Brussels Airlines Privacy Policy long notice

1. GENERAL PROVISIONS

1.1 Introduction

The protection of your personal data is of particular importance for Brussels Airlines.

This Privacy Policy applies to the personal data that we process about you as a natural person when you use our services and/or our products, when you visit our website or when you use our mobile app.

Brussels Airlines NV / SA with registered office at 1050 Brussels (Belgium), Jaargetijdenlaan 100-102/B30 Av. des Saisons, RPR/RPM Brussels (company number 0445692234) is the ‘controller’ for the processing of your personal data.

1.2 Contact us

If you have any questions about this privacy policy or privacy at Brussels Airlines, you can contact our Data Protection Officer by mail or by e-mail:
BRUSSELS AIRLINES
DATA PROTECTION OFFICER
AIRPORT BLD 26, GENERAL AVIATION – RINGBAAN
1831 MACHELEN
BELGIUM

E-mail: privacy@brusselsairlines.com.

1.3 Updates

We regularly review our privacy policy and we will update it as necessary. The latest version is always available via our websites, with date of publication clearly denoted.

2. DATA PRIVACY RIGHTS OF CUSTOMERS

You can exercise the following rights by contacting us, either by sending us a letter (see address above in the section 1.2 “Contact us”) or via email to privacy@brusselsairlines.com

When submitting a data subject request, you can exercise these rights within the conditions laid down in the applicable legislation:

  • You have the right to withdraw your consent for the processing of personal data, to the extent that the processing of your personal data was initially based upon your consent.
  • You have the right to obtain from us confirmation as to whether or not we process your personal data, and where that is the case, you have the right to obtain a copy.
  • You have the right to obtain the rectification of inaccurate personal data.
  • You have the right to have incomplete personal data completed.
  • You have the right to erasure of your personal data if one of the following grounds applies:
    • Your personal data are no longer necessary in relation to the purposes for which they were collected or processed;
    • You have objected to the processing for direct marketing;
    • You have objected to the processing which is based on our legitimate interest;
  • We are not obliged to comply with your request for erasure in the following cases:
    • We have a legal obligation which requires the processing of your personal data;
    • The processing is necessary for the establishment, exercise or defense of legal claims.
  • You have the right to obtain restriction of the processing:
    • If you contest the accuracy of your personal data, we can restrict the contested processing for the period that we need to verify the accuracy of your personal data.
    • If we no longer need your personal data, but you require them for the establishment, exercise or defense of legal claims.
    • If you have objected to the processing based on our legitimate interests, we can restrict the objected processing for the period that we need to verify whether your legitimate grounds are valid.
  • You have the right to object to any processing for direct marketing.
  • You have the right to object to any processing based on our legitimate interest. However, we will continue the processing of your personal data if we can show that we have stronger legitimate grounds.
  • You have the right to seek the portability of your personal data processed by automated means, which you have communicated to us.
  • You also have the right to lodge a complaint with the supervisory authority in the European member state of your habitual residence, place of work or of the alleged infringement of applicable data protection legislation:

When submitting the data subject request, we ask you to provide us with some additional information (including your names, PNR of flown flights, copy of your ID card and/or samples of communications that you complaint about, etc.) so that we can validate your identity in order to avoid unlawful processing of relevant personal data on behalf of illegitimate person. In the context of this validation, we process the received data for the purpose of a data subject request management and keep it for a standard legal period of time of 3 years to be able to prove that the request was received.

3. PROCESSING OF PERSONAL DATA

3.1 Why do we process your personal data?

The purposes for which we process your personal data depend on how you enter into contact with us.

A. You surf on our website

We process information about your device and about your use of our website, for the purposes of:

  • Information security ( for example, to ward off cyber-attacks),
  • Management of our website (for example, to enable you to access the website from your device and to remember your choices),
  • Developing a better understanding of your needs, continuous improvement of our website, and for marketing purposes.

This processing is based upon consent that you need to provide on our website via the cookies consent and cookies preference management. This processing is in both your best interests and the best of interests of Brussels Airlines, in order to increase the efficiency of our website for you, our user, and to optimize our products and services.

We use several cookies for differing purposes. Of these cookies, some are set up by default (for example, language preference) and some are to ensure comfortable use of the websites (e.g. accessibility of recently searched flights, etc.), and to ensure effective functioning of the websites (for example, session cookies, timestamps, etc.) and/or strictly necessary cookies, that you are unable to deactivate for functionality reasons (such as page navigation).

Please refer to our policy regarding cookies for more information about this.

We may also use technologies for re-targeting purposes, for which we collect consent and contact details, and process these for retargeting campaigns (since retargeting means modifying webpage content to reflect your previous internet activity, you can for example receive an e-mail containing offers based on your most recent searches on our websites). You are provided with an opt-out management facility if you do not agree to this processing.

For analytical purposes we use Google Analytics (GA) to process anonymised data only, and provide statistics relating to behaviour on our websites. The file sent to GA contains the IP address by default. This processing uses anonymous data, which is also secured by GA itself (for more information see Google Analytics privacy policy).

B. You contact us

We process your personal data in order to answer and manage your requests (e.g. request for information, subscription to our newsletter, etc.). This processing is based upon your consent.

We also process your personal data to allow you to manage your booking via call centre operators and/or ticketing offices. These processing is based on the contract you are entering into with Brussels Airlines when purchasing any product or service.

C. You purchase our products or services

We process your personal data for client management, in order to provide you, or your group of co-travellers, with our products or services (e.g. flight tickets for Brussels Airlines or for our partner airlines, special services, luggage, etc. and cargo services) so that you are able to make purchases in different ways, such as online at Brussels Airlines websites, or via ticketing offices, travel or trade agencies, tour operators, call centres and/or on our mobile application. You may also visit also partner websites and platforms of Brussels Airlines, such as Tomorrowland, where our products and services can be purchased, and your data is processed accordingly, in cooperation with the concerned partner.

Without your personal data it is not possible to provide you with the products or services you wish to purchase. We process your personal data for passenger management, such as:

  • Ground management of passengers (at the airport, during aircraft boarding, for ticket reservation, luggage management, and the facilitation of check-in, in various forms), based upon our contractual obligation.
  • Flight document preparation (including flight documentation on the mobile app), based upon our legal obligation.
  • Issuing passenger information lists for our cabin crew, based upon the performance of the contract to which you are a party. Without your personal data we cannot perform this contract.
  • Administration of visas and documents for entering specific countries, based upon the performance of the contract to which you are a party. Without your personal data we cannot perform this contract.
  • Collection and processing of personal data for the purpose of lounge management.
  • Collection and processing of personal data for the purpose of “lost and found” management and the process of delivering lost baggage to passengers.

Every payment performed in connection to any of the Brussels Airlines products and/or services on our websites is managed by a responsible payment provider, which is in every case fully a controller of those data. Should you have any request related to information about the payment data involved, you will need to address the relevant payment provider directly.

D. You booked with Brussels Airlines

Once you make a booking and/or purchase any product or service with us, you can manage it via our online platform “Manage my booking”. We process your personal data in order to provide this platform, enabling you access and edit information about your travel with us, and all related purchases.

We process your personal data for incident monitoring on flights, based upon our legal obligation.

As part of the post-sale performance of the contract, we process your personal data and send you various transactional notifications, from which you cannot unsubscribe as these are considered obligatory for your travel. These notifications may be handled and processed on our behalf by third parties, with whom we ensure secure transfer and processing of your data.

We process your personal data, after you have provided them for booking, for the purpose of providing you with information about products, services and special offers specifically relating to your purchased flight. This may include discounted lounge access, the opportunity to bid for and/or purchase a last minute travel class upgrade, and/or other extra services, etc. This processing is based upon legitimate interest and you can unsubscribe from these e-mails and/or SMS at any time. Unsubscribing will prevent you from receiving upgrade bidding e-mails for any future Brussels Airlines bookings you make.

After providing you with any of our services, we like to ask you for information about your degree of satisfaction, for example via satisfaction surveys sent by e-mail after you fly with us or via an SMS after your call with a call centre, etc. For this activity we process your personal data based upon legitimate interest as we aim for continuous improvement and to provide you only the best and most suitable services and products. It is not necessary to collect such data; therefore you can opt-out from these surveys via various channels.

We process your personal data for the management of claims (from flight bookings and also cargo bookings), based upon our legal obligation to comply with your right to request compensation for any legitimate purpose. It is in our interest to protect ourselves against material and immaterial damages. The provision of your personal data for this purpose is a requirement to complete your claim request and therefore it is your choice to provide such data or to object to this. (see Chapter 2 “Data Privacy Rights of Customers”).

If you subscribe to one of our loyalty programs, such as LOOP and/or Miles&More, we need to process your personal data to be able to manage your accounts and update them with your travel details. You are, however, manager of your own account and therefore you can edit and/or delete it any time you deem necessary. For any direct or indirect marketing activities relating to these programs, we request your consent, and you can unsubscribe from these at any time.

We process your personal data for the direct marketing of our products and services, based upon consent that we acquire directly from you via different collection points. We believe that it is important to keep you, as our client, informed about our products and services. Once you opt-in, you may receive commercial and promotional offers and/or news via various channels, such as e-mails, SMS campaigns, Google banners, and/or social media advertisements. This processing involves compiling a profile. This profile has no effect on you, except to the extent that this processing activity might lead to the enhancement of the customer experience and the provision of personalised offers, more targeted advertisements and campaigns, which is to your advantage. The provision of your personal data for this purpose is not a requirement and you can easily opt-out from any commercial communication we send you and/or object to this processing (see Chapter 2 “Data Privacy Rights of Customers”). If you request a deletion of all your data from our database, we will delete all your personal data, except for your e-mail address and all the opt-outs you have requested. Without this data we would not be able to comply with your preferences and you would continue to receive undesired communications.

We may send you push notifications on mobile devices, once you grant such consent. These notifications may appear differently on different types of devices. These notifications can provide you with helpful information relating to your travel regarding your flight and/or situation at the airport.

We may process your personal data in case you request a promotional code, for example via an employee of Brussels Airlines. Such data is collected only for the purpose of providing you with the promotion. We can also collect and process your contact data should you make use of a promotional photo-booth when attending one of our promotional events.

E. You paid for your purchase

We process your personal data for following up on your creditworthiness and for fraud prevention, based upon our legitimate interest – i.e. to verify that the payment method used is valid and that we will be able to collect the funds for the service provided. It is in our interest to protect ourselves against material and immaterial damages and to prevent unlawful activities and abuse of our products/services/resources. This processing may involve profiling with the consequence that you may not be able to complete the purchase. The provision of your personal data for this purpose is not a requirement and you can object to this processing (see Chapter 2 “Data Privacy Rights of Customers”)

F. You provide feedback

We may aggregate your personal data and process such aggregated data for research and development, based upon our legitimate interests (e.g. statistics about sales, market analysis and research, development of products or services). Research and development can lead to the enhancement of customer experience, and the continuous improvement and innovation of our products or services, which will benefit our customers. This processing may involve compiling a profile. This profiling has no effect on you, except to the extent that this processing activity might lead to enhancement of customer experience, improvement and innovation of our products or services, which is to your advantage. The provision of your personal data for this purpose is not a requirement and you can object to this processing (see Chapter 2 “Data Privacy Rights of Customers”).

3.2 What social media features we use on our websites?

On our websites you can find some social media features, such as “share” and “like” buttons, via which you can share and recommend the content of our websites and “social logins”, which link our websites’ offerings and our platforms with social media networks, for example for logging into your personalised area in some parts of our websites.

If you decide to use the like and/or share the content feature on our websites in any social network, we pass on the URL to the social network you have clicked on. For further information about privacy related issues, you may read the privacy policy of the respective social network.

In some parts of our websites you can find the “social login” function, with which you can identify yourself instead of using the conventional login options using your name, e-mail address, etc., for example for logging into your personalised area in some parts of our websites (i.e. on LOOP account or My Profile platform). In this case we do not store any passwords or any relevant personal data related to your login.

The social media plug-in we use on our websites is:

  • Facebook Messenger on the online check-in platform to retrieve your boarding pass.

If you decide to use this feature, we pass on the concerned personal data to the social network. For further information about privacy related issues, you please refer to the privacy policy of the respective social media network.

We promote our social media profiles and accounts on our websites for the following social media networks:

  • Facebook
  • Twitter
  • YouTube
  • Instagram

3.3 With whom do we share your personal data?

We may transfer your personal data to our affiliates and commercial partners and to companies that process personal data in our name and on our behalf (known as ‘processors’), such as:

  • Service providers in the field of ground handling, transport, marketing, customer feedback, IT maintenance and support and development, payment services and credit reference agencies, cloud and server hosting providers;
  • Platforms for sending commercial communication and transactional notifications;
  • Operators of live help chats and call centres;
  • Companies of the Lufthansa Group;
  • Airlines outside the Lufthansa Group;
  • Partner companies providing services such as hotel bookings, insurance services, car rentals, etc.;
  • Government agencies and authorities (for example APIS (Advance Passenger Information System) data to be transmitted to the relevant authorities of respective flight countries; TSA (Transportation Security Administration to exchange the data provided by you with respective law enforcement authorities, intelligence services and other organisations, due to its legal obligation; etc.).

In accordance with Belgian law regarding the use of passenger data, we are obliged to transfer certain passenger data to the Belgian government. More information can be found here https://crisiscentrum.be/nl/inhoud/belpiu-collection-and-processing-passenger-data

Fraud and Unruly Passengers controls

"Unruly Passengers" means passengers who show improper, aggressive or violent behaviour towards other passengers or the crew, or damage the aircraft.
Brussels Airlines is entitled and obliged to exchange personal data regarding its passengers within the Lufthansa Group, as well as with other airlines for the documentation, analysis and prevention of fraud cases and "unruly passenger cases", and to process them in this regard.
In addition, if you have damaged or injured other passengers, Brussels Airlines may also disclose your personal data and information relating to the damage or injury to other third parties (such as public authorities, injured persons and insurances).

3.4 Are your personal data transferred outside the European Economic Area?

If you have booked a flight to a country outside the European Economic Area for which there are no appropriate safeguards regarding your personal data, we are allowed to transfer your personal data to this country, as this is necessary for the execution of the contract with you (article 49.1 (b) GDPR).

Besides these aforementioned transfers of your personal data, we also transfer your personal data to countries outside the European Union as some of our affiliates, commercial partners or processors are established outside the European Union. Each transfer outside the European Union is based upon appropriate safeguards (adequacy decision and/or standard data protection clauses of the European Union. You can contact us (see Chapter 1.2 “Contact us”) in order to obtain more information about the appropriate safeguards that we have taken for these transfers.

3.5 For how long is your personal data retained?

We keep your personal data for as long as we need them for justifiable and specified purposes related to the processing and/or if we are obliged by law to store them for the retention limitation periods set out by applicable laws and authorities (for example Belgian Commercial Code, Fiscal and taxation legislation, Anti-Money laundering Act etc.). The general retention period set out by law can amount from seven to ten years. If your data is applicable for establishment, exercise and/or defence of legal claims, we may store the data until the statutory limitation periods have expired (usually three years, but in some cases up to thirty years). After the retention limitation period (set out either by law or the business purpose of our processing) expires, the relevant data are securely deleted or anonymised.


Last update: March 2019