SkyTeam - Privacy Statement

Download Privacy Statement as PDF


Last update: June 2023  

SkyTeam Airline Alliance Management Coöperatie U.A., a company registered in Amsterdam, the Netherlands (Chamber of Commerce registration number 34345101), whose address for visitors is at (1180 AJ) Amstelveen at Amsterdamseweg 55 (“SkyTeam”, “us”, “we”), is a global airline alliance that coordinates and provides commercial activities on behalf of and – to some extent – together with the SkyTeam Member airlines (Members) in the aviation industry. When you use our website, sign-up for our newsletters, do business with us as our business partner or supplier and/or make use of our services as indicated in this Privacy Statement, it is important to us to process your personal data carefully and securely in a transparent manner. The processing of your personal data is subject to the rules of the General Data Protection Regulation (EU) 2016/679 (GDPR), and potentially to one or more EU member states’ national implementation acts of the GDPR, as well as the data protection laws and regulations of other countries (if applicable). This Privacy Statement serves to comply with our transparency obligations under the GDPR, namely to explain to you when we collect your personal data in the capacity of a controller under the GDPR, what personal data we collect, how we use such personal data, and how long we keep your personal data.

This Privacy Statement was last updated in June 2023. This Privacy Statement supersedes any previous versions of our Privacy Statement. When there are any updates, we will inform you thereof in this Privacy Statement. Please check this Privacy Statement regularly for the most current version. If we make any changes that may significantly affect you as a data subject, we will endeavour to actively inform you about those changes before the changes come into effect. All changes will take effect as soon as the Privacy Statement has been published on the website.

SkyTeam is the controller, within the meaning of the GDPR, of the processing of your personal data indicated in this Privacy Statement.

Note that SkyTeam may also process your personal data on behalf of the Members (in their capacity of joint or individual controllers). SkyTeam is considered a processor for these processing activities within the meaning of the GDPR. This applies to most of the Member services mentioned on the website www.skyteam.com/en, such as loyalty programs and/or lounge access management. For more information on the personal data processed by the Members in their capacity of individual or joint controllers (and SkyTeam as a processor), please consult the Members’ separate privacy statements. SkyTeam is not responsible for the Privacy or Cookie Statements as implemented by Members or other third parties.

For more information on the personal data processed by us and Members in our capacity of joint controllers in relation to the global airline aviation activities, please consult our Privacy Statement for Joint Controllers.

When do we collect personal data?

 

What personal data do we collect of you?

Why do we collect this personal data?

Legal ground for using your personal data?

How did we obtain your personal data?

How long do we retain your information?

If you visit our website 

- If you visit our website, various cookies and similar technologies (hereinafter: “cookies”) are used. We use functional, analytical, social media and advertising cookies. When we place and read cookies, your personal data will be processed. 

- Please read our Cookie Policy for more detailed information about the use of cookies. In the Cookie Table we have listed per cookie all the categories of (personal) data that will be processed subsequently, as well as the associated processing purposes and applicable cookie lifespan.

- For the functioning and optimization of the website

- To generate user statistics and to further analyze your website usage

- To integrate social media plug-ins and marketing activities, such as showing (personalized) advertisements. 

- Please refer to the Cookie Table for an extensive overview.

- The legal ground for processing your personal data through the functional and privacy-friendly analytical cookies is our legitimate interest to make our website and app work properly. 

- For all other types of cookies, we will ask your consent via the “cookie banner”, which will be displayed when you visit our website.
 

 - Via cookies

- Please refer to the Cookie Policy for the specific retention periods.

If you visit our premises

The camera surveillance is technically performed by KLM. For more information on how KLM processes your personal data in this respect, please consult KLM’s own privacy statement

- Personal details, such as name, title, gender and company name.

- Information on the access granted and details of appointment.

- Time collection information through access badge control devices for access control.

- Photograph for issuing a access badge.

- Other information provided by you.

 

 

- Internal control and corporate security, including control and security of IT and communications facilities.

- To comply with legal obligations, a court order or to exercise or defend legal claims.

 

 

- Legitimate interests. We may process your information as necessary for achieving our legitimate interests of internal control and security.

 

 

- From yourself.

- Through access badge control devices.

We will not retain your personal data longer than is necessary for the purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that:

- Time collection information through access badge control devices for access control will not be retained longer than six months.

- In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain personal data longer or when it is necessary regarding legal claims.

If you participate in customer satisfaction surveys

- Personal details, such as name, title, gender

- Contact details, such as (e-mail) address, telephone number, and country of residence.

- Information regarding your opinions on your experience with SkyTeam.

- Information regarding your flights, such as flight information, frequent flyer membership, booking number and any comments related to your flight.

- Information about your visits to our website, such as your IP address, internet service provider, browser type, operating systems, pages opened on the website, date and time of visits and referring websites.

- Other information provided by you.

- To perform customer surveys to analyse and optimize our services and products.

- To possibly provide a prize after you have indicated that you want to participate in the prize draw.

- To get into and maintain in contact with you, including for direct marketing purposes.

- To comply with legal obligations, a court order or to exercise or defend legal claims.
 

Consent:
- We will process your personal data if you provided your consent to participating to the survey.

- You can withdraw your consent at any time, by contacting us. Withdrawing your consent will not affect the lawfulness of our use of your personal data before your withdrawal.

Legitimate interests:
- We may process your information as necessary for achieving our legitimate interests when performing our customer satisfaction surveys. For our interests we may for example gather, analyse and interpret information about our customers to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

- From yourself.

- Third parties engaged by us in the context of   customer research, such as Members or InSites Consulting.

-  Other third parties in incidental cases.

We will not retain your personal data longer than is necessary for the purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that we will not retain your personal data longer than 12 months.

In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain personal data longer or when it is necessary regarding legal claims.

If you get   into contact with us

- Your name.

- Your e-mail address.  

- Information provided by you through your question or message.

- Information provided by you in our SkyTeam Support Desk chat.

- Other information provided by you.

- To answer any questions that you may have or to respond to any of your   comments.

- To provide you with our customer services.

- To comply with legal obligations, a court order or to exercise or   defend legal claims. 

- Legitimate interests. We have a legitimate interest for our processing   activities in case you have contacted us. This may, for example, be the case when you contact us via a contact form or via our SkyTeam Support Desk chat.

-  From yourself.

We will not retain your personal data longer than is necessary for the purposes for which   they are used, as mentioned under "Why do we collect this personal   data?". In principle, this means that we will not retain your personal data longer than two years after termination of our business relationship.

In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain personal data longer or when it is necessary regarding legal claims.

If you are a   business contact

- Contact details of contact person, including name, address, phone   number and e-mail address.

- Payment details.

- Other information provided by you

- Drafting and verification of contracts, including negotiations and   contract management.

- Credit and debtor administration.

- Maintaining business contacts.

- To comply with legal obligations, a court order or to exercise or   defend legal claims. 

- Performance of a contract with you: In some cases,   we may need your personal data to perform a contract with you. If you refuse   to provide us with the information we need for the performance of a contract,   we may not be fully able to meet the agreements in the contract depending on   the type of contract that is concluded.

- Legal obligation: We process your information if necessary, for complying with one of our legal obligations. We may be required by law to collect and share your information with public authorities or governmental organizations for administrative formalities necessary for immigration and customs, anti-fraud and on-board security. If you refuse to provide us with the information we need for compliance with a legal obligation, we may not be able to provide services requested by you. 

- Legitimate interests. We may process your   information as necessary for achieving our legitimate interests when performing our marketing activities. For our business interests we may for   example gather, analyse and interpret information about our customers to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

- In certain cases, we have a legitimate interest to get into contact with you. This is for instance the case if you requested us to contact you via a contact form. We may also have a legitimate interest to use your personal data for marketing purposes. This may for instance be the case if SkyTeam has obtained your e-mail address in the context of the sale of its product or service and uses this address for direct marketing of its own similar products or services. In these instances, we have a legitimate business interest for contacting you.

- From yourself.

- From parties who refer us to you.

- The internet (including social media) for as far as allowed under applicable law.

- Other third parties in incidental cases.

We will not   retain your personal data longer than is necessary for the purposes for which   they are used, as mentioned under "Why do we collect this personal   data?". In principle, this means that we will not retain your personal data longer than two years after termination of our business relationship.

In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain your personal data longer or when it is necessary regarding legal claims.

If you participate in our marketing campaigns

 - Your name

- Image and video recordings 

- Other information provided by you

- To promote, merchandise, advertise and/or to inform in relation with the campaign on different medias (e.g. internet, airport lounges, internal communication of SkyTeam and its member airlines).

Consent:
- We will process your personal data if you provided your consent to participate in the marketing campaign.

- You can withdraw your consent at any time, by contacting us. Withdrawing your consent will not affect the lawfulness of our use of your personal data before your withdrawal.

- From yourself

We will not retain your personal data longer than is necessary for the purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that we will not retain your personal data longer than five (5) years after giving consent.

 

Your information may be collected by, shared with and processed by persons working for or on behalf of SkyTeam on a need-to-know basis for the purposes described above.

Your personal data may be shared with Members, who will act as an independent or joint controller (without or without the involvement of SkyTeam as a controller). SkyTeam has no control over the privacy practices of Members. Please read their privacy statements carefully for information on how they handle your personal data. You can find a list of the Members here.

We may work with other partners, such as travel agencies, partners and other companies involved in facilitating travel arrangements as well as WTC Amsterdam, or Schiphol Airport Authorities. For this purpose, we may share your personal data with these partners, who will act as  independent controllers. SkyTeam has no control over the privacy practices of these partners. Please read their privacy statements carefully for information on how they handle your personal data.

We also use third party service providers such as IT suppliers, social network providers, marketing agencies, credit card companies and anti-fraud screening service providers to provide our services. Therefore, your personal data will be processed by these third party service providers. When we use services of a party who processes your personal data on our behalf, acting as a processor, we have concluded appropriate data processing agreements in line with applicable data protection laws.

The processing of your personal data may entail the transfer of your personal data to a third country that does not provide the same level of protection as within the European Economic Area (EEA). This may be the case if we share your personal data with our Member airlines or with selected other third parties, with whom we have partnership agreements.

Where applicable, we have taken appropriate safeguards to transfer your personal data to a country located outside the EEA, if that country does not provide an adequate level of protection according to the applicable data protection laws, by relying on adequacy decisions issued by the European Commission or by entering into standard contractual clauses approved by the European Commission (with supplementary measures to the extent required). You can contact us if you would like to receive more information on the measures we have taken to safeguard your information in this respect.

We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate physical, technical and organizational measures to safeguard the information we collect and process.

As a data subject, you have certain rights concerning our processing of your personal data. You may:

  • Request access to your personal data. You have the right to ask us if we are processing your personal data, and, if so, provide you with a copy of that personal data.

  • Request correction of your personal data. You have the right to rectify your personal data, if you believe that the personal data we have about you is incomplete or inaccurate. If we have shared your personal data with others, we will also inform them of the correction where possible.  

  • Request erasure of your personal data. You have the right to ask us to delete or remove your personal data in some circumstances. If we have shared your personal data with others, we will inform them of the erasure where possible. Due to the way we maintain certain services, it may take some time before backup copies are erased.  

  • Request to restrict our processing of your personal data. You have the right to ask us to block or suppress the processing of your personal data in certain circumstances, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted. If we have shared your personal data with others, we will inform them of the restriction where possible.  
     
  • Request to exercise your right to data portability. You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format in certain circumstances. This way you can use your personal data elsewhere or you can also ask us to transfer your personal data to a third party. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.  
     
  • Object to the processing of your personal data. You have the right to ask us to stop processing your personal data, if we are relying on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for processing. At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
     
  • Withdraw your consent. You have the right to withdraw your consent, if we rely on your consent as a legal basis for the processing of your personal data. This will not affect the lawfulness of our prior processing of your personal data. For more information on how you can withdraw your consent for cookies and similar technologies we use when you visit our website or use our apps, please check the cookie policy on our website or in the app.

  • Lodge a complaint with the supervisory authority. You have the right to lodge a complaint with your national supervisory authority, if you have a concern about the way we handle your personal data.

You may send us a request using the contact details below. We will handle your request carefully and in line with the applicable data protection rules.

Please contact us if you have any questions:

SkyTeam Airline Alliance Management Coöperatie U.A.
Postbus 350
1180 AJ AMSTELVEEN
THE NETHERLANDS
website@skyteam.com