Privacy Policy

GLOBAL PRIVACY POLICY

Effective Date: November 11th, 2025

Controller: Blessed Destiny, LDA

Commercial Name: JetShared

Registered Address: Rua Fialho de Almeida, Nº 14, 2º ESQ, Escritório FB 20, Lisbon, Portugal

Company Registration (NIPC): 519.039.262

Email: [email protected]

Website:https://www.jetshared.com

1. Purpose and Scope

This Privacy Policy explains how JetShared (“we”, “our”, or “us”), operated by Blessed Destiny, LDA, collects, processes, uses, discloses, and protects personal data of users, passengers, business partners, and other individuals in connection with the use of our platform and services.

JetShared is committed to complying with:

• Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR);
• Portuguese Law No. 58/2019;
• UK GDPR and Data Protection Act 2018;
• U.S. privacy laws, including the California Consumer Privacy Act (CCPA) and relevant federal aviation data disclosure laws (FAA/DOT/TSA).

This Policy applies globally to all users accessing JetShared’s website, mobile application, and any related services.

2. Categories of Data Collected

JetShared may collect and process the following categories of personal data:

a) Identification Data:

Name, nationality, date of birth, gender, and passport or ID information.

b) Contact Information:

Email address, phone number, billing and residence address.

c) Travel and Booking Data:

Flight itineraries, passenger manifest details, destination preferences, and booking history.

d) Payment Data:

Credit or debit card information, payment method, billing information (processed securely via compliant payment gateways).

e) Technical Data:

IP address, device identifiers, browser information, operating system, and cookie preferences.

f) Business Partner Data:

Operator or broker company details, business contact information, and related contractual data.

3. Legal Basis for Processing

JetShared processes personal data only when a lawful basis exists, including:

• Contract performance: to process flight bookings, payments, and associated services.
• Legal obligations: to comply with aviation, customs, anti-money laundering (AML), and security laws.
• Legitimate interests: to maintain service integrity, prevent fraud, improve user
• experience, and ensure platform security.
• Consent: for marketing, cookies, and optional communications, where legally required.

Where consent is the legal basis, you may withdraw it at any time without affecting prior lawful processing.

4. Purpose of Data Use

Personal data is processed for the following purposes:

• Booking, confirming, and managing private jet flights;
• Processing secure payments and invoices;
• Verifying passenger identities and travel eligibility;
• Sharing information with certified operators and brokers to execute flights;
• Complying with aviation, border control, and safety regulations;
• Providing customer service and operational updates;
• Conducting analytics to improve platform performance;
• Sending marketing communications (only with explicit consent).

5. Data Sharing and Recipients

JetShared shares personal data only as necessary and under confidentiality obligations, with:

1. Certified Operators and Brokers — for flight execution and manifest compliance.
2. Payment Processors and Financial Institutions — for secure transactions.
3. Technology Service Providers — IT hosting, cloud storage, analytics, and customer management tools.
4. Regulatory and Aviation Authorities, including:

• EASA and national Civil Aviation Authorities (Europe and UK);
• FAA, U.S. Department of Transportation (DOT), and Transportation Security Administration (TSA) (United States);
• Customs, immigration, or law enforcement agencies as legally required.

1. Legal or Tax Authorities, when mandated by law or court order.

JetShared never sells personal data to third parties.

6. International Data Transfers

6.1 JetShared may transfer personal data outside the European Economic Area (EEA), including to the United Kingdom, United States, or other jurisdictions where our partners operate.

6.2 Such transfers occur only when adequate safeguards are in place, including:

• The destination country having an adequacy decision by the European Commission; or
• Use of EU Standard Contractual Clauses (SCCs) ensuring an equivalent level of protection.

6.3 Transfers to U.S. partners (FAA/DOT-certified operators or brokers) are performed in accordance with these safeguards, ensuring compliance with both GDPR and U.S. aviation data laws.

7. Data Retention

JetShared retains personal data only as long as necessary for the purposes described herein or as required by law.

Data Type Retention Period

Passenger & Booking Data Up to 7 years (legal, tax, and regulatory obligations)

Payment & Transaction

Data

Up to 10 years (financial compliance)

Account Data Until deletion request or 3 years of inactivity

Cookie & Technical Data As per cookie preferences (see Cookie Policy)

8. Data Security

JetShared employs appropriate technical and organizational measures to ensure a high level of data security, including:

• Encryption of sensitive data and secure payment channels (SSL/TLS);
• Multi-factor authentication and role-based access controls;
• Firewalls and intrusion detection systems;
• Regular security audits and employee confidentiality training.

In the event of a data breach likely to result in risk to individuals, JetShared will promptly notify the Portuguese Data Protection Authority (CNPD) and, where relevant, the UK ICO or U.S. authorities, as required.

9. Data Subject Rights

Under applicable privacy laws (GDPR, UK GDPR, and CCPA), you have the right to:

• Access your personal data;
• Rectify inaccuracies or update information;
• Request deletion (“right to be forgotten”);
• Restrict or object to processing;
• Portability: receive data in a structured, machine-readable format;
• Withdraw consent at any time.

For U.S. residents under the CCPA, additional rights include:

• The right to know what categories of data are collected and shared;
• The right to request deletion of personal information;
• The right to opt-out of any data sale (JetShared does not sell personal data).

Requests may be submitted via [email protected].

JetShared will respond within 30 days in accordance with applicable law.

10. Cookies and Tracking Technologies

JetShared uses cookies and similar tracking technologies to:

• Enable core website functionality;
• Analyze usage and improve services;
• Personalize marketing communications (with consent).

You may adjust cookie settings through your browser or via the on-site cookie consent banner.

11. Children’s Privacy

The Platform is not intended for, and JetShared does not knowingly collect personal data from, persons under 18 years of age. If you believe a minor’s data has been submitted, please contact us to ensure prompt deletion.

12. Data Breach Notification

In the event of a personal data breach:

• JetShared will notify the CNPD within 72 hours of becoming aware of it;
• If the breach affects data subjects in the UK or U.S., relevant authorities will also be notified;
• Affected individuals will be informed if the breach poses a high risk to their rights or freedoms.

13. U.S. -Specific Privacy Notice

(Applicable when JetShared interacts with U.S. residents or partners under FAA/DOT regulations.)

13.1 JetShared complies with U.S. federal and state privacy laws, including CCPA and aviation data-sharing obligations under FAA and DOT.

13.2 Data may be shared with U.S. Department of Transportation (DOT) and Transportation Security Administration (TSA) solely for compliance with aviation safety, manifest, and security rules.

13.3 JetShared does not sell or trade personal data and will not share information with third parties for advertising purposes.

13.4 California residents may exercise their CCPA rights by contacting [email protected] or by written notice to our Lisbon office.

14. Updates to This Policy

JetShared may update this Policy periodically to reflect changes in legal or operational requirements. The updated version will be posted on our website with the revised effective date.

15. Governing Law

This Policy is governed by Portuguese law.

For Users based in:

• The United Kingdom, UK GDPR and UK Data Protection Act 2018 apply concurrently;
• The United States, applicable state and federal privacy laws (including CCPA) apply concurrently.

16. Contact Information

Data Protection Officer (DPO)

Blessed Destiny, LDA (JetShared)

Rua Fialho de Almeida, Nº 14, 2º ESQ, Escritório FB 20, Lisbon, Portugal

[email protected]