Privacy is one of our major concerns and is at the heart of the experience we wish to offer through the use of our services. We are committed to guaranteeing a high level of protection for the personal data of our customers, prospects, users of our website or mobile applications and, more generally, of any data subject concerned by our processing operations. We undertake to comply with the regulations applicable to all processing of personal data that we implement, in particular the provisions of the French Data Protection Act of 6 January 1978 (“Loi informatique et libertés”) as amended and the General Data Protection Regulation (EU Regulation 2016/679) or "GDPR". In particular, we are committed to the following principles:
- Your personal data is processed lawfully, fairly and transparently (lawfulness, fairness, transparency).
- Your personal data is collected for specific, explicit and legitimate purposes, and is not furthered processed in a manner incompatible with these purposes (purpose limitation).
- Your personal data is collected in an adequate and relevant manner and is limited to the purposes for which it is processed (data minimisation).
- Your personal data is accurate, kept up to date and every reasonable step is taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is deleted or updated (accuracy).
We are committed to implementing the appropriate internal procedures in order to raise the awareness of all our employees and to ensure compliance with these rules within our organisation. Furthermore, we undertake to implement the appropriate technical and organisational measures to ensure an adequate level of security and to protect your personal data, as from the beginning of our projects and design of our processing operations. Finally, we impose the same level of personal data protection in our contracts with our subcontractors. In order to ensure that these rules are properly applied, we have appointed a Data Protection Officer (DPO) who is the main contact for the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority.
- API (Advanced Passenger information): identification and travel-related data collected at check-in,
- PNR (Passenger Name Record): booking data automatically transferred to the PIU.
We do not keep your personal data for any longer than is necessary. The duration of storage depends on the purposes for which data are processed, as described in section 5 of this Policy. These retention periods are set based on the purposes of the processing and also take into account the applicable legal provisions imposing a precise retention period for certain categories of data, any applicable limitation periods and the recommendations of the CNIL, the French data protection authority, regarding certain categories of processing.
This version is applicable as from May 15th, 2021. It replaces the version of March 1st, 2021. We reserve the right to change this Policy from time to time. All changes are published on our website. We invite you to read it regularly, especially when you book new flights with our company.