Privacy policy

We provide you with all the information on personal data protection and conservation carried out by Air Europa.

Data controller

Owner
AIR EUROPA LÍNEAS AÉREAS, S.A.U. (hereinafter AIR EUROPA).
Tax ID: A07129430.

 

You can contact us through

Address
Polígono Son Noguera, Carretera Arenal-Llucmajor, km 21.5
07620 Llucmajor, Balearic Islands, Spain

Telephone
+34 911 401 501

Email
Similarly, you can write to our Data Protection Officer (DPO) at the above address, and/or via email: delegadopd@aireuropa.com

The DPO is the person responsible for verifying that the AIR EUROPA regulations on personal data protection are complied with correctly. The DPO carries out its independent and confidential supervision and monitoring work.

This policy has been drafted in accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and Council, of 27 April 2016 (GDPR), and Spanish Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD).

When you access and use this website, participate in the blog or our social media channels, use our app, contact our agents at the customer services centre, book directly at our offices in the different airports, book our services through third parties (travel agencies or other airlines), or use any other medium that entails personal data processing by AIR EUROPA, you agree to accept this Privacy Policy, as well as the provisions contained in the Legal Conditions and the Cookie Policy.

Before you provide your personal information, AIR EUROPA provides you with information so that you can access the Privacy Policy, and any other information relevant to data protection.

Similarly, if you decide to book additional services, such as on-board purchases, etc., other terms and conditions may apply, in addition to the ones set out in this policy.

Identification and contact details
When making reservations, either in as an individual or on behalf of others (minors or others, or from travel agencies or other airlines), the following identification and contact details of the passenger will be requested: Full name, gender, telephone number, email and voice (if you call us at our Telephone Service Center).

Also, the payment details of the customer and/or passenger will be collected, such as a bank card (card number, holder, CVV/CVC/CID), or if you use PayPal, Bizum or Revolut to pay for the purchased services.

Similarly, at the time of check-in, we may collect your date of birth, nationality, country of residence, and passport number or identity document, depending on the destination of your flight. Furthermore, Regulation EU 996/2010 of the European Parliament and of the Council of 20 October 2010 on the investigation and prevention of accidents and incidents in civil aviation, obliges us to request the contact details (name and surname and telephone number) of a person you designate to contact in the event of an incident or emergency. Customers and/or passengers voluntarily decide whether to complete this section or not.

If the passenger is an unaccompanied minor, the identification and contact details of the parents or legal representative will also be processed, as well as the persons responsible for accompanying the child to the departure airport and receiving them at the airport of arrival.

Travel details
During the booking and/or check-in process, all information provided for the adaptation and customization of the service (seat, baggage options, additional assistance, baggage collection, etc.), information required to make the payment (bank card, PayPal, Bizum or Revolut), travel itinerary, boarding card, connecting flights, as well as any incident affecting the flight (possible delays or changes made), will be stored.

Similarly, during the trip, the flight recorder, commonly known as a black box, will record the voice of passengers and cabin crew and other sounds in the aircraft immediately prior to an incident in order to determine the cause.

In the event of an incident, AIR EUROPA may contact the person or entity provided as an emergency contact, provided that the passenger has entered this information at the time of purchase. Similarly, in the event of a serious incident, AIR EUROPA will apply its emergency response plan (ERP), enabling any contact channels it deems appropriate to attend to the affected passengers, as well as to their relatives and close associates, and may collect other data from the interested parties in these situations.

Other data processed will include the use of our additional services such as VIP rooms, on-board entertainment systems or similar.

The above travel information and all matters related to it will also be processed, including upgrades, baggage requirements, issues at airports, baggage incidents and customer comments.

Sensitive personal information
Sometimes, and to adapt our service to your needs, you or a third party (travel agency) must provide us with information considered to be sensitive personal information under the GDPR, which requires additional protection.

This may occur in the case of requiring assistance (wheelchairs, oxygen), authorisation to fly (medical condition or pregnancy of more than 28 weeks) or requesting food preferences, and may indirectly provide information on ethnic origin, religious beliefs or the state of health (allergies, diabetes, pregnancy, etc.), as set out in Article 9 of the GDPR.

These details are only collected with your consent - when you request these services when making your booking - and are used only to offer you the service requested during the trip. You can oppose the collection of this information, but in this case, we may not be able to meet your requirements.

If you participate in the SKYCLEARED programme, you can validate your personal documentation, such as: Passport, Visas, vaccination certificates/COVID passport (sensitive personal data), if required by the authorities at your destination, as part of your online check-in (App or website), to personalise and tailor your travel experience (without presenting your personal documents at check-in or when boarding, as you will be registered in our systems as a verified passenger).

At airports that have installed biometric control devices (sensitive personal data), in the event of (optional) identification, we only collect confirmation on the identity check at the different stages of the airport circuit (passage through airport security filters and boarding), as well as details that allow us to automatically link these details to the corresponding booking and to facilitate passenger boarding. We do not collect or process the biometric data of our passengers. This service is offered by the airport manager, for example AENA (AENA biometric system privacy policy), which processes this data directly.

Details of registration and/or subscription to the AIR EUROPA SUMA loyalty programme
If you sign up, additional personal data will be processed, such as your AIR EUROPA SUMA loyalty number, your address (if you request the physical card), supporting documentation, date of birth, the level (SUMA, VIEW, GOLD and PLATINUM), any Miles accumulated or redeemed and other details related to your account.

Newsletter registration details
If you sign up for our newsletter, the information requested in the form (name and email) will be collected, as well as the information on the language and market provided through the website.

Information collected during web or app browsing
When you enter our websites or applications, AIR EUROPA will collect information related to the device you are using, such as the IP Address, the browser, the operating system and the behaviour/use of the website/app, all of which are collected through cookies and similar technologies. The user may consent to the use of geolocation data or other data requested by us, and refusal to this use will not affect the provision of the service in any way.

If you use our on-board Streaming, Entertainment or Wi-Fi service, your usage and browsing data will also be processed.

Communications with AIR EUROPA
If you communicate through any of the channels provided (forms, emails, telephone channels, social networks), the data provided in these communications will be retained while we respond to your request. This includes the recording of phone calls (voice) if you contact through the Customer Service Call Center. Similarly, our communications will be stored for the purposes of registering the booking, boarding card or any changes that occur relating to the flight.

Participation in contests or commercial actions
We will keep your personal information if you have participated in a contest or promotional action, or have interacted with us through social networks such as Facebook, Instagram or Twitter.

Loss of objects
If during your trip you leave any object behind at AIR EUROPA facilities, i.e. on our planes or buses, you can request it to be shipped, if it is found, through a website form (of our collaborator FOUNDSPOT S.L.). This Form will ask you for personal identification details (name and surname of the applicant and/or passenger, telephone number and email), as well as those relating to the lost object (description, brand, colour, model, images, place of loss, flight number, etc.)

The following are the purposes for which AIR EUROPA submits its data to processing:

  • Management of reservations and travel itinerary.
  • Management of on-board entertainment (magazine, films, series, etc.).
  • Management of enquiries, complaints/incidents, claims and requests made by the customer and/or passenger, as well as any other communication.
  • Management of immigration and/or entry or exit procedures in a territory, ensuring safety and security and complying with other legal requirements applicable to any airline (PNR data).
  • Management of the loyalty programme, AIR EUROPA SUMA, which highlights the sending of commercial communications from AIR EUROPA and its Partners.
  • Management of newsletters.
  • Management of the sending of commercial communications from AIR EUROPA and third parties.
  • Management of analytical tasks and market studies, through cookies, and other similar technologies and tools.
  • Management of the monitoring of customers using the website/app, to identify ways to improve browsing experience.
  • Management of personal data communications to suppliers and/or collaborators who are engaged in addition to this. Management of emergency situations, disasters or in general force majeure.
  • Management of website, app, social media and blog.
  •  Management of flight safety.
  • Management and prevention of fraud, and compliance with legal obligations.
  • Management of request to locate missing objects in AIR EUROPA facilities.
  • Management of service quality through online surveys or similar services. 

The data protection regulations (Article 6 and 9 GDPR) provide for cases that enable the processing of personal data. AIR EUROPA legitimises the processing it carries out based on:

Pre-contractual measures and/or contractual execution

  • To communicate, via email or SMS, all matters related to the trip (new bookings, status updates and service or operational communications, boarding process, flight connections), and, in general, the provision of the service contracted by the customer; This information is essential for the correct execution of our services, but will never be considered advertising communication. 
  • For the management of enquiries, complaints/incidents, claims and requests made by the customer and/or passenger, as well as any other communication.
  • The performance of satisfaction surveys on the service or the AIR EUROPA SUMA loyalty programme.
  • For managing on-board entertainment (magazine, films, series, etc.).

Legal obligation

  • The disclosure of data to the competent authorities (“Recipients” section).
  • When AIR EUROPA has the legal obligation, in accordance with current regulations, to investigate, prevent and detect fraud.
  • When the data subject exercises their data protection rights.
  • For legal actions brought about by or against AIR EUROPA.
  • To manage emergency situations, disasters or in general force majeure.

Legitimate interest (AIR EUROPA)

  • For the prevention, investigation and detection of fraud against AIR EUROPA.
  • To offer and provide services that meet the customer's needs, offering personalised service.
  • For analytical and market studies.
  • To send commercial communications of products or services similar to those purchased by the customer via electronic means (email, SMS, push messages in our app, etc.) and/or by phone.

Consent

  • Management of the commercial communications from AIR EUROPA and its Partners, when registering in the AIR EUROPA SUMA loyalty programme.
  • Management of the sending of commercial communications from AIR EUROPA and third parties when subscribing to our newsletter.
  • To transfer personal data to some of our suppliers and/or collaborators.
  • To process sensitive personal information (health, religious beliefs or biometric data) provided by the customer and/or passenger.
  • To accept cookies and other similar technologies and tools on the website.
  • To interact on our social networks or blog, including newsletter subscription.
  • To manage your request to locate and send a lost object in AIR EUROPA facilities, when filling out the web form of the supplier FOUNDSPOT S.L.

If you do not provide the personal details requested, or do not accept the Privacy Policy, you will not be able to subscribe and enjoy the services we offer.
 

The conservation period for personal data varies according to the service in question. In any case, the data will be held throughout the term of the contractual relationship. Once this contractual relationship has ended, we will keep your data blocked throughout the statutory limitations of the obligations that may have arisen from the data processing and/or the legal periods applicable, whereby such data can be made available to the competent bodies for dealing with any possible liability resulting from the processing.

Similarly, your data will be stored for as long as you do not object to the processing or revoke your (previously granted) consent, as well as when there is no longer any commercial need or legitimate interest, at which point you can (i) anonymise them, so that they can be processed for statistical purposes, which gives us an insight into our customers, as well as their preferences and needs; (ii) block them, whereby such data can be made available to the competent bodies, during the statutory limitation periods, for dealing with any possible liability resulting from the processing of your data; or (iii) delete them.

  • AIR EUROPA is collaborating with the companies of the business group to which it belongs (Air Europa Líneas Aéreas, S.A.U.; Air Europa Holding, S.L.U.; Air Europa Suma Miles, S.L.U.; Aeronova, S.L.U), as well as with certain third-party providers that have access to your personal data, and which process said data on behalf of AIR EUROPA as a consequence of the services they provide (data processors).
    Specifically, such providers carry out their services in sectors that include, but are not limited to, the following: logistics/handling (luggage and passenger assistance, runway operations); travel agencies or metasearch engines (changes to flight schedules, cancellations); airlines (transfer from one AIR EUROPA flight to another operated by a different airline); legal counsel (to defend our legitimate interests within the framework of legal, administrative, judicial or extrajudicial actions and proceedings); insurance companies, intermediaries, as well as experts and adjusters (incidents); technology services companies (everything related to IT, website/app monitoring); operational security and safety companies (airport agents); airport security company (controls); call centre service companies (customer service); multidisciplinary professional service companies; maintenance companies; as well as the companies of the business group mentioned, or fraud prevention companies (online ticket purchase, payment processor, payment gateway).
  • We will provide your personal data in response to information demands (legal obligation) from law enforcement agencies (protect our rights, properties, or the safety of our passengers, employees and assets); Judges or Courts (defend our legitimate interests); health authorities (investigations into possible infections on board, to track possible contacts with infected individuals and contain the spread of diseases), or any other Public Administration or Authority, whether in Spain or another country
  • We will disclose, as per the laws and/or legal requirements of the country of destination, the so-called “PNR” data (passenger name, contact information, route details and booking details) to the customs and immigration department or competent authority of the various countries of transit (final destination or stopover), and in some cases to the fly-over countries. These details are always provided 24 to 48 hours before the flight. For example, if you are flying to France, the data mentioned will be provided to French authorities. This transfer will also take place in multi-leg flights to the authorities of the country or countries where your flight stops over. 
    Other countries, such as the United States, legally require disclosing this data for any flight that flies or may fly over its territory, or make an unscheduled landing there (Secure Flight Program). For example, if you book a flight from Madrid to Havana or Cancun, we will be required to transfer your data to US authorities (72 hours before the scheduled departure of the flight; 48 hours before the scheduled departure of the flight; before boarding and once the flight takes off). The consequence of this is that, even if you do not eventually land in the United States or fly over its territory, you will not be able to fly to your destination if you have been denied entry to the United States. 
  • If you are registered in the TSA Prev® programme, designed to speed up your passage through security checks in the United States, we will disclose your data to the authorities involved in the programme by sending the aforementioned PNR data.
  • We will disclose your data to other airlines, especially members of the SkyTeam alliance, and to sea or land transport operators who are required to provide the services requested by you. For example, when your travel itinerary includes a flight operated by a different airline, or includes several transport methods that you contracted. These companies will be identified at the time of booking, and you, by booking their services, will be deemed to expressly consent to this data transfer. 
  • We will disclose your personal data to credit and debit card companies, credit reporting agencies and fraud control service providers, as well as to payment processors and to the payment gateway itself (See list in the Table of Partners). By purchasing the service through the website or app, you will be deemed to be providing your express consent to carry out this data transfer. 
  • We will disclose your data to the global distribution systems or “GDS”, computer systems that AIR EUROPA uses to manage bookings, issue tickets, etc. This service creates an interconnection that is used to distribute the different products and services it offers in real time. 
  • If you purchase services from our partner companies, we may share your data (name, surname and destination) in order to expedite the purchase process. The data processing will be governed by their own Privacy Policy, available on their website. For example:
    • Sherpa: partner that will help you get the right travel documentation and inform you about the current travel requirements.
  • We will disclose your data to those companies you used to obtain information about our flights or service offers (e.g. meta-search engines for flights, trips and offers or travel agencies) to manage the relationships between AIR EUROPA and these companies (e.g., to pay purchase conversion fees), while always striving to provide as little personal information as necessary. 

Please be informed that some of the aforementioned service providers, as well as certain collaborators or airlines, are located in territories outside the European Economic Area and sometimes in territories that do not provide a level of data protection equivalent to that of the European Union (Colombia or others). 

In such cases, AIR EUROPA makes these international data transfers based on a decision of adequacy or with adequate guarantees. Thus, the suppliers (data processors and/or processors) and AIR EUROPA have signed the standard contractual clauses approved by the Commission, the content of which can be viewed at the following link:
https://www.boe.es/buscar/doc.php?id=DOUE-L-2021-80739

In the absence of suitable guarantees, this will be done under the express consent of the user or under the protection of the need to execute the contract established with the user, as in the case of one of our payment processors.

Similarly, if the applicable regulations require it, we may be obliged to transfer your personal data, in particular your PNR data, to public or government authorities in countries included in your itinerary, possibly located outside the European Union and, therefore, often with a level of protection that cannot be provided.

If you do not expressly accept this transfer of data, it may not be possible to complete your booking.

What rights do I have and how can I exercise them?
The regulations grant you a series of rights regarding the personal data that you provide to AIR EUROPA. These rights are:

  • Right of access. You authorise us to contact us to find out if your data is being processed and, if it is being processed, to obtain information on this matter.
  • Right of rectification. You can request the rectification of any data you consider inaccurate and we will proceed to correct it with the new data you provide us with.
  • Right to object. Whenever the processing is covered by a public or legitimate interest, profiles are created or the processing is intended for direct marketing, you may oppose it. Air EUROPA (except for direct marketing) may prove reasons that prevail over this right.
  • Right of withdrawal. You can request the deletion of the data provided that the causes stipulated by the regulations are met (see article 17 GDPR).
  • Right to request the limitation of processing. This is an auxiliary right whereby, while you have requested the deletion, rectification or opposition to the processing, AIR EUROPA will block the data until your complaint has been resolved.
  • Law on data portability. You may request, when the processing is carried out by automated means, the transfer of your data to another company, provided that the processing is legitimate, based on the consent or in the framework of the execution of a contract.
  • Right not to be subject to a decision based solely on automated means. This right aims to ensure that you are not the subject of a decision based solely on the processing of your data, including the creation of profiles, if the decision produces legal effects concerning you or significantly affects you in a similar way.

You can exercise your rights quickly and easily by completing the following online form.

In any case, you can send a letter to the registered address of AIR EUROPA or to the email address: delegadopd@aireuropa.com to request the exercise of your rights.

For processing whose legitimacy is based on consent, can I withdraw it?
In the event that consent has been given for a specific purpose, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent prior to withdrawal.

How can I make a claim with the Supervisory Authority?
If a user considers there to be a problem with the way AIR EUROPA is handling their data, they can address their claims to the Data Protection Officer or to the corresponding data protection authority, which, in Spain, is the Spanish Data Protection Agency, C/ Jorge Juan, número 6, 28001 – Madrid, or through the website: https://www.aepd.es

All personal data processing entails a risk for users who provide it. This risk can materialise due to a security breach that violates the privacy of our customers. Therefore, AIR EUROPA adopts the necessary measures to guarantee the confidentiality of the data provided to us, thus avoiding any destruction, loss, communication or unauthorised access, accidental or unlawful alteration of the personal data transmitted. 
These measures are divided into organisational and technical measures. The former refers to the measures we adopt in order to raise awareness, educate and train our employees, adopting the necessary security policies and protocols. The latter refers to technological measures, such as data encryption, pseudonymisation of the information, antivirus or firewall.

These measures are also reviewed and modified as part of a continuous improvement process to ensure that said security does not become outdated in order to deal with new threats as they emerge. Despite this, zero risk and total security do not exist, and AIR EUROPA may suffer a successful attack that could cause a leak of information. In this case, we will notify the competent supervisory authority and you as soon as possible, identifying the data affected.

Our website uses cookies to gather information on how the website is used. If you want more information on how AIR EUROPA uses cookies, please consult the Cookies Policy.

COMPANY

PRIVACY POLICY

PURPOSE INTERNATIONAL DATA TRANSFER
Riskified Ltd https://www.riskified.com/terms/ Fraud prevention and detection for Air Europa and other Riskified clients. Israel, Nepal and the United States
Worldpay B.V.
Worldpay (UK) Ltd
Worldpay Ltd
Worldpay AP Ltd
https://online.worldpay.com/terms/privacy Payment processor. United Kingdom
Amadeus IT Group, S.A. https://amadeus.com/es/politicas/politicas-de-amadeus Entity that provides the Global Distribution System (GDS), used to: check travel information; issue tickets; process and authenticate credit cards, and prevent fraud; etc.

In these cases, provided the ticket was purchased on the website, on the app, via our telephone service centre or at an airport office, Amadeus acts as the data controller, meaning Air Europa will transfer your personal data to it in order to provide the service.
N/A
Sherpa https://www.joinsherpa.com/legal/privacy-policy Information and management of the documentation required to travel. N/A

FOUNDSPOT, S.L.

https://www.foundspot.com/es/politica-privacidad/

Company contracted to provide lost and found services.

N/A
SkyTeam https://www.skyteam.com/en/joint-privacy-notice SkyTeam is the Alliance, of which AIR EUROPA is a member, which processes personal data to improve the passenger travel experience at every stage of the trip. It depends on the SkyTeam member and the travel destinations selected.

 

 

 


logo