Finnair Privacy Policy

HELLO. WE WANT TO MAKE SURE YOU ARE ON BOARD WITH US WHEN IT COMES TO THE USE OF YOUR DATA.

This Finnair Privacy Policy tells you how we collect, use, disclose and in other ways process your personal data. Here, we also explain your rights, how to contact us and how we safeguard your data. 

You can find more information about the processing of your personal data under each topic below. Please click the relevant section below for more information.

YOUR PRIVACY IS OUR PRIORITY.

ABOUT US

DATA CONTROLLER
FINNAIR Oyj
Business ID: 0108023-3
Address: Tietotie 9 01530 VANTAA, FINLAND

PRIVACY ONLINE SERVICE
Manage your privacy settings and request your personal data on the Finnair website at https://privacy.finnair.com.

DATA PROTECTION OFFICER
You may contact the Finnair Group Data Protection Officer: privacy@finnair.com or Finnair Data Protection Officer, PO BOX 15, 01053 FINNAIR, FINLAND


YOUR DATA, YOUR RIGHTS

HOW TO USE YOUR RIGHTS

You can use your rights at privacy.finnair.com.

You will always receive a confirmation of the action we have taken on your request (for example, confirmation of deletion). We will let you know if we cannot fulfil a request you have made, and the reasons behind such decision. Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame, we may charge a reasonable fee to cover the administrative costs involved. We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.

RIGHT TO ACCESS 

You have the right to access and be informed about the personal data we process about you. You can view some data directly in our digital channels, and you may request a copy of your personal data at privacy.finnair.com. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.

RIGHT TO CORRECTION

You have the right to rectify or update inaccurate or incomplete personal data we have about you. You can update some of your personal data through our digital channels, and you have the right to request a correction of your contact details or other personal data by contacting us.

RIGHT TO ERASURE 

You may ask us to delete your personal data, and we will erase such data without undue delay, unless we have a lawful reason to continue processing the data, such as for delivering the requested services or if there is a legal requirement or lawful right for us to retain personal data.

RIGHT TO RESTRICT AND TO OBJECT

You may ask us to restrict the processing of your personal data, for example when your request to correct or remove your data is pending, or if you have objected to the processing of your personal data and the clarification of the grounds for such processing is pending.

You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message. If you are a Finnair Plus member or Finnair account holder, you may also change your direct marketing preferences in your Finnair Plus or Finnair account profile.

RIGHT TO WITHDRAW YOUR CONSENT

You have the right to change your mind and withdraw any consent you have previously given to us. If you are a Finnair Plus member or Finnair account holder, you can withdraw your consent in your Finnair Plus or Finnair account profile.

RIGHT TO DATA PORTABILITY

You have the right to receive the personal data you have given to us in a structured and commonly used electronic format, and to independently transmit those data to a third party.

LODGING A COMPLAINT

If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.

SAFEGUARDING YOUR DATA

HOW WE PROTECT YOUR DATA

Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. Access to your personal data is restricted on a need-to-know basis and by access controls, and the processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as the applicable policies and instructions.

INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. The laws of these countries may not afford the same level of protection to your personal data.

In these cases, we have taken steps to ensure that appropriate and suitable safeguards are in place in order to comply with the requirements for international transfers of personal data under applicable law, such as using the European Union Commission Standard Contractual Clauses or the the Privacy Shield Framework as a safeguard for the transfer of personal data outside the European Economic Area.

We may also be obliged to transfer your personal data to foreign authorities, for example to customs or immigration authorities.

IF SOMETHING SHOULD GO WRONG

We do our best to keep your data safe and secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in accordance with the data protection legislation.

YOUR ACTIONS MATTER AS WELL

To protect your own privacy, please avoid sharing your personal data, such as login information or travel documents, with others or on social media. Please pay special attention to your Finnair Plus account security and consider two-factor authentication as advanced security for your Finnair Plus or Finnair account. Please avoid sending copies of your identification documents or sensitive personal data (e.g. doctor’s certificates) to us by unsecured email; instead, use web forms or other secure transfer methods provided by Finnair.

CUSTOMER AND PARTNER DATA

WHAT DATA WE PROCESS

IDENTIFICATION AND CONTACT DATA

We collect and process basic information, such as

  • name
  • date of birth
  • gender
  • traveller type (adult, child, infant)
  • title (Mr, Mrs, Ms)
  • contact information, such as address, billing address, ground transportation address, telephone number and email address.

Personal information may be processed, for example, regarding the person travelling, the person making the booking, the emergency contact person, legal guardians or dependents.

SERVICE-RELATED DATA

In order to make your journey possible, we process booking and ticket information as well as baggage handling details. This may include:

  • booking reference number, ticket number, pricing information
  • flight details (departure dates and times, flight number)
  • flight itinerary (journey origin and destination and possible stopovers)
  • booking date, travel type (one-way or return)
  • travel class, seat type and number
  • baggage tag codes, routing and possible security screening details.

At your request, we may also process special service request information. These types of requests may involve, for example, meal information, transporting pets in the cabin or in the cargo hold, or required special assistance.

We may also process travel document data for passengers travelling to or from the Schengen area, such as passport number, passport validity period, issuing country and nationality. Visa information and destination addresses are also collected when required by the destination authorities.

Please note that all persons in the same flight reservation will be able to access the data in the reservation (including the data of the travel companions), available through the My Booking service. Access to My Booking is terminated shortly after the last flight of the reservation.

When you pay for your trip or other services, we process your payment information, such as payment method and credit card information.

We may process information on sales channel and ancillary services, such as pre-ordered meals, travel class upgrades, retail products and other purchases. We process data about your travel arrangements, such as group information (when traveling with others under the same booking reference), check-in methods and travel companions in case of joint check-in.

At selected airports, we also process the data from airport security checkpoints and automated control gates at the departure gates.

In case you choose to share additional information, by submitting a query or claim through our customer services channels, this data will be processed by Finnair.

If you are a member of Finnair Plus or a member of our alliance partner’s loyalty program, we collect and process information such as frequent flyer number, program and tier information, if you have provided your frequent flyer number.

If you book additional transport or parking services through Finnair, we will process transportation address information, service reservation number information, registration plate numbers, ticket information and given additional information, such as the size of the vehicle or written free format information relating to your booking.

COMMUNICATION DATA

We may collect and process your communication with us. This can include customer service phone call recordings, chat history, emails and SMS messages. We may also process your information in connection with satisfaction surveys and feedback forms. We may process your direct marketing-related consents and opt-outs (unsubscriptions).

DATA COLLECTED IN OUR DIGITAL TOUCHPOINTS

When you log into or navigate our digital touchpoints, we will process your login details, service usage and certain information about devices and connections of users, such as IP address.

SENSITIVE PERSONAL DATA

We limit the collection of sensitive personal data such as information about your health to a minimum, and only to data given by you.

In connection with your special service requests, we may need to process this type of information, for example due to a special medical assistance request or in case you need medical clearance to fly with us.

SECURITY RECORDS

Finnair stores a record of passengers who have previously endangered flight safety and security or have committed an unruly or illegal act against Finnair or Finnair staff.

HOW WE USE YOUR DATA

BASED ON OUR CONTRACT WITH YOU

Providing our services

To create a booking, change a booking and identify all passengers onboard, we need the personal information of those travelling.

To provide you with services throughout your entire journey with us, your data will be processed at the airport at check-in and arrival, service desk, lounge, gate as well as on board. In case of irregularities, we need to reach out to our customers and, in case of the disruption of traffic, reroute the passengers and modify their bookings.

To deliver your baggage to your destination, we process the baggage handling details (e.g. tag codes, routing and possible security screenings).

In case of special service requests, we need to ensure you are provided with the correct service. For instance, your diet preference will be processed to ensure that you get the meal of your choice.

We assist you in queries related to your purchases such as flight reservations or shopping.

In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your personal data as necessary. We may also use your identification data to provide you with better service in disruption situations. We may send you confirmation and informative communication about your travel by email, SMS or other means.

We may save your contact information, reservation data, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when getting in touch with us. To keep you informed about your travel and itinerary, we will need to reach out to you using your contact details and process your booking details.

If you have enrolled in our other services, we will process the data provided during registration or booking in order to provide the requested service.

BASED ON OUR LEGITIMATE INTEREST

Communication and engagement

We may process your personal data to send you communication, for example emails related to services which you may be interested in. For instance, we may inform you about upgrade offers, if there are business class seats available on your flight.

We may engage with you to voluntarily participate in developing our services. If you have participated in a survey, the results are used for analytics and can also be combined with other data in our database, such as reservation and flight data, for customer experience improvement purposes. You may be contacted after the survey for providing additional information. We may also contact a selected or limited group of persons to participate in testing our new products and services.

When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.

Digital touchpoints

Personal data, such as login details and site usage logs, are processed in connection with providing you services in our digital touchpoints, to ensure your identity and to record usage. Functional cookies are employed to collect data from sessions to ensure the functioning of our online services. For more information on how we use cookies, please see our cookie policy.

Personalisation of services

Aiming to continuously improve the customer experience and to make our offering more relevant to you, we may offer personalised service and content based on an individual transaction, for example offering services related to your destination. We may also perform customer segmentation, for instance for offering upgrades, ancillary services and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the travel purpose.

By identifying the customer and their travel history, we can identify previous communications, past irregularities, purchased services and flights. Accordingly, we can recognise the specific traveller’s needs and pay special attention to certain elements of the customer journey, experience and interactions. To identify the customer and create one unique customer profile, multiple records need to be linked, both for the same and across different transactions.

Background processes

As part of running our business, we may process personal data when carrying out certain background processes. For tickets, ancillaries and other purchases, we need to make sure bookings are created and ticketing is done in compliance with law and Finnair policies. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft and false bookings and auditing of fares and taxes.

For developing our services further, we follow traffic flows, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.

BASED ON YOUR CONSENT

Direct marketing

If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our Finnair newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Customers have the right to unsubscribe or opt out of receiving marketing messages at any point.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair customer or a representative of our supplier, partner or subcontractor and have not unsubscribed (opted out) from receiving direct marketing.

Digital touchpoints

In addition to enabling our online services, we use cookies for collecting personal data for the purposes of providing service analytics, personalisation and advertising based on your consent. For more information on how we use cookies, please see our cookie policy.

Processes including sensitive personal data 

If the processing of your health-related data is necessary, explicit consent will be requested from you. You may be asked to provide additional information, such as a doctor’s certificate to ensure you can travel according to the evaluation of a medical professional, and to ensure that we have the required information to take care of your safety and security. Once consent has been received, the data will be processed, for example, by customer care, ground handling and inflight crew, only to the extent necessary.

BASED ON OUR LEGAL OBLIGATIONS

Ensuring a safe and secure travel

To provide you with safe and secure travel, and for complying with the safety requirements such as reporting incidents, we need to make sure we know who is on board the aircraft. We identify passengers with check-in, at the gates and in coordination with security services.

In cases where a passenger has interfered with or may compromise flight safety, security or order during or in connection with a flight, we have the right to refuse to accept the passenger on our flights due to security reasons. This decision may be made for a fixed period or until further notice. This also means that we will record the related passenger information in our security records. We will also define the length of the term during which the passenger cannot board our aircraft. We will inform the passenger about storing their information in our security records.

Local laws may require us to share your personal data with authorities, for example border control agencies, customs, immigration authorities, police or tax authorities. In order to comply with the legal obligations, we collect and process personal data such as passport details, visa information and your address in your travel destination as required by legislation or authority requirements.

In the event of crises, Finnair may process your data for the purpose of providing care and assistance as well as in order to respond to the situation and meet our legal obligations.

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by the law.

STORAGE PERIOD

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

HOW WE COLLECT AND SHARE YOUR DATA

SOURCES OF DATA

We receive your data directly from you when you purchase our products in one of our channels, when you make a booking at finnair.com or when you sign up for our loyalty program.

We automatically collect personal data when you use our digital touchpoints or certain services, such as check-in, submitting baggage or boarding.

We may get information from the authorities or third parties. We might get your information from other airlines if we are involved in realising a part of your travel. We might also get your data from other partners, such as partners who are involved in realising the travel, for example Finavia, ground handlers, third-party platforms or travel agents.

SHARING YOUR DATA

We may share your personal data with Finnair group companies and other third parties for the following purposes:

For your travel and other services

We share your personal data with, for example, other airlines, airport operators and other service providers involved during your travel. We also transfer personal data to service providers involved in handling your reservations, purchases and bookings. We may also transfer your personal data to travel agencies, ancillary service providers, authorities and ground handlers, in accordance with the services requested. If you have booked your flight through a travel agent or third-party platform, we share your personal data with them.

We share your data with other airlines that are part of your travel, for example if one of your flights is operated by another carrier, and with alliance member airlines for the assistance of alliance customers.

For Finnair Group internal purposes

We may share personal data collected with the help of cookies on Finnair’s digital services to members of the Finnair Group.

For legal obligations, security and fraud prevention

We may share your data, such as passport, visa information and travel-related data as required by your destination country’s authorities.

We may also share your personal data with relevant third parties or authorities if it is necessary to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.

FINNAIR PLUS MEMBER AND FINNAIR ACCOUNT DATA

WHAT DATA WE PROCESS

PROFILE DATA

We collect and process the basic personal data you submit about you or your children when creating your Finnair Plus or Finnair account profile. This may include the following information:

  • name
  • date of birth
  • gender
  • family size and other residential information
  • title (Mr, Mrs, Ms)
  • contact information, such as addresses, telephone number and email address
  • occupational data – profession or occupation, name of employer, employer address and work telephone number
  • travel document information – passport number, passport validity period, issuing country for passport and nationality.


We process information regarding your membership status and history as well as data regarding your personal preferences and your use of membership benefits. This includes the following information:

  • membership and profile information – membership commencement date, type and campaign, seat preference (aisle or window)
  • membership card information – membership number, date of issue of last membership card, expiry date
  • membership tier information – tier history, tier points total, number of tier flights, membership tier, flight ticket price accrual, tier date details
  • points information – total tier and award points earned during membership, total award points spent, total award points available, total expired award points
  • transaction data – all transactions and purchases that involve your membership
  • event-specific information – date of event, event details, such as product name, points earned or points spent, service provider’s name, document number (ticket number or another document number)
  • information about whether the customer has a combined Finnair Plus credit card
  • interests and preferences – leisure interests, meal preference and other interests provided by the member
  • marketing data – dispatch dates of marketing communications and point statements, details of campaigns offered to customer and copies of marketing letters sent to customer
  • airport services – information about airport services, such as the use of lounge services, check-in services and baggage handling services and other airport service details
  • Direct marketing-related consents and opt-outs (unsubscriptions).


Your profile also contains the data of your flights as Finnair Plus member or Finnair account holder:

  • flight number
  • point of departure and destination of the flight
  • travel class
  • airline code
  • travel agency that made the booking
  • price information of the ticket
  • code name for business travel booking and other booking information
  • travel partner information – name of the partner

HOW WE USE YOUR DATA

BASED ON OUR CONTRACT WITH YOU

Providing our services 

As part of the Finnair Plus program, Finnair records your transactions. Transactions include points accrual and redemption. This enables us to calculate your account balance. We may send you information about your point balance and about program changes.

We also process the data that is provided by you in your Finnair Plus or Finnair account profile. In your profile you may choose to share your preferences and interests. These preferences may be used for pre-filling information when making a booking on the Finnair website or to provide more relevant service.

When you enrol in special events, we will process the participant list. The same applies to marketing competitions and prize draws.

Enabling partner services 

The Finnair Plus partners are a notable part of the Finnair Plus program, as you can earn and spend Finnair Plus points when using partner services. For this reason, Finnair sends information about partner services and benefits to members together with information regarding the Finnair Plus program and Finnair services. More information about partners is available on the Finnair website.

To provide the partner service and to keep your account balance up-to-date, Finnair also exchanges data with the Finnair Plus partners. If you use points with a partner, Finnair will be informed. Similarly, if you accrue points with one of our partners, we will be informed so you are awarded those points correctly. In order to recognise our customers also through our partners’ services, we may send relevant member information. In case of queries or complaints related to partner services, we might correspond with the partners and share relevant member information.

Communication and engagement

The data recorded is also used for targeted member communication distributed in the Finnair mobile application, the Finnair website and in our other channels.

We may use the data recorded to communicate with you about your account and program features and benefits. For instance, these messages may include but are not limited to when your points are due to expire or if you are close to the next tier.

In order to provide you with the correct information about our member offers on third-party channels, we may send a list of member emails to the respective third parties. This ensures that the right offers are displayed when you are identified as a Finnair Plus member.

BASED ON LEGITIMATE INTEREST

Communication and engagement

As part of improving our customer communications, we may follow up on the frequency and engagement of how often these messages lead to further actions on your part in order to calculate the metrics such as click rates.

Analytics 

We may use your personal data for analytics and customer recognition. This enables us to provide our customers relevant services and products as well as develop our products and concept and create unique customer profiles. Profiles may be used for targeting marketing and content in our digital channels, for example the Finnair website, our mobile application or newsletters distributed by email. Direct marketing involves member-specific variation in the advertising content in the above-mentioned channels. Direction of individualised advertising at members is an integral part of the Finnair Plus program or the Finnair account. Having a complete view of our customers enables us to understand your entire experience and helps us to improve our products and services and your experience. We may also derive other metrics based on your customer behaviour, for example, the likelihood of purchasing certain products, create customer segments, predict other products or destinations you may be interested in.

BASED ON YOUR CONSENT:

Direct marketing

Direct marketing messages are sent to members who have given their consent to receive such messages. These marketing materials may include offers from partners, depending on your direct marketing settings.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair customer and haven’t opted out of direct marketing.

BASED ON OUR LEGAL OBLIGATIONS:

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by law.

STORAGE PERIOD

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

HOW WE COLLECT AND SHARE YOUR DATA

SOURCES OF DATA

We get your data when you join as a member and submit your data for the purpose of creating and maintaining your account. We get your data directly from you when you purchase our products on one of our channels or enrol in one of our services (for example when making a booking on finnair.com). Your purchases will be linked to your account if you have identified yourself as a Finnair Plus member.

We also get your data from partners when utilising their services using your Finnair Plus account. This is necessary for providing the services of the program.

We automatically collect personal data when you use our services where you are identified by your Finnair Plus number or Finnair account, such as check-in services and submitting baggage, by using loyalty services or when purchasing ancillary products.

SHARING YOUR DATA

We may share your personal data with Finnair Group companies and other third parties for the following purposes:

For providing services related to your membership

We share your personal data with, for example, other airlines, airport operators, program partners and other service providers directly involved in providing services related to your membership.

For legal obligations, security and fraud prevention

We may share your personal data with relevant third parties, if necessary, to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.

Policy on collection and use of personal information (Korea)

The following matters are notified and agreed upon when collecting personal information pursuant to the Korean Act on Promotion of Information and Communication Network Utilization and Information Protection.

1. Personal Information Items Collected 
- Required Items : Company Name, Name, Family Name, Email, Country
- Optional Items : Contact, Finnair Customer Number
2. Purpose of Collection and Use of Personal Information
- If you have agreed with the terms of collection of personal information below, you are deemed to have agreed with the terms of collection of personal information.

- Data files are used for customer relationship management and development, customer profiling and analysis and contact with customers.
3. Duration of personal information retention and use

- Personal information collected through user agreement shall be retained/used while the user is accessing the services provided on the Finnair website. The user’s personal information is immediately discarded when the purpose of use is attained or if the transaction is abandoned.

- Reasons for retention: The Act on Promotion of Information Communication Network Use & Protection of Information

- Retention period: 10 years

 

The user may refuse to agree with the collection and use of personal information. In this case, however, the user may have limited service.

Overseas transfer of personal information agreement (Korea)

In order to provide more convenient and secure services, Finnair consigns its booking and transport system operations to Amadeus, an air travel information system service provider. Matters concerning consignment and overseas transfer of personal information processing required for booking procedures are as follows.

 

1. Recipient

- Amadeus IT Group, S.A., (dataprotection@amadeus.com)

2. Personal information to be transferred

- Finnair Plus membership number, name, date of birth, gender, telephone number, email address, country, time and method of transfer: Germany, completion of reservation, exclusive network

3. Information recipient’s purposes for use of personal information & period of retention/use

- Retention of booking records in our company’s booking system / 3 years after transfer (in accordance with the EU's CRS Code of Conduct)