a party, or in order to take steps at your request prior to entering into such an agreement;

  • the processing is required by the laws of the countries in which the upgrades and modifications of airline tickets provided by the Company are carried out.

These concepts also apply to relations arising from the provisions of the Public Offer Agreement for the provision of the service “Upgrades and Modifications of Airline Tickets” services concluded between the Company and the User, an individual, a Subject of personal data.

 

1. DEFINITION OF TERMS

The following terms are used in this Privacy Policy:

Personal data is any information of a personal nature that allows a third party to identify an individual (subject of personal data).

Subject of personal data- a natural person whose personal data is being processed in accordance with applicable law.

Controller- is an individual or legal entity, public authority, agency, other body that gets access to the personal data of data subjects, and determines the purpose and methods of their use.

Processing of personal data- any operation or set of operations performed on personal data, with or without the use of automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data. This includes granting access to third parties, including the Controller’s employees, as well as anonymization or blocking of personal data.

User of the Website (hereinafter referred to as the “User”) – a person who accesses the Website via the Internet and uses its services.

Website - altitudeupgrade.com

Cookies – small pieces of data sent from a web server to a user’s web browser, which may store them and send them back to the same server with subsequent requests. Cookies enable websites to remember information about users, such as login credentials, preferences, and browsing activity, thereby enhancing user experience and enabling functionalities like session management and personalization.  

"IP address"- unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. It serves two main functions: identifying the host or network interface and providing the location of the host in the network. 

 

2. GENERAL PROVISIONS

The Company does not verify the accuracy of the personal data provided by the User when filling out the form for the provision of upgrades and modifications of airline tickets services.
In case of disagreement with the terms of the Privacy Policy, the User must cease using the Website’s services.

3. SUBJECT OF THE PRIVACY POLICY

This Privacy Policy establishes the Company's obligations to non-disclose and ensure the confidentiality of personal data that the User provides when placing an order for the purchase of upgrades and modifications of airline tickets services implemented through the Website.

            The User's personal data allowed to be processed under this Privacy Policy:

  • surname, first name, patronymic;

  • date of birth;

  • gender;

  • citizenship;

  • e-mail address (e-mail);

  • mobile phone number;

  • passport data (passport series and number, country of issue, expiration date);

  • place of residence (country, city, address);

  • data of the air ticket;

  • payment card details;

  • details of card transactions related to the provision of upgrades and modifications of airline tickets;

  • other data necessary for the conclusion of the contract and the provision of upgrades and modifications of airline tickets;

  • other information provided by the User voluntarily.

The Company protects information that is automatically transmitted during the use by the User:

  • IP address;

  • information from cookies;

  • browser information;

  • access time;

  • the address of the page used;

  • referrer (address of the previous page).

            The Website uses technology to identify Users based on the use of cookies. 

            When the User uses the Website, cookies may be stored on the digital equipment that he uses for access, which will later be used for the User's automatic authorization on the Website, as well as for the collection of statistical data, in particular, on visiting the Website. At the same time, the Company never stores personal data or passwords in cookies.

If the User believes that for one reason or another the use of cookie technology is unacceptable for him, he has the right to prohibit the storage of cookies on digital equipment used to access the Website by configuring the browser accordingly. It should be borne in mind that all services on the Internet using this technology will not be available. 

The Website may contain links to other websites. The Company is not responsible for the privacy practices of those websites. The Company encourages the User to exercise caution when leaving the Website and to carefully read the privacy policies of each website that collects personal information about the User. This Privacy Policy applies solely to the information collected by the Website: altitudeupgrade.com.

When the User visits the Website, the Company's database stores records of your IP address, visit time, browser settings, operating system, and other technical data necessary for the correct display of the Website’s content. This data does not allow us to identify the visitor. It is used for the purpose of identifying and resolving technical issues and to improve the performance and security of the Website.

Any other personal information not specified above (such as purchase history, browsers and operating systems used, etc.) is subject to storage and non-disclosure, except as provided in Section 5 of this Privacy Policy.

 

4. PURPOSE OF COLLECTING THE USER'S PERSONAL INFORMATION                  

The Company collects and may use the User’s Personal data for the following purposes:

  • User Identification: To place an order, make changes to an order, and conclude and execute the Public Offer Agreement for the provision of upgrades and modifications of airline tickets.

  • Access to Personalized Resources: To provide the User with access to personalized resources on the Website.

  • Establishing Communication: To establish feedback with the User, including sending messages and requests related to the use of the Website’s services, providing services, and processing requests and applications from the User.

  • Location Determination: To determine the User’s location for security purposes and fraud prevention.

  • Data Accuracy Verification: To confirm the accuracy and completeness of personal data provided by the User.

  • Order Status Notifications: To notify the User about the status of their order.

  • Payment Processing: To process and receive payments, and to handle disputes related to payments.

  • Service Administration: To administer services related to upgrades and modifications of airline tickets, including for commercial purposes and ensuring compliance with tax relations, accounting, and auditing requirements.

  • Customer and Technical Support: To provide the User with effective customer and technical support in case of issues related to the use of the Website.

  • Marketing Communications: To provide the User with updates, special offers, price information, newsletters, and other information on behalf of the Company or its partners.

 

5. METHODS AND TERMS OF PERSONAL DATA PROCESSING                                 

The collection and processing of the User’s personal data are carried out without the need to provide the Client with written notice of such actions. This consent is granted for the period necessary to achieve the purpose of processing Personal data, but in any case, not less than 10 years. The processing of the User’s personal data is carried out by any lawful means, including in personal data information systems using automation tools or without the use of such tools.

By using the Website, the User agrees that the Company has the right to transfer their personal data to any of our employees, officers, insurers, professional advisors, partners, agents, suppliers, or subcontractors; airlines, banks, courier services, postal organizations, telecommunications operators, as necessary for the purposes outlined in this Privacy Policy. The Company may disclose your personal information to any member of our group of companies (including our subsidiaries, our ultimate holding company, and all of its subsidiaries) to the extent reasonably necessary for the purposes set forth in this Privacy Policy. The Company may disclose your personal data: to the extent required by law; in connection with any current or future legal proceedings; to establish, exercise or defend our legal rights (including sharing information with others for fraud prevention and credit risk mitigation); to the buyer (or potential buyer) of any business or asset that we are selling (or planning to sell).

At the same time, persons related to the Company and other companies are obliged to comply with this Privacy Policy.

The User's Personal data can be transferred to state authorities only on the grounds and in the manner established by law.

Except as provided in this Privacy Policy, we will not share your personal information with third parties.

In case of loss or disclosure of Personal data, the Company informs the User about the loss or disclosure of Personal data.

The technical personnel who develop and support the Site takes the necessary organizational and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.

The Company, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User's Personal data.

 

6. RIGHTS OF PERSONAL DATA SUBJECTS

Right to Information

The Company is committed to providing data subjects with information about which of their Personal data we process.

If you wish to know which of your Personal data the Company processes, you may request this information at any time, including by contacting info@kambler.com. The list of data that the Company must provide can be found in Articles 13 and 14 of the GDPR. When making a request, you should specify your particular requirements so that we can lawfully consider your request and provide a response.

Please note that if the Company is unable to verify your identity through electronic communication or during your contact with the Call Center, or if there are reasonable doubts about your identity, we may ask you to provide an identity document, including by appearing in person at the Company’s office. Only in this way can we avoid disclosing your Personal data to someone who may impersonate you.

The Company will process requests promptly; however, please be aware that the period for providing a complete and lawful response regarding Personal data may be up to one month.

A User who has provided their Personal data on the Website has the right to data portability, to modify, correct inaccuracies, restrict processing, delete (“right to be forgotten”), object to processing, and to withdraw their consent to its use.

 A User may at any time notify the Company to cease processing their Personal data for marketing purposes.

7. OBLIGATIONS OF THE PARTIES

User Obligations:

Provide Personal data necessary for the conclusion and execution of the Public Offer Agreement for the provision of upgrades and modifications of airline tickets.

Promptly update and supplement Personal data if such information changes.

Inform any individual on whose behalf the Public Offer Agreement for the provision of upgrades and modifications of airline tickets is concluded about this Privacy Policy.

If you are a parent or guardian and are aware that your children have provided us with their Personal data without your consent, please contact us at: info@kambler.com. The provision of Personal data by minors without parental or guardian consent is prohibited on our Website.

Company Obligations:

Use the collected information exclusively for the purposes specified in Section 4 of this Privacy Policy.                                                                                                                       

Maintain the confidentiality of Personal data, do not disclose it without the User’s prior written consent, and refrain from selling, exchanging, publishing, or otherwise disclosing the User’s personal data, except as provided in Section 5 of this Privacy Policy.                                         

Implement measures to protect the confidentiality of the User’s Personal data in accordance with standard practices for safeguarding such information in current business operations.                  

Block Personal data related to the respective User upon request or inquiry from the User, their legal representative, or an authorized data protection authority, during the verification period if inaccurate personal data or unlawful actions are detected.

 

8. INTERNATIONAL DATA TRANSFERS

The Company may transfer the User’s Personal data to third countries, i.e., countries outside the European Economic Area (EEA), if such transfer is necessary to achieve the purposes defined in this Privacy Policy.

In cases where personal data is transferred outside the EEA, the Company ensures an adequate level of data protection in accordance with the requirements of the GDPR by: 

  • Transferring data to countries for which the European Commission has issued an adequacy decision regarding the level of personal data protection;

  • Entering into Standard Contractual Clauses (SCCs) approved by the European Commission with data recipients;

  • Implementing additional technical and organizational security measures to protect personal data.

The User acknowledges and agrees to such data transfers and understands that, in cases where data is transferred to jurisdictions with less stringent data protection laws, the Company commits to ensuring that the Processing of personal data complies with the standards set forth in the GDPR.

 

9. SECURITY OF PERSONAL DATA                                                         

The Company is committed to ensuring the security of User’s Personal data and takes appropriate technical and organizational measures to protect it from unauthorized access, disclosure, alteration, or destruction, in compliance with the requirements set out by the General Data Protection Regulation (GDPR).                                                                                                                               

To safeguard your Personal data, we implement various security practices, including but not limited to:

Data Encryption: We use encryption technology to protect sensitive personal data during transmission through our Website, ensuring that unauthorized third parties cannot access or alter this information.                                                                                                             

Access Control: We restrict access to personal data to those employees, agents, or third parties who need to know this information for legitimate business purposes and in accordance with applicable laws.                                                                                                                                            

Data Storage Security: Your Personal data is stored in secure environments, and we take measures to prevent unauthorized access, disclosure, or alteration of your data.                                 

Monitoring and Auditing: Regular monitoring and auditing of systems and processes are conducted to ensure compliance with security standards and detect potential vulnerabilities or breaches.

Despite these measures, it is important to note that no security system is completely infallible, and we cannot guarantee the security of personal data transmitted via the Internet or stored in our databases.

User Responsibilities: User is responsible for maintaining the confidentiality of their account login credentials, such as passwords, and agrees not to share this information with any third party. User must immediately notify the Company if they suspect any unauthorized access to their account or Personal data. 

By using the Website,  User acknowledges that they understand the risks associated with online data transmission and agree to take the necessary steps to protect their personal information.                    

In case of any data security breaches, the Company will promptly notify User, as required by GDPR, and take appropriate corrective actions to address the issue.

 

10. ADDITIONAL CONDITIONS

The Company has the right to make changes to this Privacy Policy without the consent of the User. The new Privacy Policy comes into force from the moment it is posted on the Website, unless otherwise provided by the new version of the Privacy Policy.

 

Contact Information

«Kambler Holding» LIMITED TRADE DEVELOPMENT

Location:  Antheon,13, Aradippou, 7103, Larnaca, Cyprus.

Company registration code: HE464871.                                                                                               E-mail info@kambler.com                                                              

Publication Date: May 5, 2025

bottom of page