Privacy Policy
General provisions
Personal data is any information relating to you as a user of the site, by which you can be directly or indirectly identified.
The website of Somon Air LLC complies with the requirements of the Law of the Republic of Tajikistan No. 1537 “On the Protection of Personal Data”, the General Data Protection Regulation (GDPR), (Regulation (EU) 2016/679), which are mandatory legislative acts in the Russian Federation and the EU , respectively.
This site collects and processes personal data taking into account the requirements of international laws and only for the sale of tourism services in accordance with the public agreement "Rules for using the site." We transfer personal data only to reliable partners using secure protocols (for example, to international booking systems). We limit access to personal data through password authentication and secret codes. We store personal data in encrypted form and only for the purpose of improving the usability of the service, while we provide the data owner with the ability to view, edit and delete it through the “personal account” functionality.
To make a purchase as an individual, you do not need to create an account in the system. In this case, access to your order will be limited to a unique alphanumeric code (order number), which will be displayed on the order page and duplicated in the letter confirming your successful booking. To prevent the order number and last name from being selected manually, the system limits the number of entry attempts per unit of time.
If you create an account in our system, your orders will be associated with this account and displayed as a list in your "personal account". We will also save the passenger data you enter so you can reuse it when creating new orders. No one except you has access to passenger data saved in your “personal account”.
Personal data related to orders is stored in encrypted form. Only you and our company employees have access to this data. Our employees use your data only to solve technical problems and to fulfill the conditions of transportation; use for other purposes is prohibited by a non-disclosure agreement signed by each of our employees.
We send emails and SMS messages only:
Our system does not receive or store bank card data. All payments go through reliable and certified systems of banks or payment gateways. We only receive and process the successful or unsuccessful result of your payment
Rights of the subject of personal data
The processing of personal data is carried out in accordance with the rules for using the site and in compliance with this privacy policy.
You have the right to access, edit or completely delete your personal data.
You have the right to request by email or telephone:
The system does not process personal data for the purpose of making automated decisions that affect the cost of the order, or decisions that limit your rights as a subject of personal data.
Information collected and processed by our system
We receive the following information from you:
Data type |
How to use |
Where is it transmitted? |
How long does it last? |
Browser language |
To determine the language version of the site |
Not getting through |
Not stored |
Browser type |
To determine specific parameters for the correct display of a website |
Passed to booking systems if this is a required parameter |
Stored in logs for up to 3 years (only for analysis and solution of technical problems) |
Internet Protocol address (IP) |
To roughly determine the departure airport closest to the user. To limit the number of attempts at safety-critical operations (selection protection) |
Passed to booking systems if this is a required parameter |
Stored in logs for up to 3 years (only for analysis and solution of technical problems) |
Search query parameters |
To pre-fill the search form after refreshing the page or returning to the site |
Transmitted to booking systems to receive offers (search results) |
No more than a week on the server side, 1 year on the client browser |
Passenger data (upon purchase) |
To perform booking and ticketing operations |
To booking systems and airlines |
3 months after completion of service (encrypted) |
Passenger data (in your personal account) |
To substitute data in new orders |
Not getting through |
Unlimited encrypted |
Passenger data (in your personal account) |
To substitute data in new orders |
Not getting through |
Unlimited encrypted |
User email address (upon purchase) |
To perform booking and ticket issuance operations. To send e-tickets and emails about order status |
To booking systems and airlines |
3 months after completion of service (encrypted) |
User phone number (upon purchase) |
To perform booking and ticket issuance operations. To send SMS about order status |
To booking systems and airlines |
3 months after completion of service (encrypted) |
User email address (upon registration) |
To identify the user. To recover your password. |
In mailing management systems in case of direct consent of the user |
Unlimited |
User password |
For authentication |
Not getting through |
Unlimited, as a hash sum. |
Cookie Policy
Cookies are files with data related to our system and stored on the side of your device.
You manage the stored data yourself and can delete it at any time. It is not recommended to completely disable the functionality of cookies, because this may negatively impact the available functionality of our system.
We use the data from these files only to ensure comfortable use of the site: when authenticating (entering your login and password), we remember you through a unique session identifier stored in a cookie. This allows you not to re-enter your login and password each time you perform an operation that requires authorization.
Data retention policy
- Security of access to personal data is ensured by authentication and authorization.
- Security of access to personal data of unregistered buyers is ensured through unique access codes or identification of the buyer device (via cookies).
- Company employees who have access to personal data sign a non-disclosure agreement.
- Personal data is encrypted during transmission and during storage (including in backups), the integrity of the encrypted data is verified using checksums. Encryption algorithm: symmetric with 256-bit key and random vector.
- Secure storage of passwords (via hashes without the ability to recover the user original password).
- Passwords and access codes to personal data are protected from brute-force selection.
- Protection against data loss is organized through a system of real-time replications and daily backups.
- All access operations to personal data are logged.
Changes to the privacy policy
The requirements of international laws and agreements regarding personal data change, and we must comply with them. In addition, we are constantly improving our system and adding new functionality. We are continuously improving mechanisms for protecting personal data. All this requires changes to this privacy policy. The new document comes into force on the date of publication.