The entity responsible for your personal information is Etihad Airways PJSC.
Etihad Airways PJSC is a Public Joint Stock Company established by Emiri Decree and incorporated in the Emirate of Abu Dhabi, United Arab Emirates. Etihad operates through various branch offices, departments and operating divisions, including Etihad Airways, Etihad Holidays, and Etihad Cargo. Etihad Airways PJSC forms part of the Etihad Aviation Group. If you would like to review the Etihad Aviation Group Privacy Statement, please visit www.theetihadaviationgroup.com or write to the Ethics and Compliance Office, Etihad Aviation Group, Head Quarters, Khalifa City A, PO Box 35566, Abu Dhabi, UAE.
At Etihad Airways PJSC, and our affiliates and branch offices (collectively referred to as "Etihad Airways", "we", "us"), we take our data protection and privacy responsibilities seriously. This statement describes how we collect, process, use, disclose and transfer your personal information as a data controller. It covers instances when you contact us, use our services or interact with our websites, such as www.etihad.com, and Etihad mobile apps (together "Etihad Websites").
Terms of Use
Use of the Etihad Websites is subject to our terms of acceptable use, found in our Terms and Conditions. Any products and services supplied are subject to our Terms and Conditions, Customer Care Policy and General Conditions of Carriage.
Updates
We may amend this statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email ("Notice of Change").
Third Party Websites
Etihad Websites may link you to other websites. We are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use.
Find out when, why and how we use your personal information.
If you use the Etihad Websites to make a flight booking or manage a reservation, we will collect and use information about you as necessary to manage the booking. This may include personal information such as your name, date of birth, address, next of kin details, Passenger Name Record number ("PNR number"), gender, passport details, any meal preferences or frequent flyer programme membership references such as your username and password (if applicable) together with payment details (such as your credit card number) and contact information (such as phone number and e-mail address) for the lead passenger.
We may also seek to collect from you for the purposes of providing you with enhanced services, such as medical services, special categories of personal data, which are treated with extra care by us. These special categories of data include details relating to your health such as whether you use a wheelchair or require an oxygen tank, certain health behaviours such as whether you are a smoker and your religion. In limited circumstances, such as where we are providing you with chauffer services, we may additionally collect information about your whereabouts using systems such as GPS. If you or any passenger travelling has special health, dietary or access
requirements, which you or they would like us to be aware of, we may collect information about these matters where this is provided.
Where you are making a booking on behalf of other travelling passengers, it is your responsibility to represent that passenger in the booking process and explain how we will use their personal information as set out in this Privacy Statement. You must obtain their consent to make the booking and share their details with us as anticipated by this Privacy Statement. We will assume that you have done this. We may be under separate legal obligations to explain to them that we are controlling their personal information, even if it comes to us from you.
On some routes we are required to pass details of the itinerary and booking details in our Passenger Name Record system to border control, customs and law enforcement officers at ports of entry / exit on your itinerary. We will share this information with relevant authorities as required and permitted by local and applicable laws.
If you are in, or flying to/from France, please note that in accordance with Article L 237 -7 of French Internal Security Code, air carriers may transmit reservation data collected from their passengers (PNR) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014.
If you join our frequent flyer programme, Etihad Guest, you will be asked to register your personal details with Etihad Guest. This will allow Etihad Guest to manage your account and provide you with rewards and benefits. This may include information such as your name, date of birth, address, email, telephone number, next of kin, your photograph, passport details, your credit card details including its expiry date, your Etihad Guest Number, PNR number, flight ticket number, professional details such as your profession, title, role, including professional licensing numbers. In exceptional circumstances certain Etihad Airways affiliates or services, such as Etihad Guest, may have access to certain personal data, including Special Categories of personal data (as defined in the General Data Protection Regulation) obtained during the course of your flight, as set out in this policy.
When you join Etihad Guest you will be asked to confirm that you agree to share data between Etihad Airways and Etihad Guest to receive these benefits. Any information shared with Etihad Guest is held subject to Etihad Guest's separate privacy policy and terms and conditions, which you can find here.
If you contact us with a query or comment about any of our services, or would like us to keep you informed about latest news and developments at Etihad, we will need to collect information about you (including your contact details) to help us respond to your query or request. We may do this when you call our customer support centre, or interact with us through our online support tools. This information may include your name, date of birth, address, email, telephone number, next of kin, your photograph, passport details, your credit card details including its expiry date, your Etihad Guest Number, PNR number, flight ticket number, professional details such as your profession, title, role, including professional licensing numbers. We may also need seek to collect from you Special Categories of Data, for the purposes of properly understanding your query or request, which are treated with extra care by us. These Special Categories of Data may include details relating to your health such as whether you use a wheelchair or require an oxygen tank, certain health behaviours such as whether you are a smoker, your race and ethnicity, your religion
We may also keep a record of any communications we have with you (including a recording of any calls you make). We do this in compliance with applicable laws to help monitor and improve the quality of our customer support services, to make and defend legal claims, and to comply with legal obligations to which we are subject . Where you have asked to receive an information update from us, you are free to change your preferences (for more information, refer to 'Updating your personal profile and preferences' section below).
From time to time we hold events and special promotions to introduce Etihad to new customers. If you come to one of these events, or take part in a promotion, we may ask for your personal details to help us run the promotion and keep in touch with you about our services and any special offers that we think may be of interest. Any information which you provide will be used in accordance with the terms of this Privacy Statement and you can unsubscribe from further communications from us at any time.
We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:
To help you understand the legal grounds on which we process your data, please check the table below that sets out the legal bases upon which we process your personal information in certain circumstances. There may be one or more legal bases applicable to the activities listed. These may be amended and updated from time to time.
1
Managing your flight details and check in.
In order to ensure that you are properly booked and checked in we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, frequent flyer username and password, PNR reference, ticket number.
To perform our contract with you.
2
To manage additional services we may provide to you.
To ensure that we can carry out any additional services you request we will process special categories of data, such as your religion, or medical history.
3
To manage flight disruptions
In order to ensure that we book you into suitable hotel accommodation and transport you there where there is a flight disruption, we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, PNR number, ticket number, identifiers for professionals.
4
Guest transport.
Where you utilize our chauffeur service, we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, PNR number, ticket number, identifiers for professionals, in order to ensure that your guest transport is booked properly. We may also need to process special categories of personal data such as health care information, and GPS tracking information.
5
To provide you with customer support.
In order to provide you with customer support including for inbound calls relating to bookings, to modify bookings, special services, cancellations and refunds, ancillary sales, and outbound calls for disruption related messages we will need to process personal information about you such as your name, address, date of birth, contact details, bank account details, next of kin, credit card details, passport details, frequent flyer details, PNR number, ticket number, identifiers for professionals. We may also process sensitive personal information such as health data, race or ethnicity, religion.
Legitimate interests.
It is in our legitimate interests to ensure that our business runs smoothly and that we provide you with timely customer support, without undue delay and complication. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with effective customer support.
6
To communicate with you in relation to your flight.
In order to communicate with you to provide updates regarding your flight, for example, if there are likely to be delays to your flight we will need to process personal information about you such as your name, address, date of birth, credit card number, frequent flyer number, PNR number, ticker number, passport details and contact details.
7
To provide medical services to you in cases of emergency.
In the event that you require emergency medical attention and services we will need to process personal information about you such as your name, date of birth, address, contact details, next of kin, passport details, PNR number, ticket number, identifiers for professionals, as well as special data such as your religion, race or ethnicity and health data.
To protect your vital interests.
8
To provide responsive services to you in cases of emergency
In the event that there is an emergency and we need to locate family members and next of kin, we will need to process personal information about you such as your name, date of birth, address, contact details, next of kin, passport details, social security number, credit card details, frequent flyer details, PNR number, ticket number, identifiers for professionals, as well as special data such as your religion, race or ethnicity and health data, biometric information, medical identifiers, sensitive information about family members, criminal convictions.
9
To communicate with your next of kin in cases of emergency.
In order to communicate with your next of kin in cases of emergency we will need to process personal information about you and your next of kin including your names, addresses and contact details.
10
To communicate with you on new offers and services from Etihad Airways or other affiliates.
In order to communicate with you regarding new offers and services from either us or our affiliates, such as new routes we will need to process personal information about you such as your name, address, contact details, date of birth, frequent flyer details, PNR number, ticket number, identifiers for professionals and passport details.
It is in our legitimate interests to promote our business and develop our relationship with you. In order to do this we may wish to bring to your attention new offers from us or our affiliates. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to update you on such new offers and services from us or our affiliates.
11
To communicate with you on new offers and services from third parties.
In order to communicate with you regarding new offers and services from third parties we will need to process personal information about you such as your name, date of birth, address, contact details, frequent flyer details, identifiers for professionals, and passport details.
It is in our legitimate interests to promote offers and services from third parties in certain circumstances, based upon our understanding of your preferences. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to update you on such new offers and services from such third parties.
12
To engage in surveys with you.
In order to obtain feedback from you via surveys in relation to our services and other matters related to our business we will need to process personal information such as your name, address, date of birth, contact details, next of kin, bank account details, frequent flyer details, ticket number, identifiers for professionals, passport details, and PNR number.
Legitimate Interests.
It is in our legitimate interests to engage in surveys with you in order to ascertain certain information for the purposes of how we conduct our business. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to conduct surveys with you.
13
To offer opportunities to you to enter into competitions or prize draws.
In order to enter you into the competitions or prize draws and award the prizes we will need to process personal information such as your name, address, contact details, frequent flyer details and passport details, PNR number.
It is in our legitimate interests to promote our business by engaging with consumers through competitions or prize draws. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with the opportunity to participate in competitions or prize draws.
14
To manage our frequent flyer program.
In order to enter you in to the frequent flyer program we will need to process personal information such as your name, address, contact details, employee ID (if relevant), passport details, credit card number, frequent flyer details, Etihad Guest number, PNR number, ticket number, any identifiers relating to your profession (if relevant).
To enter into a contract with you for the frequent flyer program.
15
To handle complaints made by you.
In order to handle complaints made by you, we will need to process your personal information such as your name, date of birth, address, contact details, bank account details, passport details, frequent flyer details, PNR number and ticket number, and may include special categories of data such as data concerning health where relevant to your complaint.
It is in our legitimate interests to ensure that we handle your complaints in an efficient manner, without undue delay and complication. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with effective complaints handling.
16
To comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon legitimate requests.
In order to comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon request we will need to process your personal information such as your name, date of birth, address, passport details, frequent flyer details.
Processing is necessary for compliance with a legal obligation to which we are subject.
17
To comply with a legitimate request by a law enforcement or similar bodies to share information with them.
In order for us to comply with a request by law enforcement or similar bodies to share information with them we may need to process your personal information such as your name, date of birth, address, passport details, frequent flyer details.
Legitimate Interests
It is in our legitimate interests to be able to share information with law enforcement or similar bodies from time to time, subject to their legitimate requests. We will need to be able to process this information in order for us to comply with legitimate requests, including in cases where we determine that we are not compelled to by applicable laws.
Prior to sharing that information we will ensure that by properly exercising our right to act in our legitimate interest to share the requested data we will not be overriding your interests or fundamental rights and freedoms which require protection of your personal data.
18
In the case that you start a legal claim against us and we need to defend that legal claim.
In order for us to defend the claim brought by you or a third party, we may need to process your personal information such as your name, address, data of birth, passport details and frequent flyer details . We may also need to process your special categories of data such as your racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.
It is in our legitimate interests to be able to commence or defend legal claims as and when we consider it necessary for the protection of our business. We will need to be able to process this information in order for us to instruct our legal counsel and fully defend ourselves against the claim you may bring.
It is unlikely that by us properly exercising our rights to commence or defend claims we will override your interests or fundamental rights and freedoms which require protection of your personal data.
19
In the case that we start a legal claim against you.
In the event that Etihad wishes to commence a claim against you we may need to process your personal information such as your name, address, data of birth, passport details and frequent flyer details. We may also need to process your special categories of data such as your racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.
20
To allow our partners to access and use Etihad Hub.
For our partners to access and use Etihad Hub, we collect and process personal information, including your name and email address.
It is in our legitimate interest to provide you with access to Etihad Hub. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
If you are a data subject protected by the GDPR, you have rights to restrict or object to this processing. Please note, however, that this may adversely affect your ability to access and use Etihad Hub. This may also conflict with your employment and contractual obligations for Travel Agencies.
21
To ensure the protection of public health and safety
In order to safeguard the health and wellbeing of passengers and staff, we may process special categories of data to ensure your fitness to fly. Information which reveals health may be gathered from declarations, assessments and/or temperature screening activities at the airport.
Personal data such as name, date of birth and passport details may also be processed if further information is required.
To perform our contract with you.We process your personal data in accordance with our Conditions of Carriage.
For special categories of data, the processing is necessary for reasons of substantial public interest in the area of public health in accordance with relevant laws, regulations and international standards.
22
To comply with a legal obligation.
We may process your personal data to meet border control requirements set by your destination country. This may include your passport and visa information, and health data.
Where necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
23
To enable Etihad staff and the staff of authorised partner companies to access concessionary travel benefits
We may process your personal data to enable us to book you, family and friends, on Etihad and/or partner airline services using exclusive concessionary offers. Such personal data processed in this way may include name, date of birth, passport number, nationality, contact details, credit card number,
It is in our legitimate interest to provide you with access to the staff travel portal to book approved concessionary tickets.
It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
24
To enable Etihad to conduct background checks on suppliers and business partners.
If you are a vendor or business partner of ours, we may process your personal data to complete background checks on you and your company to meet our obligations to comply with relevant UAE and international sanctions requirements. Such personal data processed in this way may include name, work email address, and passport information.
It is in our legitimate interests to carry out background checks on all suppliers and business partners to ensure compliance with relevant laws when dealing with them.
25
To use our optional service to automatically enter data during check in process.
We need to collect your documents in order to provide you with the service that will allow us to automatically collect data from your documents necessary for your travel. This may include personal data such as name, nationality, passport number and place of birth
Consent
Where we have your consent to using your personal information to provide you with the service you requested. Please note that you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal
We work closely with a number of trusted partners with whom we need to share information to help us provide our services:
- our group or affiliate companies around the world, including other Etihad brands such as Etihad Cargo, Etihad Holidays and Etihad Guest – please check the table below for a list of Etihad Airways affiliates;
OPERATING AFFILIATE ENTITY NAME & ADDRESS
UNITED ARAB EMIRATES
Etihad Aviation Group P.J.S.C.
New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
Etihad Airways P.J.S.C.
Etihad Guest LLC New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
Etihad Tourism LLC
Etihad Airport Services Ground LLC
SERBIA
EAP Shared Services d.o.o. Beograd
Kapetan Misina 15, Belgrade Serbia
Global Business Service Solutions LLC
Etihad Aviation Group HQ, Khalifa City A. PO Box 35566 Abu Dhabi, UAE.
- partner airlines where you are travelling on a booking which involves a codeshare. Further information about our partner airlines at https://www.etihad.com/en/fly-etihad/our-partners;
- frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your membership of Etihad Guest;
- banks and payment providers, to authorise and complete payments;
- other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents;
- with customs and / or immigration departments or other regulatory authorities or government entities, to comply with legal obligations and ensure the safety of all our passengers and customers; and
- with government organizations (e.g. tax authorities) and international organizations (e.g. IATA), to comply with applicable laws and regulations.
- law enforcement authorities and other government agencies, due to applicable legal obligations or when it is in our legitimate interest to do so. You can find more information about when we do this in the above section.
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose or transfer information to a potential or actual third party purchaser of our business or assets.
Direct marketing
We are committed to keeping you informed about our products and services in line with your personal preferences. We will always ask your permission before sending marketing material, whether about our services or those of our preferred partners.
We will usually send this by email but we may choose to contact you in other ways for example by phone, post, SMS and/or other electronic means if that is more appropriate. You can ask us to stop sending you marketing material at any time by contacting us.
Managing your marketing preferences
To protect privacy rights and to ensure you have control over how we manage marketing with you:
More about profiling and analytics
We may use some of the information you provide to us in order to perform profiling and analytics with the data. We will do this either with your consent or where it is in our legitimate interests.
One of the methods by which we do this is by installing and using Cookies on your browser or device. You can learn more about how to adjust settings relating to Cookies on your browser and device, and about our Cookie Policy in the section titled Cookies and Mobile, below.
Some of the legitimate purposes we profile and analyse data include:
If you are a Data Subject with rights under the GDPR then we will take steps to ensure that prior to profiling your information for a legitimate interest that that interest is not overridden by your own interests or fundamental rights and freedoms. If you are a Data Subject with rights under the GDPR you may have rights to object to us profiling your personal information. You can learn more about profiling and analytics under the GDPR here.
We operate our business on a global basis. The countries to which we commonly disclose your personal information include the United Arab Emirates ("UAE"), where we have our head offices, the United States of America ("USA"), United Kingdom ("UK") and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.
We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.
How we protect your information
We invest an appropriate level of resources to protect the security and confidentiality of personal information.
We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception;
We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access to that information; and
We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.
Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorised access to your device.
Storing your personal information
We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Should you require information about how we retain particular information you can contact us.
In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
Our policy on "cookies"
A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make Etihad Websites more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.
A cookie will be deployed on your device when you visit Etihad Websites unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings. For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy.
You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.
Subject to the terms of this Privacy Statement we guarantee that you have following key rights wherever you are:
To access your personal information. We will tell you what personal information we hold about you and can provide you with a copy of this;
To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify;
To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law.
If you are resident in the European Union or otherwise benefit from rights as a data subject under the EU General Data Protection Regulation ("GDPR"), you will have certain additional rights in relation to our handling of your personal information.
You may have other rights depending upon the country you are in. You may therefore have rights to lodge a complaint to a local privacy authority, however whether you lodge a complaint and who you lodge it with is solely your responsibility.
If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.
You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Right to access personal information
You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
Right to rectify or erase personal information
You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
You can also request that we erase your personal information in limited circumstances where:
Right to restrict the processing of your personal information
You can ask us to restrict your personal information, but only where:
We can continue to use your personal information following a request for restriction, where:
Right to transfer your personal information
You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
Right to object to the processing of your personal information
You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
Right to object to how we use your personal information for direct marketing purposes
You can request that we change the manner in which we contact you for marketing purposes.
You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.
Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction
You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms.
Right to lodge a complaint with your local supervisory authority
You have a right to lodge a complaint with The Information Commissioner’s Office if you have concerns about how we are processing your personal information.
We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
The primary point of contact for all issues arising from this privacy statement, is the Etihad Aviation Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Please email us at dataprivacy@etihad.ae or write to the Data Protection Officer, Etihad Aviation Group, PO Box 35566, Abu Dhabi, United Arab Emirates
You can use this Webform to raise your data subject rights requests.
If you have any questions, concerns or complaints regarding our compliance with this statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
Our Representative in the UK
Etihad Airways P.J.S.C. is represented in the UK by its London office. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our London office:
For the Attention of the Etihad Aviation Group Data Protection Officer, Etihad Airways, 200 Hammersmith Road London, W6 7DL United Kingdom
This section applies to individuals visiting our website or using our services from the Republic of Korea. Where this section contradicts the provisions in the previous sections, the provisions in this section shall prevail.
Destruction of Unneeded Personal information
When destroying personal information, Etihad will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible as follows:
(a) Personal information contained in electronic files will permanently be deleted using a technical method which makes the information irrecoverable; and
(b) Any other records, print-outs, documents or any other recording media will be shredded or incinerated.
In the event that the processing/retention period has expired, but personal information is required to be retained continuously, the relevant personal information and personal information files will be stored/maintained separately from other personal information, to the extent technically possible.
You can find more information about our retention periods here.
Your Rights and Remedies for Infringements on Rights
You may exercise rights to access, correct, delete or suspend processing of your personal information at any time. Should you wish to exercise your rights, please use our Webform, and We will take appropriate measures without delay. You may exercise your rights through an agent, such as a legal representative or a person authorized by you.
Request for access to and suspension of processing of personal information may limit the information principal's right under applicable laws and regulations, and request for correction and deletion of personal information may not be made if the personal information is specified to be collected by other laws and regulations.
Etihad has an obligation to confirm whether the person who made the request for access, correction, deletion and suspension of processing of personal information is the individual themselves or a person with an appropriate authorization.
You have the right to request a resolution of a dispute, consult with authorities and agencies and seek remedy. Their contact details are:
Personal Information Infringement Report Centre - https://privacy.kisa.or.kr/main.do
Supreme Prosecutor’s Office - https://www.spo.go.kr/site/spo/main.do
Electronic Cybercrime Report & Management System - https://ecrm.police.go.kr/minwon/main
Collection of Sensitive Information
As explained in our statement, we collect different categories of personal information. Some of the personal information we collect may constitute sensitive personal information as it may suggest your medical, health information or religious information. When we process some of the information described in this paragraph we rely on consent – to provide you with a special request such as a wheelchair or a religious meal) while in other cases we rely on laws and regulations – when we ask for a proof of vaccination, test results (such as PCR) and similar. Please note that in the latter case, we rely on rules and regulations contained in IATA TIMATIC system. IATA TIMATIC system is used as the industry standard for airlines whenever they need to decide whether passengers meet specific country entry requirements, including whether they possess all required health documentation
Please note that if you require medical assistance, you will have to go through Etihad’s medical clearance process. In such case, you will provide your consent to processing of sensitive personal information through that process.
If you contact us with a service request, complaint or a feedback we may ask you to provide us with certain sensitive information for which we have obtained your consent already, we might ask you for a separate consent or where it is necessary for us to comply with laws and regulations (as explained earlier we rely on IATA TIMATIC for this purpose). Please note that we do not encourage individuals to provide us with sensitive information unless requested by us.
How we Share Your Personal Information With Others?
We may seek your consent to provide personal information to third parties. You can view the list of such third parties here.. Also, where we share your sensitive information with third parties, we may seek your consent. You can view the list of third parties we share sensitive information with here. We may delegate processing or storing of personal information (including sensitive information) to third parties. The list of such third parties can be found here.
Etihad Cargo
Read the Etihad Cargo privacy policy
Etihad Guest
Read the Etihad Guest privacy policy
Recruitment
Read our Recruitment privacy policy
Comments and queries
Questions? Get in touch