Privacy policy

We provide you with all the information on personal data protection and conservation carried out by Air Europa.

Data controller

Owner
AIR EUROPA LÍNEAS AEREAS, S.A., (hereinafter AIR EUROPA).
Tax ID: A07129430.

 

You can contact us at

Address
Polígono Son Noguera, Llucmajor-Baleares- Spain

Telephone
+34 911 401 501

Email
You can also contact our Data Protection Officer (DPO) at the aforementioned postal address and/or by email: delegadopd@aireuropa.com

The DPO is the person tasked with ensuring that AIR EUROPA complies with all personal data protection laws. The DPO engages in his/her monitoring and supervisory work independently and confidentially.

The content of this Policy adheres to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and of Organic Law 3/2018 of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) .

When you access and use this website, take part in the blog, use our app, contact our call center agents, book directly through our offices in the various airports, book our services through third parties (travel agencies or other airlines) or engage in any other activity that requires AIR EUROPA to process your personal data, you agree to accept this Privacy Policy, as well as the provisions contained in the Terms and Conditions and the Cookie Policy.

At AIR EUROPA, we offer you information so that, before you provide your personal data, you can access the Privacy Policy and any other relevant Data Protection information.

Similarly, if you decide to purchase additional services, such as home baggage pick-up, in-flight shopping, etc., other terms and conditions in addition to those contained herein may apply.

Identity and contact data
When making reservations, whether for yourself or others (in the case of minors or other people, including from travel agencies or other airlines), the following identification and contact details on the passenger will be requested: full name, gender, telephone number and email address. 

In addition, the payment details of the customer and/or passenger will be taken, such as a credit card (card number, account holder, CVV/CVC/CID), email address of the PayPal account, or the telephone number from which the Bizum transfer is made. 

Similarly, at check-in, we may obtain the date of birth, nationality, country of residence, and passport or identity document number, depending on the destination of the flight. Furthermore, Regulation EU 996/2010 of the European Parliament and of the Council of 20 October 2010 on the investigation and prevention of accidents and incidents in civil aviation, requires us to request the contact details (first and last name and telephone number) of a person you designate to contact in the event of an incident or emergency. The customer and/or passenger voluntarily decide whether to fill out this section or not.

If the passenger is an unaccompanied minor, the identification and contact details of his/her parents or legal representative, as well as of the persons responsible for accompanying the child to the departure airport and receiving him/her at the arrival airport, will also be processed.

 

Details regarding the trip
During the booking and/or check-in process, all the details provided to adapt and customize the service (seat, luggage options, additional assistance, luggage collection, etc.) and the payment details (credit/debit card, PayPal or Bizum) will be stored, together with the travel itinerary, boarding card, connecting flights, as well as any incident involving the flight (possible delays or changes made).

Similarly, during the trip, the flight recorder, commonly known as the black box, will record the voice of the passengers and cabin crew so that, in the event of an accident, it can be used to analyze the events leading up to the accident and determine its causes. 

Other data will be processed if you use our additional services, such as VIP lounges, in-flight entertainment systems and the like.

 

Sensitive data
On certain occasions, and in order to adapt our service to your needs, you or a third party (travel agency) will have to provide us with data deemed sensitive by law, which requires additional protection.

These occasions may arise when you require specific assistance (wheelchair, oxygen), an authorization to fly (medical condition or more than 28 weeks pregnant) or specific meals, and may provide, indirectly, indications on your ethnic origin, religious beliefs or state of health (allergies, diabetes, pregnancy, etc.), as set out in Article 9 of the GDPR. 

This data is only collected with your consent - when you select the corresponding services during booking - and is only used to offer you the service requested during the trip. You may object to the collection of this data, but doing so could make it impossible to satisfy your requests.

 

It should be noted that, for certain destinations and while the laws involving the control of epidemics or pandemics (such as COVID-19) require us to do so, we may request that you show us proof of vaccination or diagnostic tests (antigen, PCR, etc.) if required by the health authorities of the destination country. 

If you are part of the SKYCLEARED program, you can validate your personal documentation such as: Passport, Visas, COVID vaccination certificates/passport (sensitive details), if required by the authorities at your destination, as part of the online check-in (app or website), in order to improve your airport experience by making it faster and safer (by not having to show your documentation either at check-in or when boarding, since you are registered in our systems as a ready-to-fly passenger).

At airports that have biometric control devices installed (sensitive data), if you are enrolled (optional), we only collect the confirmation of your identity at different points at the airport (check-in, checked baggage drop-off, boarding), as well as details that allow us to automatically link this data to the corresponding booking and to complete the boarding process correctly. We do not collect or process the biometric data of our passengers. This service is provided by the airport manager, for example AENA (https://www.aena.es/es/nota-adicional/politica-privacidad-sistema-biometrico-mad), meaning the data processing is done directly by said manager.

Data from previous trips and all related matters will also be processed, including class upgrades, luggage needs, problems at the airport, incidents with luggage and any comments you provide as a customer.

 

Registration details and/or enrollment in the AIR EUROPA SUMA loyalty program
If you sign up, additional personal data will be processed, such as your AIR EUROPA SUMA card number, the specific card type (SUMA, SILVER, GOLD or PLATINUM), the miles you have accumulated or redeemed and other details related to your account. 

 

Data collected while browsing or using the app
When you enter our websites or applications, AIR EUROPA will use cookies or similar technologies to collect data related to the device you are using, such as the IP address, browser, operating system and how you use the website/app. The user may consent to the use of geolocation data or other data requested by us, and opting out will not affect the provision of the service in any way.
If you use our in-flight streaming, entertainment or Wi-Fi service, your usage and browsing data will also be processed.

 

Communications with AIR EUROPA
If you communicate via any of the methods provided (forms, emails, telephone, social media), the data provided in these communications will be stored while your request is processed. This includes recording telephone calls (voice) if you call the Customer Service Hotline. Similarly, we will store any communications we engage in for the purpose of confirming the booking, boarding pass or changes that occur involving your flight.

 

Participation in marketing contests or activities
We will store your data if you have taken part in a promotional contest or activity, or if you have interacted with us through social media such as Facebook or Twitter.

The different purposes for which AIR EUROPA processes your data are explained below:

  • Manage bookings and travel itinerary.
  • Manage in-flight entertainment (magazines, films, series, etc.).
  • Process comments, complaints/incidents, claims and requests made by the customer and/or passenger, as well as any other communications.
  • Manage immigration processes and/or the entry to or exit from the territory of a State, ensure your safety and comply with other legal requirements applicable to all airlines (PNR data).
  • Process the AIR EUROPA SUMA loyalty program.
  • Process the sending of commercial information.
  • Management of analytical  work and market research, through cookies, and other similar technologies and tools.
  • Management of the tracking of customers using the website/App, to identify ways to improve the browsing experience
  • Manage personal data communications with other vendors and/or partners whose services you may use.
  • Manage emergency situations, disasters or force majeure events in general.
  • Manage the website, app, social media and blog.
  • Manage flight safety.
  • Manage and prevent fraud, as well as comply with legal obligations.
  • Management of your request to locate a lost object at AIR EUROPA facilities.

The data protection regulation (Article 6 GDPR) specifies circumstances in which personal data can be processed. The legal bases for AIR EUROPA's processing of your information are:

Pre-contractual measures and/or contractual performance

  • To process all matters related to the trip (bookings, status updates and service or operational communications, boarding process, connecting flight), and, in general, to provide the service purchased by the customer; Even if you have opted out of receiving commercial information. 
  • To process comments, complaints/incidents, claims and requests made by the customer and/or passenger, as well as any other communications.
  • To conduct satisfaction surveys involving the services or the AIR EUROPA SUMA loyalty program.
  • To manage the in-flight entertainment (magazines, films, series, etc.).

 

Legal obligation

  • To report data to the competent authorities ("Recipients" section).
  • To investigate, prevent and detect fraud.
  • When the data subject exercises his/her data protection rights.
  • To exercise legal actions filed by or against AIR EUROPA.
  • To manage emergency situations, disasters or force majeure events in general.

 

Legitimate interest (AIR EUROPA)

  • To offer and provide services that meet the needs of the customer and offer a more personalized service.
  • To conduct market analyses and studies.
  • To send commercial communications by electronic means (email, SMS, push messages on our app, etc.).

 

Consent

  • To send commercial communications when the customer enrolls in the AIR EUROPA SUMA loyalty program.
  • To transfer personal data to some of our vendors and/or partners.
  • To process sensitive data (health, beliefs or biometric data) provided by the customer and/or passenger.
  • To accept cookies and other similar technolgies and tools on the website .
  • To interact on our social media or blog, including subscribing to the newsletter.
  • To manage your request to locate and send a lost object to AIR EUROPA's premises, granted by filling in the web form of the supplier FOUNDSPOT S.L.

Not providing the personal data requested or not accepting this Privacy Policy entails not being able to subscribe to and enjoy the services we offer.

The period for storing personal data will vary depending on the service we provide to you. In any case, your data will be stored for the duration of the contractual relationship. Once this period is over, we will keep your data blocked during the limitation periods of the obligations that may have arisen from the processing and/or for the applicable legal periods, making it available to the competent authorities and to deal with any potential liabilities resulting from the processing, after which it will be deleted.

Similarly, your data will be stored for as long as you do not object to the processing or revoke your (previously granted) consent, as well as when there is no commercial need or legitimate interest, at which point it may be (i) anonymized so it can be processed for statistical purposes, giving us an insight into our customers, their preferences and needs; (ii) blocked, remaining at the disposal of the competent authorities, during the statutory limitation periods established to cover any liabilities arising from the processing of your data; or (iii) deleted.

  1.  AIR EUROPA collaborates with the companies in its business group (Air Europa Líneas Aéreas, S.A.U.; Air Europa Holding, S.L.U.; Air Europa Suma Miles, S.L.U.; Aeronova, S.L.U), as well as with some third-party service providers that have access to your personal data and that process the aforementioned data on behalf of AIR EUROPA as part of the services they provide (data processors).

    Specifically, and by way of example, the aforementioned vendors provide their services in the following sectors: logistics/handling (baggage and passenger assistance, apron operations); travel agencies or metasearch engines (changes in flight schedule, cancellations); airlines (connections from an Air Europa flight to another operated by another airline); legal advice (defend our legitimate interests as part of any legal, administrative, judicial or extrajudicial activities and processes we engage in); insurance companies, intermediary entities, as well as experts and appraisers (incidents); technology services companies (everything related to IT, Web/App tracking); physical and operational safety and security companies (airport agents); airport security company (controls); call center services companies (customer service); multidisciplinary professional services companies; maintenance companies; as well as to the group companies indicated and to fraud prevention companies (online ticket purchases, payment processors, payment gateway). 
     
  2. We will provide your personal data in response to information requirements (legal obligation) from law enforcement agencies (to protect our rights, property, or the security of our passengers, employees and assets); from Judges or Courts (defend our legitimate interests); from health authorities (investigations into possible contagion on board, to contact trace potentially infected passengers and contain the spread of diseases), or from any other government agency, whether Spanish or from other countries.
     
  3. We will report, in accordance with the regulations and/or legal requirements of the destination country, the so-called "PNR" data (passenger name, contact information, itinerary and booking details) to the customs and immigration department or relevant authority of the various countries you are transiting through (final destination or stopover), and in some cases to overflown countries. This information is always provided 24 to 48 hours before the flight. For example, if you are flying to France, the aforementioned details will be provided to French authorities. On multi-leg flights, this information will also be provided to the authorities of the stopover country or countries. 

    Other countries, such as the United States, legally require the data of any flight that flies or may fly over or land unexpectedly in their territory (Secure Flight Program). For example, if you are flying from Madrid to Havana, we will be required to provide your data to American authorities (72 hours before the scheduled departure time; 48 hours before the scheduled departure time; before boarding and once the flight takes off). The consequence of this is that, despite not landing in the United States or flying over its territory, you will not be able to go to your destination if you are denied access to the United States.
     
  4. We will transfer your data to other airlines, especially SkyTeam members, maritime or land transportation operators as needed to provide the services you request; for example, if your travel itinerary includes a flight operated by a different airline or includes several modes of transport whose services you purchased. These will be identified at the time of booking, and your initiative to purchase their services shall be regarded as providing express consent to transfer your information to these service providers.
     
  5. We will communicate your personal data to credit and debit card companies, credit reporting agencies and fraud control service providers, as well as to payment processors and to the payment gateway itself (you can see the list in the table of collaborators). By purchasing the service via the website or app, you will be deemed to be providing your express consent to carry out this data transfer.
     
  6. We will communicate your data to the global distribution systems, or "GDS," computerized systems used by AIR EUROPA to manage bookings, issue tickets, etc. That is an interconnection system that is used to allocate in real time the different products and services that it offers.
     
  7. If you purchase services from one of our collaborating entities, we may share your data (full name and destination) in order to expedite the purchase process. Your data will be processed as governed by said entity's own Privacy Policy, available on its website. For example:
    • Sherpa: partner who will help you obtain the proper travel documents and inform you of current travel requirements. 
    • Bag on Board ("BoB"): offers home pickup, transportation and check-in of luggage, available for certain AIR EUROPA flights
     
  8. We will provide your data to those companies you have used to obtain information about our flights or service offers (for example: metasearch engines of flights, trips and offers, or travel agencies) to manage the relationships between AIR EUROPA and these entities (for example: settlement of exchange rate fees). We will make every effort to provide as little information as necessary.
     
  9. If you are registered in the TSA Prev® program, designed to speed up your passage through security controls in the United States, we will provide your data to the authorities participating in the program by sending the aforementioned PNR data

Be informed that some of the aforementioned service providers, as well as some collaborators or airlines, are located outside the European Economic Area, and sometimes in territories that do not provide a level of data protection comparable to that of the European Union (United States, Colombia or others). 

In these cases, AIR EUROPA makes these international data transfers based on an adequacy decision or with adequate guarantees. This means that the vendors (data processors and/or sub-processors) and AIR EUROPA have signed the Standard Contractual Clauses approved by the Commission, whose content is available at the following link:
https://www.boe.es/buscar/doc.php?id=DOUE-L-2021-80739  

In the absence of adequate guarantees, any transfer will be done with the user's explicit consent or under the protection of the need to perform the contract entered into with the user, as in the case of some of our payment processors.

Similarly, if required by the applicable regulations, we may be obligated to transfer your personal data, in particular your PNR data, to public or government agencies of countries in your itinerary, possibly located outside the European Union, where the level of data protection is often not comparable to that of the European Union.

If you do not agree to this transfer, please be informed that you may not be able to make your booking with us.

What rights do I have and how can I exercise them?
The law gives you a series of rights involving the personal data you provide to AIR EUROPA. These rights are:

  • Right to access. This authorizes you to contact us to find out if your data is being processed and, if so, to obtain information in this regard.
  • Right to rectification. You may request that any data you deem to be inaccurate be corrected, and we will proceed to correct it with the new data you provide.
  • Right to object. Whenever the processing is protected by a public or legitimate interest, in the case of profiling or when the processing is done for direct marketing purposes, you may object. AIR EUROPA (except for direct marketing) may assert reasons that prevail over your right to object.
  • Right to erasure. You can request the deletion of the data provided if allowed for the reasons stipulated in the law (see Article 17 GDPR).
  • Right to request the restriction of processing. This is an auxiliary right whereby if you request the deletion, rectification or have objected to the processing of your data, AIR EUROPA will block your data until your claim is resolved.
  • Right to data portability. You may request, when processing is carried out by automated means, the transfer of your data to another company, provided that the processing is based on your consent or as part of the performance of a contract.
  • Right not to be subject to automated individual decisions. This right is intended to guarantee that you are not subject to a decision based solely on the processing of your data, including profiling, that produces legal effects concerning you or that significantly affects you in a similar manner.

You can send a written notice to the registered office of AIR EUROPA or to the email address delegadopd@aireuropa.com to request the exercise of your rights.
In any case, there is an online form you can access that will let you exercise the aforementioned rights quickly and easily.
Can I withdraw my consent for processing that is based on said consent?
If you have given your consent for a specific purpose, you have the right to withdraw said consent at any time. This shall not affect the legality of any processing that was done based on your consent prior to its withdrawal.

How do I file a claim with the Supervisory Authority?
If you believe there is a problem with the way AIR EUROPA is handling your data, you can direct your claim to the Data Protection Officer or to the corresponding data protection supervisory authority, which in the case of Spain is the Spanish Data Protection Agency, C/Jorge Juan, number 6, 28001-Madrid or via the website: https://www.aepd.es

All personal data processing entails a risk for the users who provide it. This risk may materialize in the event of a security breach that violates our customers' privacy. As a result, AIR EUROPA takes the appropriate measures to guarantee the confidentiality of the data you provide to us in order to avoid any unauthorized destruction, loss, communication, access, accidental or unlawful alteration of the personal data provided. 
These measures are both organizational and technical. The former are those we adopt in order to raise awareness in and train our employees by adopting the necessary security policies and protocols. The latter are those of a technological nature, such as data encryption, pseudonymization of the information, antivirus or firewall.

Moreover, these measures are reviewed and modified as part of a continuous improvement process to ensure that said measures can deal with new threats as they emerge. Despite this, zero risk and total security do not exist, and AIR EUROPA may suffer a successful attack that results in a leak of information. Should this happen, we will notify the competent supervisory authority and you as soon as possible, identifying the information affected.

Our website uses cookies to gather information on how the website is used. For more detailed information on how AIR EUROPA uses cookies, see our Cookie Policy.
Policy updated in August 2022

COMPANY

PRIVACY POLICY

PURPOSE INTERNATIONAL DATA TRANSFER
Riskified Ltd https://www.riskified.com/terms/ Fraud prevention and detection for Air Europa and other Riskified clients. Israel, Nepal and the United States
Worldpay B.V.
Worldpay (UK) Ltd
Worldpay Ltd
Worldpay AP Ltd
https://online.worldpay.com/terms/privacy Payment processor. United Kingdom
Amadeus IT Group, S.A. https://amadeus.com/es/politicas/politicas-de-amadeus Entity that provides the Global Distribution System (GDS), used to: check travel information; issue tickets; process and authenticate credit cards, and prevent fraud; etc.

In these cases, provided the ticket was purchased on the website, on the app, via our telephone service centre or at an airport office, Amadeus acts as the data controller, meaning Air Europa will transfer your personal data to it in order to provide the service.
N/A
Sherpa https://www.joinsherpa.com/legal/privacy-policy Information and management of the documentation required to travel. N/A
Bag on Board https://bob.io/politica-de-privacidad/ Baggage processing N/A

FOUNDSPOT, S.L.

https://www.foundspot.com/es/politica-privacidad/

Company contracted to provide lost and found services.

N/A
SkyTeam https://www.skyteam.com/en/joint-privacy-notice SkyTeam is the
Alliance, of
which AIR
EUROPA is a
member, that
processes
personal data
to offer
passengers a
better travel
experience at
every stage of
their journey.
It depends on
the SkyTeam
member, and
the destinations
chosen.

 

 

 

Previous revisions to the Privacy Policy

Privacy Policy through July 2022


logo