Data controller
Owner
AIR EUROPA LÍNEAS AEREAS, S.A., (hereinafter AIR EUROPA).
Tax ID: A07129430.
You can contact us at
Address
Polígono Son Noguera, Llucmajor-Baleares- Spain
Telephone
+34 911 401 501
Email
You can also contact our Data Protection Officer (DPO) at the aforementioned postal address and/or by email: delegadopd@aireuropa.com
The DPO is the person tasked with ensuring that AIR EUROPA complies with all personal data protection laws. The DPO engages in his/her monitoring and supervisory work independently and confidentially.
The content of this Policy adheres to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), and of Organic Law 3/2018 of 5 December, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD) .
When you access and use this website, take part in the blog, use our app, contact our call center agents, book directly through our offices in the various airports, book our services through third parties (travel agencies or other airlines) or engage in any other activity that requires AIR EUROPA to process your personal data, you agree to accept this Privacy Policy, as well as the provisions contained in the Terms and Conditions and the Cookie Policy.
At AIR EUROPA, we offer you information so that, before you provide your personal data, you can access the Privacy Policy and any other relevant Data Protection information.
Similarly, if you decide to purchase additional services, such as home baggage pick-up, in-flight shopping, etc., other terms and conditions in addition to those contained herein may apply.
Identity and contact data
When making reservations, whether for yourself or others (in the case of minors or other people, including from travel agencies or other airlines), the following identification and contact details on the passenger will be requested: full name, gender, telephone number and email address.
In addition, the payment details of the customer and/or passenger will be taken, such as a credit card (card number, account holder, CVV/CVC/CID), email address of the PayPal account, or the telephone number from which the Bizum transfer is made.
Similarly, at check-in, we may obtain the date of birth, nationality, country of residence, and passport or identity document number, depending on the destination of the flight. Furthermore, Regulation EU 996/2010 of the European Parliament and of the Council of 20 October 2010 on the investigation and prevention of accidents and incidents in civil aviation, requires us to request the contact details (first and last name and telephone number) of a person you designate to contact in the event of an incident or emergency. The customer and/or passenger voluntarily decide whether to fill out this section or not.
If the passenger is an unaccompanied minor, the identification and contact details of his/her parents or legal representative, as well as of the persons responsible for accompanying the child to the departure airport and receiving him/her at the arrival airport, will also be processed.
Details regarding the trip
During the booking and/or check-in process, all the details provided to adapt and customize the service (seat, luggage options, additional assistance, luggage collection, etc.) and the payment details (credit/debit card, PayPal or Bizum) will be stored, together with the travel itinerary, boarding card, connecting flights, as well as any incident involving the flight (possible delays or changes made).
Similarly, during the trip, the flight recorder, commonly known as the black box, will record the voice of the passengers and cabin crew so that, in the event of an accident, it can be used to analyze the events leading up to the accident and determine its causes.
Other data will be processed if you use our additional services, such as VIP lounges, in-flight entertainment systems and the like.
Sensitive data
On certain occasions, and in order to adapt our service to your needs, you or a third party (travel agency) will have to provide us with data deemed sensitive by law, which requires additional protection.
These occasions may arise when you require specific assistance (wheelchair, oxygen), an authorization to fly (medical condition or more than 28 weeks pregnant) or specific meals, and may provide, indirectly, indications on your ethnic origin, religious beliefs or state of health (allergies, diabetes, pregnancy, etc.), as set out in Article 9 of the GDPR.
This data is only collected with your consent - when you select the corresponding services during booking - and is only used to offer you the service requested during the trip. You may object to the collection of this data, but doing so could make it impossible to satisfy your requests.
It should be noted that, for certain destinations and while the laws involving the control of epidemics or pandemics (such as COVID-19) require us to do so, we may request that you show us proof of vaccination or diagnostic tests (antigen, PCR, etc.) if required by the health authorities of the destination country.
If you are part of the SKYCLEARED program, you can validate your personal documentation such as: Passport, Visas, COVID vaccination certificates/passport (sensitive details), if required by the authorities at your destination, as part of the online check-in (app or website), in order to improve your airport experience by making it faster and safer (by not having to show your documentation either at check-in or when boarding, since you are registered in our systems as a ready-to-fly passenger).
At airports that have biometric control devices installed (sensitive data), if you are enrolled (optional), we only collect the confirmation of your identity at different points at the airport (check-in, checked baggage drop-off, boarding), as well as details that allow us to automatically link this data to the corresponding booking and to complete the boarding process correctly. We do not collect or process the biometric data of our passengers. This service is provided by the airport manager, for example AENA (https://www.aena.es/es/nota-adicional/politica-privacidad-sistema-biometrico-mad), meaning the data processing is done directly by said manager.
Data from previous trips and all related matters will also be processed, including class upgrades, luggage needs, problems at the airport, incidents with luggage and any comments you provide as a customer.
Registration details and/or enrollment in the AIR EUROPA SUMA loyalty program
If you sign up, additional personal data will be processed, such as your AIR EUROPA SUMA card number, the specific card type (SUMA, SILVER, GOLD or PLATINUM), the miles you have accumulated or redeemed and other details related to your account.
Data collected while browsing or using the app
When you enter our websites or applications, AIR EUROPA will use cookies or similar technologies to collect data related to the device you are using, such as the IP address, browser, operating system and how you use the website/app. The user may consent to the use of geolocation data or other data requested by us, and opting out will not affect the provision of the service in any way.
If you use our in-flight streaming, entertainment or Wi-Fi service, your usage and browsing data will also be processed.
Communications with AIR EUROPA
If you communicate via any of the methods provided (forms, emails, telephone, social media), the data provided in these communications will be stored while your request is processed. This includes recording telephone calls (voice) if you call the Customer Service Hotline. Similarly, we will store any communications we engage in for the purpose of confirming the booking, boarding pass or changes that occur involving your flight.
Participation in marketing contests or activities
We will store your data if you have taken part in a promotional contest or activity, or if you have interacted with us through social media such as Facebook or Twitter.
The different purposes for which AIR EUROPA processes your data are explained below:
The data protection regulation (Article 6 GDPR) specifies circumstances in which personal data can be processed. The legal bases for AIR EUROPA's processing of your information are:
Pre-contractual measures and/or contractual performance
Legal obligation
Legitimate interest (AIR EUROPA)
Consent
Not providing the personal data requested or not accepting this Privacy Policy entails not being able to subscribe to and enjoy the services we offer.
The period for storing personal data will vary depending on the service we provide to you. In any case, your data will be stored for the duration of the contractual relationship. Once this period is over, we will keep your data blocked during the limitation periods of the obligations that may have arisen from the processing and/or for the applicable legal periods, making it available to the competent authorities and to deal with any potential liabilities resulting from the processing, after which it will be deleted.
Similarly, your data will be stored for as long as you do not object to the processing or revoke your (previously granted) consent, as well as when there is no commercial need or legitimate interest, at which point it may be (i) anonymized so it can be processed for statistical purposes, giving us an insight into our customers, their preferences and needs; (ii) blocked, remaining at the disposal of the competent authorities, during the statutory limitation periods established to cover any liabilities arising from the processing of your data; or (iii) deleted.
Be informed that some of the aforementioned service providers, as well as some collaborators or airlines, are located outside the European Economic Area, and sometimes in territories that do not provide a level of data protection comparable to that of the European Union (United States, Colombia or others).
In these cases, AIR EUROPA makes these international data transfers based on an adequacy decision or with adequate guarantees. This means that the vendors (data processors and/or sub-processors) and AIR EUROPA have signed the Standard Contractual Clauses approved by the Commission, whose content is available at the following link:
https://www.boe.es/buscar/doc.php?id=DOUE-L-2021-80739
In the absence of adequate guarantees, any transfer will be done with the user's explicit consent or under the protection of the need to perform the contract entered into with the user, as in the case of some of our payment processors.
Similarly, if required by the applicable regulations, we may be obligated to transfer your personal data, in particular your PNR data, to public or government agencies of countries in your itinerary, possibly located outside the European Union, where the level of data protection is often not comparable to that of the European Union.
If you do not agree to this transfer, please be informed that you may not be able to make your booking with us.
What rights do I have and how can I exercise them?
The law gives you a series of rights involving the personal data you provide to AIR EUROPA. These rights are:
You can send a written notice to the registered office of AIR EUROPA or to the email address delegadopd@aireuropa.com to request the exercise of your rights.
In any case, there is an online form you can access that will let you exercise the aforementioned rights quickly and easily.
Can I withdraw my consent for processing that is based on said consent?
If you have given your consent for a specific purpose, you have the right to withdraw said consent at any time. This shall not affect the legality of any processing that was done based on your consent prior to its withdrawal.
How do I file a claim with the Supervisory Authority?
If you believe there is a problem with the way AIR EUROPA is handling your data, you can direct your claim to the Data Protection Officer or to the corresponding data protection supervisory authority, which in the case of Spain is the Spanish Data Protection Agency, C/Jorge Juan, number 6, 28001-Madrid or via the website: https://www.aepd.es
All personal data processing entails a risk for the users who provide it. This risk may materialize in the event of a security breach that violates our customers' privacy. As a result, AIR EUROPA takes the appropriate measures to guarantee the confidentiality of the data you provide to us in order to avoid any unauthorized destruction, loss, communication, access, accidental or unlawful alteration of the personal data provided.
These measures are both organizational and technical. The former are those we adopt in order to raise awareness in and train our employees by adopting the necessary security policies and protocols. The latter are those of a technological nature, such as data encryption, pseudonymization of the information, antivirus or firewall.
Moreover, these measures are reviewed and modified as part of a continuous improvement process to ensure that said measures can deal with new threats as they emerge. Despite this, zero risk and total security do not exist, and AIR EUROPA may suffer a successful attack that results in a leak of information. Should this happen, we will notify the competent supervisory authority and you as soon as possible, identifying the information affected.
Our website uses cookies to gather information on how the website is used. For more detailed information on how AIR EUROPA uses cookies, see our Cookie Policy.
Policy updated in August 2022
COMPANY |
PRIVACY POLICY |
PURPOSE | INTERNATIONAL DATA TRANSFER |
Riskified Ltd | https://www.riskified.com/terms/ | Fraud prevention and detection for Air Europa and other Riskified clients. | Israel, Nepal and the United States |
Worldpay B.V. Worldpay (UK) Ltd Worldpay Ltd Worldpay AP Ltd |
https://online.worldpay.com/terms/privacy | Payment processor. | United Kingdom |
Amadeus IT Group, S.A. | https://amadeus.com/es/politicas/politicas-de-amadeus | Entity that provides the Global Distribution System (GDS), used to: check travel information; issue tickets; process and authenticate credit cards, and prevent fraud; etc. In these cases, provided the ticket was purchased on the website, on the app, via our telephone service centre or at an airport office, Amadeus acts as the data controller, meaning Air Europa will transfer your personal data to it in order to provide the service. |
N/A |
Sherpa | https://www.joinsherpa.com/legal/privacy-policy | Information and management of the documentation required to travel. | N/A |
Bag on Board | https://bob.io/politica-de-privacidad/ | Baggage processing | N/A |
FOUNDSPOT, S.L. |
https://www.foundspot.com/es/politica-privacidad/ |
Company contracted to provide lost and found services. |
N/A |
SkyTeam | https://www.skyteam.com/en/joint-privacy-notice | SkyTeam is the Alliance, of which AIR EUROPA is a member, that processes personal data to offer passengers a better travel experience at every stage of their journey. |
It depends on the SkyTeam member, and the destinations chosen. |
Previous revisions to the Privacy Policy
Rights form