Finnair Group privacy policy | Finnair Sweden

Finnair privacy policy

Hello. We want to make sure you are on board with us when it comes to the use of your data.

This Finnair Privacy Policy tells you how we collect, use, disclose and in other ways process your personal data. Here, we also explain your rights, how to contact us and how we safeguard your data.

This Privacy Policy applies to all the personal data we process about you when you plan your trip, travel with us, purchase or use our services, visit our online services or otherwise interact with us. We process personal data in accordance with the provisions of the European Union General Data Protection Regulation (“GDPR”) and other applicable data protection legislation.

You can find more information about the processing of your personal data under each topic below. Please click the relevant section below for more information.

Your privacy is our priority.

Data Controller

Finnair Plc
Business ID: 0108023-3
Address: Tietotie 9 01530 VANTAA, FINLAND

Privacy online service

Manage your privacy settings and request your personal data on the Finnair website at https://privacy.finnair.com.

Data Protection Officer

If you don’t find what you’re looking for in this policy or the Privacy Online Service linked above, you may contact the Finnair Group Data Protection Officer: privacy@finnair.com or Finnair Data Protection Officer, PO BOX 15, 01053 FINNAIR, FINLAND.

How to use your rights

You can use your rights at privacy.finnair.com.

You will always receive a confirmation of the action we have taken on your request (for example, confirmation of deletion). We will let you know if we cannot fulfil a request you have made, and the reasons behind such decision. Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame, we may charge a reasonable fee to cover the administrative costs involved. We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.

Right to access

You have the right to access and be informed about the personal data we process about you. You can view some data directly in our digital channels, and you may request a copy of your personal data at privacy.finnair.com. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.

Right to correction

You have the right to rectify or update inaccurate or incomplete personal data we have about you. You can update some of your personal data through our digital channels, and you have the right to request a correction of your contact details or other personal data by contacting us.

Right to erasure

You may ask us to delete your personal data, and we will erase such data without undue delay, unless we have a lawful reason to continue processing the data, such as for delivering the requested services or if there is a legal requirement or lawful right for us to retain personal data.

Right to restrict and to object

You may ask us to restrict the processing of your personal data, for example when your request to correct or remove your data is pending, or if you have objected to the processing of your personal data and the clarification of the grounds for such processing is pending.

You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message. If you are a Finnair Plus member or Finnair account holder, you may also change your direct marketing preferences in your Finnair Plus or Finnair account profile.

Right to withdraw your consent

You have the right to change your mind and withdraw any consent you have previously given to us. If you are a Finnair Plus member or Finnair account holder, you can withdraw your consent in your Finnair Plus or Finnair account profile.

Right to data portability

You have the right to receive the personal data you have given to us in a structured and commonly used electronic format, and to independently transmit those data to a third party.

Lodging a complaint

If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.

How we protect your data

Finnair takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. Access to your personal data is restricted on a need-to-know basis and by access controls, and the processing of personal data is logged. Our information technology environment is appropriately protected and monitored, with regular updates, testing and assessment to ensure ongoing security. Our personnel are trained to comply with applicable data protection legislation as well as the applicable policies and instructions.

International data transfers

Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. The laws of these countries may not afford the same level of protection to your personal data.

In these cases, we have taken steps to ensure that appropriate and suitable safeguards are in place in order to comply with the requirements for international transfers of personal data under applicable law, such as using the European Union Commission Standard Contractual Clauses as a safeguard for the transfer of personal data outside the European Economic Area.

We may also be obliged to transfer your personal data to foreign authorities, for example to customs or immigration authorities.

If something should go wrong

We do our best to keep your data safe and secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in accordance with the data protection legislation.

Your actions matter as well

To protect your own privacy, please avoid sharing your personal data, such as login information or travel documents, with others or on social media. Please pay special attention to your Finnair Plus account security and consider two-factor authentication as advanced security for your Finnair Plus or Finnair account. Please avoid sending copies of your identification documents or sensitive personal data (e.g. doctor's certificates) to us by unsecured email; instead, use web forms or other secure transfer methods provided by Finnair.

Customer and partner data

Identification and contact data

We collect and process basic information, such as

  • name
  • date of birth
  • gender
  • traveller type (adult, child, infant)
  • title (Mr, Mrs, Ms)
  • contact information, such as address, billing address, ground transportation address, telephone number and email address.

Personal information may be processed, for example, regarding the person travelling, the person making the booking, the emergency contact person, legal guardians or dependents.

Service-related data

In order to make your journey possible, we process booking and ticket information as well as baggage handling details. This may include:

  • booking reference number, ticket number, pricing information
  • flight details (departure dates and times, flight number)
  • flight itinerary (journey origin and destination and possible stopovers)
  • booking date, travel type (one-way or return)
  • travel class, seat type and number
  • baggage tag codes, routing and possible security screening details.

At your request, we may also process special service request information. These types of requests may involve, for example, meal information, transporting pets in the cabin or in the cargo hold, or required special assistance.

We may also process travel document data for passengers travelling to or from the Schengen area, such as passport number, date of birth, sex, passport validity period, issuing country and nationality. Visa information and destination addresses are also collected when required by the destination authorities.

Please note that all persons in the same flight reservation will be able to access the data in the reservation (including the data of the travel companions), available through the My Booking service. Access to My Booking is terminated shortly after the last flight of the reservation.

When you pay for your trip or other services, we process your payment information, such as payment method and credit card information.

We may process information on sales channel and ancillary services, such as pre-ordered meals, travel class upgrades, retail products and other purchases. We process data about your travel arrangements, such as group information (when traveling with others under the same booking reference), check-in methods and travel companions in case of joint check-in.

At selected airports, we also process the data from airport security checkpoints and automated control gates at the departure gates.

In case you choose to share additional information, by submitting a query or claim through our customer services channels, this data will be processed by Finnair.

If you are a member of Finnair Plus or a member of our alliance partner’s loyalty program, we collect and process information such as frequent flyer number, program and tier information, if you have provided your frequent flyer number.

If you book additional transport or parking services through Finnair, we will process transportation address information, service reservation number information, registration plate numbers, ticket information and given additional information, such as the size of the vehicle or written free format information relating to your booking.

Communication data

We may collect and process your communication with us. This can include customer service phone call recordings, chat history, emails, SMS messages and social media posts (controllership of social media data may rest jointly with the social media platform provider). We may also process your information in connection with satisfaction surveys and feedback forms. We may process your direct marketing-related consents and opt-outs (unsubscriptions).

Data collected in our digital touchpoints

When you log into or navigate our digital touchpoints, we will process your login details, service usage and certain information about devices and connections of users, such as IP address.

Special categories of personal data

We limit the collection of special categories of personal data such as information about your health to a minimum, and only to data given by you.

In connection with your special service requests, we may need to process this type of information, for example due to a special medical assistance request. We will process sensitive personal data also in case you need medical clearance or evidence for Finnair or authorities of admissibility to fly with us.

Security records

Finnair stores a record of passengers who have previously endangered flight safety and security or have committed an unruly or illegal act against Finnair or Finnair staff.

Data for background processes

We process reservation, payment and baggage data to measure performance and to prevent fraudulent behaviour (see more in section How we use your data > Based on our legitimate interest > Background processes).

Based on our contract with you

Providing our services

To create a booking, change a booking and identify all passengers onboard, we need the personal information of those travelling.

To provide you with services throughout your entire journey with us, your data will be processed at the airport at check-in and arrival, service desk, lounge, gate as well as on board. In case of irregularities, we need to reach out to our customers and, in case of the disruption of traffic, reroute the passengers and modify their bookings.

To deliver your baggage to your destination, we process the baggage handling details (e.g. tag codes, routing and possible security screenings).

In case of special service requests, we need to ensure you are provided with the correct service. For instance, your diet preference will be processed to ensure that you get the meal of your choice.

We assist you in queries related to your purchases such as flight reservations or shopping.

In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your personal data as necessary. We may also use your identification data to provide you with better service in disruption situations. We may send you confirmation and informative communication about your travel by email, SMS or other means.

We may save your contact information, reservation data, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when getting in touch with us. To keep you informed about your travel and itinerary, we will need to reach out to you using your contact details and process your booking details.

If you have enrolled in our other services, we will process the data provided during registration or booking in order to provide the requested service.

Based on our legitimate interest

Communication and engagement

We may process your personal data to send you service-related informational communications related to services you have purchased or registered for.

We may engage with you to voluntarily participate in developing our services. If you have participated in a survey, the results are used for analytics and can also be combined with other data in our database, such as reservation and flight data, for customer experience improvement purposes. You may be contacted after the survey for providing additional information. We may also contact a selected or limited group of persons to participate in testing our new products and services.

When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.

Digital touchpoints

Personal data, such as login details and site usage logs, are processed in connection with providing you services in our digital touchpoints, to ensure your identity, to identify you across the different touchpoints and to record usage. Functional cookies are employed to collect data from sessions to ensure the functioning of our online services. For more information on how we use cookies, please see our cookie policy.

Personalisation of services

Aiming to continuously improve the customer experience and to make our offering more relevant to you, we may offer personalised service and content based on an individual transaction, for example offering services related to your destination. We may also perform customer segmentation, for instance for offering upgrades, ancillary services and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the travel purpose.

By identifying the customer and their travel history, we can identify previous communications, past irregularities, purchased services and travel information. Accordingly, we can recognise the specific traveller’s needs and pay special attention to certain elements of the customer journey, experience and interactions. To identify the customer and create one unique customer profile, multiple records need to be linked, both for the same and across different transactions.

Background processes

As part of running our business, we may process personal data when carrying out certain background processes. For tickets, ancillaries and other purchases, we need to make sure bookings are created and ticketing is done in compliance with law and Finnair policies. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft, false bookings, fraudulent claims, and auditing of fares and taxes.

For developing and improving our services further and to analyze our business performance, we follow traffic flows, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.

Based on your consent

Direct marketing

If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our Finnair newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Customers have the right to unsubscribe or opt out of receiving marketing messages at any point.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair customer or a representative of our supplier, partner or subcontractor and have not unsubscribed (opted out) from receiving direct marketing.

Digital touchpoints

In addition to enabling our online services, we use cookies for collecting personal data for the purposes of providing service analytics, personalisation and advertising based on your consent. For more information on how we use cookies, please see our cookie policy.

Processes including special categories of personal data

If the processing of your health-related data is necessary, explicit consent will be requested from you. You may be asked to provide additional information, such as a doctor’s certificate to ensure you can travel according to the evaluation of a medical professional, and to ensure that we have the required information to take care of your safety and security. Once consent has been received, the data will be processed, for example, by customer care, ground handling and inflight crew, only to the extent necessary. Based on your consent, we may also process data obtained e.g. from healthcare providers, if this is necessary to verify admissibility to our flights and/or into a foreign country, during a public health crisis.

Based on our legal obligations

Ensuring a safe and secure travel

To provide you with safe and secure travel, and for complying with the safety requirements such as reporting incidents, we need to make sure we know who is on board the aircraft. We identify passengers with check-in, at the gates and in coordination with security services.

In cases where a passenger has interfered with or may compromise flight safety, security or order during or in connection with a flight, we have the right to refuse to accept the passenger on our flights due to security reasons. This decision may be made for a fixed period or until further notice. This also means that we will record the related passenger information in our security records. We will also define the length of the term during which the passenger cannot board our aircraft. We will inform the passenger about storing their information in our security records.

Local laws may require us to share your personal data with authorities, for example border control agencies, customs, immigration authorities, health authorities, police or tax authorities. In order to comply with the legal obligations, we collect and process personal data such as passport details, visa information and your address in your travel destination as required by legislation or authority requirements.

In the event of crises, Finnair may process your data for the purpose of providing care and assistance as well as in order to respond to the situation and meet our legal obligations.

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by the law.

Storage period

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

Sources of data

We receive your data directly from you when you purchase our products in one of our channels, when you make a booking at finnair.com or when you sign up for our loyalty program.

We automatically collect personal data when you use our digital touchpoints or certain services, such as check-in, submitting baggage or boarding.

We may get information from the authorities or third parties. We might get your information from other airlines if we are involved in realising a part of your travel. We might also get your data from other partners, such as partners who are involved in realising the travel, for example Finavia, ground handlers, third-party platforms or travel agents.

Sharing your data

We may share your personal data with Finnair group companies and other third parties for the following purposes:

For your travel and other services

We share your personal data with, for example, other airlines, airport operators and other service providers involved during your travel. We also transfer personal data to service providers involved in handling your reservations, purchases and bookings. We may also transfer your personal data to travel agencies, ancillary service providers, authorities and ground handlers, in accordance with the services requested. If you have booked your flight through a travel agent or third-party platform, we share your personal data with them.

If you have purchased a medical testing package through Finnair, we may disclose basic data concerning you (name, sex, date of birth, phone number, email address)(if available) to the testing service provider, solely to facilitate the registration and testing process.

We share your data with other airlines that are part of your travel, for example if one of your flights is operated by another carrier, and with alliance member airlines for the assistance of alliance customers.

For Finnair Group internal purposes

We may share personal data collected with the help of cookies on Finnair’s digital services to members of the Finnair Group.

For legal obligations, security and fraud prevention or based on your consent

We may share your data, such as passport, visa information and travel-related data as required by your destination country’s authorities.

We may also share your personal data with relevant third parties or authorities if it is necessary to detect and prevent crime, fraudulent activities or security issues or for other legal reasons. In case of an international public health crisis, we may disclose health-related information to relevant authorities based on your consent or a legal obligation.

Finnair Plus member and Finnair account data

Profile data

We collect and process the basic personal data you submit about you or your children when creating your Finnair Plus or Finnair account profile. This may include the following information:

  • name
  • date of birth
  • gender
  • family size and other residential information
  • title (Mr, Mrs, Ms)
  • contact information, such as addresses, telephone number and email address
  • occupational data – profession or occupation, name of employer, employer address and work telephone number
  • travel document information – passport number, passport validity period, issuing country for passport and nationality.


We process information regarding your membership status and history as well as data regarding your personal preferences and your use of membership benefits. This includes the following information:

  • membership and profile information – membership commencement date, type and campaign, seat preference (aisle or window)
  • membership card information – membership number, date of issue of last membership card, expiry date
  • membership tier information – tier history, tier points total, number of tier flights, membership tier, flight ticket price accrual, tier date details
  • Avios and tier points information – total Avios and tier points collected during membership, total Avios spent, total Avios available, total expired Avios
  • transaction data – all transactions and purchases that involve your membership
  • event-specific information – date of event, event details, such as product name, Avios and tier points collected or spent, service provider’s name, document number (ticket number or another document number) 
  • information about whether the customer has a combined Finnair Plus credit card
  • interests and preferences – leisure interests, meal preference and other interests provided by the member
  • marketing data – dispatch dates of marketing communications and Avios and tier point statements, details of campaigns offered to customer and copies of marketing letters sent to customer 
  • airport services – information about airport services, such as the use of lounge services, check-in services and baggage handling services and other airport service details
  • Direct marketing-related consents and opt-outs (unsubscriptions).


Your profile also contains the data of your flights as Finnair Plus member or Finnair account holder:

  • flight number
  • point of departure and destination of the flight
  • travel class
  • airline code
  • travel agency that made the booking
  • price information of the ticket
  • code name for business travel booking and other booking information
  • travel partner information – name of the partner

Based on our contract with you

Providing our services 

As part of the Finnair Plus program, Finnair records your transactions. Transactions include Avios and tier points accrual and redemption. This enables us to calculate your account balance. We may send you information about your Avios and tier point balance and about program changes. 

We also process the data that is provided by you in your Finnair Plus or Finnair account profile. In your profile you may choose to share your preferences and interests. These preferences may be used for pre-filling information when making a booking on the Finnair website or to provide more relevant service.

When you enrol in special events, we will process the participant list. The same applies to marketing competitions and prize draws.

Enabling partner services 

The Finnair Plus partners are a notable part of the Finnair Plus program, as you can collect Avios and tier points and spend Avios when using partner services. For this reason, Finnair sends information about partner services and benefits to members together with information regarding the Finnair Plus program and Finnair services. More information about partners is available on the Finnair website.

To provide the partner service and to keep your account balance up-to-date, Finnair also exchanges data with the Finnair Plus partners. If you use Avios with a partner, Finnair will be informed. Similarly, if you accrue Avios or tier points with one of our partners, we will be informed so you are awarded the Avios and tier points correctly. In order to recognise our customers also through our partners’ services, we may send relevant member information. In case of queries or complaints related to partner services, we might correspond with the partners and share relevant member information.

Communication and engagement

The data recorded is also used for targeted member communication distributed in the Finnair mobile application, the Finnair website and in our other channels.

We may use the data recorded to communicate with you about your account and program features and benefits. For instance, these messages may include but are not limited to when your Avios are due to expire or if you are close to the next tier.

In order to provide you with the correct information about our member offers on third-party channels, we may send a list of member emails to the respective third parties. This ensures that the right offers are displayed when you are identified as a Finnair Plus member.

Based on legitimate interest

Communication and engagement

As part of improving our customer communications, we may follow up on the frequency and engagement of how often these messages lead to further actions on your part in order to calculate the metrics such as click rates.

Analytics 

We may use your personal data for analytics, customer recognition and for providing personalised services and customer recognition. This enables us to provide our customers relevant services and products as well as develop our products and concept and create unique customer profiles. Profiles may be used for targeting marketing and content in our digital channels, for example the Finnair website, our mobile application or newsletters distributed by email. Direct marketing involves member-specific variation in the advertising content in the above-mentioned channels. Direction of individualised advertising at members is an integral part of the Finnair Plus program. Having a complete view of our customers enables us to understand your entire experience and helps us to improve our products and services and your experience. We may also derive other metrics based on your customer behaviour, for example, the likelihood of purchasing certain products, create customer segments, predict other products or destinations you may be interested in.

Based on your consent

Direct marketing

Direct marketing messages are sent to members who have given their consent to receive such messages. These marketing materials may include offers from partners, depending on your direct marketing settings.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair Plus customer and haven’t opted out of direct marketing.

Based on our legal obligations

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by law.

Storage period

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

Sources of data

We get your data when you join as a member and submit your data for the purpose of creating and maintaining your account. We get your data directly from you when you purchase our products on one of our channels or enrol in one of our services (for example when making a booking on finnair.com). Your purchases will be linked to your account if you have identified yourself as a Finnair Plus member.

We also get your data from partners when utilising their services using your Finnair Plus account. This is necessary for providing the services of the program.

We automatically collect personal data when you use our services where you are identified by your Finnair Plus number, such as check-in services and submitting baggage, by using loyalty services or when purchasing ancillary products.

Sharing your data

We may share your personal data with Finnair Group companies and other third parties for the following purposes:

For providing services related to your membership and developing these services

We share your personal data with, for example, other airlines, airport operators, program partners and other service providers directly involved in providing services related to your membership or the development activities of these services.

For legal obligations, security and fraud prevention

We may share your personal data with relevant third parties, if necessary, to detect and prevent crime, fraudulent activities or security issues, or for other legal reasons.

Published 09.03.2024

Navigated to page: Finnair privacy policy