Privacy policy

Etihad Airways PJSC privacy statement

The entity responsible for your personal information is Etihad Airways PJSC.

Etihad Airways PJSC is a Public Joint Stock Company established by Emiri Decree and incorporated in the Emirate of Abu Dhabi, United Arab Emirates. Etihad operates through various branch offices, departments and operating divisions, including Etihad Airways, Etihad Holidays, and Etihad Cargo. Etihad Airways PJSC forms part of the Etihad Aviation Group. If you would like to review the Etihad Aviation Group Privacy Statement, please visit www.theetihadaviationgroup.com or write to the Ethics and Compliance Office, Etihad Aviation Group, Head Quarters, Khalifa City A, PO Box 35566, Abu Dhabi, UAE.

At Etihad Airways PJSC, and our affiliates and branch offices (collectively referred to as "Etihad Airways", "we", "us"), we take our data protection and privacy responsibilities seriously. This statement describes how we collect, process, use, disclose and transfer your personal information as a data controller. It covers instances when you contact us, use our services or interact with our websites, such as www.etihad.com, and Etihad mobile apps (together "Etihad Websites").

Terms of Use

Use of the Etihad Websites is subject to our terms of acceptable use, found in our Terms and Conditions. Any products and services supplied are subject to our Terms and Conditions, Customer Care Policy and General Conditions of Carriage.

Updates

We may amend this statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email ("Notice of Change").

Third Party Websites

Etihad Websites may link you to other websites. We are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use.

Your personal information

Find out when, why and how we use your personal information.

If you use the Etihad Websites to make a flight booking or manage a reservation, we will collect and use information about you as necessary to manage the booking. This may include personal information such as your name, date of birth, address, next of kin details, Passenger Name Record number ("PNR number"), gender, passport details, any meal preferences or frequent flyer programme membership references such as your username and password (if applicable) together with payment details (such as your credit card number) and contact information (such as phone number and e-mail address) for the lead passenger.

We may also seek to collect from you for the purposes of providing you with enhanced services, such as medical services, special categories of personal data, which are treated with extra care by us. These special categories of data include details relating to your health such as whether you use a wheelchair or require an oxygen tank, certain health behaviours such as whether you are a smoker and your religion. In limited circumstances, such as where we are providing you with chauffer services, we may additionally collect information about your whereabouts using systems such as GPS. If you or any passenger travelling has special health, dietary or access

requirements, which you or they would like us to be aware of, we may collect information about these matters where this is provided.

Where you are making a booking on behalf of other travelling passengers, it is your responsibility to represent that passenger in the booking process and explain how we will use their personal information as set out in this Privacy Statement. You must obtain their consent to make the booking and share their details with us as anticipated by this Privacy Statement. We will assume that you have done this. We may be under separate legal obligations to explain to them that we are controlling their personal information, even if it comes to us from you.

On some routes we are required to pass details of the itinerary and booking details in our Passenger Name Record system to border control, customs and law enforcement officers at ports of entry / exit on your itinerary. We will share this information with relevant authorities as required and permitted by local and applicable laws.

If you are in, or flying to/from France, please note that in accordance with Article L 237 -7 of French Internal Security Code, air carriers may transmit reservation data collected from their passengers (PNR) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014.

If you join our frequent flyer programme, Etihad Guest, you will be asked to register your personal details with Etihad Guest. This will allow Etihad Guest to manage your account and provide you with rewards and benefits. This may include information such as your name, date of birth, address, email, telephone number, next of kin, your photograph, passport details, your credit card details including its expiry date, your Etihad Guest Number, PNR number, flight ticket number, professional details such as your profession, title, role, including professional licensing numbers. In exceptional circumstances certain Etihad Airways affiliates or services, such as Etihad Guest, may have access to certain personal data, including Special Categories of personal data (as defined in the General Data Protection Regulation) obtained during the course of your flight, as set out in this policy.

When you join Etihad Guest you will be asked to confirm that you agree to share data between Etihad Airways and Etihad Guest to receive these benefits. Any information shared with Etihad Guest is held subject to Etihad Guest's separate privacy policy and terms and conditions, which you can find here.

If you contact us with a query or comment about any of our services, or would like us to keep you informed about latest news and developments at Etihad, we will need to collect information about you (including your contact details) to help us respond to your query or request. We may do this when you call our customer support centre, or interact with us through our online support tools. This information may include your name, date of birth, address, email, telephone number, next of kin, your photograph, passport details, your credit card details including its expiry date, your Etihad Guest Number, PNR number, flight ticket number, professional details such as your profession, title, role, including professional licensing numbers. We may also need seek to collect from you Special Categories of Data, for the purposes of properly understanding your query or request, which are treated with extra care by us. These Special Categories of Data may include details relating to your health such as whether you use a wheelchair or require an oxygen tank, certain health behaviours such as whether you are a smoker, your race and ethnicity, your religion

We may also keep a record of any communications we have with you (including a recording of any calls you make). We do this in compliance with applicable laws to help monitor and improve the quality of our customer support services, to make and defend legal claims, and to comply with legal obligations to which we are subject . Where you have asked to receive an information update from us, you are free to change your preferences (for more information, refer to 'Updating your personal profile and preferences' section below).

From time to time we hold events and special promotions to introduce Etihad to new customers. If you come to one of these events, or take part in a promotion, we may ask for your personal details to help us run the promotion and keep in touch with you about our services and any special offers that we think may be of interest. Any information which you provide will be used in accordance with the terms of this Privacy Statement and you can unsubscribe from further communications from us at any time.

We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:

where we need to use your personal information to perform a contract or take steps to enter into a contract with you, for example to take payment for and manage the terms of any travel booking you have with us, or complete your travel arrangements, if you are a passenger on a flight booking;
our legitimate interests as a commercial organisation, for example we may record calls to our customer service centre so that we can review our call handling processes and ensure we provide a continuously high standard of customer service; we may use customer contact information to keep our customers informed about flight changes and other important service messages; we may also let you know about our new routes and special offers that may be of interest to you - in these cases we will respect your privacy rights and ensure you may object to processing as explained in the “Your Rights” section below;
where we need to use your personal information to comply with a relevant legal or regulatory obligation that we have, for example in some countries we are required to share Advance Passenger Details with law enforcement officials in destination airports before departure, as described in the "Advance Passenger Information" section; and
where we have your consent to using your personal information for a particular activity, for example to share special offers from ourselves and our partners that we consider may be of interest to you.

To help you understand the legal grounds on which we process your data, please check the table below that sets out the legal bases upon which we process your personal information in certain circumstances. There may be one or more legal bases applicable to the activities listed. These may be amended and updated from time to time.

1	Managing your flight details and check in.	In order to ensure that you are properly booked and checked in we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, frequent flyer username and password, PNR reference, ticket number.	To perform our contract with you.
2	To manage additional services we may provide to you.	To ensure that we can carry out any additional services you request we will process special categories of data, such as your religion, or medical history.	To perform our contract with you.
3	To manage flight disruptions	In order to ensure that we book you into suitable hotel accommodation and transport you there where there is a flight disruption, we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, PNR number, ticket number, identifiers for professionals.	To perform our contract with you.
4	Guest transport.	Where you utilize our chauffeur service, we will need to process personal information about you such as your name, address, date of birth, contact details, next of kin, passport details, credit card details, frequent flyer number, PNR number, ticket number, identifiers for professionals, in order to ensure that your guest transport is booked properly. We may also need to process special categories of personal data such as health care information, and GPS tracking information.	To perform our contract with you.
5	To provide you with customer support.	In order to provide you with customer support including for inbound calls relating to bookings, to modify bookings, special services, cancellations and refunds, ancillary sales, and outbound calls for disruption related messages we will need to process personal information about you such as your name, address, date of birth, contact details, bank account details, next of kin, credit card details, passport details, frequent flyer details, PNR number, ticket number, identifiers for professionals. We may also process sensitive personal information such as health data, race or ethnicity, religion.	Legitimate interests. It is in our legitimate interests to ensure that our business runs smoothly and that we provide you with timely customer support, without undue delay and complication. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with effective customer support.
6	To communicate with you in relation to your flight.	In order to communicate with you to provide updates regarding your flight, for example, if there are likely to be delays to your flight we will need to process personal information about you such as your name, address, date of birth, credit card number, frequent flyer number, PNR number, ticker number, passport details and contact details.	To perform our contract with you.
7	To provide medical services to you in cases of emergency.	In the event that you require emergency medical attention and services we will need to process personal information about you such as your name, date of birth, address, contact details, next of kin, passport details, PNR number, ticket number, identifiers for professionals, as well as special data such as your religion, race or ethnicity and health data.	To protect your vital interests.
8	To provide responsive services to you in cases of emergency	In the event that there is an emergency and we need to locate family members and next of kin, we will need to process personal information about you such as your name, date of birth, address, contact details, next of kin, passport details, social security number, credit card details, frequent flyer details, PNR number, ticket number, identifiers for professionals, as well as special data such as your religion, race or ethnicity and health data, biometric information, medical identifiers, sensitive information about family members, criminal convictions.	To protect your vital interests.
9	To communicate with your next of kin in cases of emergency.	In order to communicate with your next of kin in cases of emergency we will need to process personal information about you and your next of kin including your names, addresses and contact details.	To protect your vital interests.
10	To communicate with you on new offers and services from Etihad Airways or other affiliates.	In order to communicate with you regarding new offers and services from either us or our affiliates, such as new routes we will need to process personal information about you such as your name, address, contact details, date of birth, frequent flyer details, PNR number, ticket number, identifiers for professionals and passport details.	Legitimate interests. It is in our legitimate interests to promote our business and develop our relationship with you. In order to do this we may wish to bring to your attention new offers from us or our affiliates. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to update you on such new offers and services from us or our affiliates.
11	To communicate with you on new offers and services from third parties.	In order to communicate with you regarding new offers and services from third parties we will need to process personal information about you such as your name, date of birth, address, contact details, frequent flyer details, identifiers for professionals, and passport details.	Legitimate interests. It is in our legitimate interests to promote offers and services from third parties in certain circumstances, based upon our understanding of your preferences. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to update you on such new offers and services from such third parties.
12	To engage in surveys with you.	In order to obtain feedback from you via surveys in relation to our services and other matters related to our business we will need to process personal information such as your name, address, date of birth, contact details, next of kin, bank account details, frequent flyer details, ticket number, identifiers for professionals, passport details, and PNR number.	Legitimate Interests. It is in our legitimate interests to engage in surveys with you in order to ascertain certain information for the purposes of how we conduct our business. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to conduct surveys with you.
13	To offer opportunities to you to enter into competitions or prize draws.	In order to enter you into the competitions or prize draws and award the prizes we will need to process personal information such as your name, address, contact details, frequent flyer details and passport details, PNR number.	Legitimate Interests. It is in our legitimate interests to promote our business by engaging with consumers through competitions or prize draws. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with the opportunity to participate in competitions or prize draws.
14	To manage our frequent flyer program.	In order to enter you in to the frequent flyer program we will need to process personal information such as your name, address, contact details, employee ID (if relevant), passport details, credit card number, frequent flyer details, Etihad Guest number, PNR number, ticket number, any identifiers relating to your profession (if relevant).	To enter into a contract with you for the frequent flyer program.
15	To handle complaints made by you.	In order to handle complaints made by you, we will need to process your personal information such as your name, date of birth, address, contact details, bank account details, passport details, frequent flyer details, PNR number and ticket number, and may include special categories of data such as data concerning health where relevant to your complaint.	Legitimate Interests. It is in our legitimate interests to ensure that we handle your complaints in an efficient manner, without undue delay and complication. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR you have rights to restrict or object to this processing, however please note that this may adversely affect our ability to provide you with effective complaints handling.
16	To comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon legitimate requests.	In order to comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon request we will need to process your personal information such as your name, date of birth, address, passport details, frequent flyer details.	Processing is necessary for compliance with a legal obligation to which we are subject.
17	To comply with a legitimate request by a law enforcement or similar bodies to share information with them.	In order for us to comply with a request by law enforcement or similar bodies to share information with them we may need to process your personal information such as your name, date of birth, address, passport details, frequent flyer details.	Legitimate Interests It is in our legitimate interests to be able to share information with law enforcement or similar bodies from time to time, subject to their legitimate requests. We will need to be able to process this information in order for us to comply with legitimate requests, including in cases where we determine that we are not compelled to by applicable laws. Prior to sharing that information we will ensure that by properly exercising our right to act in our legitimate interest to share the requested data we will not be overriding your interests or fundamental rights and freedoms which require protection of your personal data.
18	In the case that you start a legal claim against us and we need to defend that legal claim.	In order for us to defend the claim brought by you or a third party, we may need to process your personal information such as your name, address, data of birth, passport details and frequent flyer details . We may also need to process your special categories of data such as your racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.	Legitimate Interests It is in our legitimate interests to be able to commence or defend legal claims as and when we consider it necessary for the protection of our business. We will need to be able to process this information in order for us to instruct our legal counsel and fully defend ourselves against the claim you may bring. It is unlikely that by us properly exercising our rights to commence or defend claims we will override your interests or fundamental rights and freedoms which require protection of your personal data.
19	In the case that we start a legal claim against you.	In the event that Etihad wishes to commence a claim against you we may need to process your personal information such as your name, address, data of birth, passport details and frequent flyer details. We may also need to process your special categories of data such as your racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.	Legitimate Interests It is in our legitimate interests to be able to commence or defend legal claims as and when we consider it necessary for the protection of our business. We will need to be able to process this information in order for us to instruct our legal counsel and fully defend ourselves against the claim you may bring. It is unlikely that by us properly exercising our rights to commence or defend claims we will override your interests or fundamental rights and freedoms which require protection of your personal data.
20	To allow our partners to access and use Etihad Hub.	For our partners to access and use Etihad Hub, we collect and process personal information, including your name and email address.	Legitimate Interests It is in our legitimate interest to provide you with access to Etihad Hub. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data. If you are a data subject protected by the GDPR, you have rights to restrict or object to this processing. Please note, however, that this may adversely affect your ability to access and use Etihad Hub. This may also conflict with your employment and contractual obligations for Travel Agencies.
21	To ensure the protection of public health and safety	In order to safeguard the health and wellbeing of passengers and staff, we may process special categories of data to ensure your fitness to fly. Information which reveals health may be gathered from declarations, assessments and/or temperature screening activities at the airport. Personal data such as name, date of birth and passport details may also be processed if further information is required.	To perform our contract with you.We process your personal data in accordance with our Conditions of Carriage. For special categories of data, the processing is necessary for reasons of substantial public interest in the area of public health in accordance with relevant laws, regulations and international standards.
22	To comply with a legal obligation.	We may process your personal data to meet border control requirements set by your destination country. This may include your passport and visa information, and health data.	To perform our contract with you. To comply with a legal obligation. Where necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
23	To enable Etihad staff and the staff of authorised partner companies to access concessionary travel benefits	We may process your personal data to enable us to book you, family and friends, on Etihad and/or partner airline services using exclusive concessionary offers. Such personal data processed in this way may include name, date of birth, passport number, nationality, contact details, credit card number,	Legitimate Interests It is in our legitimate interest to provide you with access to the staff travel portal to book approved concessionary tickets. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
24	To enable Etihad to conduct background checks on suppliers and business partners.	If you are a vendor or business partner of ours, we may process your personal data to complete background checks on you and your company to meet our obligations to comply with relevant UAE and international sanctions requirements. Such personal data processed in this way may include name, work email address, and passport information.	Legitimate Interests It is in our legitimate interests to carry out background checks on all suppliers and business partners to ensure compliance with relevant laws when dealing with them. It is unlikely that us doing this will override your interests or fundamental rights and freedoms which require protection of your personal data.
25	To use our optional service to automatically enter data during check in process.	We need to collect your documents in order to provide you with the service that will allow us to automatically collect data from your documents necessary for your travel. This may include personal data such as name, nationality, passport number and place of birth	Consent Where we have your consent to using your personal information to provide you with the service you requested. Please note that you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

We work closely with a number of trusted partners with whom we need to share information to help us provide our services:

- our group or affiliate companies around the world, including other Etihad brands such as Etihad Cargo, Etihad Holidays and Etihad Guest – please check the table below for a list of Etihad Airways affiliates;

COUNTRY	OPERATING AFFILIATE ENTITY NAME & ADDRESS
UNITED ARAB EMIRATES	Etihad Aviation Group P.J.S.C. New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
UNITED ARAB EMIRATES	Etihad Airways P.J.S.C. New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
UNITED ARAB EMIRATES	Etihad Guest LLC New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
UNITED ARAB EMIRATES	Etihad Tourism LLC New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
UNITED ARAB EMIRATES	Etihad Airport Services Ground LLC New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi
SERBIA	EAP Shared Services d.o.o. Beograd Kapetan Misina 15, Belgrade Serbia
UNITED ARAB EMIRATES	Global Business Service Solutions LLC Etihad Aviation Group HQ, Khalifa City A. PO Box 35566 Abu Dhabi, UAE.

- partner airlines where you are travelling on a booking which involves a codeshare. Further information about our partner airlines at https://www.etihad.com/en/fly-etihad/our-partners;

- frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your membership of Etihad Guest;

- banks and payment providers, to authorise and complete payments;

- other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents;

- with customs and / or immigration departments or other regulatory authorities or government entities, to comply with legal obligations and ensure the safety of all our passengers and customers; and

- with government organizations (e.g. tax authorities) and international organizations (e.g. IATA), to comply with applicable laws and regulations.

- law enforcement authorities and other government agencies, due to applicable legal obligations or when it is in our legitimate interest to do so. You can find more information about when we do this in the above section.

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose or transfer information to a potential or actual third party purchaser of our business or assets.

Direct marketing

We are committed to keeping you informed about our products and services in line with your personal preferences. We will always ask your permission before sending marketing material, whether about our services or those of our preferred partners.

We will usually send this by email but we may choose to contact you in other ways for example by phone, post, SMS and/or other electronic means if that is more appropriate. You can ask us to stop sending you marketing material at any time by contacting us.

Managing your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:
- We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
- You can also click the "unsubscribe" link that you will find on any online newsletters which you receive.
- You can change the way your browser or device manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below. We recommend you routinely review the privacy statements and preference settings that are available to you on any social media platforms.
More about profiling and analytics

We may use some of the information you provide to us in order to perform profiling and analytics with the data. We will do this either with your consent or where it is in our legitimate interests.

One of the methods by which we do this is by installing and using Cookies on your browser or device. You can learn more about how to adjust settings relating to Cookies on your browser and device, and about our Cookie Policy in the section titled Cookies and Mobile, below.

Some of the legitimate purposes we profile and analyse data include:
- to allow us to enhance our provision of services to you;
- to provide you with tailored content online and optimise your experience of our websites;
- to offer personalised products when you fly with us or use our other services;
- to obtain a better understanding of our customers, what you would like to see from us, and how we can improve our services for you;
- to share advertising material, we believe may be of interest to you, including from our third party partners;
- to help us operate our services more efficiently, including to ensure that our most loyal customers obtain the best services.
If you are a Data Subject with rights under the GDPR then we will take steps to ensure that prior to profiling your information for a legitimate interest that that interest is not overridden by your own interests or fundamental rights and freedoms. If you are a Data Subject with rights under the GDPR you may have rights to object to us profiling your personal information. You can learn more about profiling and analytics under the GDPR here.

We operate our business on a global basis. The countries to which we commonly disclose your personal information include the United Arab Emirates ("UAE"), where we have our head offices, the United States of America ("USA"), United Kingdom ("UK") and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.

We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
- we ensure transfers within Etihad Group will be covered by an agreement entered into by members of Etihad Group (called an "intra-group agreement") which contractually obliges each member of the Etihad Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Etihad Group; where we transfer your personal information outside Etihad Airways or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the "EU - US Privacy Shield" for the protection of personal information transferred from within the European Union ("EU") to the USA; or where we receive requests for information from government entities, international organisations or regulators, we carefully validate these requests to ensure that it is legally appropriate to share the requested personal information.
You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.

How we protect your information

We invest an appropriate level of resources to protect the security and confidentiality of personal information.

We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception;

We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access to that information; and

We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.

Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorised access to your device.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Should you require information about how we retain particular information you can contact us.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Our policy on "cookies"

A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make Etihad Websites more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.

A cookie will be deployed on your device when you visit Etihad Websites unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings. For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy.

You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.

Subject to the terms of this Privacy Statement we guarantee that you have following key rights wherever you are:

To access your personal information. We will tell you what personal information we hold about you and can provide you with a copy of this;

To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify;

To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law.

If you are resident in the European Union or otherwise benefit from rights as a data subject under the EU General Data Protection Regulation ("GDPR"), you will have certain additional rights in relation to our handling of your personal information.
- To erase personal information;
- To restrict the processing of your personal information;
- To transfer your personal information;
- To object to the processing of personal information;
- To object to how we use your personal information for direct marketing purposes;
- To obtain a copy of personal information safeguards used for transfers outside your jurisdiction;
- To lodge a complaint with your local supervisory authority. A further explanation of these general key rights and the GDPR specific rights is outlined under each heading. Please click on these for further details.
You may have other rights depending upon the country you are in. You may therefore have rights to lodge a complaint to a local privacy authority, however whether you lodge a complaint and who you lodge it with is solely your responsibility.

If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

Right to access personal information

You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.

Right to rectify or erase personal information

You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.

You can also request that we erase your personal information in limited circumstances where:
- it is no longer needed for the purposes for which it was collected; or
- you have withdrawn your consent (where the data processing was based on consent); or
- following a successful exercise of the right to object; or
- it has been processed unlawfully; or
- to comply with a legal obligation to which Etihad Airways is subject. We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
Right to restrict the processing of your personal information

You can ask us to restrict your personal information, but only where:
- its accuracy is contested, to allow us to verify its accuracy; or
- the processing is unlawful, but you do not want it erased; or
- it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- you have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal information following a request for restriction, where:
- we have your consent; or
- to establish, exercise or defend legal claims; or
- to protect the rights of another natural or legal person.
Right to transfer your personal information

You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
- the processing is based on your consent or on the performance of a contract with you; and
- the processing is carried out by automated means.
Right to object to the processing of your personal information

You can object to any processing of your personal information which has our legitimate interests as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.

If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.

Right to object to how we use your personal information for direct marketing purposes

You can request that we change the manner in which we contact you for marketing purposes.

You can request that we not transfer your personal information to unaffiliated third parties for the purposes of direct marketing or any other purposes.

Right to obtain a copy of personal information safeguards used for transfers outside your jurisdiction

You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms.

Right to lodge a complaint with your local supervisory authority

You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.

The primary point of contact for all issues arising from this privacy statement, is the Etihad Aviation Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

Please email us at dataprivacy@etihad.ae or write to the Data Protection Officer, Etihad Aviation Group, PO Box 35566, Abu Dhabi, United Arab Emirates

You can use this Webform to raise your data subject rights requests.

If you have any questions, concerns or complaints regarding our compliance with this statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

To contact your data protection supervisory authority

In some countries, you may have a right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before your local supervisory authority.

Our Representative in the EU

Etihad Airways P.J.S.C. is represented in the European Union by its Paris office. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our Paris office:

For the Attention of the Etihad Aviation Group Data Protection Officer,
Etihad Airways
18 rue Trezel
92300 Levallois-Perret, France

This section applies to individuals visiting our website or using our services from the Republic of Korea. Where this section contradicts the provisions in the previous sections, the provisions in this section shall prevail.

Destruction of Unneeded Personal information

When destroying personal information, Etihad will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible as follows:

(a) Personal information contained in electronic files will permanently be deleted using a technical method which makes the information irrecoverable; and

(b) Any other records, print-outs, documents or any other recording media will be shredded or incinerated.

In the event that the processing/retention period has expired, but personal information is required to be retained continuously, the relevant personal information and personal information files will be stored/maintained separately from other personal information, to the extent technically possible.

You can find more information about our retention periods here.

Your Rights and Remedies for Infringements on Rights

You may exercise rights to access, correct, delete or suspend processing of your personal information at any time. Should you wish to exercise your rights, please use our Webform, and We will take appropriate measures without delay. You may exercise your rights through an agent, such as a legal representative or a person authorized by you.

Request for access to and suspension of processing of personal information may limit the information principal's right under applicable laws and regulations, and request for correction and deletion of personal information may not be made if the personal information is specified to be collected by other laws and regulations.

Etihad has an obligation to confirm whether the person who made the request for access, correction, deletion and suspension of processing of personal information is the individual themselves or a person with an appropriate authorization.

You have the right to request a resolution of a dispute, consult with authorities and agencies and seek remedy. Their contact details are:

Personal Information Infringement Report Centre - https://privacy.kisa.or.kr/main.do

Supreme Prosecutor’s Office - https://www.spo.go.kr/site/spo/main.do

Electronic Cybercrime Report & Management System - https://ecrm.police.go.kr/minwon/main

Collection of Sensitive Information

As explained in our statement, we collect different categories of personal information. Some of the personal information we collect may constitute sensitive personal information as it may suggest your medical, health information or religious information. When we process some of the information described in this paragraph we rely on consent – to provide you with a special request such as a wheelchair or a religious meal) while in other cases we rely on laws and regulations – when we ask for a proof of vaccination, test results (such as PCR) and similar. Please note that in the latter case, we rely on rules and regulations contained in IATA TIMATIC system. IATA TIMATIC system is used as the industry standard for airlines whenever they need to decide whether passengers meet specific country entry requirements, including whether they possess all required health documentation

Please note that if you require medical assistance, you will have to go through Etihad’s medical clearance process. In such case, you will provide your consent to processing of sensitive personal information through that process.

If you contact us with a service request, complaint or a feedback we may ask you to provide us with certain sensitive information for which we have obtained your consent already, we might ask you for a separate consent or where it is necessary for us to comply with laws and regulations (as explained earlier we rely on IATA TIMATIC for this purpose). Please note that we do not encourage individuals to provide us with sensitive information unless requested by us.

How we Share Your Personal Information With Others?

We may seek your consent to provide personal information to third parties. You can view the list of such third parties here.. Also, where we share your sensitive information with third parties, we may seek your consent. You can view the list of third parties we share sensitive information with here. We may delegate processing or storing of personal information (including sensitive information) to third parties. The list of such third parties can be found here.

Find out more

Etihad Cargo

Read the Etihad Cargo privacy policy

Etihad Guest

Read the Etihad Guest privacy policy

Recruitment

Read our Recruitment privacy policy

Comments and queries

Questions? Get in touch

Privacy policy

Etihad Airways PJSC privacy statement

Your personal information

Flight and booking information

Advance Passenger Information

Etihad Guest

Customer support and online services

Events and promotions

Legal bases for using your data

How we share your information

More about direct marketing, profiling and automated decision making

Transferring personal information globally

How we protect and store your information

Cookies and mobile

Your legal rights

Contact us

Additional information for individuals from Republic of Korea

Find out more