Write the number without the AY prefix and with no spaces between the numbers.
Finnair corporate customers have a company-specific username that has been issued via email to the company’s contact person.
Customer database description
Finnair Oyj (hereinafter “Finnair”)
Corporate ID (“Y-tunnus”): 0108023-3
Address: Lentäjäntie 3, 01053 FINNAIR
NAME OF REGISTER
Finnair Plus customer database
GROUNDS FOR MAINTENANCE OF THE REGISTER
Finnair Plus frequent flyer program membership
- Purpose of the data file
- Personal data contained in the register
- Regular data sources
- Release of data
- Exercise of rights
- Protection of the data file
- Controller in charge of data file affairs and contact details
PURPOSE OF THE DATA FILE
The data file is used for: managing customer relations between Finnair and members of the Finnair Plus program; development and analysis; recording Finnair Plus point events; charging for awards granted on the basis of point events; maintaining contact with customers; and marketing and advertising.
The data recorded in the data file is used during reservation and payment for flight tickets and by electronic services related to travel. The data in the data file may also be used when invoicing partners.
The data recorded in the data file is used for analysis and profiling – for example, to create customer profiles for use in marketing and to support service, product and concept development. Profiles may also be used to target marketing and content. This is achieved via a service on the Finnair website, which directs individualised advertising and marketing at members. Direct advertising and marketing involves member-specific variation in the advertising content on the Finnair website. Direction of individualised advertising at members is an integral part of the Finnair Plus program.
The Finnair Plus partners are also an integral part of the Finnair Plus program, as members can earn and spend Finnair Plus points when using partner services. For this reason, partners supply Finnair with information about the services and benefits they offer members, and Finnair then sends this information to members. Finnair also sends information to members pertaining to and regarding Finnair services and the Finnair Plus program. Information about partners is available on the Finnair website. Marketing materials may also be sent by e-mail and/or SMS to members who consent to receive communication via these channels.
Finnair is entitled to discontinue the Finnair Plus membership of a customer in the case that no transactions have been registered to that customer’s account during the previous five (5) years and, consequently, the customer has no valid points. Finnair will do this by removing the customer’s personal details and membership number from the Finnair Plus customer register. Customers can rejoin the Finnair Plus program by filling out a membership application.
PERSONAL DATA CONTAINED IN THE REGISTER
General customer data
Membership commencement date, title, surname, forename, visiting address, postcode, postal district, country code, gender, date of birth, size of family, birthdates of children, home telephone number, home fax number, mobile phone number, e-mail address.
Leisure interests submitted by the member
Museums/art exhibitions, opera/concerts/ballet, theatre/musicals, popular music, jazz, golf, tennis, sailing/water sports, riding/horse racing, downhill skiing/snowboarding/telemark, cross-country skiing, hunting/fishing, health and wellbeing, ice hockey, football, basketball, cars and motorsport, fine wine and dining.
Passport number, passport date of issue, passport validity, nationality, special food preferences, seat preference (aisle or window). Information concerning special food preference may constitute sensitive data; members who provide this information are deemed to have given explicit consent to the processing of said information.
Workplace and occupational data
Profession or occupation, name of employer, address, postcode, postal district, country code, telephone number, telefax number.
Membership card data
Membership number, date of issue of last membership card, expiry date, membership tier.
Membership tier data
Tier history, tier points total, number of flights, tier date details.
Earned points data
Total points earned, total points spent, total points available, total expired points, total tier points earned during membership.
Date of event, event details (such as product name, points earned or points spent), abbreviation of service provider’s name, document number (ticket number or other document number). For flights, the following additional information is recorded: flight number (operating and marketing), point of departure and destination of the flight, travel class, operating airline code.
Dispatch dates of marketing letters, dispatch dates of point statements, details of campaigns offered to the customer, copies of marketing letters sent to the customer.
Finnair website usage data
Information regarding the use of Finnair network services, which is collected using cookies.
Right of refusal data
A refusal notice (see “Exercise of rights”) sent by a member to the data file controller will be entered into the data file. A notice of consent submitted by a member indicating that they wish to receive marketing material by e-mail and/or SMS will be recorded in the data file.
REGULAR DATA SOURCES
Finnair receives customer and workplace data from a member when he or she submits a membership application or, after becoming a member, updates said data. Finnair receives details of Finnair Plus membership card usage from Finnair check-in and accounting systems, and from partners, who provide this data in files. Details of Finnair Plus points, tiers and tracking periods are extracted from the Finnair data system using Finnair’s computer programs. Data concerning usage of the Finnair website are extracted using system maintenance software.
RELEASE OF DATA
The personal data used for reserving flight tickets (name, e-mail address, mobile phone number, Finnair Plus membership number, Finnair Plus tier, seat preference and Finnair Plus membership card usage activity) are submitted in electronic form to the Amadeus reservation system maintained in Germany. Personal data is automatically read from the system when a member makes a Finnair flight reservation and gives their membership number to the party responsible for printing out the ticket, which can be an office or an agent, either domestic or foreign. For this reason, personal data is transferred outside the European Union and European Economic Area.
Personal data used for reserving flight tickets (name, e-mail address, mobile phone number, Finnair Plus membership number, Finnair Plus tier, seat preference and Finnair Plus membership card usage activity) is also submitted, in electronic form, to airlines belonging to the oneworld™ alliance. This personal data is used when customers reserve flights with oneworld airlines – for this reason, it is transferred outside the European Union and European Economic Area. Information about the oneworld airlines is available on the Finnair website.
With the customer’s consent, personal information in the Finnair Plus customer database may also be released to Finnair Plus partners for the purpose of direct marketing. Information about the Finnair Plus partners is available on the Finnair website (www.finnair.fi). The partners do not release personal data to third parties.
Personal information that is to be used in direct marketing outside the EU is only transferred to partners that belong to the Safe Harbor arrangement and comply with the Safe Harbor privacy principles.
The European Commission has stated that the Safe Harbor arrangement fulfils the minimum level of data protection outlined in the EU directive on the protection of personal data. It is also commensurate with the Finnish Personal Data Act.
EXERCISE OF RIGHTS
A member is entitled to know what information concerning them is stored in the Finnair Plus database or to know that there is no such information in said database. Data may be inspected free of charge once in each calendar year. Inspection requests must be submitted in writing to the data file controller specified at the end of this data file description and must be signed in person by the requesting party. The information surrendered in response to an inspection request is provided in writing and sent by post to the address notified by the member in question.
A member of the Finnair Plus program is also entitled to obtain correction of any error in the information that concerns the said member. A request for correction of an error must be submitted in writing or by telephone to the Finnair Plus Service Center (postal address: Finnair Plus, SXD/8, FI-01053 Finnair, Finland; tel: +358 9 818 888).
Should a member of the Finnair Plus program prohibit the despatch of (i) Finnair’s direct marketing material and/or (ii) the direct marketing material of Finnair’s partners to the said member, then Finnair may decide to discontinue sending all written Finnair Plus material to the said member. A member of the Finnair Plus program is entitled to prohibit the release of personal data to the Finnair Plus partners for the purposes of direct marketing.
Any member who chooses to exercise the foregoing rights of prohibition must notify the Finnair Plus Service Center thereof in writing or by telephone.
PROTECTION OF THE DATA FILE
Only specified employees of Finnair and enterprises that are assigned by Finnair to act on its behalf are authorised to use the Finnair Plus system. The system includes various user access levels authorising the user to maintain or explore the database only with respect to information that is necessary for use. Each user has a personal username and password that are required to log in to the system. The system is also protected with network security such that access is only granted to specified partners.
CONTROLLER IN CHARGE OF DATA FILE AFFAIRS AND CONTACT DETAILS