Privacy Policy

Nov 19, 2025

Privacy Policy – Clickandfly OÜ

Website: https://click-fly.com
Last Updated: March 26, 2026


1. Introduction

Welcome to Clickandfly OÜ. We are a travel agency registered in Estonia and committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and safeguard your information when you visit our website https://click-fly.com or book travel services through our platform.

Our data practices comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable Estonian data protection legislation.

By using our website or booking travel services with us, you acknowledge that you have read and understood the practices described in this Policy. If you do not agree, please refrain from using our services.


2. Role of Clickandfly OÜ

Depending on the service you use, Clickandfly OÜ may act in different capacities:

  • Data Controller – when providing direct travel services, including flight bookings processed through integrated global reservation systems.
  • Intermediary / Affiliate – when redirecting users to third-party platforms for hotel bookings, tour reservations, or similar services. In such cases, those third-party providers act as independent data controllers and process your personal data under their own privacy policies.
  • Visa Facilitator – when assisting with visa application procedures. In this role, we collect and prepare documentation on your behalf to support your application.

You are encouraged to review the privacy policies of any third-party provider before completing a booking or submitting documents on their platforms.


3. Data Controller

The entity responsible for processing your personal data is:

Clickandfly OÜ
Registry Code: 16028377
Harju maakond, Tallinn, Kesklinna linnaosa
Juhkentali tn 8, 10132, Estonia

Privacy Email: [email protected]
Customer Support (WhatsApp): +372 8801828

Please note: contacting us via WhatsApp involves the use of a Meta platform, which processes data under its own privacy policy. For all formal data protection requests, please use our privacy email address.

Clickandfly OÜ has assessed its processing activities and determined that the appointment of a Data Protection Officer (DPO) is not mandatory at this stage. All data protection enquiries are handled directly through our privacy contact above.


4. Information We Collect

To provide travel bookings and related services, and to maintain a secure website, we may collect the following categories of information:

4.1 Identity Information

  • Full name
  • Date of birth
  • Nationality
  • Passport or national identification details (where required for travel bookings or visa procedures)

4.2 Contact Information

  • Email address
  • Phone number
  • Billing or correspondence address

4.3 Booking Information

  • Travel itineraries and preferences
  • Passenger names and details
  • Special service or assistance requests

4.4 Visa Application Data

When you use our visa assistance service, we may collect additional documentation and information required to prepare your application file. This may include:

  • Passport copies and travel history
  • Proof of accommodation and financial means
  • Employment or civil status documents
  • Any other documents required by the destination country’s immigration rules

Visa-related documents are collected solely for the purpose of facilitating your visa application and are not used for any other purpose.

4.5 Payment Information

Payments are processed through secure third-party payment providers. We do not store full credit card or payment card numbers on our servers. We may retain transaction references, amounts, and dates as required for accounting and legal compliance.

4.6 Technical and Usage Information

When you visit our website, certain technical data may be collected automatically, including:

  • IP address
  • Browser type and version
  • Device and operating system information
  • Pages visited and time spent on site
  • Interaction data and referral sources

This data is collected via cookies and similar technologies. Please refer to our Cookie Policy for full details.


5. How We Use Your Information

5.1 Processing Travel Bookings

To issue flight tickets, confirm hotel reservations, arrange tour bookings, manage itinerary changes, and communicate all travel-related updates to you.

5.2 Visa Application Assistance

To collect, review, and prepare the documentation required for visa applications on your behalf, and to communicate updates regarding the status of your application.

5.3 Customer Support

To respond to enquiries, resolve booking issues, process complaints, and provide assistance throughout your travel experience.

5.4 Legal and Accounting Compliance

To comply with applicable legal obligations, including invoicing, tax reporting, financial record-keeping, and regulatory requirements.

5.5 Website Improvement and Analytics

To analyse website usage patterns and improve functionality, performance, accessibility, and overall user experience.

5.6 Marketing Communications

If you subscribe to our newsletter or explicitly provide your consent, we may send travel offers, promotions, or service updates. You may withdraw your consent and unsubscribe at any time by using the unsubscribe link in any communication or by contacting [email protected].

5.7 Fraud Prevention and Platform Security

To detect, prevent, and investigate fraudulent transactions, unauthorised access, and security incidents affecting our platform or our customers.


6. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a Contract – to process bookings and deliver the travel services you have requested
  • Legal Obligation – to comply with accounting, tax, and regulatory requirements under Estonian and EU law
  • Legitimate Interests – to improve our services, ensure platform security, prevent fraud, and provide customer support, where these interests are not overridden by your rights
  • Consent – for marketing communications and for non-essential cookies. You may withdraw consent at any time.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Booking and Transaction Data – retained for up to 7 years to meet legal and tax obligations
  • Visa Application Data – retained for up to 90 days following the conclusion of your visa application, unless a longer retention period is required by applicable law
  • Marketing Data – retained until you withdraw consent or request deletion
  • Technical Logs and Security Data – retained for a limited period for monitoring, fraud prevention, and security purposes

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised.


8. Data Sharing and Third-Party Services

To deliver our travel services, we may share necessary personal data with trusted partners. These partners may act as independent data controllers or as data processors on our behalf, and may include:

  • Airlines and global reservation systems for flight bookings
  • Hotel, tour, and travel service providers to whom you are referred through our platform or affiliate arrangements
  • Immigration authorities and visa processing agents for visa application procedures
  • Payment processors and financial institutions for secure transaction handling
  • Infrastructure, hosting, and technical service providers

When you are redirected to a third-party platform to complete a booking, that provider processes your data under its own privacy policy. We recommend reviewing their policies before proceeding.

We ensure appropriate contractual safeguards are in place with all data processors. We do not sell, rent, or trade personal data to third parties for commercial purposes.


9. International Data Transfers

Travel services inherently require the sharing of personal data across international borders. When transferring personal data outside the European Economic Area (EEA), we apply appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an adequacy decision from the European Commission
  • Other legally recognised transfer mechanisms under the GDPR

Further information about the safeguards applied to specific international transfers is available upon request at [email protected].


10. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • HTTPS encryption (SSL/TLS) for all data transmitted via our website
  • Secure server infrastructure and firewall systems
  • Access controls restricting personal data to authorised personnel only
  • Confidentiality obligations imposed on all third-party service providers

While we take all reasonable steps to protect your data, no system can guarantee absolute security. In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the Estonian Data Protection Inspectorate in accordance with our legal obligations.


11. Cookies and Website Tracking

We use cookies and similar tracking technologies to improve website functionality and analyse usage. The types of cookies we use are:

  • Essential Cookies – strictly necessary for the operation of the website and cannot be disabled
  • Analytics Cookies – used to understand how visitors interact with our website, allowing us to improve performance and user experience. These are only activated with your explicit consent.

Non-essential cookies are only used with your prior consent, which you can manage or withdraw at any time via our cookie consent tool or your browser settings.

For full details on the cookies we use, their purposes, and how to manage your preferences, please refer to our Cookie Policy.


12. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals within the meaning of Article 22 of the GDPR.


13. Your Data Protection Rights

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of Access – to obtain a copy of the personal data we hold about you
  • Right to Rectification – to request correction of inaccurate or incomplete data
  • Right to Erasure – to request deletion of your personal data, subject to applicable legal obligations
  • Right to Restriction of Processing – to request that we limit how we process your data in certain circumstances
  • Right to Data Portability – to receive your data in a structured, commonly used, machine-readable format
  • Right to Object – to object to processing based on legitimate interests or for direct marketing purposes
  • Right to Withdraw Consent – where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at [email protected]. We will respond within one month of receiving your request. This period may be extended by a further two months in cases of complexity.

We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.


14. Children’s Data

Our services are intended for individuals aged 18 or older who are capable of entering into binding contracts. The account holder and the person making a booking must be at least 18 years of age.

Where a booking includes minor passengers as part of a family or group reservation, limited passenger data for those individuals (such as name, date of birth, and passport details) may be collected solely to fulfil the travel reservation and is not used for any other purpose.

We do not knowingly collect personal data from individuals under 18 for account creation or independent bookings. If we become aware that such data has been collected without appropriate consent, we will take steps to delete it promptly.


15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our services, legal requirements, or data practices. The current version is always indicated by the “Last Updated” date at the top of this document.

Where changes are material, we will notify you by email or by a prominent notice on our website prior to the changes taking effect. Continued use of our services following notification of changes constitutes acceptance of the updated Policy.


16. Contact and Complaints

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Clickandfly OÜ
Harju maakond, Tallinn, Kesklinna linnaosa
Juhkentali tn 8, 10132, Estonia

Email: [email protected]
WhatsApp: +372 8801828