Retention Policy

Personal Data Retention Schedule: This Retention Schedule will be reviewed annually or as otherwise determined by the Fareportal Legal Department.

PERSONAL DATA Retention Period Electronic or Tangible Form; Retention Location Criteria to Determine Retention Period (required if Retention Period cannot be fixed)

PNR data (including all PNR data related to flights, hotel, car rental, cruise, and other bookings)

PNR data may include passenger names, addresses, phone number, notes, frequent traveler information, service and special request information, itinerary, booking number, baggage details, passport information, form of payment, commissions. 6 years from the last booking Electronic; U.S. data centers Data may be retained until such time as the purpose it was collected for has been fulfilled, and other purposes that are not incompatible with the original purposes as determined by Applicable Law (e.g., subsequent bookings)

Ancillaries (to the extent not included in the PNR, including paid seats, paid baggage, ground transportation, third-party products sold by or through Fareportal such as travel assist classic, seat assignments, baggage services, flight watcher, BRB, visa services, travel protection). 6 years from date of last purchase Electronic; U.S. data centers See above

Credit card information (credit card number limited to last 4 digits, expiration date and CCV) 6 years from last date of usage Electronic; U.S. data centers See above

Customer support data (e.g., submitting support ticket, phone records for contact center support, travel protection claims) Support tickets and chat logs – 3 years from close-out of ticket or chat log

Contact center phone records – 3 years after completion of call

Travel protection claims – 3 years after claim resolution Electronic; U.S. data centers 3 years is the default retention period.

Support inquiries vary in terms of complexity and severity. For certain support inquiries (e.g., those that may lead to legal actions, or have other serious implications), the relevant information shall be retained for as long as needed for Fareportal to establish, exercise, or defend against current or foreseeable future claims

Direct marketing consent (e.g., time period until consent for use of email/phone number for marketing purposes expires) 3 years from the last date of booking or purchase

Retention of this data may continue if customer either (i) opts-in again, or (ii) purchases another product or service through Fareportal

If opted-out, customer will no longer receive direct marketing via the applicable medium (e.g., text, email) Electronic; U.S. data centers -

Cybersecurity log data and fraud detection data Indefinitely, security logs and fraud detection data is strictly required to maintain safety of Fareportal and website visitors on website, and application, and our Customer’s information generally Electronic; U.S. data centers -

PERSONAL DATA	Retention Period	Electronic or Tangible Form; Retention Location	Criteria to Determine Retention Period (required if Retention Period cannot be fixed)
PNR data (including all PNR data related to flights, hotel, car rental, cruise, and other bookings) PNR data may include passenger names, addresses, phone number, notes, frequent traveler information, service and special request information, itinerary, booking number, baggage details, passport information, form of payment, commissions.	6 years from the last booking	Electronic; U.S. data centers	Data may be retained until such time as the purpose it was collected for has been fulfilled, and other purposes that are not incompatible with the original purposes as determined by Applicable Law (e.g., subsequent bookings)
Ancillaries (to the extent not included in the PNR, including paid seats, paid baggage, ground transportation, third-party products sold by or through Fareportal such as travel assist classic, seat assignments, baggage services, flight watcher, BRB, visa services, travel protection).	6 years from date of last purchase	Electronic; U.S. data centers	See above
Credit card information (credit card number limited to last 4 digits, expiration date and CCV)	6 years from last date of usage	Electronic; U.S. data centers	See above
Customer support data (e.g., submitting support ticket, phone records for contact center support, travel protection claims)	Support tickets and chat logs – 3 years from close-out of ticket or chat log Contact center phone records – 3 years after completion of call Travel protection claims – 3 years after claim resolution	Electronic; U.S. data centers	3 years is the default retention period. Support inquiries vary in terms of complexity and severity. For certain support inquiries (e.g., those that may lead to legal actions, or have other serious implications), the relevant information shall be retained for as long as needed for Fareportal to establish, exercise, or defend against current or foreseeable future claims
Direct marketing consent (e.g., time period until consent for use of email/phone number for marketing purposes expires)	3 years from the last date of booking or purchase Retention of this data may continue if customer either (i) opts-in again, or (ii) purchases another product or service through Fareportal If opted-out, customer will no longer receive direct marketing via the applicable medium (e.g., text, email)	Electronic; U.S. data centers	-
Cybersecurity log data and fraud detection data	Indefinitely, security logs and fraud detection data is strictly required to maintain safety of Fareportal and website visitors on website, and application, and our Customer’s information generally	Electronic; U.S. data centers	-

I'm Done

Personal Data Retention Schedule