SkyTeam - Privacy Statement

Download Privacy Statement as PDF


Last update: 24 July 2019

SkyTeam Airline Alliance Management Coöperatie U.A. (SkyTeam) is a global airline alliance that coordinates and provides commercial activities on behalf of the SkyTeam Member airlines (Members) in the aviation industry. When you use our website, sign-up for our newsletters or do business with us as our business partner or supplier, it is important to us to process your personal data carefully and securely in a transparent manner. In this Privacy Statement we explain when we collect your personal data, what personal data we collect, how we use such personal data, and how long we keep your personal data.

The Privacy Statement may be updated from time to time. This Privacy Statement supersedes any previous versions of our Privacy Statement. When there are any updates, we will inform you thereof in this Privacy Statement. Please check this Privacy Statement regularly for the most current version.

SkyTeam is the data controller of the processing of your personal data if SkyTeam determines the purpose and means of processing. Members may also be a data controller for the processing of your personal data of which they determine the purpose and means. SkyTeam is not responsible for the Privacy- or Cookie Statements as implemented by Members or other third parties.

When do we collect personal data?

 

What personal data do we collect of you?

Why do we collect this personal data?

Legal ground for using your personal data?

How did we obtain your personal data?

How long do we retain your information?

If you visit our website or use our app

-If you visit our website or use our app, we may   process cookies. Please read our Cookie Statement for further information about   cookies, the personal data collected via cookies and the legal ground for using cookies.

 

 

 

 

If you use our Global Meetings service (“GMS”) on our website

 

and/or

 

If you use our Round the World Planner (“RtWP”) on our website

-  Personal details, such as name, title, gender, date of birth, nationality.

-  Contact details, such as (e-mail) address, telephone number, country of residence.

- Information regarding your Global Meetings or/and RtWP account, such   as your account password, security question and answer.

- Financial information, such as credit or debit card number, security   code, associated billing address and expiration date of your credit or debit   card.

- Information about your visits to our website, such as your IP address,   internet service provider, browser type, operating systems, pages opened on   the website, date and time of visits and referring websites.

- Other information provided by you.

 

In relation to GMS:

- Other information required for event organisation and registration,   such as event name, dates, location, attendees, job function, company and   website.

- Other information required for issuance of an air ticket, including   saved and purchased itineraries.

 

In relation to RtWP:

- Travel related information, such as passport number, known traveller   number, frequent flyer account number, travel company, emergency contacts,   seating preferences, medical needs and dietary requests and preferences.

- Information related to our request for help form and feedback form.

 

- To provide   our Global Meetings products and services and/or our Round the World Planner services.

- To optimize   our Global Meetings products and services and/or our Round the   World Planner services.

- To record   your preferences in respect of our products and services.

- To get into   and maintain in contact with you, including for direct marketing purposes.

- To organize   events and other promotional activities.

- To analyse   your interests and possible business opportunities for us.

- To provide   you with our customer services.

- To comply   with legal obligations, a court order or to exercise or defend legal claims.

- Performance of a contract with you. In some cases,   we may need your personal data to perform a contract with you. If you refuse   to provide us with the information we need for the performance of a contract,   we may not be fully able to meet the agreements in the contract depending on the type of contract that is concluded.

- Legal obligation. We process your information if necessary,for complying with one of our legal obligations. We may be required by law to collect and share your information with public authorities or governmental organizations for administrative formalities necessary for immigration and customs, anti-fraud and on-board security. If you refuse to provide us with the information we need for compliance with a legal obligation, we may not be   able to provide services requested by you.

- Legitimate interests. We may process your information as necessary for achieving our legitimate interests when performing our Global Meetings or RtWP services. For our interests we may for example gather, analyse and interpret information about our customers to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

- In certain cases, we have a legitimate interest to get into contact with you. This is for instance the case if you requested us to contact you via a contact form. We may also have a legitimate interest to use your personal data for marketing purposes. This may for instance be the case if SkyTeam has obtained your e-mail address in the context of the sale of its product or service and uses this address for direct marketing of its own similar products or services. In these instances, we have a legitimate business interest for contacting you.

- From yourself.

- From parties who refer us to you.

- From parties to whom you provided consent to share your data with us. 

- Third parties engaged by us in the context of our marketing activities.

- The internet (including social media) for as far as allowed under applicable law.

- Other third parties in incidental cases.

We will not retain your personal data longer than is necessary for the purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that we will not retain your personal data longer than two years after handling the GMS and /or RtWP products and services.

 

In some cases,   we may retain your personal data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain your personal data longer or when it is necessary regarding legal claims.

If you visit our premises, including camera surveillance

- Personal details, such as name, title, gender and company name.

- Information on the access granted and details of appointment. 

- Image recording from video surveillance systems in SkyTeam's premises.  

- Time collection information through access badge control devices for   access control.

-Photograph for issuing a access badge.

-Other information provided by you.

- Internal control and corporate security, including control and   security of IT and communications facilities.

- To comply with legal obligations, a court order or to exercise or   defend legal claims.

- Legitimate interests. We may process your   information as necessary for achieving our legitimate interests of internal control and security. We may for example gather information about you via camera surveillance to establish secure premises.

- From yourself.

- From camera surveillance. 

- Through access badge control devices. 

We will not retain your personal data longer than is necessary for the purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that:

- Image recordings from camera surveillance systems placed in SkyTeam's premises will not be retained longer than four weeks.

- Time collection information through access badge   control devices for access control will not be retained longer than six months.

- In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain personal data longer or when it is necessary regarding legal claims.

If you participate in customer satisfaction surveys

- Personal details, such as name, title,gender, date of birth, and nationality.

- Contact details, such as (e-mail) address, telephone number, and country of residence.

- Information regarding your opinions on your experience with SkyTeam.

- Information regarding your flights, such as flight information, frequent flyer membership, booking number and any comments related to your flight.

- Information about your visits to our website, such as your IP address, internet service provider, browser type, operating systems, pages opened on the website, date and time of visits and referring websites.

- Other information provided by you.

- To perform customer surveys to analyse and optimize our services and   products.

- To possibly provide a prize after you have indicated that you want to participate in the prize draw.

- To get into and maintain in contact with you, including for direct marketing purposes.

- To comply with legal obligations, a court order or to exercise or defend legal claims.

Consent:

- We will process your personal data if you provided your consent to participating to the survey.

- You can withdraw your consent at any time, by contacting us. Withdrawing your consent will not affect the lawfulness of our use of your personal data before your withdrawal.

 

Legitimate interests:

- We may process your information as necessary for achieving our legitimate interests when performing our customer satisfaction surveys. For our interests we may for example gather, analyse and interpret information about our customers to find new opportunities to sell and develop products and services to satisfy the preferences and needs of our customers.

-  From yourself.

-  Third parties engaged by us in the context of   customer research, such as Members or InSites Consulting.

-  Other third parties in incidental cases.

We will not retain your personal data longer than is necessary for the   purposes for which they are used, as mentioned under "Why do we collect this personal data?". In principle, this means that we will not retain your personal data longer than 12 months.

 

In some cases, we may retain your data longer than is necessary for the purposes for which   they are used, for example when we are legally obligated to retain personal   data longer or when it is necessary regarding legal claims.

If you get   into contact with us

- Your name.

- Your e-mail address.

- Information provided by you through your question or message.

- Information provided by you in our SkyTeam Support Desk chat.

- Other information provided by you.

- To answer any questions that you may have or to respond to any of your   comments.

- To provide you with our customer services.

- To comply with legal obligations, a court order or to exercise or   defend legal claims. 

- Legitimate interests. We have a legitimate interest for our processing   activities in case you have contacted us. This may, for example, be the case when you contact us via a contact form or via our SkyTeam Support Desk chat.

-  From yourself.

We will not retain your personal data longer than is necessary for the purposes for which   they are used, as mentioned under "Why do we collect this personal   data?". In principle, this means that we will not retain your personal data longer than two years after termination of our business relationship.

 

In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain personal data longer or when it is necessary regarding legal claims.

If you are a   business contact

- Contact details of contact person, including name, address, phone   number and e-mail address.

- Payment details.

- Other information provided by you

- Drafting and verification of contracts, including negotiations and   contract management.

- Credit and debtor administration.

- Maintaining business contacts.

- To comply with legal obligations, a court order or to exercise or   defend legal claims. 

- Performance of a contract with you: In some cases,   we may need your personal data to perform a contract with you. If you refuse   to provide us with the information we need for the performance of a contract,   we may not be fully able to meet the agreements in the contract depending on   the type of contract that is concluded.
 
 

- Legal obligation: We process your information if necessary, for complying with one of our legal obligations. We may be required by law to collect and share your information with public authorities or governmental organizations for administrative formalities necessary for immigration and customs, anti-fraud and on-board security. If you refuse to provide us with the information we need for compliance with a legal obligation, we may not be able to provide services requested by you.
 
 

- Legitimate interests. We may process your   information as necessary for achieving our legitimate interests when   performing our marketing activities. For our business interests we may for   example gather, analyse and interpret information about our customers to find   new opportunities to sell and develop products and services to satisfy the   preferences and needs of our customers.

- In certain cases, we have a legitimate interest to get into contact with you. This is for instance the case if you requested us to contact you via a contact form. We may also have a legitimate interest to use your personal data for marketing purposes. This may for instance be the case if SkyTeam has obtained your   e-mail address in the context of the sale of its product or service and uses this address for direct marketing of its own similar products or services. In these instances, we have a legitimate business interest for contacting you.

- From yourself.

- From parties who refer us to you.

- The internet (including social media) for as far as   allowed under applicable law.

- Other third parties in incidental cases.

We will not   retain your personal data longer than is necessary for the purposes for which   they are used, as mentioned under "Why do we collect this personal   data?". In principle, this means that we will not retain your personal data longer than two years after termination of our business relationship.

 

In some cases, we may retain your data longer than is necessary for the purposes for which they are used, for example when we are legally obligated to retain your personal data longer or when it is necessary regarding legal claims.

Your information may be collected by, shared with and processed by persons working for or on behalf of SkyTeam on a need-to-know basis for the purposes described above.

Your personal data may be shared with Members, who will act as a data controller. SkyTeam has no control over the privacy practices of Members. Please read their privacy statements carefully for information on how they handle your personal data. You can find a list of the Members here.

We may work with other partners, such as travel agencies, partners and other companies involved in facilitating travel arrangements as well as WTC Amsterdam, or Schiphol Airport Authorities. For this purpose, we may share your personal data with these partners, who will act as data controllers. SkyTeam has no control over the privacy practices of these partners. Please read their privacy statements carefully for information on how they handle your personal data.

We also use third party service providers such as IT suppliers, social network providers, marketing agencies, credit card companies and anti-fraud screening service providers to provide our services. Therefore, your personal data will be processed by the third party service provider. When we use services of a party who processes your personal data on our behalf, acting as a data processor, we have concluded appropriate data processing agreements in line with applicable data protection laws.

The processing of your personal data may entail the transfer of your personal data to third country that does not provide the same level of protection as within the European Economic Area. This may be the case if we share your personal data with our Member airlines or with selected other third parties, with whom we have partnership agreements.

Where applicable, we have taken appropriate safeguards to transfer your personal data to a country located outside the EEA, if that country does not provide an adequate level of protection according to the applicable data protection laws, including standard contractual clauses approved by the European Commission. In addition, it may also happen that the transfer of personal data is necessary for the execution of an agreement in your interest between us, so that the personal data may also be transferred without adequacy decision or appropriate safeguards. You can contact us if you would like to receive more information on the measures we have taken to safeguard your information in this respect.

We are committed to ensuring that your personal data is kept secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate physical, technical and organizational measures to safeguard the information we collect and process.

As a data subject, you have certain rights concerning our processing of your personal data. You may:

  • Request access to your personal data. You have the right to ask us if we are processing your personal data, and, if so, provide you with a copy of that personal data.

  • Request correction of your personal data. You have the right to rectify your personal data, if you believe that the personal data we have about you is incomplete or inaccurate. If we have shared your personal data with others, we will also inform them of the correction where possible.

  • Request erasure of your personal data. You have the right to ask us to delete or remove your personal data in some circumstances. If we have shared your personal data with others, we will inform them of the erasure where possible. Due to the way we maintain certain services, it may take some time before backup copies are erased.

  • Request to restrict our processing of your personal data. You have the right to ask us to block or suppress the processing of your personal data in certain circumstances, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted. If we have shared your personal data with others, we will inform them of the restriction where possible.
     
  • Request to exercise your right to data portability. You have the right to obtain personal data you have provided to us in a structured, commonly used and machine-readable format in certain circumstances. This way you can use your personal data elsewhere or you can also ask us to transfer your personal data to a third party. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.
     
  • Object to the processing of your personal data. You have the right to ask us to stop processing your personal data, if we are relying on legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for processing.
    At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
     
  • Withdraw your consent. You have the right to withdraw your consent, if we rely on your consent as a legal basis for the processing of your personal data. This will not affect the lawfulness of our prior processing of your personal data. For more information on how you can withdraw your consent for cookies and similar technologies we use when you visit our website or use our apps, please check the cookie policy on our website or in the app.

  • Lodge a complaint with the supervisory authority. You have the right to lodge a complaint with your national supervisory authority, if you have a concern about the way we handle your personal data.

You may send us a request using the contact details below. We will handle your request carefully and in line with the applicable data protection rules.

 

Please contact us if you have any questions:

SkyTeam Airline Alliance Management Coöperatie U.A.
Postbus 350
1180 AJ AMSTELVEEN
THE NETHERLANDS
website@skyteam.com

Data Protection Officer