Who we are (Data Controller)

The TravelOne platform is operated by FLY GROUP SRL (hereinafter the “Company”, “we”).

Identification details (according to public sources):

  • Legal name: FLY GROUP SRL
  • IDNO: 1024600019733
  • Registered office: Chisinau Municipality, Vasile Alecsandri str. 91, ap. 10, Republic of Moldova
  • General contact email: helpdesk@travelone.eu;
  • Email for personal data requests: helpdesk@travelone.eu;
  • Phone: +373 76 500 112

Through this Policy, we explain how we collect, use, store, and protect your personal data when you use our website and services (e.g., flight bookings, hotel bookings, tourism services, support).

Applicable legal framework

The processing of personal data is carried out in accordance with the legislation of the Republic of Moldova on the protection of personal data, in particular

  • Law No. 133 of 08.07.2011 on personal data protection (in force on the date of this Policy).
  • Secondary legislation and guidance of the competent authority (the National Centre for Personal Data Protection).

Note on the evolution of the legal framework:

  • Law No. 195 of 25.07.2024 on personal data protection has been adopted, with entry into force in August 2026. The Policy will be updated accordingly when the new provisions become applicable.

What data we collect

We may collect the following categories of data, depending on the services used:

Data provided directly by you

  • Identification data: first name, last name, date of birth.
  • Contact data: email, phone, address (if needed for invoicing/services).
  • Data for issuing tickets/bookings: travel document data (series/number, issuing country, expiry date), citizenship – only when required for the requested service.
  • Travel preferences: destinations, dates, number of passengers, preferences (optional).
  • Communications with us: requests, tickets, emails, conversations with support.

Data provided directly by you

  • Technical data: IP address, device type, browser, operating system, pages accessed, date/time of access, online identifiers.
  • Cookies and similar technologies (see Section 10).

Data received from third parties (as applicable)

  • Booking/confirmation data from providers (e.g., airlines, hotels, aggregators) – to the extent necessary to provide the service.
  • Transaction statuses from the payment processor/bank (without storing card data if the payment is processed via the bank/processor’s secure pages).

Why we process data (purposes)

We process your data for:

  • Creating and managing bookings (flight/hotel/tourism services).
  • Issuing travel documents (ticket, voucher, confirmations) and managing after-sales (changes, cancellations, refunds – according to the applicable conditions).
  • Processing payments and preventing fraud.
  • Operational communications: booking notifications, essential travel information, support.
  • Compliance with legal obligations (e.g., accounting and tax, reporting, handling complaints).
  • Improving services and the functioning of the website (analysis, security, troubleshooting).
  • Marketing (newsletter/offers), only if you have given consent or where permitted by law, with an unsubscribe option.

Legal basis for processing

Depending on the situation, processing is based on one or more of the following grounds:

  • Performance of a contract or steps at your request prior to entering into a contract (e.g., requesting and making a booking).
  • Compliance with a legal obligation (e.g., financial and accounting records, document retention).
  • Your consent (e.g., marketing communications; certain cookies).
  • Our legitimate interest (e.g., website security, fraud prevention, service improvement), while respecting your rights.

To whom we disclose data (recipients)

We may transmit your data, strictly to the extent necessary, to:

  • Travel service providers: airlines, hotels, tour/excursion operators, transfer companies, insurers (if you requested the service).
  • Aggregators / content and connectivity providers (e.g., platforms for hotels, flights) – to create the booking and receive confirmations.
  • Payment processors and banks – to process transactions.
  • IT/hosting/development providers (e.g., platform maintenance) – as processors, under contract and instructions.
  • Public authorities – where there is a legal obligation or a legitimate request.
  • Auditors/accountants/consultants – only to the extent necessary and under confidentiality obligations

To whom we disclose data (recipients)

Some services (for example, connectivity/IT providers or travel providers) may be located outside the Republic of Moldova. In such cases, we ensure that the transfer takes place with appropriate safeguards (contracts, confidentiality clauses, technical and organisational measures) and only to the extent necessary to provide the service.

How long we keep data

We keep your data only for as long as necessary for the purposes for which it was collected, and for the period required by applicable law (e.g., accounting/tax and reporting obligations).

  • Booking data: for the duration of managing the booking and any after-sales requests, plus the period necessary for compliance and defence in case of claims.
  • Support communications: for the duration of resolution and a reasonable period for audit and service improvement.
  • Marketing: until consent is withdrawn / you unsubscribe.
  • Technical logs: limited periods necessary for security and diagnostics.

How we protect data

We apply reasonable technical and organisational measures to protect data against unauthorised access, loss, alteration, or disclosure, including

  • Role-based access control and authentication.
  • Encryption of communications (HTTPS) and, where applicable, encryption at rest.
  • Monitoring and logging for security purposes.
  • Confidentiality agreements and internal training.
  • Selecting providers with adequate security standards.

Cookies and similar technologies

The website may use cookies and similar technologies to function properly and to improve the user experience. Depending on the platform configuration, there may be:

  • Strictly necessary cookies (basic functionality, session, security).
  • Preference cookies (language, settings).
  • Analytics cookies (statistics on site usage) – only with consent, where applicable.
  • Marketing cookies (offers/personalisation) – only with consent, where applicable.

You can manage cookies in your browser settings and/or via the consent module (cookie banner), if available on the website.

Your rights

Under the law, you have rights such as: information, access to data, intervention/rectification, objection and other rights provided by applicable legislation. To exercise your rights, you may contact us at: helpdesk@travelone.eu

You also have the right to contact the competent authority: the National Centre for Personal Data Protection (CNPDCP).

Policy updates

We reserve the right to update this Policy whenever necessary (e.g., legislative changes, service changes). The updated version will be published on the website, indicating the date.

© FLY GROUP SRL – TravelOne

© 2026 TRAVELONE