Somon Air

Privacy Policy

General provisions

Personal data is any information relating to you as a user of the site, by which you can be directly or indirectly identified.

The website of Somon Air LLC complies with the requirements of the Law of the Republic of Tajikistan No. 1537 “On the Protection of Personal Data”, the General Data Protection Regulation (GDPR), (Regulation (EU) 2016/679), which are mandatory legislative acts in the Russian Federation and the EU , respectively.

This site collects and processes personal data taking into account the requirements of international laws and only for the sale of tourism services in accordance with the public agreement "Rules for using the site." We transfer personal data only to reliable partners using secure protocols (for example, to international booking systems). We limit access to personal data through password authentication and secret codes. We store personal data in encrypted form and only for the purpose of improving the usability of the service, while we provide the data owner with the ability to view, edit and delete it through the “personal account” functionality.

To make a purchase as an individual, you do not need to create an account in the system. In this case, access to your order will be limited to a unique alphanumeric code (order number), which will be displayed on the order page and duplicated in the letter confirming your successful booking. To prevent the order number and last name from being selected manually, the system limits the number of entry attempts per unit of time.

If you create an account in our system, your orders will be associated with this account and displayed as a list in your "personal account". We will also save the passenger data you enter so you can reuse it when creating new orders. No one except you has access to passenger data saved in your “personal account”.

Personal data related to orders is stored in encrypted form. Only you and our company employees have access to this data. Our employees use your data only to solve technical problems and to fulfill the conditions of transportation; use for other purposes is prohibited by a non-disclosure agreement signed by each of our employees.

We send emails and SMS messages only:

  • about the current status of your orders
  • to confirm your email upon registration
  • to change your password after registration
  • Our system does not receive or store bank card data. All payments go through reliable and certified systems of banks or payment gateways. We only receive and process the successful or unsuccessful result of your payment

    Rights of the subject of personal data

    The processing of personal data is carried out in accordance with the rules for using the site and in compliance with this privacy policy.

    You have the right to access, edit or completely delete your personal data.
    You have the right to request by email or telephone:

  • one copy of your personal data free of charge;
  • detailed information about the companies (booking systems) and the country of their location to which your personal data has been or will be transferred;
  • any information related to the purposes and terms of processing, to the sources of receipt of your personal data (if this does not contradict the requirements of the law).
  • The system does not process personal data for the purpose of making automated decisions that affect the cost of the order, or decisions that limit your rights as a subject of personal data.

    Information collected and processed by our system

    We receive the following information from you:

    Data type

    How to use

    Where is it transmitted?

    How long does it last?

    Browser language

    To determine the language version of the site

    Not getting through

    Not stored

    Browser type

    To determine specific parameters for the correct display of a website

    Passed to booking systems if this is a required parameter

    Stored in logs for up to 3 years (only for analysis and solution of technical problems)

    Internet Protocol address (IP)

    To roughly determine the departure airport closest to the user. To limit the number of attempts at safety-critical operations (selection protection)

    Passed to booking systems if this is a required parameter

    Stored in logs for up to 3 years (only for analysis and solution of technical problems)

    Search query parameters

    To pre-fill the search form after refreshing the page or returning to the site

    Transmitted to booking systems to receive offers (search results)

    No more than a week on the server side, 1 year on the client browser

    Passenger data (upon purchase)

    To perform booking and ticketing operations

    To booking systems and airlines

    3 months after completion of service (encrypted)

    Passenger data (in your personal account)

    To substitute data in new orders

    Not getting through

    Unlimited encrypted

    Passenger data (in your personal account)

    To substitute data in new orders

    Not getting through

    Unlimited encrypted

    User email address (upon purchase)

    To perform booking and ticket issuance operations. To send e-tickets and emails about order status

    To booking systems and airlines

    3 months after completion of service (encrypted)

    User phone number (upon purchase)

    To perform booking and ticket issuance operations. To send SMS about order status

    To booking systems and airlines

    3 months after completion of service (encrypted)

    User email address (upon registration)

    To identify the user. To recover your password.

    In mailing management systems in case of direct consent of the user

    Unlimited

    User password

    For authentication

    Not getting through

    Unlimited, as a hash sum.

    Cookie Policy

    Cookies are files with data related to our system and stored on the side of your device.

    You manage the stored data yourself and can delete it at any time. It is not recommended to completely disable the functionality of cookies, because this may negatively impact the available functionality of our system.

    We use the data from these files only to ensure comfortable use of the site: when authenticating (entering your login and password), we remember you through a unique session identifier stored in a cookie. This allows you not to re-enter your login and password each time you perform an operation that requires authorization.

    Data retention policy

    1. Security of access to personal data is ensured by authentication and authorization.
    2. Security of access to personal data of unregistered buyers is ensured through unique access codes or identification of the buyer device (via cookies).
    3. Company employees who have access to personal data sign a non-disclosure agreement.
    4. Personal data is encrypted during transmission and during storage (including in backups), the integrity of the encrypted data is verified using checksums. Encryption algorithm: symmetric with 256-bit key and random vector.
    5. Secure storage of passwords (via hashes without the ability to recover the user original password).
    6. Passwords and access codes to personal data are protected from brute-force selection.
    7. Protection against data loss is organized through a system of real-time replications and daily backups.
    8. All access operations to personal data are logged.

    Changes to the privacy policy

    The requirements of international laws and agreements regarding personal data change, and we must comply with them. In addition, we are constantly improving our system and adding new functionality. We are continuously improving mechanisms for protecting personal data. All this requires changes to this privacy policy. The new document comes into force on the date of publication.