The entity responsible for your personal information is Etihad Aviation Group.
Etihad Aviation Group ("EAG", "we", "us", "our") is a diversified global aviation and travel group comprising five business divisions – Etihad Airways P.J.S.C., the national airline of the United Arab Emirates, Etihad Airways Engineering, Etihad Airport Services, and the Hala Group.
EAG has minority investments in four airlines: Air Serbia, Air Seychelles, Jet Airways and Virgin Australia.
At Etihad Aviation Group, and our affiliates and branch offices (collectively referred to as "EAG", "we", "us"), we take our data protection and privacy responsibilities seriously. This statement describes how we collect, process, use, disclose and transfer your personal information as a data controller.
Use of the Etihad Websites is subject to our terms of acceptable use, found in our Terms and Conditions. Any products and services supplied are subject to our Terms and Conditions, Customer Care Policy and General Conditions of Carriage. Personal data processed by our affiliate companies are governed by their respective privacy statements. You can find these on their individual websites.
We may amend this statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email ("Notice of Change").
Third Party Websites
WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about:
- the types of personal information we collect
- when we collect personal information
- how we use personal information
Sponsorship and Community Support
If you contact us to request sponsorship or community support, we will need to collect information about you (including your contact details) to help us respond to your query or request. We may do this when you call our customer support centre, or interact with us through our online support tools. This information may include your name, date of birth, address, email, telephone number, passport details, PNR reference, flight ticket number, professional details such as your profession, title, or role. We may also need seek to collect from you Special Categories of Data, for the purposes of properly understanding your query or request, which are treated with extra care by us. These Special Categories of Data may include details relating to your health such as whether you use a wheelchair or require an oxygen tank when travelling.
To process concerns raised by you
We will need to process your personal information whenever you raise a concern to us using Ethics Line. Ethics Line is our independent confidential reporting line which is operated by Expolink Europe Ltd (UK). Information we collect may include your name, email address, postal address, location, employer (if relevant) and information related to the concern you are raising.
LEGAL BASIS FOR USING YOUR DATA
We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:
- where we need to use your personal information to perform a contract or take steps to enter into a contract with you, for example to fulfil a sponsorship agreement we have entered into with you, or to complete your travel arrangements, if you are a passenger on a flight booking; and
- our legitimate interests as a commercial organisation; for example, we may process the information you give us through Ethics Line in order to resolve the concern you have raised with us.
HOW WE SHARE INFORMATION WITH OTHERS
We work closely with a number of trusted partners with whom we need to share information to help us provide our services:
- our group of affiliate companies around the world, including other Etihad brands such as Etihad Airways, Etihad Cargo, Etihad Holidays and Etihad Guest - click here for a list of EAG affiliates;
- partner airlines where you are travelling on a booking which involves a codeshare;
- frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your membership of Etihad Guest;
- banks and payment providers, to authorise and complete payments; and
- other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents.
TRANSFERRING PERSONAL INFORMATION GLOBALLY
We operate our business on a global basis. The countries to which we commonly disclose your personal information include the United Arab Emirates ("UAE"), where we have our head offices, the United States of America ("USA"), United Kingdom ("UK") and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.
We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located, and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- we ensure that transfers within Etihad Aviation Group will be covered by an agreement entered into by members of Etihad Aviation Group (called an "intra-group agreement") which contractually obliges each member of the Etihad Aviation Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the Etihad Aviation Group;
- where we transfer your personal information outside EAG or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the "EU - US Privacy Shield" for the protection of personal information transferred from within the European Union ("EU") to the USA; or
- where we receive requests for information from government entities, international organisations or regulators, we carefully validate these requests to ensure that it is legally appropriate to share the requested personal information.
You have a right to contact us at email@example.com for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.
HOW WE PROTECT AND STORE YOUR INFORMATION
How we protect your information
We invest an appropriate level of resources to protect the security and confidentiality of personal information.
- We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception;
- We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access to that information; and
- We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.
- Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorised access to your device.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Should you require information about how we retain particular information you can contact us at firstname.lastname@example.org.
In specific circumstances we may store your personal information for longer periods so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Our policy on "cookies"
A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make Etihad Websites more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.
Cookies will be deployed on your device when you visit Etihad Websites unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings.
YOUR RIGHTS - LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.
Subject to the terms of this Privacy Statement we guarantee that you have the following key rights wherever you are:
- To access your personal information. We will tell you what personal information we hold about you and can provide you with a copy of;
- To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify;
- To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law.
If you benefit from rights as a data subject under the EU General Data Protection Regulation ("GDPR"), you will have certain additional rights in relation to our handling of your personal information.
- To access your personal information;
- You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
- To seek rectification of that personal information;
- You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
- To erase personal information;
- You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful exercise of the right to object (see right to object); or
- it has been processed unlawfully; or
- to comply with a legal obligation to which Etihad is subject.
- To restrict the processing of your personal information;
- You can ask us to restrict the processing of your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
- We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
- To transfer your personal information;
- You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
- To object to the processing of personal information;
- You can ask us to stop processing your data where our legitimate interest is our legal basis for doing so unless we can show compelling legitimate grounds for continuing to process your data which override your own interests, or where we need to do so in order to defend legal claims against Etihad Aviation Group;
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction;
- You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms; and
- To lodge a complaint with your local supervisory authority.
- You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
- We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
A further explanation of these general key rights and the GDPR specific rights is outlined under each heading. Please click on these for further details.
You may have other rights depending upon the country you are in. You may therefore have rights to lodge a complaint to a local privacy authority; however whether you lodge a complaint, and who you lodge it with, is solely your responsibility.
If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us at email@example.com. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
The primary point of contact for all issues arising from this privacy statement, is the Etihad Aviation Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Please email us at firstname.lastname@example.org or write to the Data Protection Officer, Etihad Aviation Group, PO Box 35566, Abu Dhabi, United Arab Emirates
If you have any questions, concerns or complaints regarding our compliance with this statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
To contact your data protection supervisory authority
In some countries, you may have a right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
OUR REPRESENTATIVE IN THE EU
Etihad Aviation Group P.J.S.C. is represented in the European Union by Etihad Airways P.J.S.C. through its European regional headquarters in London. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our London office:
For the Attention of the Etihad Aviation Group Data Protection Officer,
200 Hammersmith Road
London, W6 7DL