Privacy policy

Etihad Airways PJSC privacy statement

 

At Etihad Airways PJSC, our affiliates and our branch offices (collectively referred to as Etihad, we, us), we take our data protection and privacy responsibilities seriously.

This privacy statement describes how we may collect and use your personal information including when you contact us, use our services, interact with our website, www.etihad.com (Etihad Website).

Terms of Use

Use of the Etihad Websites is subject to our terms of acceptable use, found in our Terms and Conditions. Any products and services supplied are subject to the relevant Terms and Conditions, Customer Care Policy and General Conditions of Carriage.

Updates

We may amend this privacy statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this privacy statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email.

This privacy statement was last updated on: 15 January 2025

Third Party Websites

Etihad Websites may link you to other websites. We are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use.

Your personal information

This section describes when we collect personal information about you, the types of personal information collected and how we use your personal information.

When you make a flight booking or want to manage a reservation

If you use the Etihad Websites to make a flight booking or manage a reservation, we will collect and use information about you as necessary to manage the booking.

This may include the following types of personal information:

  • Name
  • Date of birth
  • Address
  • Contact information (such as phone number and e-mail address) for the lead passenger
  • Next of kin details
  • Passenger Name Record number (PNR number)
  • Flight ticket number
  • Gender
  • Passport details
  • Any meal preferences
  • Frequent flyer programme membership information such as your username and password (if applicable)
  • Payment details (such as credit card information)

We need to process this personal information in order to ensure that you are properly booked and checked in.

We may also collect special categories of personal data from you, which are treated with extra care by us. We collect these types of data for the purposes of providing you with enhanced services, such as medical services. These special categories of data include:

  • Health data, such as whether you use a wheelchair or require an oxygen tank, or certain health behaviours such as whether you are a smoker
  • Personal data relating to nationality, race and ethnic origin
  • Personal data relating to religion

In limited circumstances, such as where we are providing you with chauffer services, we may additionally collect information about your whereabouts using systems such as GPS. If you or any passenger travelling has special health, dietary or access requirements, which you or they would like us to be aware of, we may collect information about these matters where this is provided.

Where you are making a booking on behalf of other travelling passengers, it is your responsibility to represent that passenger in the booking process and explain how we will use their personal information as set out in this Privacy Statement. You must obtain their consent to make the booking and share their details with us as anticipated by this Privacy Statement. We will assume that you have done this. We may be under separate legal obligations to explain to them that we are controlling their personal information, even if it comes to us from you.

When you contact customer support and or use our online services

If you contact us with a query or comment about any of our services or would like us to keep you informed about latest news and developments at Etihad, we will need to collect information about you (including your contact details) to help us respond to your query or request.

We may do this when you call our customer support centre or interact with us through our online support tools. This information may include:

  • Name
  • Date of birth
  • Address
  • Contact information (such as phone number and e-mail address)
  • Next of kin
  • Your photograph
  • Passport details
  • Payment details (such as credit card information)
  • Bank account details
  • Frequent flyer programme membership information
  • PNR number
  • Flight ticket number

·        Identifiers related to your profession

We process this personal information in order to provide you with customer support including for inbound calls relating to bookings, to modify bookings, special services, cancellations and refunds, ancillary sales, and outbound calls for disruption related messages.

We may also seek to collect special categories of personal data from you for the purposes of properly understanding your query or request, which are treated with extra care by us. These special categories of data may include:

  • Health data, such as whether you use a wheelchair or require an oxygen tank, or certain health behaviours such as whether you are a smoker,
  • Personal data relating to nationality
  • Personal data relating to religion

We may also keep a record of any communications we have with you (including a recording of any calls you make). We do this in compliance with applicable laws to help monitor and improve the quality of our customer support services, to make and defend legal claims, and to comply with legal obligations to which we are subject.

Where you have asked to receive an information update from us, you are free to change your preferences (for more information, refer to 'Updating your personal profile and preferences' section below).

When you sign up to our loyalty programme

When you join our loyalty programme, Etihad Guest, we will collect information from you to set up your Etihad Guest account and allow you to start collecting and spending reward points. This will include:

  • Name
  • Date of birth
  • Contact details (such as your postal address, email address and phone number)
  • Passport details
  • Etihad Guest number (if you already have one)
  • PNR reference (if relevant at the time of application)
  • Flight ticket number (if relevant at the time of application)
  • Identifiers related to your profession
  • Relevant details of any linked family accounts.

We will also ask you to set up a username and password.

Where you are asking us to link family members to a single account, we may require their contact details from you to enable us to notify them that we are using their personal data. It is also however your responsibility to notify your family members that you are providing us with their personal data, and to ensure that each family member understands how we will use their personal information. We will assume that you have done this. We may, on occasion, require you to obtain their consent to use their details in accordance with this privacy statement.

Our website is not directed towards children however, if you are creating an Etihad Guest membership for an individual who is younger than 16 years old, you are giving us your consent as the legal parent or guardian to collect, use and process the information of that individual in a manner that is consistent with this privacy statement. You can always manage your personal information and contact preferences you have provided to us via the Etihad Website. If you need any additional information, please use the contact information provided in this privacy statement to contact us.

When you earn or redeem miles

If you make a qualifying purchase with Etihad or one of our other carefully chosen network of “Partners” (such as international and local travel organisations, financial services companies, and leisure and lifestyle partners), or otherwise quote your membership of the Etihad Guest programme, our partners will share information with us about your purchase activity so we can credit it to your Etihad Guest account. We do this to ensure that you are awarded appropriate miles, to help the partner validate any benefits you are claiming, as well as other service delivery and marketing purposes. If you have an Etihad co-branded credit card, debit card or another financial product, we will also collect and process transactional and activity data associated with such products.

Together with our partners, we offer you the chance to redeem your miles through our Reward Shop. Where you choose to redeem miles in this way, we may ask you for additional information to receive the benefit. In many cases, we will transfer you to the partner to complete the relevant transaction. In most of these scenarios, these partners will process your personal data as independent and separate controllers. For example, if you choose to redeem miles for a holiday offered by Etihad Holidays, once you have claimed the miles on the Reward Shop, we will put you in touch with Etihad Holidays who will then make arrangements to complete the holiday booking. You can obtain information about how these partners collect, process and transfer your personal data on their respective privacy policy and terms and conditions.

If you have queries about how our partners collect, process and transfer your personal data you can make enquiries directly with those partners.

Advance Passenger Information

On some routes we are required to pass details of the itinerary and booking details in our Passenger Name Record system to border control, customs and law enforcement officers at ports of entry / exit on your itinerary. We will share this information with relevant authorities as required and permitted by local and applicable laws.

If you are in, or flying to/from France, please note that in accordance with Article L 237 -7 of French Internal Security Code, air carriers may transmit reservation data collected from their passengers (PNR) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014 modified by decree 2018/714 dated August 3rd 2018..

Events and promotions

From time to time, we hold events and special promotions to introduce Etihad to new customers. If you come to one of these events, or take part in a promotion, we may ask for your personal details to help us run the promotion and keep in touch with you about our services and any special offers that we think may be of interest. Any information which you provide will be used in accordance with the terms of this privacy statement and you can unsubscribe from further promotional communications from us at any time.

Other sources of information

We may invite you to provide us with additional information about your travel preferences, next of kin, dietary requirements, personal interests. You don't need to provide this information to open an account, but it helps us to provide a more personalized service and makes it quicker to process travel bookings and mileage redemptions.

We may also collect personal information from various sources, including your travels, purchases, and interests, to offer relevant services and promotions. We may automatically gather data from your devices, such as real-time geo-location, to enhance our services and offers. We also gather data from your interactions on our social media channels. To provide the most relevant offers and information, we may collaborate with third-party agencies, partners, and group companies.

Legal bases used

We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:

  • where we need to use your personal information to perform a contract or take steps to enter into a contract with you, for example to take payment for and manage the terms of any travel booking you have with us, or complete your travel arrangements, if you are a passenger on a flight booking;
  • our legitimate interests as a commercial organisation, for example we may record calls to our customer service centre so that we can review our call handling processes and ensure we provide a continuously high standard of customer service; we may use customer contact information to keep our customers informed about flight changes and other important service messages; we may also let you know about our new routes and special offers that may be of interest to you - in these cases we will respect your privacy rights and ensure you may object to processing as explained in the “Your Rights” section below;
  • where we need to use your personal information to comply with a relevant legal or regulatory obligation that we have, for example in some countries we are required to share Advance Passenger Details with law enforcement officials in destination airports before departure, as described in the "Advance Passenger Information" section; and
  • where we have your consent to using your personal information for a particular activity, for example to share special offers from ourselves and our partners that we consider may be of interest to you.

Where we process sensitive information, we will ensure that we have a lawful basis for doing so and will consider any applicable conditions and safeguards necessary to protect your privacy. This includes obtaining your explicit consent, where required, implementing appropriate security measures, and adhering to relevant legal and regulatory requirements.

Purposes of processing

To help you understand the legal grounds on which we process your data, please see the table below that sets out the legal bases upon which we process your personal information in certain circumstances. There may be one or more legal bases applicable to the activities listed. These may be amended and updated from time to time.

No

Purpose

Categories of personal data

Legal bases

1                  

To managing your flight details and operate your journey.

Name, Date of birth, Address, Contact information (such as phone number and e-mail address) for the lead passenger, Next of kin details, Passenger Name Record number (PNR number), Flight ticket number, Gender, Passport details, Any meal preferences, Frequent flyer programme membership information such as your username and password (if applicable), Payment details (such as credit card information)

Special category data: health data (such as whether you use a wheelchair or require an oxygen tank, or certain health behaviours such as whether you are a smoker), nationality, race, ethnic origin and religion data.

To perform our contract with you.

2                  

To provide you with customer support.

Name, Date of birth, Address, Contact information (such as phone number and e-mail address), Next of kin, Your photograph, Passport details, Payment details (such as credit card information), Bank account details, Frequent flyer programme membership information, PNR number, Flight ticket number, Identifiers related to your profession

Special category data: health data (such as whether you use a wheelchair or require an oxygen tank, or certain health behaviours such as whether you are a smoker), nationality, race, ethnicity and religion data.

Legitimate interests.

It is in our legitimate interests to ensure that our business runs smoothly and that we provide you with timely customer support, without undue delay and complication.

3                  

To manage additional services we may provide to you.

Name, Date of birth, Address, Contact information (such as phone number and e-mail address), Next of kin, Your photograph, Passport details, Payment details (such as credit card information), Bank account details, Frequent flyer programme membership information, PNR number, Flight ticket number, Identifiers related to your profession

Special category data: health data (such as whether you use a wheelchair or require an oxygen tank, or certain health behaviours such as whether you are a smoker), nationality, race, ethnicity and religion data.

To perform our contract with you.

4                  

To communicate with you in relation to your account.

We will send you operational communication in order to update you with key changes and updates to your account. The correspondence may include changes such as: Password change; Email change; Postal address change; Claim submission; Claim acceptance; Family membership; Redemption and Tier upgrade.

Name, Date of birth, Contact details (such as your postal address, email address and phone number), Passport details, Etihad Guest number (if you already have one), PNR reference (if relevant at the time of application), Flight ticket number (if relevant at the time of application), Identifiers related to your profession, Relevant details of any linked family accounts.

To perform our contract with you.

Legitimate interest.

It is in our legitimate interest to ensure that our business runs smoothly and that we provide customers with important functionality and timely updates in relation to their account.

5                  

To manage flight disruptions.

In order to ensure that we book you into suitable hotel accommodation and transport you there where there is a flight disruption, we will need to process personal information about you.

Name, Address, Date of birth, Contact details, Next of kin, Passport details, Credit card details, Frequent flyer number, PNR number, flight ticket number, Identifiers for professionals.

To perform our contract with you.

To comply with a legal obligation.

 

6                  

Guest transport.

Where you utilize our chauffeur service, we will need to process personal information about you in order to ensure that your guest transport is booked properly.

Name, Address, Date of birth, Contact details, Next of kin, Passport details, Credit card details, Frequent flyer number, PNR number, Flight ticket number, Identifiers for professionals, GPS tracking information.

Special category data: health care information.

To perform our contract with you.

7                  

To communicate with you in relation to your flight.

In order to communicate with you to provide updates regarding your flight, for example, if there are likely to be delays to your flight we will need to process personal information about you.

Name, Address, Date of birth, Credit card number, Frequent flyer number, PNR number, Flight  ticket number, Passport details and Contact details.

To perform our contract with you.

8                  

To provide medical services to you in cases of emergency.

In the event that you require emergency medical attention and services we will need to process personal information about you.

Name, Date of birth, Address, Contact details, Next of kin, Passport details, PNR number, Flight Ticket number, Identifiers for professionals.

Special category data: religion, race, ethnicity and health data.

To protect your vital interests.

9                  

To provide responsive services to you in cases of emergency

In the event that there is an emergency and we need to locate family members and next of kin, we will need to process personal information about you.

Name, Date of birth, Address, Contact details, Next of kin, Passport details, Social security number, Credit card details, Frequent flyer details, PNR number, Flight ticket number, Identifiers for professionals

 

Special category data: religion, race or ethnicity and health data, biometric information, medical identifiers, sensitive information about family members, criminal convictions.

To protect your vital interests.

10               

To communicate with your next of kin in cases of emergency.

In order to communicate with your next of kin in cases of emergency we will need to process personal information about you and your next of kin.

Next of kin including names, addresses and contact details.

To protect your vital interests.

 

11               

To communicate with you on new offers and services from Etihad or other affiliates.

In order to communicate with you regarding new offers and services from either us or our affiliates, such as new routes we will need to process personal information about you.

Name, Address, Contact details, Date of birth, Frequent flyer details, PNR number, Flight ticket number, Identifiers for professionals and Passport details.

Consent.

Legitimate interests.

It is in our legitimate interests to develop our relationship with you by promoting offers and services from third parties in certain circumstances, based upon our understanding of your preferences.

12               

To communicate with you on new offers and services from third parties.

In order to communicate with you regarding new offers and services from third parties we will need to process personal information about you.

Name, Date of birth, Address, Contact details, Frequent flyer details, Identifiers for professionals, and Passport details.

Legitimate interests.

It is in our legitimate interests to promote offers and services from third parties in certain circumstances, based upon our understanding of your preferences.

 

13               

To engage in surveys with you.

In order to obtain feedback from you via surveys in relation to our services and other matters related to our business we will need to process personal information.

Name, Address, Date of birth, Contact details, Next of kin, Bank account details, Frequent flyer details, Flight ticket number, Identifiers for professionals, Passport details, and PNR number.

Legitimate Interests.

It is in our legitimate interests to engage in surveys with you in order to ascertain certain information for the purposes of how we conduct our business.

14               

To offer opportunities to you to enter into competitions or prize draws.

In order to enter you into the competitions or prize draws and award the prizes we will need to process personal information.

Name, Address, Contact details, Frequent flyer details, Passport details and PNR number.

Legitimate Interests.

It is in our legitimate interests to promote our business by engaging with consumers through competitions or prize draws.

15               

To manage our frequent flyer program.

In order to enter you in to the frequent flyer program we will need to process personal information.

Name, Address, Contact details, Employee ID (if relevant), Passport details, Credit card number, Frequent flyer details (Etihad Guest number), PNR number, Flight ticket number, any identifiers relating to your profession (if relevant).

To enter into a contract with you for the frequent flyer program.

16               

To handle complaints made by you.

In order to handle complaints made by you, we will need to process your personal information.

Name, Date of birth, Address, Contact details, Bank account details, Passport details, Frequent flyer details, PNR number and Flight ticket number.

Special categories of data: data concerning health where relevant to your complaint.

To perform our contract with you.

Legitimate Interests.

It is in our legitimate interests to ensure that we handle your complaints in an efficient manner, without undue delay and complication.

 

17               

To comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon legitimate requests.

In order to comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon request we will need to process your personal information.

Advance Passenger Information including: Name, Date of birth, Address, Passport details, Frequent flyer details.

To comply with a legal obligation.

 

18               

To comply with a legitimate request by a law enforcement or similar bodies to share information with them.

In order for us to comply with a request by law enforcement or similar bodies to share information with them we may need to process your personal information.

Name, Date of birth, Address, Passport details, Frequent flyer details.

To comply with a legal obligation.

Legitimate Interests

It is in our legitimate interests to be able to share information with law enforcement or similar bodies from time to time, subject to their legitimate requests. We will need to be able to process this information in order for us to comply with legitimate requests, including in cases where we determine that we are not compelled to by applicable laws.

19               

In the case that you start a legal claim against us and we need to defend that legal claim.

In order for us to defend the claim brought by you or a third party, we may need to process your personal information.

Name, Address, Date of birth, Passport details and frequent flyer details.

Special categories of data: racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.

Legitimate Interests

It is in our legitimate interests to be able to commence or defend legal claims as and when we consider it necessary for the protection of our business. We will need to be able to process this information in order for us to instruct our legal counsel and fully defend ourselves against the claim you may bring.

20               

In the case that we start a legal claim against you.

In the event that Etihad wishes to commence a claim against you we may need to process your personal information.

Name, Address, Date of birth, Passport details and Frequent flyer details.

Special categories of data: racial or ethnic origin, political, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning your sex life or sexual orientation.

Legitimate Interests

It is in our legitimate interests to be able to commence or defend legal claims as and when we consider it necessary for the protection of our business. We will need to be able to process this information in order for us to instruct our legal counsel and fully defend ourselves against the claim you may bring.

21               

To allow our partners to access and use Etihad Hub.

For our partners to access and use Etihad Hub, we collect and process personal information.

Name and email address.

Legitimate Interests

It is in our legitimate interest to provide you with access to Etihad Hub which may be necessary for contractual obligations for Travel Agencies.

22               

To ensure the protection of public health and safety.

In order to safeguard the health and wellbeing of passengers and staff, we may process special categories of data to ensure your fitness to fly. Information which reveals health may be gathered from declarations, assessments and/or temperature screening activities at the airport.

Name, Date of birth and Passport details.

To perform our contract with you. We process your personal data in accordance with our Conditions of Carriage.

23               

To comply with a legal obligation.

We may process your personal data to meet border control requirements set by your destination country.

Passport and visa information, and health data.

To perform our contract with you.

To comply with a legal obligation.

 

24               

To enable Etihad staff and the staff of authorised partner companies to access concessionary travel benefits.

We may process your personal data to enable us to book you, family and friends, on Etihad and/or partner airline services using exclusive concessionary offers.

Name, Date of birth, Passport number, Nationality, Contact details, and Credit card number.

Legitimate Interests

It is in our legitimate interest to provide you with access to the staff travel portal to book approved concessionary tickets.

25               

To enable Etihad to conduct background checks on suppliers and business partners.

If you are a vendor or business partner of ours, we may process your personal data to complete background checks on you and your company to meet our obligations to comply with relevant UAE and international sanctions requirements.

Name, Work email address, and Passport information.

Legitimate Interests

It is in our legitimate interests to carry out background checks on all suppliers and business partners to ensure compliance with relevant laws when dealing with them.

 

26               

To use our optional service to automatically enter data during check in process.

We need to collect your documents in order to provide you with the service that will allow us to automatically collect data from your documents necessary for your travel.

Name, Nationality, Passport number and Place of birth

Consent

 

We work closely with a number of trusted partners with whom we need to share information to help us provide our services:

  • our group or affiliate companies around the world, including other Etihad brands such as Etihad Cargo, Etihad Holidays and Etihad Guest – please check the table below for a list of Etihad affiliates:

COUNTRY

OPERATING AFFILIATE ENTITY NAME & ADDRESS

UNITED ARAB EMIRATES

Etihad Aviation Group P.J.S.C.

New Airport Road Khalifa City 'A', PO Box 35566 Abu Dhabi

UNITED ARAB EMIRATES

Etihad Airways P.J.S.C.

New Airport Road
Khalifa City 'A',
PO Box 35566
Abu Dhabi

UNITED ARAB EMIRATES

Etihad Guest LLC

New Airport Road
Khalifa City 'A',
PO Box 35566
Abu Dhabi

UNITED ARAB EMIRATES

Global Business Service Solutions LLC

New Airport Road
Khalifa City A.
PO Box 35566
Abu Dhabi, UAE.

 

  • partner airlines where you are travelling on a booking which involves a codeshare. Further information about our partner airlines at https://www.etihad.com/en/plan/fly-etihad/codeshare-partners;
  • frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your membership of Etihad Guest;
  • banks and payment providers, to authorise and complete payments;
  • other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back-office systems, or third party booking agents;
  • with customs and / or immigration departments or other regulatory authorities or government entities, to comply with legal obligations and ensure the safety of all our passengers and customers; and
  • with government organizations (e.g. tax authorities) and international organizations (e.g. IATA), to comply with applicable laws and regulations.
  • law enforcement authorities and other government agencies, due to applicable legal obligations or when it is in our legitimate interest to do so. You can find more information about when we do this in the above section.

If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose or transfer information to a potential or actual third-party purchaser of our business or assets.

Direct marketing

We may use personal information to keep you informed about our products and services or those of our preferred partners, in line with your personal preferences. We may do so based on your preferences, which may be inferred from your interaction with us on Etihad Websites or based on your permission, where required.

We will usually send these marketing messages by email but we may choose to contact you in other ways, for example, by phone, post, SMS and/or other electronic means, if that is more appropriate. You can ask us to stop sending you marketing material at any time by contacting us or by clicking on the "unsubscribe" link that will be available at the bottom of our marketing emails.

Managing your marketing preferences

To protect privacy rights and to ensure you have control over how we manage marketing with you:

  • We will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
  • You can also click the "unsubscribe" link that you will find on any online newsletters which you receive.
  • You can change the way your browser or device manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained below. We recommend you routinely review the privacy statements and preference settings that are available to you on any social media platforms.

More about profiling and analytics

We may use some of the information you provide to us in order to perform profiling and analytics with the data. We will do this either with your consent or where it is in our legitimate interests.

One of the methods by which we do this is by installing and using cookies on your browser or device. You can learn more about how to adjust settings relating to cookies on your browser and device, and about our Cookie Policy in the section titled Cookies , below.

Some of the legitimate purposes we profile and analyse data include:

  • to allow us to enhance our provision of services to you;
  • to provide you with tailored content online and optimise your experience of our websites;
  • to offer personalised products when you fly with us or use our other services;
  • to obtain a better understanding of our customers, what you would like to see from us, and how we can improve our services for you;
  • to share advertising material, we believe may be of interest to you, including from our third party partners;
  • to help us operate our services more efficiently, including to ensure that our most loyal customers obtain the best services.

If you are a data subject with rights under the GDPR then we will take steps to ensure that prior to profiling your information for a legitimate interest that interest is not overridden by your own interests or fundamental rights and freedoms. 

We operate our business on a global basis. The countries to which we commonly disclose your personal information include the United Arab Emirates (UAE), where we have our head offices, the United States of America (USA), United Kingdom (UK) and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.

We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:

  • we ensure transfers within the Etihad Group will be covered by an agreement entered into by members of Etihad Group (called an intra-group agreement) which contractually obliges each member of the Etihad Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within Etihad Group;
  • where we transfer your personal information outside Etihad or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances include the EU Standard Contractual Clauses, with the UK Addendum, where applicable, or well recognized certification schemes like the "EU - US Data Privacy Framework" with the UK Extension for the protection of personal information transferred from within the European Union (EU) and the UK to the USA; or
  • where we receive requests for information from government entities, international organisations or regulators, we carefully validate these requests to ensure that it is legally appropriate to share the requested personal information.

You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.

How we protect your information

We invest an appropriate level of resources to protect the security and confidentiality of personal information.

We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception.

We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access to that information.

We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.

Storing your personal information

We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this privacy statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.

Should you require information about how we retain particular information you can contact us.

Our policy on "cookies"

A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make Etihad Websites more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.

A cookie will be deployed on your device when you visit Etihad Websites unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings. For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy

You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.

Subject to the terms of this Privacy Statement we guarantee that you have the following key rights wherever you are:

To access your personal information. We will tell you what personal information we hold about you and can provide you with a copy of this.

To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify.

To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law.

If you are resident in the European Union, the UK or otherwise benefit from rights as a data subject under the General Data Protection Regulation (GDPR), you will have certain additional rights in relation to our handling of your personal information.

  • To erase personal information.
  • To restrict the processing of your personal information.
  • To transfer your personal information to a third party.
  • To object to the processing of personal information where we are relying on a legitimate interest as the legal basis for that particular use of your data.
  • To object to how we use your personal information for direct marketing purposes.
  • To obtain a copy of personal information safeguards used for transfers outside your jurisdiction.
  • To withdraw consent at any time where we are relying on consent to process your personal data.
  • To lodge a complaint with your local supervisory authority if you are in the EU, or The Information Commissioner’s Office if you are in the UK, if you have concerns about how we are processing your personal information.
  • We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
  • We may carry out certain activities that may constitute automated decision-making to enhance our services and ensure a seamless travel experience. You can ask us to review a decision at any time by getting in touch with us using the contact details below.

You may have other rights depending upon the country you are in, for example, you may have rights to lodge a complaint to a local privacy authority.

If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.

You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.

We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

The primary point of contact for all issues arising from this privacy statement, is the Etihad Data Protection Officer. The Data Protection Officer can be contacted in the following ways:

Please email us at dataprivacy@etihad.ae or write to the Data Protection Officer, Etihad Airways PJSC, PO Box 35566, Abu Dhabi, United Arab Emirates.

You can use this Webform to raise your data subject rights requests.

If you have any questions, concerns or complaints regarding our compliance with this privacy statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.

Our Representative in the EU and the UK

Etihad is represented in the EU by its French office and in the UK by its London office. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our respective offices:

EU:

 

For the Attention of the General Manager Southern Europe

Etihad Airways PJSC

18 rue Trezel, 92300

Levallois-Perret

France

United Kingdom:

For the Attention of the Etihad Airways PJSC Data Protection Officer,
Etihad Airways PJSC

3 Shortlands, Huddle

Hammersmith, W6 8DA

London

This section applies to individuals visiting our website or using our services from the Republic of Korea. Where this section contradicts the provisions in the previous sections, the provisions in this section shall prevail.

Destruction of Unneeded Personal information

When destroying personal information, Etihad will take commercially reasonable and technically possible measures to make the personal information irrecoverable or irreproducible as follows:

(a) Personal information contained in electronic files will permanently be deleted using a technical method which makes the information irrecoverable; and

(b)Any other records, print-outs, documents or any other recording media will be shredded or incinerated.

In the event that the processing/retention period has expired, but personal information is required to be retained continuously, the relevant personal information and personal information files will be stored/maintained separately from other personal information to the extent technically possible.

You can find more information about our retention periods here.

Your Rights and Remedies for Infringements on Rights

You may exercise rights to access, correct, delete or suspend processing of your personal information at any time. Should you wish to exercise your rights, please use our Webform, and we will take appropriate measures without delay. You may exercise your rights through an agent, such as a legal representative or a person authorized by you.

Request for access to and suspension of processing of personal information may limit the information principal's right under applicable laws and regulations, and request for correction and deletion of personal information may not be made if the personal information is specified to be collected by other laws and regulations.

Etihad has an obligation to confirm whether the person who made the request for access, correction, deletion and suspension of processing of personal information is the individual themselves or a person with an appropriate authorization.

You have the right to request a resolution of a dispute, consult with authorities and agencies and seek remedy. Their contact details are:

Personal Information Infringement Report Centre - https://privacy.kisa.or.kr/main.do

Supreme Prosecutor’s Office - https://www.spo.go.kr/site/spo/main.do

Electronic Cybercrime Report & Management System - https://ecrm.police.go.kr/minwon/main

Collection of Sensitive Information

As explained in our statement, we collect different categories of personal information. Some of the personal information we collect may constitute sensitive personal information as it may suggest your medical, health information or religious information. When we process some of the information described in this paragraph we rely on consent – to provide you with a special request such as a wheelchair or a religious meal) while in other cases we rely on laws and regulations – when we ask for a proof of vaccination, test results (such as PCR) and similar. Please note that in the latter case, we rely on rules and regulations contained in IATA TIMATIC system. IATA TIMATIC system is used as the industry standard for airlines whenever they need to decide whether passengers meet specific country entry requirements, including whether they possess all required health documentation

Please note that if you require medical assistance, you will have to go through Etihad’s medical clearance process. In such case, you will provide your consent to processing of sensitive personal information through that process.

If you contact us with a service request, complaint or feedback we may ask you to provide us with certain sensitive information for which we have obtained your consent already, we might ask you for a separate consent or where it is necessary for us to comply with laws and regulations (as explained earlier we rely on IATA TIMATIC for this purpose). Please note that we do not encourage individuals to provide us with sensitive information unless requested by us.

How we Share Your Personal Information With Others?

We may seek your consent to provide personal information to third parties. You can view the list of such third parties here. Also, where we share your sensitive information with third parties, we may seek your consent. You can view the list of third parties we share sensitive information with here. We may delegate processing or storing of personal information (including sensitive information) to third parties. The list of such third parties can be found here

The California Consumer Privacy Act (“CCPA”), the Virginia Consumer Data Protection Act (“CDPA”), and Colorado Privacy Act (“CPA”) each provide residents of California, Virginia, and Colorado with the following rights related to their personal information:

  • Right to Know: The right to request that we disclose certain information about our collection and use of personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such data is collected, the purpose for collecting such data, the categories of third parties with whom we share such data, and information about our sale or disclosure for business purposes of your personal information to third parties. Much of this information is provided above in this Privacy Statement.
  • Right to Delete: The right to request that we delete any of the personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
  • Right to Opt-Out of Sale: To the extent we “sell” any personal information, you have the right to opt-out of the sale of your personal information to third parties. Note, we do not sell the personal information of anyone under the age of 16 without affirmative authorization. You may contact us using the details in the Contact Us section above to opt-out. Additionally, Virginia and Colorado residents have the right to further opt-out of use of personal information for targeted advertising and(or) profiling.
  • Right to Data Portability: You can ask us to provide your personal information to you in a structured, commonly used, machine readable format, or you can ask to have it transferred directly to another data controller. Once we receive and confirm your verifiable consumer request to transfer your data, we will respond within the time provided under the law.
  • Right to Non-Discrimination: The right to not be discriminated against for exercising any of these rights.
  • Right to Correct: The right to request that we correct any of the personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will correct (and direct our service providers to correct) your personal information as requested in our records, unless an exception applies.

If you would like to exercise one or more of the above rights, please contact us by using the details in the Contact Us section above. We may need you to provide additional information to verify your request, such as providing certain data elements so that we can confirm they match the personal information already maintained by us. We will not use this additional information for anything other than handling your request. You may designate an authorized agent to make a request in certain circumstances on your behalf. Such authorized agent may be required to be registered with the appropriate state office. We will endeavor to respond to all such requests the time allowed under the laws or other applicable regulations, although there may be a brief delay in processing a request while we verify that the request is valid and originates from you as opposed to an unauthorized third party. If we require more time, we will inform you of the reason and extension period in writing.

Where applicable, California Civil Code Section 1798.83 permits users of the websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request please contact us using the details in the Contact Us section above.