Privacy Policy
At CFB France, protecting your personal data is a core commitment. This policy details how we collect, process, and safeguard your information in full compliance with European data protection standards.
Encrypted Data
End-to-end SSL protection
Full Transparency
Open data practices
Your Rights
Complete data ownership
GDPR Compliant
EU regulation adherence
Table of Contents
1Data Controller & Overview
This Privacy Policy outlines how CFB France, a brand of CFB and affiliate of AIRBEAS TRAVEL ("we," "us," or "our"), gathers, processes, stores, and protects your personal data when you interact with our website at cfbfrance.com or utilise any of our flight booking and travel-related services (collectively, the "Platform").
Data Controller Details
Brand Name: CFB France
Holding Company: CFB
Affiliate: AIRBEAS TRAVEL
IATA Number: 91205170 (UK)
Registered Address: 184 Rue de Paris, 93130 Noisy-le-Sec, France
Email: support@cfbfrance.com
Phone: +1 (888) 813-5711
By accessing or using our Platform, you confirm that you have reviewed this Privacy Policy and understand how your personal data will be handled. If you disagree with any aspect of this policy, please discontinue use of our Platform immediately.
This Privacy Policy forms part of and is subject to our Terms of Service. As a France-based entity, we are fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR), the French Loi Informatique et Libertés, and all other applicable data protection legislation across the European Economic Area.
2Data We Collect
We gather data through direct interactions with you, automated systems when you browse our Platform, and from authorised third-party sources to deliver and enhance our travel booking services.
2.1 Data You Provide to Us
- Registration Details: Full name, email address, telephone number, chosen password, and language preferences when creating an account on cfbfrance.com.
- Traveller Information: Passenger full names, dates of birth, nationality, passport or national ID details, frequent flyer memberships, seating choices, dietary requirements, and any special assistance needs.
- Payment Data: Credit or debit card numbers, billing address, and transaction verification details. All payment data is handled by PCI-DSS certified processors and is never stored in full on our servers.
- Correspondence: Any messages, enquiries, or feedback you send to us through our contact forms, email, phone, or social media channels.
2.2 Automatically Collected Data
- Technical Data: Device type, operating system, browser version, screen resolution, unique device identifiers, and mobile network details.
- Usage Logs: IP address, timestamps of visits, pages viewed, click patterns, referring URLs, and error reports.
- Geolocation: Approximate location inferred from your IP address; precise geolocation only with your explicit opt-in consent.
- Cookie Data: Information gathered via cookies, pixels, and similar tracking technologies. Please refer to our Cookie Policy for comprehensive details.
2.3 Third-Party Data Sources
- Flight Data Providers: We partner with airline distribution technology platforms to source real-time flight availability, pricing, and booking capabilities across hundreds of carriers worldwide.
- Airline Partners: Booking confirmations, schedule updates, loyalty programme data, and flight status notifications from carrier systems.
- Financial Institutions: Transaction validation, chargeback data, and fraud screening information from our payment processing partners.
3Purpose of Data Processing
We process your personal data solely for defined, legitimate purposes, including:
Booking Fulfilment
- • Search, compare, and reserve flights
- • Generate electronic tickets and itineraries
- • Process payments and issue refunds
- • Deliver customer assistance and support
- • Send booking confirmations and travel alerts
Account Operations
- • Establish and manage your user account
- • Verify your identity at login
- • Store your travel preferences and history
- • Handle communication opt-in and opt-out
- • Deliver tailored travel suggestions
Legal & Safety
- • Identify and prevent fraudulent activity
- • Meet regulatory and tax obligations
- • Respond to lawful government requests
- • Uphold our Terms of Service
- • Safeguard user and company interests
Platform Enhancement
- • Study usage trends and visitor behaviour
- • Refine existing features and performance
- • Develop new tools and travel solutions
- • Conduct internal research and reporting
- • Pilot and evaluate new functionality
4Legal Grounds for Processing (GDPR)
As a France-based data controller, CFB France processes personal data under the following lawful bases recognised by the GDPR:
Performance of Contract
Processing required to execute the travel booking contract between you and CFB France, including flight reservations, ticket issuance, and ancillary travel services.
Compliance with Legal Obligations
Processing mandated by applicable law, including French tax requirements, EU anti-money laundering directives, and international aviation safety regulations.
Legitimate Business Interests
Processing necessary for fraud detection, service optimisation, internal analytics, and promotional communications where legally permitted and balanced against your rights.
Your Explicit Consent
Where legally required, we obtain your freely given, specific, and informed consent prior to processing, such as for marketing emails, non-essential cookies, or profiling activities.
5Data Sharing & Third Parties
CFB France does not sell your personal data. We share information only in the following limited situations:
Airlines & Travel Suppliers
We transmit necessary traveller and booking data to airlines and travel service providers to finalise your reservations, facilitate check-in procedures, and deliver your itinerary.
Payment Processors
Your payment information is securely transmitted to PCI-DSS certified payment processors for transaction authorisation and fraud screening. Complete card details are never stored on our infrastructure.
Operational Service Providers
We engage vetted third-party providers for cloud hosting, analytics, customer support platforms, and email delivery. Each provider is bound by data processing agreements that meet GDPR standards.
Legal & Regulatory Authorities
We may disclose data when compelled by law, judicial order, or regulatory requirement, or when disclosure is necessary to protect our legal rights, user safety, or public interest.
6Cross-Border Data Transfers
As a travel platform operating internationally, your personal data may be transferred to and processed in jurisdictions outside France and the EEA where different data protection standards may apply.
Transfer Safeguards
When transferring personal data outside the EEA, we implement appropriate protective measures including:
- EU Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers restricted to countries recognised as having adequate data protection by the EU
- Binding Corporate Rules where applicable within our corporate group
- Explicit consent obtained from you for specific transfers where required by law
7How Long We Keep Your Data
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as mandated by applicable legal and regulatory requirements.
| Category of Data | Retention Duration |
|---|---|
| Booking records & financial transactions | 10 years (French commercial law requirements) |
| User account information | Active account period + 3 years after closure |
| Customer support interactions | 3 years following resolution |
| Marketing consent records | Until you withdraw consent |
| Website analytics & logs | 25 months (anonymised after expiry) |
8Security Measures
CFB France employs robust technical and organisational safeguards to defend your personal data against unauthorised access, modification, disclosure, or loss.
Technical Controls
- • TLS 1.3 encryption for all data in transit
- • AES-256 encryption for stored data
- • Multi-factor authentication for accounts
- • Regular vulnerability scanning and pen testing
- • Network intrusion detection systems
- • Continuous infrastructure monitoring
Organisational Controls
- • Mandatory staff data protection training
- • Role-based access with least privilege
- • Vetting for personnel handling sensitive data
- • Documented incident response procedures
- • Third-party vendor security assessments
- • Annual policy and procedure audits
Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the CNIL (French Data Protection Authority) within 72 hours and inform affected individuals without undue delay as required by the GDPR.
9Your GDPR Rights
Under the GDPR, you are entitled to the following rights with respect to your personal data:
Right of Access
Obtain confirmation of whether we process your data and receive a full copy of the personal information we hold.
Right to Rectification
Request the correction of any inaccurate or incomplete personal data without undue delay.
Right to Erasure
Request that we delete your personal data when it is no longer necessary for its original purpose or when you withdraw consent.
Right to Restrict Processing
Ask us to temporarily halt the processing of your data while we verify its accuracy or assess your objection.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.
Right to Object
Object at any time to processing based on legitimate interests, including profiling and direct marketing activities.
How to Exercise Your Rights
Submit your request by emailing support@cfbfrance.com. We will respond within 30 days. Identity verification may be required before we can process your request. You also have the right to lodge a complaint with the CNIL at www.cnil.fr.
11Protection of Minors
Our Platform is not designed for individuals under the age of 16. We do not knowingly collect or process personal data from children under 16 without verifiable parental consent.
If you believe a minor has provided us with personal data without appropriate consent, please contact us at support@cfbfrance.com. We will promptly investigate and delete any such data.
When flight bookings include minor travellers, we collect only the minimum information required by airlines and civil aviation authorities to complete the reservation.
12Policy Updates
We may revise this Privacy Policy periodically to reflect changes in our practices, technology, legal obligations, or business operations. When material changes are made, we will:
- Update the "Effective Date" shown at the top of this page
- Alert you by email or via a prominent banner on cfbfrance.com
- Give you a reasonable opportunity to review the revisions before they become effective
We encourage you to check this page regularly so you remain informed about how we protect your data.
Data Protection Enquiries
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please reach out to our data protection team.
CFB France
Corporate Disclosure
CFB France is a brand of CFB and an affiliate of AIRBEAS TRAVEL. All flight booking services, customer support, and commercial operations are conducted under the CFB corporate structure, with AIRBEAS TRAVEL as the affiliate entity responsible for IATA authorisation (#91205170). The CFB France brand is used for consumer-facing communications within the French and European markets, while CFB and AIRBEAS TRAVEL serve as the parent and affiliate entities for regulatory compliance, contractual obligations, and financial operations.