Based on our contract with you
Providing our services
To create a booking, change a booking and identify all passengers onboard, we need the personal information of those travelling.
To provide you with services throughout your entire journey with us, your data will be processed at the airport at check-in and arrival, service desk, lounge, gate as well as on board. In case of irregularities, we need to reach out to our customers and, in case of the disruption of traffic, reroute the passengers and modify their bookings.
To deliver your baggage to your destination, we process the baggage handling details (e.g. tag codes, routing and possible security screenings).
In case of special service requests, we need to ensure you are provided with the correct service. For instance, your diet preference will be processed to ensure that you get the meal of your choice.
We assist you in queries related to your purchases such as flight reservations or shopping.
In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your personal data as necessary. We may also use your identification data to provide you with better service in disruption situations. We may send you confirmation and informative communication about your travel by email, SMS or other means.
We may save your contact information, reservation data, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when getting in touch with us. To keep you informed about your travel and itinerary, we will need to reach out to you using your contact details and process your booking details.
If you have enrolled in our other services, we will process the data provided during registration or booking in order to provide the requested service.
Based on our legitimate interest
Communication and engagement
We may process your personal data to send you service-related informational communications related to services you have purchased or registered for.
We may engage with you to voluntarily participate in developing our services. If you have participated in a survey, the results are used for analytics and can also be combined with other data in our database, such as reservation and flight data, for customer experience improvement purposes. You may be contacted after the survey for providing additional information. We may also contact a selected or limited group of persons to participate in testing our new products and services.
When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.
Digital touchpoints
Personal data, such as login details and site usage logs, are processed in connection with providing you services in our digital touchpoints, to ensure your identity, to identify you across the different touchpoints and to record usage. Functional cookies are employed to collect data from sessions to ensure the functioning of our online services. For more information on how we use cookies, please see our cookie policy.
Personalisation of services
Aiming to continuously improve the customer experience and to make our offering more relevant to you, we may offer personalised service and content based on an individual transaction, for example offering services related to your destination. We may also perform customer segmentation, for instance for offering upgrades, ancillary services and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the travel purpose.
By identifying the customer and their travel history, we can identify previous communications, past irregularities, purchased services and travel information. Accordingly, we can recognise the specific traveller’s needs and pay special attention to certain elements of the customer journey, experience and interactions. To identify the customer and create one unique customer profile, multiple records need to be linked, both for the same and across different transactions.
Background processes
As part of running our business, we may process personal data when carrying out certain background processes. For tickets, ancillaries and other purchases, we need to make sure bookings are created and ticketing is done in compliance with law and Finnair policies. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft, false bookings, fraudulent claims, and auditing of fares and taxes.
For developing and improving our services further and to analyze our business performance, we follow traffic flows, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.
Based on your consent
Direct marketing
If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our Finnair newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Customers have the right to unsubscribe or opt out of receiving marketing messages at any point.
We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair customer or a representative of our supplier, partner or subcontractor and have not unsubscribed (opted out) from receiving direct marketing.
Digital touchpoints
In addition to enabling our online services, we use cookies for collecting personal data for the purposes of providing service analytics, personalisation and advertising based on your consent. For more information on how we use cookies, please see our cookie policy.
Processes including special categories of personal data
If the processing of your health-related data is necessary, explicit consent will be requested from you. You may be asked to provide additional information, such as a doctor’s certificate to ensure you can travel according to the evaluation of a medical professional, and to ensure that we have the required information to take care of your safety and security. Once consent has been received, the data will be processed, for example, by customer care, ground handling and inflight crew, only to the extent necessary. Based on your consent, we may also process data obtained e.g. from healthcare providers, if this is necessary to verify admissibility to our flights and/or into a foreign country, during a public health crisis.
Based on our legal obligations
Ensuring a safe and secure travel
To provide you with safe and secure travel, and for complying with the safety requirements such as reporting incidents, we need to make sure we know who is on board the aircraft. We identify passengers with check-in, at the gates and in coordination with security services.
In cases where a passenger has interfered with or may compromise flight safety, security or order during or in connection with a flight, we have the right to refuse to accept the passenger on our flights due to security reasons. This decision may be made for a fixed period or until further notice. This also means that we will record the related passenger information in our security records. We will also define the length of the term during which the passenger cannot board our aircraft. We will inform the passenger about storing their information in our security records.
Local laws may require us to share your personal data with authorities, for example border control agencies, customs, immigration authorities, health authorities, police or tax authorities. In order to comply with the legal obligations, we collect and process personal data such as passport details, visa information and your address in your travel destination as required by legislation or authority requirements.
In the event of crises, Finnair may process your data for the purpose of providing care and assistance as well as in order to respond to the situation and meet our legal obligations.
Keeping required records
Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by the law.
Storage period
We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.