Data protection & Privacy notice
1. General provisions
The protection of your personal data is of particular importance for Brussels Airlines.
This privacy notice applies to the personal data that we process about you as a natural person. Below you will find information about what happens to the personal data we collect, why we do it, how long we keep it, what your privacy rights are and how you can exercise them.
Brussels Airlines NV / SA with registered office at 1050 Brussels (Belgium), Jaargetijdenlaan 100-102/B30 Av. des Saisons, RPR/RPM Brussels (company number 0445692234) is the ‘controller’ for the processing of your personal data.
If you have any questions about this privacy notice or privacy at Brussels Airlines, you can contact our Data Protection Officer via this form or via mail:
BRUSSELS AIRLINES
DATA PROTECTION OFFICER
AIRPORT BLD 26, GENERAL AVIATION – RINGBAAN
1831 MACHELEN
BELGIUM
The main establishment in the UK for purposes of compliance with the Applicable Data Protection Laws is World Business Centre 1, Newall Road, London Heathrow Airport, Hounslow, Middlesex, TW6 2FA, England.
We regularly review our privacy notice and we will update it as necessary. The latest version is always available via our websites, with the date of publication clearly denoted.
2. Your rights
You can exercise the following rights by contacting us, either by sending us a letter (see address above in the section 1.2 “Contact us”) or via a Data Subject Access Request.
When submitting the data subject right request, we ask you to provide us with some additional information (including your names, PNR of flown flights, copy of your ID card and/or samples of communications that you complaint about, etc.) so that we can validate your identity in order to avoid unlawful processing of relevant personal data on behalf of an illegitimate person. In the context of this validation, we process the received data for the purpose of a data subject right request management and keep it for as long as it serves its purpose.
When submitting a data subject right request, you can exercise the following rights within the conditions laid down in the applicable legislation:
You have the right to obtain from us confirmation as to whether or not we process your personal data, and where that is the case, you have the right to obtain a free copy of the processed data. We will also provide you information including the following details:
- The purposes of processing
- The categories of personal data that are processed
- The persons or the categories of persons to whom your personal data have been or will be disclosed
- For how long your personal data will be stored
- The existence of your privacy rights, as explained further below
- All available information we have about the origin of the data if they were not collected from you
- The existence of automated decision making
We can request a reasonable fee to cover our administrative costs for every additional copy that you request.
You have the right to obtain the rectification of inaccurate and/or incomplete personal data.
You have the right to erasure of your personal data if one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or processed
- You withdraw your prior consent for the processing and there is no other legal basis that we can rely on for (further) processing
- You have objected to the processing for direct marketing
- You have objected to the processing which is based on our legitimate interest and there are no more serious, justified grounds for our (further) processing.
We are not obliged to comply with your request for erasure when the processing is necessary for the establishment, exercise or defense of legal claims.
You have the right to obtain restriction of the processing:
- If you contest the accuracy of your personal data, we can restrict the contested processing for the period that we need to verify the accuracy of your personal data
- If we no longer need your personal data, but you require them for the establishment, exercise or defense of legal claims
- If you have objected to the processing based on our legitimate interests, we can restrict the objected processing for the period that we need to verify whether your legitimate grounds are valid.
You have the right to seek the portability of your personal data processed by automated means, which you have communicated to us. This is only possible if the processing is based on your consent or contract performance. In all other cases you cannot exercise this right (for example when the processing of your data is performed on the basis of a legal obligation).
You have the right to object to any processing based on our legitimate interest. However, we will continue the processing of your personal data if we can show that we have stronger legitimate grounds.
You have the right to object to any processing for direct marketing.
You have the right to withdraw your consent for the processing of personal data, to the extent that the processing of your personal data was initially based upon your consent.
You also have the right to lodge a complaint with the supervisory authority in the European member state of your habitual residence, place of work or of the alleged infringement of applicable data protection legislation:
In Belgium, the supervisory authority is:
Autorité de protection des données
Gegevensbeschermingsautoriteit
Rue de la presse 35, 1000 Brussels
contact@apd-gba.be
www.dataprotectionauthority.be
3. Processing of personal data
The purposes for which we process your personal data depend on how you enter into contact with us:
A. When you visit our website
B. When you contact us
C. When you purchase our products or services
D. When you book with Brussels Airlines
E. When you pay for your purchase
F. When you provide feedback
G. When you visit us
A. When you visit our website
We process information about your device and about your use of our website, for the purposes of:
- Ensuring information security (e.g. to ward off cyber-attacks, to monitor performance)
- Managing our website (e.g. to enable you to access the website from your device and to remember your choices)
- Developing a better understanding of your needs, continuous improvement of our website and application
- Analyzing how you make use of our websites and application, and creating statistics
- Showing you more relevant information and advertisements on our websites and application
- Enabling interaction with social media channels.
Our website uses cookies and similar technologies (hereinafter altogether referred to as “cookies”). Cookies are small pieces of information that a web portal leaves on your device (computer, tablet computer or smartphone) when you visit it. Personal data can be stored in the cookies.
We use several cookies for the above purposes. Some of these cookies are required for the technical functions of the website (functional cookies) and some are necessary for the services you have requested (necessary cookies), and are therefore in place by default. It is not possible to disable these cookies.
The processing of the data collected through functional and necessary cookies (e.g. cookies necessary to record your consent or authentication cookies) is based on our legitimate interest.
In case of the non-functional or not necessary cookies (falling into the categories of Analytics, Personalisation and Advertising ), the processing for the above described purposes is based upon your consent that you may provide on our website via the cookies consent and cookies preference management options.
Please refer to our notice regarding cookies for more information about this.
Please take note that in case you are a registered user of the TikTok Platform, depending and based on your content engagement on the platform, it is possible that you will be presented with our advertisements. We are not responsible for how your personal data is collected and processed on this platform, therefore we advise you to please familiarise yourself with TikTok’s privacy policy before using their services.
B. When you contact us
You can receive information, offers, surveys about travel related preferences, customer satisfaction surveys, and newsletters on the topic of travel from us, companies of the Lufthansa Group, or partner companies, via communication channels chosen by you, such as email, SMS, messenger services, and telephone.
These messages and offers can be personalized through the use of technologies that allow us to determine whether the recipients have opened the message or otherwise interacted with electronic advertising communications. Please refer to our Cookie Policies for further details.
If we ask for your consent, for example, when you subscribe to a newsletter, our legal basis for this processing is your consent (Art. 6 Para. 1 lit. a) GDPR). You can revoke your consent to the processing for this purpose at any time with future effect by following the corresponding unsubscribe link in the respective communication.
If we process your personal data for information and marketing activities without asking for your consent, we have concluded in individual cases that our legitimate interest provides a sufficient legal basis for the corresponding processing (Art. 6 Para. 1 lit. f) GDPR).
We also process your personal data to allow you to manage your booking via call centre operators and/or ticketing offices. This processing is based on the contract you are entering into with Brussels Airlines when purchasing any product or service.
By chat
We provide you with online advice on our website by means of a chat service.
Simple conversations - such as resolving straightforward questions from our FAQ, or those related to real time flight information - are powered by an artificial intelligence automated process by one of our commissioned data processors.
If you have more complex questions, the live chat function allows you to contact one of our customer service agents, to whom the content of the chat is handed over.
Sensitive information such as credit card data must therefore not be entered in the chat.
Please note that your chat inputs can be seen by the agent you are chatting with. In case of technical malfunctions and for quality improvement, these can also be accessed in real time by the service provider. If your chat input is entered in another language than English, your conversation will be translated automatically by one of our commissioned data processors.
Customer chats are deleted or anonymised by us after 30 days. This processing is based on our legitimate interest.
C. When you purchase our products or services
We process your personal data for client management, in order to provide you, or your group of co-travellers, with our products or services (e.g. flight tickets for Brussels Airlines or for our partner airlines, special services, luggage, etc. and cargo services) so that you are able to make purchases in different ways, such as online at Brussels Airlines websites, or via ticketing offices, travel or trade agencies, tour operators, call centres and/or on our mobile application. You may also visit partner websites and platforms of Brussels Airlines, such as Tomorrowland, where our products and services can be purchased, and your data are processed accordingly, in cooperation with the concerned partner.
Without your personal data it is not possible to provide you with the products or services you wish to purchase. Consequently, this processing is based on the contract you are entering into with Brussels Airlines when purchasing any product or service.
We process your personal data for passenger management, such as:
- Ground management of passengers (at the airport, during aircraft boarding, for ticket reservation, luggage management (including self-service bag drops), and the facilitation of check-in, in various forms), based upon our contractual obligation
- Flight document preparation and notification (including flight documentation on the mobile app), based upon our legal obligation
- Issuing passenger information lists (PIL) for our cabin crew, based upon the performance of the contract to which you are a party. Without your personal data we cannot perform this contract
- Administration of visas and documents for entering specific countries, based upon the performance of the contract to which you are a party. Without your personal data we cannot perform this contract
- Collection and processing of personal data for the purpose of lounge management
- Collection and processing of personal data for the purpose of “lost and found” management and the process of delivering lost baggage to passengers.
Every payment performed in connection to any of the Brussels Airlines products and/or services on our websites is managed by a responsible payment provider, which is in every case fully a controller of those data. Should you have any request related to information about the payment data involved, you will need to address the relevant payment provider directly.
D. When you book with Brussels Airlines
You have the option of creating your own profile on the website, which allows you to carry out flight bookings more easily. When you set up your profile, we ask for your personal data, such as your e-mail address, title, first and last name, date of birth, country of residence and to provide a password. In order to process bookings you have made, you can also store additional information in your profile, such as your passport details or your phone number. You can delete your profile at any time and without giving reasons. Your profile will then no longer be used or can be reactivated.
Processing your personal data is necessary to enter into the contract with Brussels Airlines as described within our General Conditions of Carriage.
If you provide us with any personal health information when booking your flights so that we can provide you with the relevant assistance in accordance with your medical needs, this data will be processed based on our legal obligation and only for the provision of those services and/or shared with third parties (e.g. airports, security checks, etc.) for the provision of those services.
Once you make a booking and/or purchase any product or service with us, you can manage it via our online platform “Manage my booking”. We process your personal data in order to provide this platform, enabling you access and edit information about your travel with us, and all related purchases.
Based on our legal obligation, if you are entitled to exercise your rights in accordance with the EU Regulation 261/2004, we will process your personal data to offer you digital vouchers for meal, accommodation and transportation in an efficient and customer centric way, via a digital solution supported by external service providers.
If you have a question regarding carrying dangerous goods, we will process your related personal data to assist with such questions based on our legal obligation.
We process your personal data for incident monitoring on flights, based upon our legal obligation.
As part of the post-sale performance of the contract, we process your personal data and send you various transactional notifications, from which you cannot unsubscribe as these are considered obligatory for your travel. These notifications may be handled and processed on our behalf by third parties, with whom we ensure secure transfer and processing of your data.
We process your personal data, after you have provided them for booking, for the purpose of providing you with information about products, services and special offers specifically relating to your purchased flight. This may include discounted lounge access, the opportunity to bid for and/or purchase a last minute travel class upgrade, and/or other extra services, etc. This processing is based upon legitimate interest and you can unsubscribe from these e-mails and/or SMS at any time. Unsubscribing will prevent you from receiving upgrade bidding e-mails for any future Brussels Airlines bookings you make.
After providing you with any of our services, we like to ask you for information about your degree of satisfaction, for example via satisfaction surveys sent by e-mail after you fly with us or via an SMS after your call with a call center, etc. For this activity we process your personal data based upon legitimate interest as we aim for continuous improvement and to provide you only the best and most suitable services and products. You can opt-out from these surveys via various channels (e.g. unsubscribe options available in each survey email and SMS).
We process your personal data for the management of claims (from flight bookings and also cargo bookings), based upon our legal obligation to comply with your right to request compensation for any legitimate purpose. It is in our interest to protect ourselves against material and immaterial damages. The provision of your personal data for this purpose is a requirement to complete your claim request and therefore it is your choice to provide such data or to object to this (see Chapter 2 “Data Privacy Rights of Customers”).
We process your personal data, based on our legitimate interest, to follow up with you with regards to overdue payments.
If you subscribe to a loyalty program, such as Miles&More, we need to process your personal data to be able to manage your accounts and update them with your travel details. You are, however, manager of your own account and therefore you can edit and/or delete it any time you deem necessary. For any direct or indirect marketing activities relating to these programs, we request your consent, and you can unsubscribe from these at any time.
We process your personal data for the direct marketing of our products and services, based upon consent that we acquire directly from you via different collection points. We believe that it is important to keep you, as our client, informed about our products and services. Once you opt-in, you may receive commercial and promotional offers and/or news via various channels, such as e-mails, SMS campaigns.
When we are sending you servicing emails (e.g. e-ticket confirmations after purchasing a ticket or rebooking, pre-departure e-mails 6 days before departure as a reminder of the booking, online check-in reminders +/- 23 hours before departure, no show notifications, refund confirmations, etc.), these are based on our contractual performance.
These e-mails incorporate technical means (pixels) to confirm the date and time when the e-mail notification was retrieved. All mails are linked to a certain booking and as such, these e-mails can be used as a source of proof in claims or credit card fraud claims linked to a specific booking. Capturing the data via pixels is based on our legitimate interest and the retention period of such logs is 10 years.
We also gather statistics around email opening and clicks using industry standard technologies including pixels to help us monitor and improve our marketing.
This processing involves compiling a profile. This profile has no effect on you, except to the extent that this processing activity might lead to the enhancement of the customer experience and the provision of personalized offers, more targeted advertisements and campaigns, which is to your advantage. The provision of your personal data for this purpose is not a requirement and you can easily opt-out from any commercial communication we send you and/or object to this processing (see Chapter 2 “Your Rights”). If you request a deletion of all your data from our database, we will delete all your personal data, except for your e-mail address and all the opt-outs you have requested. Without this data we would not be able to comply with your preferences and you would continue to receive undesired communications.
We may send you push notifications on mobile devices, once you grant such consent. These notifications may appear differently on different types of devices. These notifications can provide you with helpful information relating to your travel regarding your flight and/or situation at the airport.
We may process your personal data in case you request a promotional code, for example via an employee of Brussels Airlines. Such data are collected only for the purpose of providing you with the promotion. We can also collect and process your contact data should you make use of a promotional photo-booth when attending one of our promotional events.
E. When you pay for your purchase
We process your personal data for following up on your creditworthiness and for fraud prevention, based upon our legitimate interest – i.e. to verify that the payment method used is valid and that we will be able to collect the funds for the service provided. It is in our interest to protect ourselves against material and immaterial damages and to prevent unlawful activities and abuse of our products/services/resources. This processing may involve automated decision making and profiling with the consequence that you may not be able to complete the purchase. You can object to this processing (see Chapter 2 “Your Rights”).
We also process personal data for invoicing (and reconciling the payment with the sale) and refunding tickets and other services based on issued documents. This is based on the contract you are entering into with Brussels Airlines.
F. When you provide feedback
We may aggregate your personal data and process such aggregated data for research and development, based upon our legitimate interests (e.g. statistics and reports about sales, market analysis and research, development of products or services). Research and development can lead to the enhancement of customer experience, and the continuous improvement and innovation of our products or services, which will benefit our customers. This processing may involve compiling a profile. This profiling has no effect on you, except to the extent that this processing activity might lead to enhancement of customer experience, improvement and innovation of our products or services, which is to your advantage. The provision of your personal data for this purpose is not a requirement and you can object to this processing (see Chapter 2 “Your Rights”).
G. When you visit us
When you visit our offices, we will ask you to register yourself at the reception.
We use surveillance cameras in our buildings, targeting potential security problems. The recording of these images are only stored for the safety of goods and people and to prevent abuse, fraud and other infringements that could endanger our visitors and our employees (we indicate the presence of cameras with pictograms that include our contact details).
We process such information based on our legitimate interests.
On our websites you can find some social media features, such as follows:
- Via “share” button you can share and recommend the content of our websites. When you click on the “share” button, a new post is created with a link to the page you’re on (e.g. if you click on the “share” button on the lowest fare finder page, you share the url of the lowest fare finder page).
- The Facebook Messenger available on our online check-in platform website is to allow you to retrieve your boarding pass. If you decide to use this feature, we notify you that you are about to leave our website and we ask for your consent to pass on the concerned personal data to the social network.
If you decide to use any of the above features, we invite you to read our cookie notice and adjust your cookie settings if applicable. For further information about privacy related issues, you may read the privacy policy of the respective social network.
We promote our social media profiles and accounts in the footer of our websites for the following social media networks:
- Facebook
- YouTube
We do not pass your personal data on to third parties unless we have a valid legal basis to do so. For instance we may transfer your personal data to:
- Our affiliated businesses (Affiliates) within the Lufthansa group for the same purposes and legal grounds as we do, and as is stated in this privacy notice
- Commercial partners, such as hotel bookings, insurance services, car rentals, ground handlers, etc., acting as controllers on their own right (their processing is based on legal grounds defined by themselves)
- Companies that process personal data in our name and on our behalf for the same purposes as we do (known as ‘processors’), such as:
- Service providers in the field of transport, marketing (including market research, commercial communication, loyalty program management, e-commerce development and partnership, campaign management), customer feedback, IT maintenance and support and development, payment services and credit reference agencies, cloud and server hosting providers;
- Platforms for sending commercial communication and transactional notifications;
- Operators of live help chats and call centers;
- Government agencies and authorities (for example APIS (Advance Passenger Information System) data to be transmitted to the relevant authorities of respective flight countries; TSA (Transportation Security Administration) to exchange the data provided by you with respective law enforcement authorities, intelligence services and other organisations; Belgian health authority to provide data in response to their requests; etc.); in order to meet our legal obligations.
In accordance with Belgian law regarding the use of passenger data, we are obliged to transfer certain passenger data to the Belgian government. More information can be found here: https://crisiscenter.be/en/privacy-statement
- Airlines outside the Lufthansa Group, when there is a legitimate interest pursued by us or by a third party. We will only share your personal information with other airlines if your interests or your fundamental rights and freedoms are not preeminent and you will then always be transparently informed about this (except in case of legal exceptions).
Thus for example, the personal information of "Unruly Passengers" will be shared. The term "Unruly Passengers" means passengers who show improper, aggressive or violent behaviour towards other passengers or the crew, or damage the aircraft.
Based on the legitimate interests pursued by the Brussels Airlines and by third parties, Brussels Airlines is entitled and obliged to exchange personal data regarding its passengers within the Lufthansa Group, as well as with other airlines for the documentation, analysis and prevention of fraud cases and "unruly passenger cases", and to process them in this regard.
In addition, if you have damaged or injured other passengers, Brussels Airlines may also disclose your personal data and information relating to the damage or injury to other third parties (such as public authorities, injured persons and insurances).
Personal data in the form of a passenger list are also shared with the crew of outsourced, contracted and leased airlines.
We have a legal obligation to transmit certain personal data to specific foreign authorities for various purposes.
If you have booked a flight to a country where it is our legal obligation to transfer your passenger name record (PNR) or Advanced Passenger Information (API) data to the competent authorities for flights (e.g. Canada, USA, United Kingdom), we will do so.
We are also obliged to disclose your personal data to Belgian and foreign criminal prosecution, judicial or administrative authorities if they require the disclosure in order to prevent or prosecute crimes, misdemeanours or administrative misconduct or if they need it to fulfil their administrative duties.
Health authorities may receive passenger data for the purpose of combating a pandemic.
Data transfers to authorities are based on intergovernmental agreements or national laws. Usually, such data are required by the authorities of the country of departure and/or arrival.
Besides these aforementioned transfers, we also disclose your personal data to countries outside the European Economic Area as some of our affiliates, commercial partners or processors, who support us in delivering our products and services are established outside the EEA.
Some of these countries are recognised by the European Commission as providing an adequate level of data protection. For disclosures to other countries, we have legal safeguards in place, eg. standard contractual clauses adopted by the European Commission. We make continuous efforts to assess the underlying transfers to these third countries on a case-by-case basis to determine whether your personal data are adequately protected and where applicable, we take the appropriate organisational, contractual and technical measures to ensure your personal information is protected consistent with applicable data protection laws and regulations.
You can contact us (see Chapter 1.2 “Contact us”) in order to obtain more information about the appropriate safeguards that we have taken for these transfers.
We will retain your personal data until you ask for their deletion, object to their storage, or as long as we need them for justifiable and specified purposes related to the processing and/or if we are obliged by law to store them for the retention limitation periods set out by applicable laws and authorities (for example Belgian Commercial Code, Fiscal and taxation legislation, Anti-Money laundering Act etc.).
The retention period may therefore vary for each processing purpose. This period may be very short, e.g. data collected for the purpose of Passengers Information Lists (PIL) for our cabin crews are only kept during the respective flight; the data processed for the purpose of self-service bag drops are never retained for longer than 11 days after the flight; surveillance recordings are stored up to a maximum 30 days.
The retention period may also be longer, for example, to observe our statutory obligations (i.e. to meet our accounting and tax obligations, we are obliged to keep your invoicing data for a maximum of 7 years) or as a legal requirement to retain certain data (in particular your contract, invoices and correspondence in connection with complaints about this) as evidence in case of disputes, for up to a maximum of 10 years following termination of your contract. If your data are applicable for establishment, exercise and/or defense of legal claims, we may store the data until the statutory limitation periods have expired (usually three years, but in some cases up to thirty years). After the retention limitation period (set out either by law or the business purpose of our processing) expires, the relevant data are securely deleted or anonymized.
4. Travel ID - Data protection information
All details about the data protection information of Travel ID are listed on the following page.
Last update: August 2024