SkyTeam Airline Alliance Management Coöperatie U.A., a company registered in Amsterdam, the Netherlands (Chamber of Commerce registration number 34345101), whose address for visitors is at Amsterdamseweg 55, Wing 3.3 (1182 GDP) Amstelveen, the Netherlands (“SkyTeam”), is a global airline alliance that coordinates and provides commercial activities on behalf of and – to some extent – together with the SkyTeam Member airlines (“Members”). Please find a list of all Members and their contact details.
1. Parties and privacy roles
This Privacy Notice aims to inform you about the processing activities performed by
under applicable personal data protection laws, including the EU General Data Protection Regulation (EU 2016/679) (“GDPR”), as well as the EU member states’ national implementation acts of the GDPR.
SkyTeam and the Members (in their capacity of joint controllers) or the Members without SkyTeam (in their capacity of joint controllers) are hereinafter jointly referred to as “Controllers”, “we” or “us”.
2. The purposes for which we process your personal data, legal grounds and categories of personal data
This Privacy Notice informs you of the purposes for which we process your personal data as joint controllers, as well as the legal grounds applicable and the categories of personal data involved. Please find an overview with such information below.
3. Does this Privacy Notice apply to you?
This Privacy Notice applies to you if you are a passenger, customer, event organizer, participant, lounge visitor, member or other natural person who makes use of one or more services indicated in paragraph 2 above.
4. Disclosure of your personal data to third parties
In some cases, we share your personal data with third parties, for instance because it is necessary for the purposes listed in paragraph 2. Your personal data may be shared with the following parties and/or for the following reasons:
5. International transfers
We may transfer personal data that we collect from you to third party processors or one or more Members (in their capacity of joint controllers) located in countries that are outside of the European Economic Area (“EEA”) in connection with the purposes indicated in paragraph 2. For example, some Members are domiciled in the Americas, Asia or Africa, which leads to the disclosing of your personal data outside the EEA.
We have the following appropriate safeguards in place to offer an adequate level of protection of your rights and freedoms as a data subject:
For more information on our transfers of your personal data, please contact us by using the contact details in paragraph 10.
6. Retention periods
We will retain your personal data for no longer than is necessary for the purpose(s) indicated in paragraph 2, and/or in accordance with legal obligations. As the Controllers are multiple entities residing in different jurisdictions where deviating rules on retention periods may apply, the specific retention periods will vary per entity. If you would like to receive more information on the retention periods that we apply, please contact us by using the contact details in paragraph 10. We will in any case comply with legal data retention obligations. Note that a longer retention period of your personal data may occur if this is necessary for example, if a dispute or (legal) proceedings are expected.
After the retention period, we will delete your personal data, unless we retain (part of) of your personal data for another purpose. We will only do so if we have a legal basis to retain your personal data. We will then ensure that personal data are only accessible for that other purpose.
7. Measures taken to protect your personal data
We have taken appropriate technical and organizational measures to protect your personal data against accidental or unlawful processing, including by ensuring that:
8. Your rights
You may have certain rights in relation to your personal data, which are explained below. In each case, please use the contact details in paragraph 10 if you would like to exercise any of your rights.
Note that your rights are not absolute in all cases, and we may not be required to comply with your request. If such is the case, we will make sure you will be informed of this.
9. Updates to this Privacy Notice
This Privacy Notice was last updated in April 2023 and replaces our previous Privacy Notice.
Please check regularly to stay informed of updates to this Privacy Notice. If we make any changes to this Privacy Notice in the future, we will publish the revised Privacy Notice on our website. If changes are made that may significantly affect you as a data subject, we will do our best to directly inform you about those changes. All changes will take effect as soon as the Privacy Notice has been posted on our websites.
10. Questions and complaints
In case you have any questions or complaints regarding the processing or your personal data by us in the context of joint controllers, please contact our Members.
If you are of the opinion that the processing of your personal data is not in compliance with applicable law, you have the right to lodge a complaint with the competent data protection authority.