25 May 2018




This Privacy Policy applies to personal data/information about you and will set out how we collect, use, process and disclose your personal data/information as a customer or a potential customer, including personal data relating to individuals who are booking or enquiring about a booking by contacting our service centers or call centers or customers who use our other services or our website or App or recipients of booking and/or travel services that can be booked with or through third parties with COBALT.


COBALT is committed to protecting your personal information and privacy and aims to do the following:

a. Give you control over your own information;
b. Be transparent about the information we are collecting; and
c. Put in place appropriate measures to ensure that your information is protected and secure at all times.


You are strongly encouraged to read this Privacy Policy before providing us with any information about yourself and/or about any child under the age of 14 if you are the parent or a legal guardian.

For the purposes of this Privacy Policy, the terms “COBALT”, “we”, “us” and/or “Company” and/or “Airline” shall refer to COBALTAIR LIMITED (company Registration No. 342467) (including related and affiliated entities) who is responsible for your personal information (otherwise the “Data Controller”) under the General Data Protection Regulation (EU) 2016/679 other EU Legislation and pertinent laws of the Republic of Cyprus as may be amended from time to time (collectively “Data Protection Legislation”).




1.    Type of Information we collect
        1.1.    Definitions
        1.2.    Necessary Information 
        1.3.    Sensitive Data & Special Categories of Data 
        1.4.    Additional Information 

2.    Use of Personal Data/Information
        2.1.    Necessary to Carry out our Business
        2.2.    Legally Required or other Legitimate Business Interests
        2.3.    Other Third Party Sharing of Personal Data/Information 
        2.4.    Marketing Communications 

3.    How we Secure your Personal Data

4.    Your Rights 

        4.1.    Right to Access, Rectification and Portability 
        4.2.    Right to Restrict and/or Object to Processing 
        4.3.    Right to Erasure and/or Withdraw Your Consent 
        4.4.    Supervising Authority 
        4.5.    Contact Details of Data Protection Officer 
        4.6.    Consent 

5.    Data Retention 

6.    Transfer of Personal Data outside the EU/EEA

7.    Updates to this Privacy Policy

8.    Contact Details 



1.1.    Definitions 
“Personal Data” means any information or data which relates to you or which identifies you as a natural person and/or information which can be used to identify you directly or indirectly from such data or information or a combination of such data and/or other information in the possession of or likely to come into possession to us as the Data Controller. 

“Special Categories of Data” or “Sensitive Data” may include biometric information, medical data and information such as race, ethnicity, religion, health, sexuality etc. We try to limit, as much as possible, the circumstances where we would collect and process such sensitive information. Please consider paragraph 1.3. below which indicates when and why we would collect such sensitive data. 


1.2.    Necessary Information
We collect and process Personal Data that is necessary when making a Booking and/or a Reservation and/or when you use our services with us as a customer and/or necessary information for the adequate performance of our services to you and to allow us to comply with our legal obligations, considering that without such information, we may not be able to provide you with all the services you have requested from us. 

Particularly, the following personal data are collected: 

a)    Data to complete and manage a booking/reservation/service: Name, address, e-mail, contact details, date of birth, gender, passport or other recognized personal ID card numbers (expiry date and country of issue), account details and payment information;
b)    Data relating to your travel arrangements such as your travel itinerary, connecting flights and any other assistance you may require; 
c)    Data about your travel history: services we have provided to you in the past, including information related to your flights and services booked in connection with your flights; and
d)    Any other information that you may provide to us which may be necessary for our legitimate business interests and/or to comply with applicable Law and/or to respond to your request or query.


1.3.    Sensitive Data & Special Categories of Data 
a)    Medical conditions for passengers/customers who have special medical requirements and/or require medical assistance from us or an airport operator (i.e. a provision of a wheelchair) or which information has been passed on to us by a third party (such as a travel agent) through which you made your booking; 
b)    You may require clearance from us to fly with a specific medical condition; 
c)    Special requests from passengers who have dietary requirements; 
d)    Subject to receiving your explicit consent, you have chosen to provide us with such sensitive information; and
e)    You acknowledge that some airports may collect biometric information (for example: fingerprint and/or facial recognition) during the security clearance procedure prior to the flight and after the flight with us. 


1.4.    Additional Information
a)    Travel Insurance;
b)    Frequent Flier or Traveler Program;
c)    Information you may provide about your travel preferences in your MyTrips account;
d)    Information about your use of our website and/or via use through the Mobile App. Please consider our terms and conditions to find out more information about our Cookie Policy;
e)    The communications you exchange with us or direct to us via letters, emails, chat service, calls, and social media; and
f)    Information about your location if you have been browsing on our website via your computer or device through GPS, Bluetooth, and your IP Address, along with crowd-sourced Wi-Fi hotspot and cell tower locations, if you use location-based features and turn on the Location Services settings on your device and computer.



2.1.    Necessary to Carry out our Business
We will only collect and process your personal data where we have a legal basis and/or a legitimate business interest to do so as an airline in order to offer a service and to carry out our business, subject to the Data Protection Legislation. We will use and/or process your Personal Data for the following main purposes: 

a)    To complete and manage your reservation/booking process with us in relation to your flight (which may include flight changes, flight connections at the airport); 
b)    To fulfil your travel arrangements, and to deliver the products and services you have requested for such as for example, if you are a member of a travel program;
c)    To process the credit/debit or other payment card verification/screening: we use your payment information for accounting, billing and audit purposes and to detect and / or prevent any fraudulent activities; 
d)    Service Communications: Such as: contacting you in the event of a flight time change, delay or cancellation, confirmation of your booking, providing you with an update on the flight status, contacting you in the event your baggage is lost or misplaced, make alternative arrangements with you in the event of a flight cancellation etc.  For your information, these communications are not made for marketing purposes and shall only be used for the purposes as described above;
e)    Security, health, crime prevention/detection: we may pass on your information to government authorities or law enforcement bodies for compliance with legal requirements; and
f)    Marketing Communications and Market Research: subject to your prior written consent, we may contact you with information regarding flight promotions and ancillary products via e-communications. You also have the choice on every e-communication that we send you to indicate that you no longer wish to receive our direct marketing material via an opt-out mechanism. For further information in relation to Marketing Communication, please see paragraph 2.4. below. 


2.2.    Legally Required or other Legitimate Business Interests
We may also process Personal Data to third parties if we are legally required to do so by Law or where we need to comply with our contractual duties, or for any other legitimate business purposes (always acting in good faith) for reasons which include the following:
a)    Necessary to use your information so that we can process your travel arrangements and otherwise perform the contract we have with you; 
b)    Necessary to protect the legitimate interests of the Company and/or to protect and defend the rights or property of the Company including any related entities/affiliates of the Company; 
c)    We are legally obliged to provide the necessary information to the relevant government and Immigration authorities, law enforcement bodies, border control agencies, customs authorities in all countries we operate and which are required by Law to have access to booking and travel arrangement information of your flight for compliance with the respective legal requirements to the country in question;
d)    Necessary to protect the vital interests of the employees and/or the public and/or any other person;
e)    Necessary for maintaining legal records, accounts, audit, security as required pursuant to the applicable Laws; 
f)    To detect and prevent fraud, spam, abuse, security incidents and for the purposes of reporting potential crimes and other harmful activity; and
g)    Because you have otherwise consented for us to use your information for a particular purpose (i.e. marketing communications). 


2.3.    Other Third Party Sharing of Personal Data/Information 
We may also share your personal data with the following third parties for the purposes described in this Privacy Policy:
a)    Trusted GDS (Global Distribution System) 
GDS refers to a worldwide computerized reservation network used as a single point of access for reserving airline seats, hotel rooms, rental cars, and other travel related items by travel agents, online reservation sites, and large corporations. We are not responsible for third parties’ use of your personal data where such use is permitted for their own purposes. We strongly encourage you to consult their privacy policies for further information;
b)    Other partner airlines or service providers required to deliver the services you have asked for, where for example, the flight might be operated by another airline; 
c)    Trusted third party service providers we use to run our business such as handling agents assisting our passengers at airports pursuant to your particular request, call centers providing assistance to our customers, 
d)    Trusted third party marketing service providers assisting our marketing team with running customer surveys and providing targeted marketing campaigns (where consent is obtained);
e)    Credit and debit card companies which facilitate your payments to us, and anti-fraud screening, which may need information about your method of payment and flight booking to process payment or ensure the security of your payment transaction;
f)    Legal and other professional legal advisers required to enforce or apply any contract with you;
g)    Third party regulatory, government and law enforcement bodies in all countries we operate in, in order to protect our rights, property or the vital interests of other persons;
h)    Our trusted third party ancillary partners (identified on our website) who offer travel related products and services on our website. If you choose to purchase products or services offered on our website by third parties (such as: CarRentals Connect, Orthodoxou Travel or Hotels.com,) such third party partners may collect and share information about you. We are not responsible for third parties’ use of your personal data where such use is permitted for their own purposes. We strongly encourage you to consult their privacy policies for further information.
i)    You may be able to access third party social media services through our website or App or before coming to our website or App. When you are registered with your social service account, we will obtain the Personal Data you choose to share with us through these social media services, pursuant to the respective Social Media’s privacy settings, to improve and personalize your use of our website or App. We may also use social media plugins on our website or App. As a result, your information will be shared with your social media provider and possibly presented on your social media profile to be shared with others on your network, depending on the privacy settings of your profile. Please refer to the privacy policy of these third-party social media providers to find out more about these practices and restrictions. 


2.4.    Marketing Communications
Subject to obtaining your explicit consent pursuant to the opt-in mechanisms found on this website, our newsletter or via e-communications, we use your personal data for statistical and marketing analysis, systems testing, customer surveys, maintenance and development and we may process some of your personal data in order to personalize, measure and improve our advertising and marketing given our legitimate interests in undertaking marketing activities to offer you products or services that may be to your interest as follows: 

2.4.1.   Send you promotional alerts of new features and/or services and/or products, including special offers and new routes undertaken by COBALT; 

2.4.2.    Send you newsletters and updates; 

2.4.3.  Travel Advice (such as: travel or tour operators);

2.4.4.    Provide tailored services
We may use your data to provide information which may be of interest to you, prior to, during, and after your travel with us and to personalize the services we offer to you, such as special offers to your favorite destinations. 

You can change your mind from receiving any marketing communications and/or change what marketing communications you receive. If you decide that you would no longer like to be sent marketing communications you can opt-out from receiving marketing communications from us, by following the unsubscribe instructions found on the respective newsletters. We aim to action the unsubscribe mechanism or stopping of such requests immediately, or in any event within 10 (ten) working days of receiving such requests. It is possible however that you will receive some marketing communications within that period. 

COBALT is committed to ensuring the ongoing security and privacy of your Personal Data. We have implemented and follow strict security systems and procedures particularly in the storage and disclosure of your personal data, in order to protect it against accidental loss, destruction, damage or use by unauthorized third parties. The Personal Data you provide us is protected using approved industry standard methods of encrypting personal information and credit card details so that they can be securely transferred when customers purchase tickets online. All payment details are transmitted over dedicated network infrastructure and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS) which are also in line with the fraud detection systems.

We strongly urge our customers to take due care when making an online booking through a public device.


Subject to the Data Protection Legislation, you have a number of rights with regards to your personal data as indicated below. 

4.1.    Right to Access, Rectification and Portability: 
a)    You have the right to access and correct inaccurate or incomplete personal information that we hold about you but you do not have the right to access information relating to others who have not consented to the disclosure of their information.
b)    You also have the right to receive copies of your personal information that you have provided to us in a reasonably commonly used and machine-readable format subject to the request mechanism indicated in paragraph 4.5. below and you have the right to transmit the said data to another controller. 


4.2.    Right to Restrict and/or Object to Processing:
You have the right to request the restriction of processing of your personal information for marketing purposes and/or survey and/or market research. However, if you have booked a flight with us, we will need to send you information about the services which you have booked to use (such as your travel itinerary), otherwise we will not be able to offer you or provide you all parts of our services you have requested from us in relation to your travel arrangements. 


4.3.    Right to Erasure and/or Withdraw Your Consent: 
a)    As long as the Personal Data are no longer necessary in relation to the purposes for which they are collected or processed as further described in paragraph 2.1 and 2.2. above, you have the right to request erasure of personal information which identifies you and the right to withdraw your consent at any time. However, some identifying information would be required to be retained (pursuant to our retention period) and are not capable to be erased as this information will be needed to meet our obligations such as: our contractual obligations to you (such as: if you have a booking pending), pursuant to the Law, regulatory authorities and/or any legal proceedings.
b)    For the avoidance of doubt, such withdrawal of consent will not affect the lawfulness of the processing before we become aware that your consent was withdrawn. 


4.4. You have the right to lodge a complaint to the Office of the Commissioner for Personal Data Protection (http://www.dataprotection.gov.cy). 


4.5.    If you have any queries or if you would like further information about your personal data you may contact our Data Protection Officer at:DPO@cobalt.aero, or via mail at:
3-5 Artemidos Avenue, 
Artemidos Tower, 6020
Larnaca, Cyprus 

Note that there is no Fee for this request. We ask that you please make clear what information and/or query you have about your Personal Data. For security purposes and for your protection, we may need you to verify your identity before implementing your request. You do not have the right to information relating to others who have not consented to the disclosure of their information and/or to information which is privileged and confidential.

Your request will be responded the soonest reasonably practicable, and in any case not longer than within 30 (thirty) calendar days. If your request is particularly complicated, we retain the right to extend our response to up to 3 (three) months depending on the complexity of the case. 


4.6.    Consent:
We may process and collect any Personal Data in circumstances where you have given your explicit consent. As indicated above, you have the right to withdraw your consent at any time. However, in certain circumstances, this would mean that we may not be able to provide and/or offer you all parts of the services you have requested from us. 


5.1.  We will keep your personal data for a period necessary to fulfil our legitimate business interests pursuant to the contractual obligation you may have with the Company (for example to process your booking and complete your travel arrangements), and/or for any statutory or legal obligations and/or legal claims, pursuant to the applicable limitation period, where your Personal Data may be relevant to any possible liability we may have to you (for example to respond, handle and process any complaints to the flight or booking) and to protect our legal rights in the event of a claim being made and/or to comply with European and/or International aviation regulations.

5.2.  In determining the retention period, we will consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means for example, through pseudonymisation or anonymity. We will actively review and assess the information we hold in order to determine the appropriate retention period, but we shall ensure the security and confidentiality of all information we hold at all times. 


We may transfer and/or process and/or store Personal Data to a third party outside Cyprus or the European Union (EU) or the European Economic Area (EEA). Where your personal information is transferred outside the EU/EEA to third party service providers (who provide services to us), we will do so while always ensuring that the appropriate and suitable safeguards have been obtained and/or implemented prior to us doing so, in order to ensure that your Personal Data continues to be adequately protected to the standards set out in the Data Protection Legislation. In addition, we require all third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with the Data Protection Legislation. Please do not hesitate to contact us should you require further information on these safeguards; our contact details are set out in paragraph 8 below. 


We reserve the right to change and/or update this Privacy Policy from time to time, with or without notice to you, including by publishing a new version on our website. The date at the top of this page indicates when this Privacy Policy was last revised. Your use of any of COBALT’ s services following such updates means that you accept the revised Privacy Policy. You are required to regularly check and monitor this website for updates to our Privacy Policy in order to ensure that you are aware of any changes. 


If you have any questions about this Privacy Policy, please contact us at the following email address:

Data Protection Officer at  DPO@cobalt.aero, or via mail at:

3-5 Artemidos Avenue, 
Artemidos Tower, 6020
Larnaca, Cyprus