1 COLLECTING, CONTROLLING, AND PROCESSING YOUR PERSONAL
1.1 FAIR PROCESSING.
In order to manage our business, we collect Personal Data. This is information that can identify you, such as your name, contact details, booking reference, payment details and your access to our website.
Personal Data also includes information you provide about other people such as your dependants and/or travelling companions.
By providing Personal Data about other people you confirm you have made them aware of our use of their Data set out in this Notice.
We are committed to protecting your privacy and will be clear and transparent about the Personal Data we collect and what we do with it.
This Notice sets out the basis on which we control, process, and disclose Personal Data we collect. It applies whether you are a past, current or prospective customer. It also applies to other people whose Data you provide to us in connection with our relationship with you (for example, travelling companions, dependants, or emergency contacts).
You have rights in relation to how we handle your Personal Data. (see: – 3 YOUR RIGHTS REGARDING THE PERSONAL DATA THAT WE CONTROL.).
This Notice does not confer any contractual right on you or place any contractual obligation on us.
1.2 CHANGES TO THIS PRIVACY NOTICE.
This Notice may change from time to time. The most up-to-date version is published on our website. We will tell you about any changes that affect you by way of an e-mail, in writing, or by a notice on our website as appropriate.
1.3 WHO CONTROLS YOUR PERSONAL DATA AND HOW CAN YOU CONTACT THEM?
Stobart Air UC is the “Data Controller” of all Personal Data we collect and process. “Stobart Air” primarily refers to Stobart Air UC, and where appropriate, to other companies in the Group or entities over which we exercise control. We are registered in Ireland with registration number 28858.
Questions or concerns you have can be addressed to: – Data Protection Officer, Stobart Air, 1, Northwood Avenue, Santry, Dublin 9, D09 V2F7, Ireland. Email. firstname.lastname@example.org.
1.4 CATEGORIES OF PERSONAL DATA WE MAY COLLECT.
We may collect some or all of the following categories of Personal Data from you when you book a flight with us. (This includes indirectly through our partner Aer Lingus 1., ) We may also collect Data when you use our website, or when you contact us:
|Name, home address, e-mail address, telephone number, passport, or other ID card numbers and details.|
|Birth and/or Marriage Certificates.|
|Credit/debit card or other payment details.|
|“Advance Passenger Information” (API). API includes the type, number, country of issuance and expiry date of any identity document, nationality, family name, given name, gender, date of birth, airline, flight number, departure and arrival airport date & time. API is defined in S.I. No. 177/2018, known as the EU (Passenger Name Record Data) Regulations 2018.|
|"Passenger Name Record” (PNR). PNR is a record of each passenger’s travel requirements. PNR contains Data necessary to enable reservations be processed and controlled by the booking and participating air carriers for each journey. PNR is also defined in S.I. No. 177/2018.|
|Medical conditions for passengers with medical and/or dietary requirements. (Examples: -You may have requested medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance. |
You may have sought clearance to fly with a medical condition, or you are more than 28 weeks pregnant).
|Travel history/itinerary, including Personal Data related to your flights and associated services.|
|Information you provide about your and your companions’ travel preferences.|
|Information about your purchases of our trusted partners’ products and services.|
|Communications you exchange with us or direct to us via letters, emails, chat service, telephone calls (*), and social media.|
|Details about physical or mental health.|
|Alleged commission or conviction of criminal offences.|
|Requested services. (Example: - a specific meal which is not a ’special category of data’ but may imply or suggest religion or health.)|
We may also collect Data from other sources including:
- Persons/entities/ your employer, who have booked flights on your behalf.
- Publicly available Data (e.g. social media and online content you have made publicly available).
- TV, radio, and media content.
- EU and UN Sanctions lists.
1.Aer Lingus Privacy Notice:
https://www.aerlingus.com/support/legal/privacy-statement/ Data Protection Officer, Aer Lingus, Dublin Airport, County Dublin, Ireland. email@example.com
*.If you call us on the telephone, and we intend recording the call we shall inform you that we are doing so and the purpose of the recording as follows: “Please note this call is being recorded for training, quality and security purposes”
1.5 CONSEQUENCES OF FAILURE TO PROVIDE PERSONAL DATA.
If we cannot collect necessary Personal Data from you, it may be difficult, impossible, or unlawful for us to enter into or continue a contract with you and/or provide you with some or all of our services.
If we ask for Data and you do not wish to give it to us, or if you wish to withdraw consent to the use of your Data, we will explain the consequences including whether it is a statutory or contractual requirement that we use such Data.
1.6 LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA.
We will only process Personal Data for lawful reasons. These are:-
|1||You have consented* to us using your Data in such a way.|
|2||When necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering a contract.|
|3||When necessary to comply with legal obligations.|
|4||In your vital interest.|
|5||When necessary for the performance of a task carried out in the public interest, such as the investigation of a criminal offence.|
|6||When necessary for the purpose of our legitimate interests in operating, managing and improving our business as an airline.|
*Where we rely on your Consent as the legal basis on which we process your Personal Data, we will notify you that this is the basis, and ensure that such Consent is freely given, specific, informed, and recorded. Where we process data on the basis of your Consent, you are free to withdraw that Consent at any time without detriment to you.
Note. Children aged 16 or over can provide consent in respect of “Information Society Services” (defined in Article 1(1) b of Directive (EU) 2015/1535. Under this age consent of parents or legal guardians is required. Otherwise the age of consent is 18, and consent of parents or legal guardians is required
1.7 THE PURPOSE OF PROCESSING YOUR PERSONAL DATA.
The Legal Bases on which we process your Personal Data (from the list set out above in (1.6 LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA.) are in brackets beside each purpose.
- Providing products and services you request. We use the Data you give us to perform the services you have asked for in relation to your flight, including requested flight changes. (2).
- Assess eligibility for discounted travel or other special offers or promotions. (2, 6).
- To manage the boarding process and facilitate flight connections. (2, 3, 6)
- Contacting you in the event of a flight time change, cancellation, or disruption. Communications about the services you have asked for and changes to such services are not made for marketing purposes and cannot be opted-out of (2, 3).
- Carrying out alterations to your travel arrangements necessitated by operational, weather or emergency reasons. (2, 3).
- Contacting dependants/next of kin/and/or persons nominated to be contacted, so we can respond appropriately to an emergency. (4).
- Credit or other payment card verification (6, 3). We use your payment information for accounting (6), billing (2) and audit (6) purposes and to detect and / or prevent fraudulent activities (6).
- Customer surveys and/or surveys that you have agreed to participate in (1).
- Administration of any loyalty program/s that you have elected to participate in. (1, 2).
- Dealing with complaints, disputes, and legal claims (6, 3).
- Carrying out analysis and market research. (6).
- Immigration / Customs Control: – We may be obliged to provide your Data to border control agencies in your itinerary or to which your flight may fly over (3).
- Security and crime prevention/detection: – We may pass your Data to government authorities or enforcement bodies for compliance with legal requirements. Data is used for enforcement purposes, including threat analysis to identify potential terrorists, and other threats to national and public security. It focuses security resources on high risk concerns to facilitate safeguarding of bone-fide travellers. (3). An example would be provision of API & PNR Data to the Passenger Information Unit of Ireland or another EU State to comply with S.I. No. 177/2018 – EU (Passenger Name Record Data) Regulations 2018.
- Disease Control: – We may be required to pass your Data to customs/border control (5).
- To manage our relationship with you (2, 6) and improve our services and enhance your experience with us. (6)
- Marketing & offering tailored services. Solely with your consent we may use your Data to provide information we believe is of interest to you, prior to, during, and after your travel with us. We may also use it to personalise services we offer. (1).
1.8 PROCESSING OF PERSONAL DATA RELATING TO CRIMINAL CONVICTIONS.
We may process Personal Data relating to criminal convictions for one or more of the following legal bases: 1, 2, 3, 4.
1.9 PROCESSING OF SPECIAL CATEGORIES OF PERSONAL DATA.
We may process Special Categories* of Personal Data for one or more of the legal bases outlined in 1.6 LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA., and/or:
- When necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Processing relates to Data manifestly made public by you.
- In the interest of public health.
*Special Categories of Personal Data: – Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. It also includes genetic data, and bio-metric data for the purpose of uniquely identifying a natural person. Data concerning health or data concerning a natural person’s sex life or sexual orientation is also Special Category Data. (Provisions for the processing of such Personal Data are set out in Article 9 GDPR).
2 SHARING AND STORING YOUR PERSONAL DATA.
2.1 WHO WE SHARE YOUR PERSONAL DATA WITH.
Where necessary to achieve the purpose of processing your Personal Data (See: – 1.7 THE PURPOSE OF PROCESSING YOUR PERSONAL DATA. we may share it with the following external parties: –
- Government authorities, law enforcement bodies regulators and airports in your itinerary or over which you may fly, to comply with legal requirements.
- GDS (Global Distribution System) agents through which you booked your flight.
- Airlines and other service providers needed to deliver the services you have requested where, for example, part of your travel itinerary involves a flight operated by a different airline and/or includes other services such as car hire or a hotel booking. (These will have been identified to you when you made a booking).
- Airlines and other service providers needed to deliver services necessitated by delays, cancellations and disruptions to your travel arrangements.
- Service providers we use to run our business such as ground handling agents assisting our passengers at airports, call centres providing assistance, cloud service providers, loyalty program service providers/administrators, and marketing service providers.
- Our Parent Company.
- Commercial banking partners who facilitate our requirement to process payments to/from customers.
- Anti-fraud, Economic Sanctions & Counter Terrorism Finance screening service providers we may retain to process and screen financial transactions.
- Legal and other professional advisers, law courts and law enforcement bodies in all countries we operate in in order to enforce our legal rights in relation to our contract with you.
- (Solely in relation to flights originating outside the EU and to or from French Territory), “In accordance with Article L 232-7 of French Internal Security Code, please be informed that air carriers shall transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014, and the modifying decree 2018-714 dated 03/08/2018”
2.2 TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES.
We operate in multiple jurisdictions located in the European Economic Area (EEA) and/or where the European Commission has ruled that the level of Personal Data is adequate by way of an “adequacy decision”.
Where we transfer your Data to a country which is not the subject of an “adequacy decision” we only do so on the basis of a lawful derogation under Article 49 GDPR, or if none applies, we take all safeguards required by law, to ensure the safety, privacy and integrity of such Data.
Should you require details of the safeguards we have in place for the transfer of Personal Data to other countries please contact our Data Protection Officer.
2.3 SECURITY OF YOUR PERSONAL DATA.
We maintain appropriate technical and security measures to protect Personal Data against accidental loss, destruction or damage. All entities to whom we disclose your Data are required to have appropriate technical and operational security measures in place.
2.4 HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will not retain your Personal Data for longer than necessary. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Data. We also consider the purposes we process it for and if we can achieve those purposes through other means. We must retain some Data in order to meet legal obligations (e.g. in relation to claims for cancelled flights under EU Regulation 261/2004) and to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your Data, we securely anonymise or delete it.
Details of the Cookies we use on our website and how to exercise your Cookie Options are in our Website Privacy & Cookie Notice and our Cookie Consent Centre.
3. YOUR RIGHTS REGARDING THE PERSONAL DATA THAT WE CONTROL
3.1 YOUR RIGHTS TO ACCESS, TRANSPORT, CORRECT, AND DELETE YOUR PERSONAL DATA.
3.1.1 Accessing and Transporting your Personal Data.
You have the right to be provided with a copy of your Personal Data, and/or have it provided by us to another Data Controller. If you would like a copy of your Data, please contact our Data Protection Officer.
Your request must be in writing and must contain the following: –
- Your name and address.
- Details of your request.
- Details which may help us locate the Data which is the subject of your request. (for example: Booking reference, or flight numbers and dates
You must also provide:-
- A photocopy of your passport or driving licence, so that we can verify your identity.
- Your signature and the date of the request.
- If you are applying on behalf of another person, we need verification of their identity and their signed authority
We may need to request other information from you to help confirm your identity. This may be necessary to ensure that Data is not disclosed to a person who has no right to receive it.
Your request will be dealt with as quickly as possible. You will not have to wait for more than a month for us to respond. If at that stage, we are unable to provide the Data you require (due to complexity/ number of requests) we may extend the period to provide the data by a further two months. If we do this, we will explain the reason why.
Ordinarily you will not have to pay a fee to access your Data or to exercise your rights. We may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
3.1.2 Correcting your Personal Data.
If your Data is found to be incorrect you have the right to have it corrected free of charge by contacting our Data Protection Officer.
3.1.3 Deleting your Personal Data.
Subject to any overriding legal obligation requiring us to retain it, you have the right to have your Data deleted, however erasing your Data may make it difficult or impossible for us to enter into or continue contract of carriage with you or provide services to you. If you want your Data deleted, please contact our Data Protection Officer.
3.1.4 Restricting our use of your Personal Data.
You have the right to restrict our use of your Data in certain circumstances. If you wish to ask to exercise your rights in this regard, please contact our Data Protection Officer.
3.2 AUTOMATED DECISION MAKING.
An Automated Decision is a decision that has a legal or similar significant effect on you, that is made by processing your Personal Data solely by automatic means. No humans are involved in the decision-making process. You have a general right not to be subjected to an Automated Decision or Automated Profiling. We don’t use your Data to carry out Automated Decision Making or Profiling.
3.3 YOUR RIGHT TO OBJECT AND WITHDRAW YOUR CONSENT TO DATA PROCESSING.
to object. You have the right to withdraw any Consent you gave to the processing of your Data. If we cannot Process your Data it may make it difficult, impossible or unlawful for us to enter into or continue a contract of carriage with you or provide services to you.
Objecting to processing and/or withdrawing your Consent will not affect the legitimacy of processing that took place prior to you exercising this right.
If you want to object or withdraw your Consent, please contact our Data Protection Officer.
3.4 YOUR RIGHT TO MAKE A COMPLAINT.
If you are unhappy about the way we handle your Personal Data, please contact our Data Protection Officer. We will do our best to address your concerns swiftly and resolve any issues you may have.
3.4.2. Complaining to the Supervisory Authority.
You have the right to complain to the Supervisory Authority. The Supervisory Authority is the Data Protection Commission. Their contact details are as follows: – The Data Protection Commission 21, Fitzwilliam Square South, Dublin 2. D02 RD28 Ireland. www.dataprotection.ie E-Mail: firstname.lastname@example.org.
Effective Date – 25/11/2020
Click to download a PDF of this customer privacy notice