AirHelp Privacy Statement
AirHelp views data privacy as a fundamental component of doing business. Our data protection policy and practices are focused on processing, sharing and storing personal information appropriately and lawfully, while providing confidentiality, integrity and availability.
This privacy statement applies to AirHelp’s primary operational entity, AirHelp Limited, incorporated in Hong Kong, and its subsidiaries (including partly owned subsidiaries where AirHelp Limited directly or indirectly controls more than 50% of the voting interest). It also applies to AirHelp Limited’s parent, AirHelp, Inc. For the purpose of this policy, the term “AirHelp” refers to the whole company group or each of the companies as the case may be.
AirHelp processes and stores personal data within the EU and will at any given time be able to demonstrate compliance with the EU legislation as well as our principles set out herein.
Our website is governed in accordance with the General Data Protection Regulation (the “GDPR”), (Regulation (EU) 2016/679), which is a directly binding legislative act. The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under Directive 95/46/EC. Directive 95/46/EC will be repealed with effect from May 25, 2018. This policy is made compliant with the GDPR and is therefore also compliant with Directive 95/46/EC and national implementations thereof until they become obsolete on May 25, 2018.
The privacy statement is under the responsibility of the Legal team at AirHelp, who has the overall responsibility to ensure compliance. The data protection officer (DPO) is responsible for the implementation of our data protection policy, which is intrinsically linked to the privacy statement. The DPO is ensuring compliance on a daily basis and is involved in all issues related to the protection of personal data.
AirHelp is to be considered the data controller and will determine the purposes and means of the processing of personal data submitted and collected online.
AirHelp’s data protection policy is based on the following data protection principles:
- The processing of personal data shall take place in a lawful, fair and transparent way;
- The collecting of personal data shall only be performed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- The collecting of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- The personal data shall be accurate and where necessary, kept up to date;
- Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
- Personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
- All personal data shall be kept confidential and stored in a manner that ensures appropriate security;
- Personal data shall not be shared with third parties except when necessary in order for them to provide services upon agreement;
- Data subjects shall have the right to request access to and rectification or erasure of personal data, or restriction of processing, or to object to processing as well as the right of data portability.
Personal data means any information that may be related to an identified or identifiable natural person (the “data subject”). Personal data includes all types of information that is direct or indirect (that is, used in conjunction with other data) referable to the data subject, such as names, date of birth, addresses, e-mail addresses, telephone numbers etc.
Collection of personal data
The users of the website who likes to benefit from our services and submit information to us may be asked to provide personal data in order for AirHelp to operate and improve our business and services. We primarily collect personal data such as names, date of birth, addresses, e-mail addresses, telephone numbers, passport/ID, national identification numbers; (i) to help customers pursue their rights according to EC 261 or any other applicable air passenger rights regulation, when their flights have been delayed, cancelled or overbooked; (ii) inform travelers, free of charge, by e-mail about air passenger rights, flight data, airport data and other air traffic related services of relevance. This is the core activity of AirHelp as a business. This means that the initial process consist of collecting personal data to determine whether the claim is eligible. If the claim is assessed as viable AirHelp contacts the air carrier on behalf of the customer, and if it is deemed necessary help the customer to pursue legal action, all in the interest of the customer. We may also collect applicant’s physical address when applying for a position. Furthermore we collect personal data for other purposes such as statistics, administration and communication, IT and security administration, physical security, authentication and authorization systems, support systems, collaboration of internal projects and organizational teams and activities. We will process personal data only to the extent required for a specified, explicit and legitimate purpose or for a purpose required by law in places where we operate.
AirHelp purchases flight data from third parties, e.g. information on delayed or cancelled flights within a given time etc. This information is non-private data, which we combine with the private data submitted by our customers. This is only used to notify customers about eligible claims and claim filing purposes in order to collect potential compensation on behalf of our customers.
MyTravels is an application built using Context.IO technology. If you wish to opt out of sharing your information with Context.IO providers, you may do so at https://optout.context.io/.
Use of personal data
We will use personal data for the purpose it is collected, and keep the data only for as long as it is necessary for that purpose. We may retain the customer’s information for as long as the customer’s account is active or as needed to provide services, comply with our legal obligations or any of the purposes listed above. Access to personal data is strictly limited to personnel of AirHelp and its controlled subsidiaries and affiliates who have appropriate authorization and a clear business need for the data.
Sharing of personal data
Personal data will not be shared with third parties except in circumstances where such sharing is necessary to provide our services. Occasionally we sign up with other companies and business partners to work on our behalf, such as external lawyers to pursue a claim for flight compensation, or technology companies for processing and delivery of systems and technologies to enhance our products and services, and we will share necessary information in these cases. Service providers will be permitted to obtain only the personal data that they need to deliver their service. We will not disclose personal data to third parties for the purpose of allowing them to market their products or services to our customers. If users do not want us to share personal information with these companies, please contact the DPO, Lise Roulund, e-mail: [email protected]
In certain situations, AirHelp may be required to disclose personal information in response to lawful requests by supervisory authorities to meet the requirements of the GDPR. We may also disclose personal information if required by law, such as to comply with a subpoena or other legal processes, when we believe in good faith that disclosure is necessary to protect our rights, protect customer safety or the safety of others, investigate fraud, or to respond to a government request.
Security of processing
We will process personal data securely, apply and maintain appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Questions about the security of personal data, can be directed to the DPO, Lise Roulund, e-mail: [email protected]
Access to and rectification or erasure of personal data
Customers have the right to access, rectify or request erasure or restriction of processing of any information we have collected, at any time. To help us keep personal data updated, we advise users to inform us of any changes or discrepancies. To view and/or edit personal data, or receive information on how long AirHelp intends to retain personal data or other questions related to the access of personal data, or if you would like to request that we provide you with information about whether we hold, or process on behalf of a third party, any of your personal information, please contact the DPO, Lise Roulund, e-mail: [email protected]
Applying for a job
For job applications we use a third party recruitment tool for management purposes. When applying for a job position at AirHelp personal data will be processed and controlled by AirHelp. Applications shall not be stored for longer than necessary or shared with any third parties. If applicants wish to access, rectify, or erase personal data, please contact the DPO, Lise Roulund, e-mail: [email protected]
AirHelp is upon consent allowed to send the customers marketing e-mails. This specific form of consent must be freely given, specific informed and unambiguous. These requirements are fulfilled when customers have opted-in to receive marketing e-mails (actively agreed).
Customers will always have the right to object, on request and free of charge, to the processing of personal data relating to the customer for purposes of direct marketing activities without having to provide specific justifications. A customer can do so by using the “Unsubscribe” link found in emails received from us or by contacting us at [email protected]. Once a customer has objected, the personal data of that customer will no longer be processed for direct marketing.
The marketing e-mails contain information which we believe may be of interest to our customers such as the latest news on our products and services.
AirHelp is responsible for and will at any given time be able to demonstrate compliance with the GDPR as well as our principles set out herein. AirHelp shall maintain records of processing activities under its responsibility containing the information required by the GDPR and where applicable make the records available to the supervisory authority on request.
The privacy statement is under the responsibility of the Legal team at AirHelp. Any inquiries concerning this policy can be directed to the DPO, Lise Roulund, e-mail: [email protected]
Customers have the right to file a complaint concerning our processing of their personal data. All queries and complaints shall be handled in a timely manner by the DPO in accordance with internal procedures.
In the unlikely event that customers have suffered harm due to a breach of their rights under the data protection policy and AirHelp has not handled the complaint in a sufficient manner, customers may lodge a complaint with the supervisory authority.
Complaints can be submitted to the DPO, Lise Roulund, e-mail: [email protected]
Changes to this policy
This policy may be updated from time to time, e.g. due to modifications of relevant legislation or changes to AirHelp’s corporate structure. If any material changes are made, customers will be notified by e-mail or by mean of notice on the website prior to the change becoming effective. We encourage all our users to periodically review this page for the latest information on our privacy practices.
9B Amtel Building
148 Des Voeux Road Central
E-mail: [email protected]
Phone number: +44 800 011 9805
Effective Date: May 1, 2017