Logo
About usFAQs

Privacy Policy of BADGER CLAIM S.R.L.

The protection of personal data and the respect for the right to privacy are a priority for BADGER CLAIM S.R.L. (hereinafter referred to as the “Company” or “we”). This Privacy Policy applies to the website claimbee.com (hereinafter referred to as the “platform” or “website”), owned and operated by the legal entity BADGER CLAIM S.R.L.

This Privacy Policy explains in detail how we collect, use, store, transfer, and protect the personal data of users who interact with our website and benefit from the services we offer. This Policy is drafted in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”), as well as with other applicable data protection regulations. We are committed to complying with all applicable legal provisions, including the General Data Protection Regulation (Regulation (EU) 2016/679 - “GDPR”), and ensuring transparency regarding data processing.

The Company provides specialized legal and administrative assistance services to air passengers for obtaining compensation related to delayed, canceled, or overbooked flights, in accordance with European Union legislation and other applicable international regulations. In this context, the processing of certain personal data is essential for assessing the eligibility of claims, managing the claims process, and ensuring effective communication with users.

We are committed to processing personal data with the utmost responsibility and in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality. To ensure an adequate level of protection, we implement appropriate technical and organizational measures to prevent unauthorized access, loss, destruction, or misuse of data.

This Privacy Policy applies to all individuals who interact with our platform, including clients, business partners, and any other users, natural persons, whose data is processed by the Company. By using our website and services, users confirm that they have read and understood this Policy and agree to the way their personal data is processed. If you do not agree with any of the provisions of this Policy, please stop using our services and do not provide your personal data.

The Company reserves the right to update and periodically modify this Privacy Policy to reflect legislative changes, operational updates, or relevant technological developments. Any substantial changes will be communicated through our website, and users are encouraged to periodically review this Policy to stay informed about how their data is protected.

For any questions, requests, or concerns regarding this Privacy Policy or the way we process your personal data, you can contact us using the information available in the Contact section of our website.

1. Meaning of Terms

a) "GDPR" or "Regulation" – Regulation No. 679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

b) "personal data" – means any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;

c) "processing" – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;

d) "controller" – means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

e) "consent" of the data subject – means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;

f) "personal data breach" – means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;

g) "data subject" – the person whose personal data is processed by the company (specifically, users of the claimbee.com platform).

2. Principles of the Privacy Policy

The Company adheres to the highest standards of personal data protection and is committed to applying the following fundamental principles in its data processing activities:

1. Lawfulness, fairness, and transparency – personal data is processed lawfully, fairly, and transparently in relation to the data subject, in accordance with the provisions of the GDPR and other applicable regulations.

2. Purpose limitation – data is collected and processed solely for specific and legitimate purposes, which are clearly communicated to data subjects. It will not be further processed in a manner incompatible with those initial purposes.

3. Data minimization – the Company collects and processes only the data strictly necessary to fulfill the stated purposes, avoiding excessive or irrelevant data collection.

4. Data accuracy – all necessary measures are taken to ensure that the data processed is accurate, up-to-date, and complete. Any inaccurate or outdated information is corrected or deleted without delay.

5. Storage limitation – data is retained only for the period necessary to fulfill the purposes for which it was collected, in accordance with legal obligations and the Company’s internal policies. Upon expiration of the retention period, data is deleted or anonymized.

6. Integrity and confidentiality – the Company applies appropriate technical and organizational measures to ensure data security, preventing unauthorized access, disclosure, alteration, or accidental or unlawful destruction.

7. Accountability and compliance – the Company is responsible for complying with data protection principles and demonstrates such compliance through the implementation of specific policies, procedures, and measures, including maintaining adequate records of processing activities.

8. Data subject rights – all rights granted under the GDPR to data subjects are guaranteed, including the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing.

9. Confidentiality of data transfers – where data is transferred to third parties or to countries outside the European Economic Area, the Company ensures that appropriate safeguards are in place to protect the data, in accordance with GDPR provisions.

10. Consent-based processing – data processing is based on consent, which is obtained explicitly, freely given, and informed. Data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

3. Purpose and Legal Grounds for the Processing of Personal Data

The processing of personal data by BADGER CLAIM S.R.L. is carried out solely for legitimate, clearly defined purposes and in compliance with applicable data protection regulations. In conducting its activities, the Company adheres to the principle of purpose limitation, ensuring that data is collected and used only to the extent necessary to fulfill specific objectives. Any processing operation involving users' personal data will be carried out based on one or more of the purposes and legal grounds listed below:

3.1 Provision of Services and Contract Execution

One of the main purposes for processing personal data is the provision of assistance services in obtaining compensation for delayed, canceled, or overbooked flights. Users' data is processed to verify claim eligibility, to prepare and submit necessary documents to airlines, competent authorities, or courts, and to facilitate communication between users and the Company. This data processing is based on the execution of the contract between the user and the Company, in accordance with Article 6(1)(b) of the GDPR.

3.2 Compliance with Legal Obligations

The Company is subject to legal obligations that require the collection, storage, and processing of certain user data. These obligations may arise from consumer protection laws, tax and accounting regulations, anti-money laundering and counter-terrorism financing rules, and other legal provisions applicable to the Company's activities. In this context, personal data may be processed for issuing invoices, maintaining financial records, reporting to tax and regulatory authorities, or complying with public authority requests. This processing is based on the Company’s legal obligation, under Article 6(1)(c) of the GDPR.

3.3 Legitimate Interest of the Company

In certain situations, data processing is based on the legitimate interest of the Company, pursuant to Article 6(1)(f) of the GDPR. This legal basis is used for processing necessary to ensure IT system security, prevent fraud, improve services, manage user relationships, and defend the Company’s rights and interests in case of legal disputes.

Processing under this purpose includes the use of technical data related to website navigation, performance analysis, and user feedback collection. The Company may also process users’ data to initiate or defend legal claims before courts or other competent authorities. In all such cases, the Company’s interests are balanced against the users’ fundamental rights and freedoms, and data processing is limited to what is strictly necessary.

3.4 User Communication and Support

To provide support to users and respond to their requests, the Company processes the contact data provided, including email addresses and phone numbers. This data is used to provide information on the status of compensation claims, clarify relevant procedures, and offer technical or administrative assistance. Processing for this purpose is based on the performance of a contract or the Company’s legitimate interest, depending on the nature of the request. If communication is necessary for the provision of contracted services, the legal basis is Article 6(1)(b) of the GDPR. If the interaction is initiated by the user outside a contractual relationship, the applicable basis is the Company’s legitimate interest, pursuant to Article 6(1)(f) of the GDPR.

3.5 Marketing and Commercial Communications

The Company may process user data to send communications about its services, relevant updates, or promotional offers. These communications are sent only to users who have explicitly consented to receive such messages. The legal basis for data processing for this purpose is the user's consent, in accordance with Article 6(1)(a) of the GDPR. Users may withdraw their consent at any time, without affecting the legality of processing carried out prior to withdrawal.

3.6 Use of Cookies and Analytics Technologies

To improve the user experience on the Company’s website and analyze how it is used, data is collected and processed through cookies and similar technologies. This data is used to personalize displayed content, optimize website performance, and measure the effectiveness of advertising campaigns. The processing of this data is based on users' consent in accordance with Article 6(1)(a) of the GDPR for non-essential cookies, while the legal basis for essential cookies is the Company’s legitimate interest, pursuant to Article 6(1)(f) of the GDPR.

3.7 Defense of Rights and Dispute Management

When necessary, the Company may process users’ data to exercise its legal rights, or to initiate or defend claims in judicial, administrative, or out-of-court proceedings. This processing is justified by the Company’s legitimate interest in protecting its rights and interests, in accordance with Article 6(1)(f) of the GDPR. The data is used solely for dispute management purposes and is shared only with parties involved in the process, such as lawyers, courts, or competent authorities.

4. Collection of Personal Data. Types of Personal Data Collected

In carrying out its activities, BADGER CLAIM S.R.L. collects and processes personal data in accordance with the requirements of the General Data Protection Regulation (GDPR) and other applicable regulations. The data collected is limited to what is strictly necessary to fulfill the purposes outlined in Section 3 of this Privacy Policy, and processing is carried out under maximum security conditions, ensuring that all technical and organizational measures are in place to protect its confidentiality and integrity.

The Company collects personal data directly from data subjects via the website, online forms, electronic or phone communication, or other means, as well as from authorized external sources such as public databases or partners specialized in flight tracking, when legally justified. The collected personal data is securely stored and accessible only to the Company’s authorized personnel.

4.1 Identification Data

The Company collects and processes users' identification data, including full name, date of birth, nationality, and the series and number of identification documents, as well as the personal identification number or other unique identifiers, when required by competent authorities or necessary for legal procedures, in order to verify identity and to carry out the procedures for obtaining compensation for delayed or canceled flights.

4.2 Contact Data

Email address, phone number, and, in some cases, home or residence address are collected and processed for effective and timely communication with users and to provide relevant updates regarding their claims. This information allows the Company to send updates, request additional documents or clarifications, and respond to users’ inquiries.

4.3 Flight and Booking Data

To assess the eligibility of compensation claims and to submit requests to airlines or competent courts, the Company processes data related to users' air travel. This includes flight number, operating airline, departure and arrival airports, scheduled flight date and time, delays or changes, flight tickets, boarding passes, reservations, and any other data shared by the passenger.

4.4 Financial Data

To make payments to individuals entitled to compensation or to issue invoices and accounting documents, the Company processes financial data, including the bank account holder’s name, IBAN, SWIFT/BIC code, banking institution details, and transaction history related to the compensation claim.

4.5 Technical and Website Usage Data

To improve user experience and ensure platform security, the Company collects and processes technical data related to website usage, including IP address, browser type and version, operating system, approximate location based on IP address, browsing history, accessed pages, and session duration. This data is collected through cookies and similar technologies, with user consent, in accordance with the cookie usage policy.

4.6 Data Collected from Correspondence and Communications

The Company processes data contained in communications with users, including the content of emails and contact form submissions, as well as metadata such as date, time, and communication method. This processing is necessary to ensure efficient request handling, provide support, and maintain a communication history for compliance and service improvement purposes.

4.7 Data Required for Legal Compliance

If applicable laws require the collection and processing of additional data, the Company may process information requested by competent authorities during investigations or legal proceedings, data needed to prevent fraud and comply with anti-money laundering regulations, as well as information related to disputes or complaints against the Company.

BADGER CLAIM S.R.L. does not collect or process special categories of personal data, such as health information, religious, ethnic or union affiliation, sexual orientation, or political opinions, unless it is strictly necessary to resolve a claim and only based on the data subject’s explicit consent or another legal basis provided by the GDPR. If such data is accidentally provided by users, it will be deleted immediately unless there is a justified legal reason for retaining and processing it.

The Company guarantees that all collected data is treated with the highest level of confidentiality and security, used solely for the specified purposes and only for the duration necessary to achieve them. If users choose not to provide certain data required for the claims process, BADGER CLAIM S.R.L. may not be able to fully deliver the requested services.

In all circumstances, users have the right to be informed about the types of data being processed and how it is used, and the Company commits to respecting the principles of transparency and protection of data subject rights, as set out in the GDPR.

5. Use of Personal Data

BADGER CLAIM S.R.L. uses users’ personal data solely for the legitimate purposes for which it was collected, in accordance with Section 3 of this Privacy Policy. The Company respects the principles of proportionality and data minimization, ensuring efficient service delivery while protecting data in line with applicable regulations. Data processing is carried out through electronic means and, in certain situations, manually, with appropriate technical and organizational measures in place to ensure the confidentiality, integrity, and security of the information.

5.1 Provision of Contracted Services and Management of Compensation Claims

One of the main uses of the data is to provide the services contracted by users. This data is necessary for verifying compensation claim eligibility, managing the claims process, and communicating with airlines or competent authorities. Personal information, such as identification data, contact details, and flight information, is used to prepare and submit the required documents for obtaining compensation. This process may also involve analyzing users’ flight history, verifying claim compliance with applicable regulations, and identifying relevant aspects for assessing the right to compensation.

5.2 User Communication and Support

Users’ contact details are used to ensure effective communication during the compensation claim process. This includes sending updates on claim status, requesting additional documents, providing clarifications regarding user rights, and handling any questions or concerns. The data may also be used to provide technical or administrative support related to the online platform and to address any difficulties users encounter while submitting claims.

5.3 Compliance with Legal Obligations and Regulatory Requirements

In certain situations, the Company is required to use personal data to comply with national and European legal obligations. This includes using data for maintaining financial and accounting records, issuing invoices, reporting to tax and regulatory authorities, and complying with anti-money laundering and counter-terrorism financing regulations.

5.4 Service Improvement and Optimization of User Experience

The Company uses collected data to analyze website performance, detect and prevent security threats, personalize displayed content, and improve the user experience. This includes analyzing user interactions with the website and platform, assessing the effectiveness of the compensation claim process, and optimizing provided functionalities.

For this purpose, technical data such as IP address, browser type and version, operating system, browsing history, and other information collected via cookies may be used. This data is used exclusively for analytical purposes and is not used for direct user identification unless required for resolving technical or security issues.

5.5 Marketing, Advertising, and Commercial Communications

If users have provided explicit consent, the Company may use contact data to send marketing communications about its services, promotional offers, or other relevant information. Such communications may be delivered via email, SMS, or other electronic channels, and users have the right to unsubscribe at any time.

The Company may also use data regarding user interactions with the website and its services to personalize messages and content, making them relevant to the user’s interests and needs. If users do not wish to receive such communications, they can manage their privacy preferences through the platform’s available settings.

5.6 Detection, Prevention, and Management of Security Incidents and Fraud

The Company uses personal data to detect, prevent, and manage risks associated with unauthorized or abusive use of its services. This includes monitoring access to the website and platform, identifying fraud attempts or misuse of data, and implementing necessary measures to protect the security of information and IT infrastructure.

In the event of a security incident, the Company may use data to investigate the nature and impact of the incident, notify affected individuals, and comply with legal obligations related to breach reporting. These measures aim to protect both users’ interests and the integrity of the systems and services provided.

5.7 Defense of Rights and Dispute Management

If the Company needs to defend its rights before courts, administrative authorities, or other competent bodies, user data may be used to support claims, complaints, or defenses in legal proceedings. This may involve sharing information with the Company’s legal representatives, courts of law, or other competent authorities.

6. Disclosure of Personal Data to Third Parties

BADGER CLAIM S.R.L. respects the principle of confidentiality and limits the disclosure of personal data to third parties only in situations where it is necessary and legally justified, as provided under Article 6(1) of the GDPR, detailed in Section 3 of this Privacy Policy. Any data transfer is carried out in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

The Company does not sell, rent, or disclose users’ personal data for unauthorized commercial purposes. The transmission of such data to third parties occurs strictly within the limits necessary for service provision, compliance with legal obligations, protection of the Company’s legitimate rights, or based on the explicit consent of the user.

6.1 Disclosure of Data to Airlines and Legal Entities Involved in Compensation Claims

To fulfill its contractual obligations to users, the Company shares relevant data with airlines, aviation regulatory agencies, courts of law, arbitrators, or other legal entities involved in the compensation claim process. This includes identification data, flight information, and supporting documents required for filing compensation claims.

6.2 Data Transfer to Lawyers and Compensation Recovery Firms

If the compensation claim process requires additional legal assistance, the Company may share user data with lawyers, law firms, or agencies specialized in airline compensation recovery. These entities act either as processors on behalf of the Company or as independent controllers, depending on the nature of the collaboration.

6.3 Sharing Data with Financial Institutions and Payment Processors

To process payments to users, financial data (including the bank account holder’s name, IBAN, and transaction details) may be shared with financial institutions, banks, and payment service providers. This processing is necessary for accurate payment processing and compliance with tax and accounting obligations.

6.4 Disclosure of Data to Competent Authorities and Regulatory Institutions

The Company may be required to provide personal data to public authorities, regulatory bodies, government agencies, courts of law, or law enforcement agencies in the case of an official request, legal obligation, or legitimate interest in preventing fraud and protecting users’ rights.

6.5 Transfer of Data to IT Service Providers and Technology Infrastructure Partners

To operate the website, manage databases, and deliver efficient services to users, the Company collaborates with IT service providers, web hosting companies, and digital infrastructure developers. These entities may access user data only to the extent necessary to ensure proper system functionality and are required to implement strict security measures.

6.6 International Data Transfers

If it is necessary to transfer personal data to entities located outside the European Economic Area (EEA), the Company takes all necessary measures to ensure an adequate level of protection, in accordance with the GDPR. These measures may include the use of Standard Contractual Clauses approved by the European Commission, applying a recognized certification mechanism, or verifying the existence of an adequacy decision confirming an appropriate level of data protection.

International data transfers are carried out only when strictly necessary for service provision and with respect for users’ rights and freedoms. The Company is committed to informing users about such transfers and providing appropriate safeguards to ensure data security.

6.7 Data Sharing Based on User Consent

In situations where data sharing with third parties is not required for contract performance, legal compliance, or protection of legitimate interests, the Company may request users’ consent to share their data with certain entities. This may include sharing information for marketing purposes, market research, or commercial partnerships.

7. Security of Personal Data Processing

BADGER CLAIM S.R.L. places great importance on the protection of personal data and implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of processed information. The Company adheres to the highest security standards in compliance with the General Data Protection Regulation (GDPR) and industry best practices, preventing unauthorized access, misuse, loss, destruction, or accidental disclosure of user data.

7.1 Technical Data Protection Measures

To prevent risks associated with data processing, the Company has implemented advanced technical solutions to ensure the security of managed information. These measures include:

  • Pseudonymization and/or data encryption – all personal data is encrypted both in transit and at rest using advanced encryption technologies, making unauthorized access impossible.
  • Firewall protection and intrusion detection systems – the Company uses advanced firewalls and cyberattack detection and prevention solutions to protect networks and servers hosting user data.
  • Authentication and access control – access to IT systems is restricted through multi-factor authentication and strict access rights management policies. Only authorized personnel have access to personal data, and access is monitored and periodically reviewed.
  • Security monitoring and auditing – the Company implements continuous monitoring solutions to detect and investigate any suspicious activity. Periodic audits are also conducted to evaluate the effectiveness of security measures and identify potential vulnerabilities.
  • Data backup and recovery – automated backup systems are used to ensure the protection and quick restoration of data in the event of a security incident or technical failure.

7.2 Organizational Data Protection Measures

In addition to technical measures, the Company implements clear policies and procedures on data security, regularly training employees and collaborators on cybersecurity risks, data protection, and measures to prevent data leaks. Access to user data is granted only to personnel with a clear operational need, and permissions are periodically reviewed to prevent unauthorized access. Personal data is stored electronically on secure servers or physically in locked cabinets, accessible only to authorized individuals. All employees and collaborators with access to personal data are required to comply with strict confidentiality rules and to sign confidentiality agreements regarding personal data protection.

The Company has also developed and implemented a security incident response plan to ensure that, in the event of a data breach, prompt action can be taken to minimize impact and notify the competent authorities in accordance with legal obligations. Additionally, the Company regularly tests and evaluates the effectiveness of existing technical measures and adopts new measures as necessary.

In line with its commitment to data protection, BADGER CLAIM S.R.L. does not sell or disclose personal data to third parties for commercial, advertising, or marketing purposes without the user’s explicit consent. Furthermore, the Company does not collect more data than necessary for service provision and compliance with legal obligations, and does not process personal data through automated decision-making without human intervention, except when required to provide services and users have been appropriately informed.

7.3 Responsibility for Data Security

The Company assumes full responsibility for the protection of personal data and is committed to complying with all requirements imposed by European and national data protection legislation. In the event of a security breach that may affect users' rights and freedoms, the Company will promptly notify the competent data protection authority and, if applicable, the affected individuals, in accordance with the provisions of the GDPR.

8. Retention Period of Personal Data

BADGER CLAIM S.R.L. retains users’ personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the principle of storage limitation as provided by the General Data Protection Regulation (GDPR). The retention period is determined based on the nature of the data, the purpose of processing, and applicable legal requirements.

8.1 Criteria for Determining the Retention Period

The Company determines data retention periods based on the following criteria:

  • Operational and contractual necessity – data is retained as long as necessary to provide services and fulfill contractual obligations towards users.
  • Legal obligations and applicable regulations – certain data must be retained for periods required by applicable legislation, including tax, accounting, and consumer protection regulations.
  • Applicable limitation periods – if the data is needed for the exercise or defense of legal claims, it may be retained for the period established by the applicable statute of limitations.
  • User consent – where processing is based on consent, the data is retained until the user withdraws their consent, unless another legal basis justifies its longer retention.

8.2 Retention Periods for Different Categories of Data

Identification and contact data is retained throughout the service provision period and for an additional 5 years after the end of the contractual relationship.

Flight and booking data is retained as long as necessary to resolve the compensation claim and for 3 years after the process is completed, allowing users to assert any additional rights.

Financial and transaction data, including information required for payment processing, invoicing, and accounting compliance, is retained for 10 years, in accordance with applicable tax and accounting laws.

User correspondence and requests, including the content of emails, support requests, and other communications, are retained for 3 years from the last interaction, to address potential disputes or complaints.

Data used for marketing and commercial communications, as well as any other data processed based on user consent, is retained until the consent is withdrawn, but no longer than 2 years from the user's last active interaction with the Company or the claimbee.com platform.

Technical and website usage data, such as information collected via cookies and similar technologies, is retained according to the cookie policy, for a period ranging from 6 months to 2 years depending on the type of cookie used.

8.3 Data Deletion and Anonymization

At the end of the retention period, data is either permanently deleted or anonymized so it can no longer be associated with a specific individual. Deletion is carried out in accordance with internal security procedures and applicable data protection standards. If a user requests deletion of their data before the retention period expires, the request will be reviewed and implemented in compliance with legal obligations and any grounds that justify continued retention.

9. Data Subject Rights Regarding the Processing of Personal Data

In accordance with the provisions of the General Data Protection Regulation (GDPR), any individual whose personal data is processed by BADGER CLAIM S.R.L. has a set of rights regarding the protection and management of their data. The Company adheres to the principle of transparency and ensures the effective exercise of these rights, offering users the possibility to request information, corrections, processing restrictions, or deletion of their data, within the limits permitted by applicable regulations.

9.1 Right of Access

Any data subject has the right to obtain confirmation from the Company as to whether or not their personal data is being processed. If such data is being processed, the individual has the right to access it, including information about the purposes of processing, categories of collected data, recipients to whom the data has been or will be disclosed, estimated storage period, and the rights they may exercise. This information is provided free of charge through this Privacy Policy, available on the website claimbee.com.

9.2 Right to Rectification

The data subject has the right to request the correction of any inaccurate or incomplete personal data. Depending on the purposes of processing, the data subject may provide additional statements to ensure the accuracy of the information held by the Company. Data correction is carried out without undue delay, and the user will be informed of the changes.

9.3 Right to Erasure ('Right to be Forgotten')

The data subject may request the deletion of their personal data when it is no longer necessary for the purposes for which it was collected, if consent has been withdrawn, if they object to the processing and there is no overriding legal basis, or if the data has been unlawfully processed. The Company will assess the request and delete the data, except when processing is necessary for legal compliance, defense of a legal right, or other justified legal grounds.

9.4 Right to Restriction of Processing

The data subject has the right to obtain restriction of processing in certain situations, such as when the accuracy of the data is contested, when processing is unlawful but the user does not wish for the data to be deleted, or when the Company no longer needs the data but the user requires it for the establishment, exercise, or defense of legal claims. During this time, restricted data may only be processed with the data subject’s consent or for the defense of legitimate rights.

9.5 Right to Data Portability

The data subject has the right to receive their personal data provided to the Company in a structured, commonly used, and machine-readable format. They also have the right to request the transfer of such data to another controller, where technically feasible. This right applies only to data processed based on consent or the performance of a contract and only when processing is carried out by automated means.

9.6 Right to Object

The data subject has the right to object at any time to the processing of their personal data on grounds relating to their particular situation, when the processing is based on the Company’s legitimate interest or is carried out for direct marketing purposes. If the user objects to processing for marketing purposes, their data will no longer be processed in that context. If the objection relates to other purposes, the Company will assess the request and cease processing unless it can demonstrate compelling legitimate grounds for continuing.

9.7 Right to Withdraw Consent

When data processing is based on user consent, the user has the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal. Consent can be withdrawn using the methods provided by the Company, and the data will no longer be processed for the purposes for which consent was given.

9.8 Right to Lodge a Complaint with a Supervisory Authority

The data subject has the right to lodge a complaint with the competent national data protection authority if they believe that their rights have been violated through the processing of their personal data. In Romania, the competent authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP), and its contact details are available on the official website.

9.9 Right Not to Be Subject to Automated Decision-Making

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them. If the Company uses such technologies, users will be clearly informed about their existence, the logic involved, and the potential impact, and will have the option to request human intervention in the decision-making process.

9.10 How to Exercise Your Rights

To exercise any of the rights mentioned above, the data subject may submit a written request using the contact details provided by the Company. Requests will be reviewed and resolved as soon as possible, but no later than one month from the date of receipt, in accordance with GDPR obligations. In the case of complex requests or a high volume of requests, this period may be extended by up to two additional months, and the user will be duly informed.

10. Company's Responsibility in the Processing of Personal Data

BADGER CLAIM S.R.L. fully assumes responsibility for complying with the principles and requirements of the General Data Protection Regulation (GDPR) and applicable data protection laws. The Company is committed to ensuring a high level of security and compliance in all its data processing activities, protecting the rights and freedoms of data subjects, and ensuring transparency and legality in all operations.

The Company is obligated to process personal data lawfully, fairly, and transparently. All processing activities are based on a clear legal basis—be it contract performance, compliance with a legal obligation, the Company's legitimate interest, or the explicit consent of the data subject. In every case, the Company evaluates the necessity and proportionality of the processing, avoids excessive data collection, and ensures that the data is used solely for the specified purposes.

BADGER CLAIM S.R.L. implements appropriate technical and organizational measures to protect data against unauthorized access, loss, destruction, or unlawful use. The Company also ensures that all employees and collaborators with access to user data comply with strict confidentiality and data security obligations.

The Company is obligated to provide users with clear and accessible information about how their data is collected, used, stored, and shared. This Privacy Policy is part of the Company's commitment to transparency and is regularly updated to reflect legal changes and improvements in data protection practices.

The Company is responsible for efficiently and promptly handling all requests received from data subjects regarding the exercise of their rights (access, rectification, deletion, restriction, portability, etc.). Each request is carefully reviewed, and responses are provided within the legal timeframe of one month, with a possible extension depending on the complexity of the request.

In the event of a security breach that could negatively impact personal data, the Company is obligated to notify the competent authorities without delay and, if applicable, the affected individuals. This notification is carried out in accordance with GDPR requirements, and the Company implements immediate measures to mitigate risks and prevent future incidents.

In situations where the Company collaborates with processors for the handling of certain personal data, it ensures that these entities comply with the same high standards of data protection. To this end, the Company enters into contractual agreements requiring strict compliance with data security and confidentiality obligations.

11. Cookie Policy and Use of Similar Technologies

BADGER CLAIM S.R.L. uses cookies and other similar technologies on its website to ensure optimal platform functionality, enhance user experience, analyze traffic and user interactions, and provide personalized content.

11.1 What are cookies?

Cookies are small text files stored on the user's device (computer, mobile phone, tablet) when visiting a website. These files allow the recognition of the user's device and store certain information about their preferences and actions on the site. Cookies serve various purposes, from enabling website functionality to collecting analytical and advertising data. Cookies are widely used to enhance user experience by remembering preferences, optimizing displayed content, and delivering personalized services.

11.2 Types of Cookies Used

The claimbee.com website uses several types of cookies, each serving a specific role in platform operation and enhancing user experience. These include:

  • Strictly necessary cookies – essential for the proper functioning of the website and cannot be disabled. They allow users to navigate the site and use basic features such as account login, form submission, or session security.
  • Performance and analytics cookies – collect information on how users interact with the website, such as most visited pages, time spent on pages, and any encountered errors. This data is used solely for statistical and analytical purposes to improve website performance and content.
  • Functionality cookies – enable the website to remember user choices (such as preferred language, region, or custom settings) to provide a more personalized and efficient experience.
  • Advertising and targeting cookies – used to deliver ads to users and limit the frequency of ad display. These may be placed by third-party advertising partners and allow tracking of users’ browsing behavior across websites.
  • Social media cookies – allow the integration of the website with social media platforms and enable users to share content on platforms such as Facebook, Twitter, Instagram, LinkedIn, and others.

11.3 Purpose of Cookie Usage

Cookies used on claimbee.com serve multiple purposes, including:

  • ensuring proper and efficient platform functionality and improving its security;
  • recognizing logged-in users and retaining their preferred settings;
  • personalizing user experience by displaying relevant content;
  • analyzing website performance and monitoring traffic to continuously optimize services;
  • displaying relevant advertisements and measuring ad campaign effectiveness;
  • facilitating integration with social networks and content-sharing options.

11.4 User Consent and Cookie Preference Management

In accordance with data protection regulations, users have the right to manage their cookie preferences and to refuse the placement of cookies on their devices, except for strictly necessary cookies.

Upon first accessing the website, users are shown a cookie notice allowing them to accept all cookies, reject non-essential ones, or customize their preferences. Users can change their cookie settings at any time by accessing the 'Cookie Settings' section of the website. Most browsers also allow users to manage and delete cookies via browser settings. Additional information on how users can control cookies through their browsers is available on the official websites of major browser providers.

11.5 Use of Third-Party Cookies

The claimbee.com website may use cookies placed by third parties, such as web analytics providers (e.g., Google Analytics), social networks, or advertising partners. These cookies are managed by third parties and are subject to their privacy and data protection policies. The Company does not directly control how these third parties use cookies and recommends that users consult their privacy policies for more information.

11.6 Cookie Lifespan

The duration of cookie storage varies depending on the type. The claimbee.com website uses both session cookies, which are automatically deleted when the browser is closed, and persistent cookies, which remain stored on the user’s device for a set period or until manually deleted.

11.7 User Rights Regarding Cookies

Users have the right to request detailed information about the cookies used on the website, to withdraw their consent for their use, and to request the deletion of stored cookies from their device. If users believe that cookie usage violates their data protection rights, they have the right to lodge a complaint with the national data protection authority.

12. Complaints and Claims Regarding the Processing of Personal Data

BADGER CLAIM S.R.L. respects users' rights regarding personal data protection and is committed to handling any request, concern, or complaint related to the collection, processing, and protection of such data seriously and responsibly. If a data subject believes that their data protection rights have been violated or that the Company's processing does not comply with the General Data Protection Regulation (GDPR) or other applicable regulations, they have the right to file a complaint and request that the situation be rectified.

12.1 How to Submit a Complaint to BADGER CLAIM S.R.L.

Users who wish to file a complaint regarding the processing of their personal data may do so through one of the following methods:

  • By email – by sending a written request to the Company's email address, available on the Company’s website.
  • By post – by sending a letter to the Company’s headquarters, clearly indicating the nature of the complaint and the petitioner’s identification details.
  • By phone – by contacting the data protection department to receive guidance on resolving the complaint.

To ensure an efficient complaint analysis process, users are kindly asked to provide complete and clear information, including details about the reported issue, the date it was identified, and any relevant documents or evidence.

12.2 Complaint Resolution Procedure

Upon receiving a complaint, BADGER CLAIM S.R.L. will confirm receipt and initiate an internal investigation to review the issues raised. The Company commits to resolving all complaints within a reasonable timeframe, not exceeding 30 calendar days from the date of receipt, except in complex cases, where this term may be extended by another 60 days, with the user being appropriately informed about the reasons for the delay.

If the complaint is found to be valid, the Company will take the necessary steps to rectify the situation, including correcting or deleting personal data, modifying internal processing procedures, or revising data protection policies as needed.

If the user is not satisfied with the resolution, they have the right to contest the decision and request a case review.

12.3 Right to File a Complaint with the Supervisory Authority

If the user believes that BADGER CLAIM S.R.L. has not properly handled their complaint or that the data processing continues to violate data protection laws, they have the right to file a complaint with the national data protection authority.

For users residing in Romania, the competent authority is the National Supervisory Authority for Personal Data Processing (ANSPDCP), which can be contacted using the following details:

  • Website: www.dataprotection.ro
  • Address: Bulevardul General Gheorghe Magheru no. 28-30, Sector 1, Bucharest, Romania
  • Phone: +40 318 059 211
  • Email: anspdcp@dataprotection.ro

12.4 Right to Initiate Legal Proceedings

If the user believes that their rights have been seriously infringed and that the processing of their data is not in compliance with applicable laws, they have the right to initiate legal proceedings against BADGER CLAIM S.R.L. Legal action may be brought either before the courts of the state in which the user resides or the courts in the jurisdiction where the Company conducts its main business.

13. Processing of Children’s Personal Data

BADGER CLAIM S.R.L. handles the processing of children’s personal data with the utmost responsibility and caution, fully complying with the provisions of the General Data Protection Regulation (GDPR) and other applicable regulations on child protection in the digital environment. The Company recognizes the importance of safeguarding children's privacy and adopts special measures to prevent the unauthorized collection, use, or disclosure of such data.

13.1 Limiting the Collection of Children’s Data

The website and services provided by BADGER CLAIM S.R.L. are not intended for children under the age of 16 and are not designed to attract minors. The Company does not knowingly collect or process personal data of individuals under this age, except when it is necessary for providing services and the explicit consent of a parent or legal guardian has been obtained beforehand. If it is discovered that data from a minor was collected without parental or guardian consent, the data will be immediately deleted, and the Company will take the necessary steps to prevent unauthorized future collection.

13.2 Parental or Guardian Consent Requirement

In situations where the processing of a minor's data is strictly necessary, BADGER CLAIM S.R.L. requires the explicit and verifiable consent of the parent or legal guardian before collecting or processing such data. Consent is obtained through appropriate methods that verify the identity of the parent or legal guardian and confirm their relationship with the child.

The Company reserves the right to request additional documents to verify the identity of the parent or guardian and to ensure compliance with child protection requirements. If the parent or legal guardian withdraws consent, the Company will immediately cease processing the child’s data and ensure it is deleted, except where retention is required by legal obligation.

In exceptional cases where minors' data is processed with the consent of a parent or legal guardian, it is used strictly for the purposes necessary to provide the contracted services. These purposes may include:

  • managing a compensation claim for a minor who was affected by a delayed or canceled flight;
  • communicating with the parent or legal guardian to verify and confirm the information necessary to process the claim;
  • complying with legal obligations under applicable regulations.

In all situations, the processing of children's data is carried out in accordance with the principles of data minimization and enhanced protection.

13.4 Rights of Parents and Legal Guardians

Parents or legal guardians of minors whose data is processed by BADGER CLAIM S.R.L. benefit from all rights provided by the GDPR, including:

  • Right of access – the ability to request detailed information at any time about the data processed by the Company regarding the minor;
  • Right to rectification – the ability to request correction of any inaccurate or incomplete data about the minor at any time;
  • Right to erasure ('right to be forgotten') – the ability to request the deletion of the minor’s data, unless a legal basis requires retention;
  • Right to restrict processing – the right to limit the use of the minor's data in certain situations;
  • Right to withdraw consent – the ability to revoke previously given consent at any time for the processing of the minor’s data;
  • Right to lodge a complaint – if parents or legal guardians believe the minor's rights have been violated through data processing, they may file a complaint with ANSPDCP or the competent authority in their country of residence.

To exercise these rights, parents or legal guardians can contact the Company using the contact details provided in this Privacy Policy.

14. Changes to the Privacy Policy

The Company reserves the right to modify, update, or revise this Privacy Policy periodically to reflect legal changes, technological developments, operational adjustments, or any other requirements necessary to maintain compliance with data protection regulations. Any changes to this document will be made in accordance with the principles of transparency and user notification, ensuring that users remain informed about how their data is processed.

Therefore, any substantial change to the Privacy Policy will be communicated to users through the following channels, depending on the nature and impact of the changes:

  • publishing the updated version on the Company’s website – all updates will be clearly reflected on the Privacy Policy page, along with the effective date;
  • sending an email notification – if the changes are significant and affect how users interact with the Company’s services, they will be informed via direct email;
  • displaying a notification message on the website – if the changes are relevant to a large number of users, a visible message will appear on the website to announce the updates.

Each updated version of the Privacy Policy will include the date of the latest revision. Users are encouraged to review this Privacy Policy periodically to ensure they are informed about the latest changes. Continued use of the website and services after a revised version becomes effective constitutes acceptance of the revised terms. If any changes require new consent from users, it will be explicitly requested, and user data will not be processed under the new provisions without such consent where applicable.

If you have any questions or concerns about changes to the Privacy Policy, you may contact BADGER CLAIM S.R.L. through the official communication channels available on our website.