Finnair Privacy Policy

HELLO. 

WE AT FINNAIR WANT TO MAKE SURE YOU ARE ONBOARD WITH US WHEN IT COMES TO THE USE OF YOUR DATA.

This Finnair Privacy Policy informs you of how we collect and process your personal data. This Policy provides information as required by the European Union General Data Protection Regulation (Regulation (EU) 679/2016) and describes the practices and purposes of personal data processing at Finnair.

The Privacy Policy covers all the personal information that we may collect when you use our services, for example, to plan your trip, when you travel with us or shop with us or when you visit our website. In this Policy, we also describe the processing of your personal data for marketing and communication, personalisation, analytics, safety and security, as well as for regulatory purposes. In case you are a member of the Finnair Plus loyalty program and use the membership services of Finnair or loyalty program partners with your Finnair Plus number, we will record and use your personal data according to this Policy. 

We may update this Privacy Policy from time to time. We will notify you on our website if we make any significant changes.

This Privacy Policy will be available in all languages of the finnair.com website soon.

CONTACT DETAILS OF FINNAIR

DATA CONTROLLER
FINNAIR Oyj 
Business ID     0108023-3
Address     Tietotie 9 01530 VANTAA, FINLAND

DATA PROTECTION OFFICER
Finnair Group Data Protection Officer contact details:

Email: PRIVACY@FINNAIR.COM 

Finnair Data Protection Officer
P.O. BOX 15
01053 FINNAIR

Manage your privacy settings and access your personal data at PRIVACY.FINNAIR.COM 

YOUR DATA, YOUR RIGHTS

HOW TO USE YOUR RIGHTS

You can use your rights as a data subject by contacting us at privacy.finnair.com. Please note that you may need to provide additional information to confirm your identity.

We will provide you a confirmation of the actions we have taken in response to your request (for example, confirmation of deletion). We will also let you know if we cannot fulfil a certain request, as well as the reasons behind such a decision. 

Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame we may charge a reasonable fee to cover the administrative costs involved.

We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.

RIGHT TO ACCESS 

You have the right to access and be informed about your personal data processed by us. You have the possibility to view certain data in our digital channels and you may request a copy of your personal data at https://privacy.finnair.com. We will provide you with it unless we have lawful reasons not to share this data or in cases where sharing the data would result in severe damage to your rights or the rights of others.

RIGHT TO CORRECTION

You have the right to have inaccurate or incomplete personal data about you rectified or updated. You may update some of your personal data through our digital channels and you have the right to request correction of your contact details or other personal data by contacting us. 

RIGHT TO ERASURE 

In certain cases, you may ask us to delete your personal data if, for example, your personal data are no longer needed for the purposes for which they were collected or if you withdraw your consent in cases where our data processing is based on your consent only.

We will erase such personal data without undue delay unless there is a legal basis for us to continue processing such data based on the data protection legislation.

RIGHT TO RESTRICT AND TO OBJECT

You may also request us to restrict processing of your personal data for example, when your request concerning correction or removal of your data is pending or if you have objected to the processing of your personal data, when clarification of the grounds for such processing is pending.

You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message. If you are a Finnair Plus member, you may also change your message preferences in your Finnair Plus profile to object to direct marketing.

RIGHT TO WITHDRAW YOUR CONSENT

You have the right to change your mind and withdraw any consent you previously provided to us. If you are a Finnair Plus member, you may withdraw consents in your Finnair Plus profile.

RIGHT TO DATA PORTABILITY

You have the right to receive the personal data you have given us in a structured and commonly used electronic format and to independently transmit those data to a third party.

LODGING A COMPLAINT

If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.

SAFEGUARDING YOUR DATA

HOW WE PROTECT YOUR DATA

Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. 

In practice this means that your personal data is protected in accordance with the sensitivity of the data. The circle of users with access to personal data is restricted on a need-to-know basis and by access controls, and processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as applicable policies and instructions.

INTERNATIONAL DATA TRANSFERS

Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area to Finnair partners and authorities. We transfer your data responsibly. We have taken steps to ensure that your personal data receives an adequate level of protection in the jurisdictions in which it is processed. In particular, we provide adequate protection for the transfers of personal data to countries outside of the European Economic Area based on the European Union Commission Standard Contractual Clauses or through other appropriate safeguards, such as the Privacy Shield Framework.

IF SOMETHING SHOULD GO WRONG

We do our best to keep your data safe and secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in a timely manner and in accordance with data protection legislation.

YOUR ACTIONS MATTER AS WELL

To protect your own privacy, please avoid sharing your personal data, for example login information or travel documents with others or on social media. Please pay special attention to your Finnair Plus account security and consider two-factor authentication as advanced security for your Finnair Plus account. Please avoid sending copies of your identification documents or sensitive personal data to us by unsecured e-mails and instead use web forms or other secure transfer methods provided by Finnair.

CUSTOMER AND PARTNER DATA

WHAT DATA WE PROCESS

BASIC IDENTIFICATION AND CONTACT DATA

We collect and process basic information, such as name, date of birth, gender, traveller type (adult, child, infant) and title (Mr, Mrs, Ms). Personal information may be processed regarding the person traveling, the person making the booking, the emergency contact person, legal guardians or dependents.

We may also process contact information, such as address, telephone number and email address. This may include contact information provided about the person traveling or of another associated person as specified above.  

In certain cases, we may also process company details, billing addresses and ground transportation addresses. 

YOUR RESERVATION AND TRAVEL ASSOCIATED DATA

In order to make your journey possible, we process booking and ticket information. This may include flight details (departure date, flight number), Passenger Name Records (booking reference), ticket numbers, pricing information, booking date, travel type (one-way or return) and flight itinerary (possible stopovers). We may also process sales channel, journey origin, destination and information on ancillary services, such as selected seats, pre-ordered meals, travel class upgrades, retail products and other purchases.

We process data about your travel arrangements, such as group information (when traveling with others under the same booking reference), check-in methods and travel companions in case of joint check-in. We also process your seat type and number, baggage tag numbers and baggage process updates (for example security screens). At selected airports, we also process the data from airport security checkpoints and automated control gates at the departure gates.

Based on your request, we may process special service request information. These types of requests may involve, for example, diet information, transporting pets in the cabin or in the cargo hold or special assistance required.

We may also process travel document data for passengers travelling to or from the Schengen area, such as passport number, passport validity period, issuing country for passport and nationality. Visa information and destination addresses are also collected when required by the destination authorities. 

When you pay for your trip, we collect and process your payment information, such as payment method and credit card information.

DATA OF LOYALTY MEMBERS

We collect and process loyalty program information, such as frequent flyer number, program and tier information from loyalty programs if the respective member provides their frequent flyer number.

YOUR COMMUNICATION WITH US

We may collect and process your communication with us. This can include customer service phone call recordings, chat history, emails and SMS messages. We may also process your information in connection with customer satisfaction surveys and customer feedback forms.

SITE USAGE

We collect personal data with the help of cookies on Finnair’s digital services.

DATA FOR SPECIFIC SERVICES

We may process information needed for providing specific services in which the customer wants to participate, such as special events, prize draws and other similar specific happenings. For this we may process information such as name and contact details. 

ADDITIONAL DATA

In case you choose to share additional information, for instance for claims purposes through our customer services channels, this data will be processed by Finnair, for example customer-written descriptions of an event in free-text format.

MARKETING DATA

We may process your name, address, phone number and email address as well as any direct marketing consents and opt-outs and profiling prohibitions for our marketing purposes.

COLLECTION OF SENSITIVE DATA

We limit the collection of sensitive personal data, such as information on your health to a minimum. 

In connection with special service requests made by the customer, we may need to process this type of information, for example due to a special medical assistance request or in case you need medical clearance to fly with us. Your health-related information and other special category data is processed only based on your explicit consent and is used solely for providing the necessary services. 

SECURITY RECORDS

In cases where a passenger interferes with flight safety, security or order during or in connection with a flight, we are entitled to refuse to accept the passenger on our flights due to security reasons. This decision may be made for a fixed or unlimited period. This also means that we will record the related passenger information in our security records. We will also define the length of the term during which he or she cannot board our aircraft. We will inform the passenger about storing the passenger’s information in our security records.

DATA OF SUBCONTRACTORS AND SUPPLIERS

We process the contact details and other necessary data of those persons that are involved in the business relationship of Finnair and our Suppliers, Partners and Subcontractors.

DATA OF CHILDREN

Due to the nature of our services, we process information about children under the age of 13. 

HOW WE USE YOUR DATA

BASED ON OUR CONTRACT WITH YOU:

Providing our services

We use your data to provide you with services along your entire customer journey.
To create a booking, we need your personal information. This applies to individual bookings, but also to group bookings. This is to ensure that we know who is traveling onboard of our flights and if any changes to the booking are required, we need to be able to access and maintain the bookings. In case of disruptions or irregularities we need to reach out to our customers by using the provided contact details and if needed, reroute the passengers and hence modify the bookings. 

Your data may also be processed at the airport at check-in, lounge, gate, transfer, disruptions, arrival and service desks and by the crew during the flight for example for delivering personal customer service and for complying with safety requirements such as reporting incidents.

We assist you in queries related to your flight or other service booking with us – such as flight reservations or meal preference, shopping or any other services or products provided to you throughout your journey with us. We may save your contact information, reservation data, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when contacting us. To keep you informed about your travel and itinerary we will need to reach out to you using your contact details and process your booking details.

In case of special service requests, we need to ensure you are given the correct service. For instance, your diet preference information will be processed to ensure the preferred meals are delivered on flights according to your requests. When traveling with check-in luggage we need to identify the rightful owner and the customer’s itinerary, so that the luggage can be delivered to the customer at the destination.

If you have enrolled in our other services, for example training, we will process that data provided during the registration.

BASED ON OUR LEGAL OBLIGATIONS:

Ensuring a safe travel environment

To provide you with a safe travel environment, we need to make sure we know who is on the aircraft. This is why we process personal data in connection with check-in, at gates and in coordination with security services. We also need to assess whether some potential customers should not be allowed onboard, due to a travel ban or when the customer is inadmissible for other reasons. Finnair stores a record of the passengers who have previously endangered flight safety and security or have committed an unruly or illegal act against Finnair or Finnair staff (see "Security records" in the previous section).

Certain local laws may require us to share your personal data with authorities, for example border control agencies, customs, immigration authorities, police or tax authorities. In order to comply with legal obligations, we collect and process personal data such as passport, visa information and your address in your travel destination as required by the legislation or authority requirements. 

In the event of crisis situations Finnair may process your data to respond to the situation and to meet its legal obligations.

Keeping track of our records

Based on accounting legislation we are required to store our transactions and other accounting material for the period as defined by the law.

BASED ON LEGITIMATE INTEREST:

Customer communication and engagement

In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your contact details as provided to us. 

As part of service we may also use your personal, contact and reservation data to provide you better customer service in disruption situations. We may send you pre-departure emails or disruption messages by email, SMS or other means to inform you about your flight and other services. Similarly, we may send you emails related to the booking, with services which you may be interested in. For instance, we communicate you in relation to upgrade offers, if there are business class seats available for your flight.

We may also invite and engage with customers to participate in the customer community. We may contact customers to collect feedback or for surveys. Customer survey results are used for analytics and can also be combined with other data in our database, such as reservation and flight data in for customer experience improvement purposes. Customers may be contacted after the survey for additional information. We may also contact a selected or limited group of customers to participate in testing our new products and services. Finnair processes travel journey related information when processing customer feedback and claims. This is done to ensure we handle all cases fairly and we understand what has happened.

Digital touchpoints

Personal data such as login details are processed in connection with the usage of our digital services. 

Personalisation of services

Aiming to continuously improve the customer experience and to make our offering more relevant to the customer we may offer personalised service and content based on an individual transaction, for example offering services related to your destination. We may also perform customer segmentation, for instance for offering upgrades, ancillary services and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the travel purpose.

By identifying the customer and the travel history we can identify previous communications, past irregularities, purchased services and flights. Accordingly, we can recognize the specific traveller’s needs and pay special attention to certain elements of the customer journey, experience and interactions. To identify the customer and create one unique customer profile multiple records need to be linked, both for the same and across different transactions. 

Business Interest

For the purposes of managing and expanding our business relationships, we process the contact details and other necessary data of those persons that are involved in the business relationship of Finnair and our Suppliers, Partners and Subcontractors.

Background processes 

As part of running the business we may process personal data when carrying out certain background processes. For tickets, ancillaries and other purchases, we need to make sure bookings are created and ticketing is done in compliance with law and Finnair policies. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft and false bookings and auditing of fares and taxes. 

To analyse business performance, we need to analyse our traffic flows, commercial and operational performance and the related customer behaviours. To improve our processes and improve the customer experience, transactional or behavioural data may be analysed.

Transactional or behaviour data may be used in operational situations to determine for example when and to whom upgrade offers will be sent, how many people will be upgraded or offloaded etc.

BASED ON YOUR CONSENT:

Direct marketing

If you have given us your consent we will send you direct marketing messages. For instance, if you have subscribed to our Finnair newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Details of these communications will be processed and customers have the right to unsubscribe or opt out of receiving marketing messages at any point.

We may also send you direct marketing related to Finnair services based on applicable ePrivacy legislation if you’re an existing Finnair customer or a representative of our supplier, partner or subcontractor and have not opted-out from receiving direct marketing.

Processes including medical data 

When processing customer medical or health related data or other special categories of data explicit consent will always be acquired before this data is recorded in our systems. You may be asked to provide additional information such as a doctor’s certificate to ensure the customer can travel according to the evaluation of a medical professional and to ensure that we have the required information to take care of the customer’s safety and security. Once consent has been received, the medical data will be processed, for example, by customer care, ground handling and inflight crew. The processing of special categories of data is minimized and only handled as required to provide the required service to the customer and ensure safety. For example, the inflight crew needs to know about special assistance needed and medical equipment onboard.

Digital touchpoints and cookies

Personal data such as IP address, Cookie ID and device ID are processed in connection with our digital services. We use cookies for collecting personal data for the purposes of providing service functionalities, analytics, personalisation and advertising. For more information on how we use cookies please see our Cookie policy.

STORAGE PERIOD

We keep your personal data for as long as necessary for us to fulfil the purpose for which it was collected or in so far as data storage is necessary for compliance with legal obligations and for solving claims or any disputes. 

HOW WE COLLECT AND SHARE DATA

SOURCES OF DATA

We receive your data directly from you when you purchase our products in one of our channels or when you make a booking on finnair.com, or when signing up for our loyalty program. 

We automatically collect personal data when you use certain services, such as check-in, submitting luggage or boarding. 

We may also get information from authorities or third parties. We might get your information from other airlines if we are involved in realising a part of your travel. We might also get your data from other partners such as partner who are involved in realising the travel, for example ground handlers, Third-party platforms or travel agents.

SHARING YOUR DATA

We may share your personal data with Finnair group companies and other third parties for the following purposes:

For your travel and service processes

We share your personal data with, for example, other airlines, airport operators and other service providers involved in your travel process. We also share personal data with service providers involved in handling your reservations, purchases and bookings. We may also share your personal data with travel agencies, ancillary service providers, authorities and ground handlers. 

If you have booked your flight through a travel agent or third-party platform, we share your personal data with them. 

We share your data with other airlines that are part of your travel, for example if one of the flights is operated by another carrier, and with alliance member airlines for assistance of alliance customers. 

For Group internal processes

We may share personal data collected with the help of cookies on Finnair’s digital services to members of the Finnair Group.

For legal reasons, security and fraud prevention

We may share your data such as passport and visa information for formalities as required by your destination country. We share your personal data with local authorities upon entering the territory of your destination country or for other similar mandatory obligations. 

We may also share your personal data with relevant third parties if it is necessary to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.

FINNAIR PLUS MEMBER DATA

WHAT DATA WE PROCESS

BASIC PROFILE INFORMATION

We collect and process some basic personal data that you submit when creating your Finnair Plus profile. This includes the following information: basic personal information - name, date of birth (including those of children), gender, title, size of family and other residential information; contact information - addresses, telephone number, email address, occupational data – profession or occupation, name of employer, employer address and work telephone number, travel document information - passport number, passport validity period, issuing country for passport and nationality.

MEMBERSHIP INFORMATION

We collect and process information regarding your membership status and history as well as data regarding your personal preferences and your use of membership benefits. If you buy products or services from us with money, points or both or receive them as courtesy, we record details of those transactions and link them to your Finnair Plus profile. This includes the following information: membership and profile information - membership commencement date, type and campaign, seat preference (aisle or window); membership card information - membership number, date of issue of last membership card, expiry date; membership tier information – tier history, tier points total, number of tier flights, membership tier, flight ticket price accrual, tier date details; point information - total tier and award points earned during membership, total award points spent, total award points available, total expired award points; transaction data – all transactions that involve membership, for example where the Finnair Plus member number is used by the member; event-specific information - date of event, event details, such as product name, points earned or points spent, service provider’s name, document number (ticket number or another document number). 

For flights this may include: flight number, point of departure and destination of the flight, travel class, airline code, travel agency that made the booking, price information of the ticket, code name for business travel booking and other booking information; and partner information - name of the partner, type of transaction, number of points earned/used, transaction dates, information about whether the customer has a combined Finnair Plus credit card.

PREFERENCES

Your preferences information includes the following information: interests and preferences - leisure interests, meal preference and other interests provided by the member; marketing data - dispatch dates of marketing communications and point statements, details of campaigns offered to customer and copies of marketing letters sent to customer; airport services - information about airport services, such as the use of lounge services, check-in services and baggage handling services and other airport service details; and Finnair website usage data - information regarding the use of Finnair network services collected using cookies. For more information on how we use cookies, please see our Cookie policy.

HOW WE USE YOUR DATA

BASED ON OUR CONTRACT WITH YOU:

Providing our services 

As part of the Finnair Plus program Finnair records your transactions. Transactions include point accrual and redemption. This enables us to calculate your account balance. We may send you information about your point balance and about other program changes.

We also process the data that is provided by the member in their Finnair Plus profile. In your profile you may choose to share your preferences and interests. These preferences may be used for pre-filling information when making a booking on the Finnair website or to provide more relevant service.

When enrolling in special events we will process the participant list for you to receive the right service. The same holds for marketing competitions and prize draws.

Enabling partner services 

The Finnair Plus partners are also a notable part of the Finnair Plus program, as members can earn and spend Finnair Plus points when using partner services. For this reason, Finnair sends information about partner services and benefits to members together with information pertaining to and regarding the Finnair Plus program as well as Finnair services. More information about partners is available on the Finnair website.

To provide the partner service and to keep the account balance up-to-date Finnair also exchanges data with the Finnair Plus partner. If a member utilizes points with a partner Finnair will be informed. Similarly, if the member accrues points with one of our partners we will be informed, so you are awarded those points correctly. In order to recognize our customers also with partners we may send relevant member information, such as name, Finnair Plus number and tier level to our partners. In case of queries or complaints related to partner services we might exchange correspondence with the partners to resolve the issues. For this we may also need to share relevant member information, such as Finnair Plus number.

BASED ON YOUR LEGITIMATE INTEREST:

Advanced analytics 

We may use your personal data for analytics and customer recognition. This enables us to provide relevant customer service as well as product and concept development. It also allows us to create a unique customer profile. Profiles may be used for targeting marketing and content on our digital channels for example the Finnair website, our mobile application or by newsletters distributed by email. Direct marketing involves member-specific variation in the advertising content on the above-mentioned channels. Direction of individualised advertising at members is an integral part of the Finnair Plus program. Having a complete view of our customers enables us to understand your entire experience and helps us to improve our products and services and your experience. We may also derive other metrics based on your customer behaviour, for example, we may derive the likelihood of purchasing certain products, create customer segments, predict other products or destinations you may be interested in.

Communication and engagement

The data recorded is also used for targeted member communication distributed in the Finnair mobile application, the Finnair website and in our other channels.

We may use the data recorded to communicate with you about your account and program features and benefits. For instance, these messages may include but are not limited to when your points are due to expire or if you are close to the next tier.

As part of improving our customer communications we may follow up on the frequency and engagement of how often these messages lead to further actions by the customer, to calculate metrics such as click rates.

In order to provide you with the correct information about our member offers on third-party channels we may send a list of member emails to the respective third parties. This ensures that the right offers are displayed when you are identified as a Finnair Plus member.

BASED ON YOUR CONSENT:

Direct marketing

Direct marketing messages are sent to members who consent to receive such messages. These marketing materials may include offers for partners depending on your direct marketing settings.

We may also send you direct marketing based on applicable ePrivacy legislation if you’re an existing Finnair Plus customer and have not opted-out from receiving direct marketing related to Finnair Plus and Finnair Plus Partners’ products and services.

Digital touchpoints and cookies

Personal data such as IP address, Cookie ID and device ID are processed in connection with our digital services. We use cookies for collecting personal data for the purposes of providing service functionalities, analytics, personalisation and advertising. For more information on how we use cookies please see our Cookie policy

BASED ON OUR LEGAL OBLIGATIONS:

Keeping track of our records

Based on accounting legislation we are required to store our transactions and other accounting material for the period as defined by the law.

HOW WE COLLECT AND SHARE DATA

STORAGE PERIOD

We keep your personal data for as long as necessary for us to fulfil the purpose for which it was collected or in so far as data storage is necessary for compliance with legal obligations and for solving claims or any disputes. 

SOURCES OF DATA

We get your data when you join as a member and submit your data for the purpose of creating and maintaining your account. We get your data directly from you when you purchase our products on one of our channels or enrol in one of our services (for example when making a booking on finnair.com). Your purchases will be linked to your account.

We also get your data from partners when utilizing their services using your Finnair Plus account. This is necessary for providing the service and functionality of the program.

We automatically collect personal data for example when you use our services where you are identified by your Finnair Plus number such as check in services and submitting luggage or by using loyalty transaction or when purchasing ancillary products. 

We may also get some information from authorities or registers kept by authorities or third parties. We might also get your information from other airlines if we are involved in realising a part of the travel. We might also get your data from other partners that are involved in realising the travel, such as ground handlers, global distribution systems, travel agents.

SHARING YOUR DATA

We may share your personal data with Finnair group companies and other third parties for the following purposes: 

For providing services related to your membership

We share your personal data with, for example, other airlines, airport operators, program partners and other service providers directly involved in providing services related to your membership. 

For legal reasons, security and fraud prevention

We may share your personal data with relevant third parties if we feel it is necessary to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.

Passato alla pagina: Privacy Policy