Data controller
Owner
AIR EUROPA LÍNEAS AÉREAS, S.A.U. (hereinafter AIR EUROPA).
Tax ID: A07129430.
You can contact us through
Address
Polígono Son Noguera, Carretera Arenal-Llucmajor, km 21.5
07620 Llucmajor, Balearic Islands, Spain
Telephone
+34 911 401 501
Email
Similarly, you can write to our Data Protection Officer (DPO) at the above address, and/or via email: delegadopd@aireuropa.com
The DPO is the person responsible for verifying that the AIR EUROPA regulations on personal data protection are complied with correctly. The DPO carries out its independent and confidential supervision and monitoring work.
This policy has been drafted in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and Council, of 27 April 2016 (GDPR), and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).
When you access and use this website, participate in the blog or our social media channels, use our app, contact our agents at the customer services centre, book directly at our offices in the different airports, book our services through third parties (travel agencies or other airlines), or use any other medium that entails personal data processing by AIR EUROPA, you agree to accept this Privacy Policy, as well as the provisions contained in the Legal Conditions and the Cookie Policy.
Before you provide your personal information, AIR EUROPA provides you with information so that you can access the Privacy Policy, and any other information relevant to data protection.
Similarly, if you decide to book additional services, such as on-board purchases, etc., other terms and conditions may apply, in addition to the ones set out in this policy.
Identification and contact details
When making reservations, either in as an individual or on behalf of others (minors or others, or from travel agencies or other airlines), the following identification and contact details of the passenger will be requested: Full name, gender, telephone number, email and voice (if you call us at our Telephone Service Center).
Also, the payment details of the customer and/or passenger will be collected, such as a bank card (card number, holder, CVV/CVC/CID), or if you use PayPal, Bizum or Revolut to pay for the purchased services.
Similarly, at the time of check-in, we may collect your date of birth, nationality, country of residence, and passport number or identity document, depending on the destination of your flight. Furthermore, Regulation EU 996/2010 of the European Parliament and of the Council of 20 October 2010 on the investigation and prevention of accidents and incidents in civil aviation, obliges us to request the contact details (name and surname and telephone number) of a person you designate to contact in the event of an incident or emergency. Customers and/or passengers voluntarily decide whether to complete this section or not.
If the passenger is an unaccompanied minor, the identification and contact details of the parents or legal representative will also be processed, as well as the persons responsible for accompanying the child to the departure airport and receiving them at the airport of arrival.
Travel details
During the booking and/or check-in process, all information provided for the adaptation and customization of the service (seat, baggage options, additional assistance, baggage collection, etc.), information required to make the payment (bank card, PayPal, Bizum or Revolut), travel itinerary, boarding card, connecting flights, as well as any incident affecting the flight (possible delays or changes made), will be stored.
Similarly, during the trip, the flight recorder, commonly known as a black box, will record the voice of passengers and cabin crew and other sounds in the aircraft immediately prior to an incident in order to determine the cause.
In the event of an incident, AIR EUROPA may contact the person or entity provided as an emergency contact, provided that the passenger has entered this information at the time of purchase. Similarly, in the event of a serious incident, AIR EUROPA will apply its emergency response plan (ERP), enabling any contact channels it deems appropriate to attend to the affected passengers, as well as to their relatives and close associates, and may collect other data from the interested parties in these situations.
Other data processed will include the use of our additional services such as VIP rooms, on-board entertainment systems or similar.
The above travel information and all matters related to it will also be processed, including upgrades, baggage requirements, issues at airports, baggage incidents and customer comments.
Sensitive personal information
Sometimes, and to adapt our service to your needs, you or a third party (travel agency) must provide us with information considered to be sensitive personal information under the GDPR, which requires additional protection.
This may occur in the case of requiring assistance (wheelchairs, oxygen), authorisation to fly (medical condition or pregnancy of more than 28 weeks) or requesting food preferences, and may indirectly provide information on ethnic origin, religious beliefs or the state of health (allergies, diabetes, pregnancy, etc.), as set out in Article 9 of the GDPR.
These details are only collected with your consent - when you request these services when making your booking - and are used only to offer you the service requested during the trip. You can oppose the collection of this information, but in this case, we may not be able to meet your requirements.
If you participate in the SKYCLEARED programme, you can validate your personal documentation, such as: Passport, Visas, vaccination certificates/COVID passport (sensitive personal data), if required by the authorities at your destination, as part of your online check-in (App or website), to personalise and tailor your travel experience (without presenting your personal documents at check-in or when boarding, as you will be registered in our systems as a verified passenger).
At airports that have installed biometric control devices (sensitive personal data), in the event of (optional) identification, we only collect confirmation on the identity check at the different stages of the airport circuit (passage through airport security filters and boarding), as well as details that allow us to automatically link these details to the corresponding booking and to facilitate passenger boarding. We do not collect or process the biometric data of our passengers. This service is offered by the airport manager, for example AENA (AENA biometric system privacy policy), which processes this data directly.
Details of registration and/or subscription to the AIR EUROPA SUMA loyalty programme
If you sign up, additional personal data will be processed, such as your AIR EUROPA SUMA loyalty number, your address (if you request the physical card), supporting documentation, date of birth, the level (SUMA, VIEW, GOLD and PLATINUM), any Miles accumulated or redeemed and other details related to your account.
Newsletter registration details
If you sign up for our newsletter, the information requested in the form (name and email) will be collected, as well as the information on the language and market provided through the website.
Information collected during web or app browsing
When you enter our websites or applications, AIR EUROPA will collect information related to the device you are using, such as the IP Address, the browser, the operating system and the behaviour/use of the website/app, all of which are collected through cookies and similar technologies. The user may consent to the use of geolocation data or other data requested by us, and refusal to this use will not affect the provision of the service in any way.
If you use our on-board Streaming, Entertainment or Wi-Fi service, your usage and browsing data will also be processed.
Communications with AIR EUROPA
If you communicate through any of the channels provided (forms, emails, telephone channels, social networks), the data provided in these communications will be retained while we respond to your request. This includes the recording of phone calls (voice) if you contact through the Customer Service Call Center. Similarly, our communications will be stored for the purposes of registering the booking, boarding card or any changes that occur relating to the flight.
Participation in contests or commercial actions
We will keep your personal information if you have participated in a contest or promotional action, or have interacted with us through social networks such as Facebook, Instagram or Twitter.
Loss of objects
If during your trip you leave any object behind at AIR EUROPA facilities, i.e. on our planes or buses, you can request it to be shipped, if it is found, through a website form (of our collaborator FOUNDSPOT S.L.). This Form will ask you for personal identification details (name and surname of the applicant and/or passenger, telephone number and email), as well as those relating to the lost object (description, brand, colour, model, images, place of loss, flight number, etc.)
The following are the purposes for which AIR EUROPA submits its data to processing:
The data protection regulations (Article 6 and 9 GDPR) provide for cases that enable the processing of personal data. AIR EUROPA legitimises the processing it carries out based on:
Pre-contractual measures and/or contractual execution
Legal obligation
Legitimate interest (AIR EUROPA)
Consent
If you do not provide the personal details requested, or do not accept the Privacy Policy, you will not be able to subscribe and enjoy the services we offer.
The conservation period for personal data varies according to the service in question. In any case, the data will be held throughout the term of the contractual relationship. Once this contractual relationship has ended, we will keep your data blocked throughout the statutory limitations of the obligations that may have arisen from the data processing and/or the legal periods applicable, whereby such data can be made available to the competent bodies for dealing with any possible liability resulting from the processing.
Similarly, your data will be stored for as long as you do not object to the processing or revoke your (previously granted) consent, as well as when there is no longer any commercial need or legitimate interest, at which point you can (i) anonymise them, so that they can be processed for statistical purposes, which gives us an insight into our customers, as well as their preferences and needs; (ii) block them, whereby such data can be made available to the competent bodies, during the statutory limitation periods, for dealing with any possible liability resulting from the processing of your data; or (iii) delete them.
Please be informed that some of the aforementioned service providers, as well as certain collaborators or airlines, are located in territories outside the European Economic Area and sometimes in territories that do not provide a level of data protection equivalent to that of the European Union (Colombia or others).
In such cases, AIR EUROPA makes these international data transfers based on a decision of adequacy or with adequate guarantees. Thus, the suppliers (data processors and/or processors) and AIR EUROPA have signed the standard contractual clauses approved by the Commission, the content of which can be viewed at the following link:
https://www.boe.es/buscar/doc.php?id=DOUE-L-2021-80739
In the absence of suitable guarantees, this will be done under the express consent of the user or under the protection of the need to execute the contract established with the user, as in the case of one of our payment processors.
Similarly, if the applicable regulations require it, we may be obliged to transfer your personal data, in particular your PNR data, to public or government authorities in countries included in your itinerary, possibly located outside the European Union and, therefore, often with a level of protection that cannot be provided.
If you do not expressly accept this transfer of data, it may not be possible to complete your booking.
What rights do I have and how can I exercise them?
The regulations grant you a series of rights regarding the personal data that you provide to AIR EUROPA. These rights are:
You can exercise your rights quickly and easily by completing the following online form.
In any case, you can send a letter to the registered address of AIR EUROPA or to the email address: delegadopd@aireuropa.com to request the exercise of your rights.
For processing whose legitimacy is based on consent, can I withdraw it?
In the event that consent has been given for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.
How can I make a claim with the Supervisory Authority?
If a user considers there to be a problem with the way AIR EUROPA is handling their data, they can address their claims to the Data Protection Officer or to the corresponding data protection authority, which, in Spain, is the Spanish Data Protection Agency, C/ Jorge Juan, número 6, 28001 – Madrid, or through the website: https://www.aepd.es
All personal data processing entails a risk for users who provide it. This risk can materialise due to a security breach that violates the privacy of our customers. Therefore, AIR EUROPA adopts the necessary measures to guarantee the confidentiality of the data provided to us, thus avoiding any destruction, loss, communication or unauthorised access, accidental or unlawful alteration of the personal data transmitted.
These measures are divided into organisational and technical measures. The former refers to the measures we adopt in order to raise awareness, educate and train our employees, adopting the necessary security policies and protocols. The latter refers to technological measures, such as data encryption, pseudonymisation of the information, antivirus or firewall.
These measures are also reviewed and modified as part of a continuous improvement process to ensure that said security does not become outdated in order to deal with new threats as they emerge. Despite this, zero risk and total security do not exist, and AIR EUROPA may suffer a successful attack that could cause a leak of information. In this case, we will notify the competent supervisory authority and you as soon as possible, identifying the data affected.
Our website uses cookies to gather information on how the website is used. If you want more information on how AIR EUROPA uses cookies, please consult the Cookies Policy.
COMPANY |
PRIVACY POLICY |
PURPOSE | INTERNATIONAL DATA TRANSFER |
Riskified Ltd | https://www.riskified.com/terms/ | Fraud prevention and detection for Air Europa and other Riskified clients. | Israel, Nepal and the United States |
Worldpay B.V. Worldpay (UK) Ltd Worldpay Ltd Worldpay AP Ltd |
https://online.worldpay.com/terms/privacy | Payment processor. | United Kingdom |
Amadeus IT Group, S.A. | https://amadeus.com/es/politicas/politicas-de-amadeus | Entity that provides the Global Distribution System (GDS), used to: check travel information; issue tickets; process and authenticate credit cards, and prevent fraud; etc. In these cases, provided the ticket was purchased on the website, on the app, via our telephone service centre or at an airport office, Amadeus acts as the data controller, meaning Air Europa will transfer your personal data to it in order to provide the service. |
N/A |
Sherpa | https://www.joinsherpa.com/legal/privacy-policy | Information and management of the documentation required to travel. | N/A |
FOUNDSPOT, S.L. |
https://www.foundspot.com/es/politica-privacidad/ |
Company contracted to provide lost and found services. |
N/A |
SkyTeam | https://www.skyteam.com/en/joint-privacy-notice | SkyTeam is the Alliance, of which AIR EUROPA is a member, which processes personal data to improve the passenger travel experience at every stage of the trip. | It depends on the SkyTeam member and the travel destinations selected. |
Previous revisions to the Privacy Policy
Privacy Policy up until April 2024
Privacy Policy up until July 2022
Rights form