Finnair Privacy Notice

Data Controller

Finnair Plc
Business ID: 0108023-3
Address: Tietotie 9, 01530 VANTAA, FINLAND

Privacy Portal

You can manage your privacy settings and request your personal data on Finnair’s Privacy Portal at https://privacy.finnair.com. 

Data Privacy Officer

If you do not find what you are looking for in this notice or at the Privacy Portal linked above, you may contact the Finnair Group Data Privacy Officer*: privacy@finnair.com or Finnair Data Privacy Officer, PO BOX 15, 01053 FINNAIR, FINLAND.

*Finnair’s Data Privacy Officer is, for the purposes of the GDPR, the Data Protection Officer.

The types of personal data that we process are listed below. Personal data is processed regarding the persons travelling, the person making the booking, the member of Finnair Plus loyalty program, the emergency contact person, and the legal guardians or dependents. 

Identification and contact data – name, date of birth, gender, traveller type (adult, child, infant), title (Mr, Mrs, Ms), contact information such as address, billing address, telephone number and email address. 

Service-related data – booking reference number, ticket number, pricing information, flight details (departure dates and times, flight number), flight itinerary (journey origin and destination and possible stopovers), booking date, travel class, seat type and number, baggage tag codes, routing and possible security screening details. 

Special service request data – meal information, transporting pets in the cabin or in the cargo hold, medical or other assistance requested. 

Travel document data – passport number, date of birth, gender, passport validity period, issuing country and nationality. In addition, visa information and destination addresses are collected when required by the destination authorities. 

Online travel document verification service – the image of your travel document and the information on it. 

Payment data – payment method, credit card information and payment transactions. 

Information on ancillary services – pre-ordered meals, travel class upgrades, retail products and other purchases, travel arrangements, such as group information when traveling with others under the same booking reference, check-in methods and travel companions in case of joint check-in. 

Airport security data – data from airport security checkpoints, including boarding time and information about whether the customer has passed through the control gates. 

Query and claim data – information submitted by you in your query or claim through our customer services channels. 

Finnair Plus member data – identification and contact data, travel document data, membership number, membership commencement date, tier information, family size, profession or occupation, name and address of employer, work telephone number, seat preference, Avios and tier points information, information on linking of Finnair Plus account with Finnair Plus credit card or with another loyalty program, leisure interests, meal preference and other interests provided by you, dispatch dates of marketing communications and of program status statements, details of campaigns offered to you and copies of marketing letters sent to you, information on the use of lounge, check-in and baggage handling services and other airport services, and information on disruptions during your journeys. 

Alliance partners’ loyalty program data – identification and contact data, frequent flyer number, program and tier information, reservation and ticket information, special service requests, payment data and name and phone number of emergency contacts. 

Third party ancillary services data – information related to car rental, hotel accommodation and insurance services that you purchase from Finnair or from our partners, as specified in the specific Privacy Notices for such ancillary services, available on the websites and mobile applications on which the services are offered to you. 

Communication data – customer service phone call recordings, chat history, emails, SMS messages and social media posts, satisfaction surveys and feedback forms. 

Communication settings – information on consents and other legal bases for digital marketing as well as your marketing preferences, opt-outs and objections. 

Data collected in our digital touchpoints – your device type, operating system version, language settings, system authorisations and other configuration settings, information on your internet connection such as the name of the mobile data network and connection speed, name and version of the mobile application, identification data of the session and of the cookies and of unambiguous device numbers (e.g. Google advertising ID, Apple Ad ID), third party account identification data of social plug-ins or social logins or pay by PayPal, and other common internet technologies to facilitate recognition of your web browser, your device or a particular application, access data automatically transmitted by applications and web browsers when you access web servers and databases within the framework of so-called HTTP requests, name and file type of a retrieved file, amount of data transferred and error codes, software versions, IP address, and the site previously visited and the time of access. 

Special categories of personal data – information you provide to us about your health when you request special service requests, such as accommodations for disability or medical assistance, and information you provide to us for obtaining medical clearance or other admission for flying. 

Security records – name, contact details, and flight and seat information of passengers who have endangered flight safety or security or committed an unruly or illegal act against Finnair or Finnair staff, including a description of the violation and the length of a possible travel ban. 

Please note that all persons on the same flight reservation will be able to access the data in the reservation, including the data of the travel companions, available through the Manage Booking service. Access to Manage Booking is terminated within three days after the last flight of the reservation. Please also note that if a flight reservation is split into two different flight reservations, the persons in the new split reservation will continue to have access to the original reservation and the payer of the original reservation will have access to the new split reservation.

3.1. To Provide our Services

A) Based on our contract with you (Art. 6(1)(b) GDPR)

We process your personal data, including identification and contact data, service-related and special service data, travel document, payment and communication data in the necessary scope to fulfil our contract with you and to provide and execute further services requested by you. These include in particular:

Booking – To create or change a booking and to identify all passengers onboard, we need the personal information about those travelling.

Throughout your journey – To provide you with our services throughout your entire journey, your data will be processed at the airport at check-in and arrival, at service desks, lounges, gates as well as on board the aircraft. In case of irregularities, we need to reach out to you to modify your booking and to reroute and provide other assistance to you. 

Baggage – To deliver your baggage to your destination, we process the baggage handling details, such as baggage tag codes and information on routing and security screenings. 

Special service requests – To deliver your special service request, we process the needed information. For instance, information on your diet preference will be processed to ensure that you get the meal of your choice. 

Feedback and claims – We use your data to help you with any questions, to collect your feedback, and to handle your complaints, claims and refunds. 

Customer communication – To keep you informed about your travel arrangements, including possible changes, we use your contact details and process your booking details.

B) Based on our legitimate interest (Art. 6(1)(f) GDPR) 

We process your data based on our legitimate interest for the following specific purposes:

Surveys and customer experience improvement – We may engage with you to voluntarily participate in developing our services. The results of such surveys are used for analytics and can also be combined with other data in our database, such as reservation and flight data, for improving customer experience. You may be contacted after the survey for providing additional information. We may also contact you to offer you the opportunity to test our new products and services. 

Background processes – We process your personal data when carrying out certain background processes for preventing and detecting fraudulent or false booking and ticketing practices, payment frauds, fraudulent claims, unauthorised or fraudulent use of the Finnair Plus accounts, as well as for auditing the correctness of the fares, charges and taxes payable for the goods and services you buy from us. 

Service Ban  – If we issue you a ban on our services due to your violation of safety or security requirements or of our terms and conditions of service or due to fraudulent activities, we process your identification and contact data as well as such other data that is directly relevant for assessing, issuing and maintaining the service ban. When the grounds for issuing a service ban require mandatory safety and security reporting and mitigation activities, we process your personal data based on our legal obligation. 

For developing and improving our services – to analyse our business performance, we follow traffic, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.

C) Based on your consent (Art. 6(1)(a) GDPR)

We process your data based on your consent for the following specific purposes:

Health-related data – If the processing of your health-related data is necessary to provide you with the assistance or other accommodations requested by you and to take care of your health and safety while travelling with us, you may be asked to provide us health-related information , such as a doctor’s certificate. Your health-related data is processed for ground and inflight service and for customer care and customer complaints handling. Based on your consent, we may also process data obtained from healthcare providers and other third parties, if this is necessary to verify admissibility to our flights and/or into a foreign country, during a public health crisis. In rare situations we may receive and process health-related data from authorities without your consent, for instance in the case of an emergency, pandemic or other severe disruption requiring the processing of your health-related data. 

Online travel document verification – We provide you a secure online advance travel document verification service as an option for entering your travel document information manually and verifying the information with our check-in personnel at the airport. This service requires that an image of your travel document and the readable data entries in the image are processed by us. Your data will be shared with the relevant authorities based on our legal obligation to do so.

D) Based on our legal obligations (Art. 6(1)(c) GDPR)

We process your data based on our legal obligations for the following purposes:

Safety and security – We process your data to ensure safety and security of our flights and of our customers, personnel, airports and other facilities used by us. 

Authority requirements – To comply with our legal obligations, we process your identification and contact data, passport data, visa information, payment information, travel data, your address in your travel destination, and such other data as is required by law from time to time. Where required by law, we share such data with authorities, such as border control agencies, customs, immigration authorities, health authorities, police, anti-terrorism and national security agencies, courts and tax authorities. 

Emergency and crisis situations – To respond to an emergency situation and to provide you and other persons care and assistance, we process your data to the extent required to meet our legal obligations. 

Keeping required records – We process your name, title, booking reference number, flight details, pricing information, cardholder's name and hashed card details as required by bookkeeping and anti-terrorism laws.

3.2 Finnair Plus Loyalty Program

If you are a Finnair Plus member, we process your personal data as follows:

A) Based on our contract with you (Art. 6(1)(b) GDPR)

Transactions – We record your Finnair Plus account transactions, such as accrual of tier points and Avios, and the use of Avios, awards, gifts and benefits. 

Finnair Plus profile data – To join our loyalty program, you must provide your first name, last name, date of birth, email address, phone number, gender, and country or region. You may choose to share your postal address, payment card and passport data, household size, preferences and interests with us in your Finnair Plus profile. These preferences can be used for pre-filling information when making a booking on the Finnair website or to provide more relevant service. 

Communication to members – We will send you customer communication on the status and changes of the services you have bought from us. We will also deliver you email communication related to your Finnair Plus membership, including account creation and deletion, your Avios expiry, milestone rewards, reaching lifetime tiers, and program changes. 

The data recorded is also used for targeted member communication distributed in the Finnair mobile application, the Finnair website and in our other channels. 

Events, contests and sweepstakes – If you enrol in Finnair Plus events, contests or sweepstakes, we process your name and contact details to add you on the participant list and to record the participation in your Finnair Plus activities. 

Finnair Plus partners – Finnair Plus partners are a notable part of the Finnair Plus program as you can collect Avios and tier points and spend Avios when using partner services. More information about partners is available on the Finnair website. 

We exchange with our partners data on your accrual and spend of Avios when you buy the goods and services of our partners so that your Finnair Plus account balance is correctly reconciled against your accrual and spend activities. In case of queries or complaints related to partner services, we exchange the relevant information of the service involved to address you query or complaint.

B) Based on legitimate interest (Art. 6(1)(f) GDPR)

Communication and engagement – As part of improving our customer communications, we measure the frequency and engagement of how our communication leads to further actions on your part. 

Analytics – We use your personal data for analytics and customer recognition, as well as for providing personalised services to you. This enables us to provide our customers relevant services and products as well as develop our products and concept and create unique customer profiles. Profiles may be used for targeting marketing and content in our digital channels, for example the Finnair website, our mobile application or newsletters distributed by email. Direct marketing involves member-specific variation in the advertising content in the above-mentioned channels. Direction of individualised advertising at members is an integral part of the Finnair Plus program. Having a complete view of our customers enables us to understand your entire experience and helps us to improve our products and services and your experience. We may also derive other metrics based on your customer behaviour, for example, the likelihood of purchasing certain products, create customer segments, and predict other products or destinations you may be interested in.

3.3. Digital Marketing Communications and Content Personalisation

This section of our Privacy Notice describes how we use your personal data for digital marketing and content personalisation.

General Principles

• When we obtain your contact details in the context of a sale of our products and services or if you enrol in the Finnair Plus program, we use these contact details for marketing communications of our own similar products or services and ancillary services related to your trip via email based on applicable legislation on privacy in electronic communications. We will inform you of this and provide you the opportunity to opt out from such use of your contact details at the time we first obtain your contact details and thereafter in each marketing email that you receive from us. You will find the opt-out link at the bottom of the emails, or in your Finnair Plus profile.
• If you are not a Finnair Plus member but have given your consent to receive emails and personalised advertising through our website, the Finnair app or a dedicated sign-up form, you can manage your marketing preferences or withdraw your consent via a link at the end of our emails.
• Withdrawing your consent or opting out from marketing communication later does not affect the legality of the processing of your personal data for marketing communications purposes before you withdrew your consent.
• We conduct targeted advertising based on our legitimate interest. You can opt-out from targeted advertising at any time through your Finnair Plus profile. You may still see our non-personalised, general advertisements on our own digital touchpoints and on third-party channels where we advertise our services.
• We will always send you customer communications on the status and changes of the products and services you have bought from us based on our contract with you.

3.3.1. What Data We Process

Personal identification information – Randomised ID given to you when you visit our digital touchpoints, your name, email address and phone number. 

Interaction data – Data about your interactions with our marketing communications (e.g. open rates, click-through rates). 

Your transactions with us – Information about the flight(s) and other services you have bought and used with us, and if applicable, history of your collection and use of previous Finnair Plus award points and current Avios and tier points throughout your membership. We will not collect any of your payment details for marketing communications purposes. 

Finnair Plus member’s additional personal identification information – Your membership number, date of birth, gender. We will only process your postal address information if you have given that information to us. 

Finnair Plus member’s travel profile and interests – Information related to your preferences and interests as a Finnair Plus member if you have given that information to us. 

Finnair Plus membership data – Information about the date of becoming a Finnair Plus member, your tier status and personal tracking period in the Finnair Plus program. We will also process data about how much you have spent as a Finnair Plus member and if you have faced some disruptions during your journeys as a Finnair Plus member. We will also process the information about whether you have a credit card related to the Finnair Plus program, and whether you have linked your Finnair Plus account with another loyalty program. 

Cookies – We use cookies and similar technologies to improve your experience on our website and mobile application (the “Platforms”), to show you relevant marketing content on the Platforms and across third-party websites and social media networks and to tailor our content and services to match your preferences and interests, as described in our Cookie Policy. 

Cookies are small text files that are stored on your device (such as a computer, tablet, or smartphone) when you visit the Platform. When you return to the Platform, cookies help recognise your device and remember certain information about your visit, such as your language preferences, login status, and information entered into forms. This makes the Platform more convenient and personalised. Cookies are grouped into four categories based on their function: essential, performance and content personalisation cookies. Essential cookies are always on whereas performance, content personalisation and advertising cookies are optional.

If performance cookies are enabled, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. We will not collect any of your payment details for marketing communications purposes.
• Marketing-related preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through usage of our website and the Finnair app.

If content personalisation cookies are enabled, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. Additionally, if you complete a transaction or fill any form, we will collect your name, email address and any other details you provide. We will not collect any of your payment details for marketing communications purposes.
• Marketing-related preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through usage of our website and the Finnair app.

If advertising cookies are enabled, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. We will not collect any of your payment details for marketing communications purposes.
• Marketing preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through our website, the Finnair app and third-party channels such as social media interactions.

3.3.2. How We Use Your Data and Legal Bases of Processing

A) Based on our contract with you (Art. 6(1)(b) GDPR)

We will send you customer communications that concern the status, changes, and continuation of the products and services you have bought from us.

B) Based on our legitimate interest (Art. 6(1)(f) GDPR)

Analytics and performance – If you have accepted performance cookies, we measure traffic on our website and the Finnair app, identify returning customers, and understand how our customers use our website and the Finnair app. 

To create a profile about you – If content personalisation cookies are enabled and/or you haven’t objected the use of Finnair’s legitimate interest to conduct profiling, we create a profile about you based on your preferences, behaviour and personal identification data for marketing communications and content personalisation purposes. This profile is not shared with any third party unless you have given your consent to receive personalised third-party advertising. The profile will not be used for automated decision-making or profiling that would produce legal effects concerning you. 

To enable third-party advertising tracking – If advertising cookies are enabled, we use third-party tracking pixels on our digital touchpoints which are technologies that enable our third-party partners to collect your behavioural data directly from our digital touchpoints. This allows us to optimise, measure and place targeted content on other websites and services through our third-party partners. Please see more information about how we share your data for targeted advertising under the section ‘How we share your data’. 

To enrich your profile data – If content personalisation cookies are enabled, the profile that is created based on the data we collected with these cookies is further enriched based on your ongoing engagement with our digital touchpoints and data we have collected from you as our customer and as a Finnair Plus member. This does not include automated decision-making or profiling that would produce legal effects concerning you. 

Segmentation and personalisation – We use your profile data to get more insight into how we can better serve you as a customer in the context of our whole customer base. This does not include automated decision-making or profiling that would produce legal effects concerning you. 

To personalise our marketing communications content – We tailor the content for our marketing communications channels and personalise content in our own digital touchpoints based on your profile and the other data we collect and process about you (as explained above). This profiling allows us to segment our customer base and provide you with marketing communications content that is relevant to you and is likely to interest you as our potential or existing customer and a Finnair Plus member. This does not include automated decision-making or profiling that would produce legal effects concerning you. 

Marketing emails related to your products and services – If we have obtained your contact details in the context of a sale of our products and services or a registration to Finnair Plus program, we can use these contact details for marketing communications of said purchase or program via email based on applicable legislation on privacy in electronic communications, such as promotional emails about Finnair and Finnair Plus products, services, member offers, news and travel inspiration that may interest you, unless you choose not to receive such communication. You can change your marketing communication settings at any time in your profile. 

Personalised advertising for Finnair Plus members by sharing and matching your data with our third-party partners – We conduct personalised advertising by sharing your hashed data with third-party partners, such as Meta and Google, to facilitate data matching to enhance and personalise the Finnair advertising you see in these platforms. You can object to this at any time through your Finnair Plus profile.

C) Based on your consent (Art. 6(1)(a) GDPR)

We process your personal data based on your explicit consent for delivering you our marketing communications, in accordance with Article 6(1)(a) of the GDPR. Your consent is voluntary, and you have the right to withdraw it at any time without any impact on the legality of processing based on your consent before its withdrawal. 

To deliver you marketing emails related to Finnair and Finnair Plus – If you have given your consent to receive our marketing emails, we will use your personal data to send you marketing emails about Finnair and Finnair Plus products, services, special offers, news and travel inspiration that may interest you. 

Personalised advertising regarding Finnair newsletter subscribers that are not members of the Finnair Plus program – We conduct personalised advertising by sharing and matching your data with our third-party partners such as Meta and Google based on your consent, to facilitate data matching to enhance and personalise the Finnair advertising you see in these platforms. You can opt out from this at any time through the unsubscribe link of the newsletter. 

To deliver you marketing emails related to Finnair Plus partners and events – If you are a Finnair Plus member and have given your consent to receive our exclusive membership offers from Finnair Plus partners and event invitations, we will use your personal data to send you marketing emails about exclusive membership offers from Finnair Plus partners’ products and services that may interest you, as well as our event invitations. Finnair Plus partners are categorised to Travel, Financial and Retail partners and you can manage your consents to each category separately.

3.3.3. How We Obtain Your Data

We obtain your personal data for digital marketing communications and content personalisation purposes when you:

• Interact with our Platforms.
• Buy a flight or other services and use those services with us.
• Sign up for the Finnair Plus program and buy and use our services as a Finnair Plus member.
• Sign up for our marketing communications.
• Participate in surveys, promotions or events.
• Participate in a campaign or fill in a form on a third-party platform related to our products and services.

3.3.4. How We Share Your Data

We share your personal data with third parties who assist us with:

Production, management and analytics – We use third-party ICT providers to provide us with tools and services to produce and manage our marketing communications and content personalisation activities, as well as help us analyse the performance of our efforts. These ICT providers are contractually obligated to protect your personal data and only use your data according to our instructions on our behalf as our personal data processors. We ensure that these ICT providers comply with the applicable privacy and data protection legislation and that the transfer of your data from us is secure and applies legal and appropriate safeguards when such transfer is needed.

Email marketing – We use third-party providers to facilitate our email marketing campaigns and manage our mailing lists. These third-party providers are contractually obligated to protect your data and only use it according to our instructions as our personal data processors. We ensure that these third-party providers comply with the applicable privacy and data protection legislation and that the transfer of your data from us is secure and applies legal and appropriate safeguards when such transfer is needed.

Targeted advertising – If you have given your consent to advertising cookies or haven’t objected the use of Finnair’s legitimate interest to conduct targeted advertising or both, we share your personal data with our third-party partners that enable us to deliver targeted advertising through third-party channels and platforms. These third-party partners, which currently are Meta Platforms Ireland Limited, Google LLC and Sanoma Media Finland Oy, may act as joint controllers together with us and as independent controllers to whom your data is transferred for delivering you targeted advertising. Please note that when acting as an independent controller, these third-party partners may use your personal data for aggregation purposes and to infer and derive advertising-related segmentations and reports based on the aggregated data to be also used by other advertisers on the third-party platform.

If you are a user of Meta Platforms Ireland Limited’s services such as Facebook and Instagram, you can learn more about your privacy rights on those platforms on Facebook's website.

If you are a user of Google LLC’s services, you can learn more about your privacy rights on Google’s website.

If you are a user of Sanoma Media Finland Oy’s services, you can learn more about your privacy rights on Sanoma’s website (in Finnish).

If in any of our operations your personal data is transferred outside of the European Economic Area or the European Union, we will always use appropriate personal data transfer mechanisms and safeguards to ensure that your personal data is processed in accordance with applicable privacy and data protection laws. We also ensure that our ICT and other service providers do so and assess that our third-party partners implement similar, compliant practices to safeguard your personal data.

3.3.5. How We Retain Your Data

We retain your personal data for marketing communications purposes for so long as you have not opted out from receiving our marketing communications and content personalisation.

If you opt out, we will no longer send you marketing emails and you will no longer see our personalised advertisements on the third-party platforms, effective for emails immediately and for personalised advertisements within 24 hours. 

Please note that we will retain certain data if required by law, or for our legitimate business purposes unrelated to marketing communications or content personalisation purposes.

We receive your data directly from you when you purchase our products in one of our channels, when you make a booking at finnair.com or when you sign up for our Finnair Plus loyalty program. Your purchases will be linked to your account if you have identified yourself as a Finnair Plus member. We receive your personal data from our airline partners and other companies involved in arranging and managing your travel. 

We automatically collect personal data when you use our digital touchpoints or certain services, such as check-in, submitting baggage or boarding. 

We may get information from the authorities or third parties. We get your information from other airlines if we are involved in realising a part of your travel. We might also get your data from other partners, such as partners who are involved in realising the travel, for example Finavia, ground handlers, third-party platforms or travel agents. 

If you are a Finnair Plus member, we also get your data from partners when utilising their services using your Finnair Plus account. This is necessary for providing the services of the program. We automatically collect personal data when you use our services where you are identified by your Finnair Plus number, such as check-in services and submitting baggage, by using loyalty services or when purchasing ancillary products.

We share your personal data with Finnair group companies and other third parties for the following purposes:

For your travel and other services – We share your personal data with, for example, other airlines, airport operators and other service providers involved during your travel. We also transfer personal data to service providers involved in handling your reservations, purchases and bookings. We transfer your personal data to travel agencies, ancillary service providers, authorities and ground handlers, in accordance with the services requested. If you have booked your flight through a travel agent or third-party platform, we share your personal data with them. 

We share your data with other airlines that are part of your travel, for example if one of your flights is operated by another carrier, and with alliance member airlines for the assistance of alliance customers. 

For Finnair Group internal purposes – We may share personal data collected with the help of cookies on Finnair’s digital services to members of the Finnair Group. 

For legal obligations, security and fraud prevention or based on your consent – We share your data, such as passport, visa information and travel-related data as required by your destination country’s authorities. 

We share your personal data with relevant third parties or authorities if it is necessary to detect and prevent crime, fraudulent activities or security issues or for other legal reasons. In case of an international public health crisis, we may disclose health-related information to relevant authorities based on your consent or a legal obligation. 

For customer research purposes – We may share your contact information with third parties, such as research agencies that conduct customer research on behalf of Finnair.

Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. The laws of these countries may not afford the same level of protection to your personal data. 

In these cases, we have taken steps to ensure that appropriate and suitable safeguards are in place in order to comply with the requirements for international transfers of personal data under applicable law, such as using the European Union Commission Standard Contractual Clauses as a safeguard for the transfer of personal data outside the European Economic Area. 

We may also be obliged to transfer your personal data to foreign authorities, for example to customs or immigration authorities.

Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. Access to your personal data is restricted on a need-to-know basis and by access controls, and the processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as the applicable policies and instructions.

If something should go wrong

We do our best to keep your data safe and secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in accordance with the data protection legislation.

Your actions matter as well

To protect your own privacy, please avoid sharing your personal data, such as login information or travel documents, with others or on social media. Please pay special attention to your Finnair Plus account security and consider two-factor authentication as advanced security for your Finnair Plus account. Please avoid sending copies of your identification documents or sensitive personal data (e.g. doctor's certificates) to us by unsecured email; instead, use web forms or other secure transfer methods provided by Finnair.

We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations, authority requirements and for solving potential claims or disputes. The maximum retention time is ten (10) years. 

If you are a Finnair Plus member, your member data will be stored during the active membership. In case no transactions have been registered on the member’s account during the last ten (10) years and consequently, your Finnair Plus Avios have expired, your member data will be deleted.