Privacy policy
Last updated: 2026-06-20
This notice explains how FFCheck ("we", "us") processes personal data on ffcheck.eu. We deliberately collect as little as possible: no accounts, no tracking pixels, no data resale, no advertising.
1. Who we are
FFCheck is an independent Amsterdam-based project publishing free consumer-protection tools across Europe — flight-delay compensation checkers, everyday-law answers and a scam checker. We are not affiliated with any government body; references to authorities on this site are informational. The data controller is the operator of FFCheck (KvK 82724822), reachable at info@ffcheck.eu. See the imprint for full identity details.
2. What we collect
- Server access logs
- On each request our web server records your IP address, browser user-agent and the requested URL, used for security (rate-limiting, abuse prevention) and debugging. Retention: 30 days, then deleted automatically. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
- Analytics (Google Analytics 4) — only with your consent
- If you accept analytics in the cookie banner, GA4 records anonymised page-view events (Consent Mode v2; everything is denied by default until you choose). Retention: 14 months. Legal basis: consent (Art. 6(1)(a)) — withdraw any time via "Cookie settings" in the footer. See the cookie policy.
- Order data — only if you buy the claim-letter PDF
- To generate your EU 261 claim letter (€19) we process the details you type into the generator: your name, email address and the flight details of your claim. During checkout they are held in a temporary server-side token (auto-deleted after 24 hours if you don't complete payment). After payment they are stored on your WooCommerce order together with the generated PDF (download window: 30 days) and the invoice. Legal basis: performance of a contract (Art. 6(1)(b)); invoices are retained for 7 years under Dutch tax law (Art. 52 AWR). Payment itself is processed by our payment provider — we never see or store your card details.
- What we don't collect
- No advertising identifiers, no third-party tracking pixels, no social-media cookies, no profiling, no sale of data. The free tools (checkers, everyday-law answers) work without submitting any personal data at all.
3. Who we share data with
- Google LLC — processes consent-gated Analytics events on our behalf (processor under a standard DPA; certified under the EU-US Data Privacy Framework).
- Our payment processor (WooPayments / Stripe) — processes your payment when you buy the PDF; card data goes directly to them, never to us. Stripe is certified under the EU-US Data Privacy Framework.
- Our hosting provider — stores server logs and order data on EU infrastructure.
- Authorities, only if legally compelled.
We do not sell, rent, trade or share data for advertising or marketing.
4. Your rights (GDPR Art. 15–21)
You can request access, rectification, erasure, restriction, portability, object to processing, and withdraw consent at any time — email info@ffcheck.eu; we respond within 30 days (Art. 12). You can lodge a complaint with your national data-protection authority; our lead authority is the Dutch Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).
5. International transfers
Google Analytics and Stripe may transfer data to US infrastructure under the EU-US Data Privacy Framework (Commission Decision 2023/1795). If you'd rather avoid the analytics transfer entirely, reject analytics cookies — that is exactly what the consent banner is for.
6. Children
This site is not directed at children under 16 and we do not knowingly collect their data. Contact info@ffcheck.eu if you believe a child has submitted personal data.
7. Changes
The "Last updated" date above reflects the most recent revision. For material changes (new data uses, new processors) we re-prompt for cookie consent and flag the change.