GDPR & COMPLIANCE STATEMENT – FLYJUSTICE OÜ

Last updated: October 2025

1. Commitment to Data Protection

At FlyJustice OÜ, we are fully committed to protecting personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Estonian Data Protection Law.

We ensure that all processing of personal data — from flight claims to customer communication — follows the principles of lawfulness, fairness, transparency, purpose limitation, and data minimization.

2. Our Data Protection Framework

FlyJustice OÜ maintains strict organizational and technical safeguards, including:

  • Encrypted servers located within the European Economic Area (EEA)
  • Access controls and role-based permissions for staff and contractors
  • Regular internal data audits and privacy impact assessments
  • Secure transfer protocols (HTTPS, SSL/TLS encryption)
  • GDPR-compliant contracts with all processors and partners

We apply the principle of “Privacy by Design and by Default” , ensuring that only the minimum data necessary for claim handling is collected and processed.

3. Lawful Basis for Processing

Under Article 6 of the GDPR FlyJustice OÜ processes personal data on the following legal bases:

  • Contractual necessity – to perform our obligations under the service agreement with the customer.
  • Legal obligation – to comply with EU/Estonian accounting, tax, and regulatory requirements.
  • Legitimate interests – to improve services, prevent fraud, and protect network security.
  • Consent – for marketing communications, optional services, or where required by law.

Each processing activity is reviewed for compliance with these lawful bases.

4. Data Subject Rights

FlyJustice ensures that every user can exercise their GDPR rights:

  • Right to access personal data
  • Right to correction or deletion (“Right to be Forgotten”)
  • Right to restrict or object to processing
  • Right to data portability
  • Right to withdraw consent at any time

Requests can be submitted to privacy@flyjustice.com

We respond to all data requests within 30 days as required under Article 12(3) GDPR.

If a user believes their data rights are violated, they may contact the Estonian Data Protection Inspectorate: https://www.aki.ee/en

5. Cross-Border Data Transfers

While our core infrastructure is hosted within the EEA, FlyJustice OÜ may use secure service providers or remote teams in other jurisdictions.

Any transfer of data outside the EEA (e.g., limited access for technical support) is conducted only under EU Standard Contractual Clauses or countries recognized by the European Commission as providing adequate protection.

We never transfer data to non-compliant jurisdictions without explicit consent or legal safeguards.

6. Compliance Governance

FlyJustice maintains an internal compliance protocol that includes:

  • Regular employee GDPR awareness training
  • Periodic reviews of all third-party data processors
  • Secure data retention and deletion policies (normally 5 years post-closure)
  • A designated Data Protection Officer (DPO) responsible for compliance oversight

DPO Contact:

privacy@flyjustice.com

We continuously monitor legal developments in the EU to ensure our compliance standards remain up-to-date.

7. Accessibility and Transparency

FlyJustice is committed to maintaining accessible and transparent information for all users, including individuals with disabilities.

We aim to comply with the EU Web Accessibility Directive (2016/2102) and the Web Content Accessibility Guidelines (WCAG 2.1).

If you encounter accessibility issues, please contact us at info@flyjustice.com

8. Compliance Statement Summary

FlyJustice OÜ’s compliance framework is built upon three pillars:

  1. Legal Integrity – adherence to all relevant EU and Estonian regulations.
  2. Data Protection – privacy by design and GDPR conformity in every operation.
  3. Transparency – open disclosure of how user information is collected and processed.

We actively cooperate with regulatory authorities and maintain full documentation of all data processing activities in accordance with GDPR Article 30.

9. Updates and Review

This statement may be updated to reflect new legal, technological, or organizational developments.

The most recent version is always available on our website under the Legal section.

10. Contact Information

For any questions about data protection or compliance, please contact:

FlyJustice OÜ

Email: privacy@flyjustice.com

Website: www.flyjustice.com

Disclaimer

This Compliance Statement is intended for transparency and regulatory adherence.

It does not constitute legal advice. FlyJustice OÜ reserves the right to amend this statement in accordance with applicable EU law.

© 2025 FlyJustice OÜ. All Rights Reserved.