Malta MedAir is committed to respecting your privacy and protecting your personal data.
All personal data obtained by us is held and used in compliance with this Policy, with the Maltese Data Protection Act (Chapter 440 of the Laws of Malta) as amended and as applicable (“DPA”), and the GDPR. Malta MedAir. is deemed data controller for purposes of the DPA and GDPR.
When we ask you to provide certain personal data, then you can be assured that it will only be used in accordance with this Policy. This Policy applies to personal data about you that we collect, use and otherwise process in connection with your relationship with us as a client or potential client, including when you travel with us or use our other services, use our websites or mobile apps, service agents or call centres and book to use our services through third parties (such as agents and other carriers). However, we are not responsible for third parties’ use of your personal data where such use is permitted for their own purposes and you should consult their privacy policies for further information.
Your continued access to or use of any of our services or products or your purchase of any of our services or products following any change or modification to this Policy shall constitute consent to any such changes or modifications.
Please read this Policy carefully, as your access to, purchase of, or use of any our services or products constitutes your acceptance of all of the terms and practices described in this Policy, including without limitation, the collection, use, processing, and disclosure of your personal data as described in this Policy. Please do not access or use any of our services or products or purchase any of our services or products if you disagree with any part of this Policy.
What types of personal data do we collect?
We collect personal data about you, about your travel arrangements, about how you use our services and products, and about how you use our websites, call centres and mobile applications, and such personal data so collected includes without limitation:
· Your name and surname;
· Contact information including address of residence, email address, telephone number, and fax number;
· Your date of birth, nationality, and passport information when you book a flight with us;
· Personal description and photograph (including passport and other identification documents) when you book a flight with us;
· Personal tastes (e.g food and beverages) and dietary requirements;
· Medical condition (g. allergies for catering purposes, and disabilities);
· Information about your travel arrangements, such as details of your bookings, travel itinerary, details of any additional assistance you require and other information related to your travel with us.
· Information about the services we have provided to you in the past, including your previous travel arrangements, such as flights and other bookings, and related matters, such as upgrades, etc.
· Information about your use of our websites, call centres and mobile applications, including information about which pages you view;
· Information about interactions you have with us and our staff;
· information to improve our services, fulfil our administrative purposes and protect our business interests including: accounting, billing and audit, credit or other payment card verification, fraud screening(including such information as received from third party banks and other credit institutions and credit rating institutions), safety, security and legal purposes, statistical and marketing analysis, systems testing, maintenance and development; and
· Other information that may be required by us, to carry out obligations arising from any contracts entered between you and us, and/or to carry out client surveys and/or offers.
This personal data may include information that you provide to us directly or through companies or agents we work with, as well as information which we collect when you use our products or services.
When, and why, do we collect ‘sensitive personal data’?
Certain categories of personal data, such as that about race, ethnicity, religion or health, are considered “sensitive personal data” under the DPA and GDPR. Generally, we try to limit the circumstances where we process sensitive personal data. However, this can occasionally occur because:
· you have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen, or,
· you have sought clearance from us to fly with a medical condition or because you are pregnant, or,
· you have otherwise chosen to provide such information to us (or a third party such as the agent or broker through which you made your booking).
In addition, you may have made other requests in connection with making your travel arrangements that may possibly imply or suggest something about you that could be as “sensitive personal data”. For example, if you request a particular type of special meal this may imply or suggest that you hold particular religious beliefs or have a particular medical condition.
By providing any personal data that is, or could be considered to be, “sensitive personal data” you explicitly agree that we may collect, use, share with third parties and transfer outside the European Economic Area this Personal Data, as described in this Policy.
If you withdraw your consent, it may mean we will not be able to provide all or parts of the products or services you have requested from us. Please be aware that in these circumstances you will not be able to cancel or obtain a refund of any fees you have paid.
What do we use your personal data for?
We store, handle, send and generally process personal data to provide you with the best service, and in particular for the following reasons:
· We will need to use the personal data to fulfil your request and provide your flight if you choose to fly with us. This will include passing your personal data to relevant authorities such as passport control and border agencies and where appropriate relevant police and customs authorities. We may also need to contact you if we have questions regarding your request;
· To deal with the general enquiries you raise from time to time on our services;
· To ensure that you or any passenger is not the subject or target of any economic or trade sanction law or regulation or travel ban;
· For the purposes of accounting and billing, immigration and customs control, health and safety, security and legal compliance;
· To carry out obligations and/or enforce rights arising from any contracts entered between you and us;
· For internal record keeping and the general administration of your records by us;
· For security purposes to protect your personal data held and/or processed by us;
· For training our employees in respect of providing our service and products to you;
· For statistical analysis;
· To improve our products and services;· For our general marketing purposes where you have notified us that you consent to receive information about us and our services, products and offers;
· From time to time, we may also use your personal data to contact you for feedback on our services and third party supplier services so as to assist us in their improvement and development.
Without prejudice to the foregoing:
We will use your personal data to fulfil your travel arrangements and to deliver the services you have asked for. This may include processing information about travel arrangements that are not provided by us but which nevertheless form part of your overall journey, such as details of your arrangements at airports and customs and immigration formalities.
Please also be aware that in some airports where we operate, facial recognition and related biometric technology is used in order to facilitate passenger boarding.
We may use your personal data to provide services tailored to your requirements and treat you more personally, for example:
· to deliver messages and information that we think is relevant and may be of interest to you, prior to, during, and after your travel with us
· to personalise and tailor your travel experience
We may use and retain your personal data, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks), immigration and customs control, safety, security, health, administrative and legal purposes and systems testing, maintenance and development.
Who do we share your personal data with?Your personal data may be be disclosed to a third party who acquires us or substantially all of our assets.
We may also share some of your personal data with, or obtain your personal data from, the following categories of third parties:
· Airports, government authorities, law enforcement bodies and regulators when this is necessary to get you to your destination or is required by law. For example, for specific travel routes we are required by law to provide border control agencies with information that relates to your travel documents and to your travel itinerary.
· Travel agents or other companies through which you book your Malta MedAir flights
· Suppliers providing services to us in order to help us run our business and improve our services and your customer experience. We may for example share your personal data with the companies who provide ground services for us to the airports to which we operate. We may also disclose your information to our contact centre or the companies who help us get your feedback on our services.
At Malta MedAir, we select very carefully our suppliers who process your personal data on our behalf and require that they comply with high security standards for the protection of your personal data.
. Payment detailsMalta MedAir does not keep any information relating to your payment details when you purchase anything from our website or download any of our applications. This is handled entirely by a separate online payment system which we have no connection with. We currently use the services of APCO Systems Limited and more information on how they process your data can be obtained on their own website: http://www.apcopay.eu/
Malta MedAir shares some of your personal data, which includes information about your method of payment and flight booking, to the credit or debit card company that issued the card you used to make your booking. In order to ensure the security of your transactions and prevent or detect fraudulent transactions, we may also share your information with our fraud screening partner.
. Our partners who offer travel related products and services on our website, promote offers or co-organise competitions on our website
From time to time, we make certain third party offers available through our website or we publish competitions co-organised by third parties. If you choose to purchase products or services offered on our websites by third parties (for example car hire), accept offers or participate in a competition, some of your personal data, such as your contact details and your billing information, may be directly collected by or disclosed to that third party.
In addition to the parties listed above, we may disclose your personal data when this is required by the law of any jurisdiction to which Malta MedAir may be subject.
Malta MedAir and other carriers are required by laws in several countries to give border control agencies and other public authorities access to booking and travel information and other personal data (including data obtained from official photo identification documents). Therefore, any information we hold about you and your travel arrangements may be disclosed to the customs, immigration and public authorities of any country in your itinerary.
In addition, laws in several countries require Malta MedAir and other carriers to collect passport and associated information for all passengers prior to travel to or from those countries. When required, Malta MedAir will provide this information to the relevant customs and immigration authorities.
When do we collect personal data about you?
We collect personal data about you when you use our services or products (whether directly provided by us or by another company or agent), when you travel with us, and when you use our website, call centres or mobile applications. The following are examples of when we collect personal data about you:
· when you book or search for a flight or other products or services on our website or mobile applications
· when you book or search for a flight or other products or services through our other sales channels, such as through a travel agent
· when you contact our call centres or service agents or sales representatives
· when you travel with us and use airports where we operate
· if you use lounge facilities provided by us or our agents
· if you use our in-flight entertainment and communication services
· if you complete a client survey or provide us with feedback
· if you enter a competition or register for a promotion
· if you choose to interact with us via social media, such as Facebook.
In addition, we may receive personal data about you from third parties, such as:
· companies contracted by us to provide services to you
· companies involved in your travel plans, including relevant airport operators and customs and immigration authorities
· companies (e.g. car hire providers and hotels) that participate in our programmes.
In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website and app, we may use technologies, such as cookies, pixels or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.
For example, we use software to monitor customer traffic patterns and website usage to help us develop the design and layout of the website in order to enhance the experience of the visitors to our website. This software does not enable us to collect any personal data. In addition, in order to understand how our customers interact with the emails and the content that we send, we use pixels that allow us to know if the emails we send are opened or if the content of our emails is displayed in text or html form.
When will we send you marketing communications?
You may receive marketing communications from us if you have opted in to receive such material.We may use third parties to send marketing communications on our behalf. If we do ever want to allow a third party to send you direct marketing not related to Malta MedAir, we will first seek your permission before sharing your details with them.
Security, storage, and transfer
We are committed to ensuring that your personal data is secure all times. We have in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect online.
Our employees and suppliers with access to your personal data and/or who are associated with the processing of that data are contractually obliged to respect the confidentiality of your personal data. As an example, if you are a passenger on a flight operated by us you can be assured that none of our crews, will take a photo of you whilst you are on our aircraft and then upload the photo on social media, or disclose to any person the fact that you are flying on our aircraft, or disclose any of your confidential information that they may become privy to during your flight (in each case, unless disclosure is required for any reason set out in this Policy).
Your personal data will be stored on and processed by our systems and may also be stored on and processed by systems of a third party data processor(s) appointed by us. The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA“). It may also be processed by employees operating outside the EEA who work for us or for one of our suppliers. Such employees may be engaged in, amongst other things, the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Policy, the DPA and GDPR (as applicable), any and all applicable European Union Regulations, and any and all data protection related laws that are applicable to Malta MedAir, and we will also ensure that a written agreement is in place between us and every such company containing obligations as to data protection that are no less onerous than those set out in this Policy, the DPA and the GDPR, in order to ensure that your personal data is adequately protected.We will keep your personal data for as long as we need it for the purpose it is being processed for. For example, where you book a flight with us we will keep the information related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you. We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.
Transmission of information over the internet
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Services; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Links to third party websites
Our websites, online services and mobile applications may, from time to time, contain links to and from websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites and any services that may be accessible through them have their own privacy policies and that we do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. You are advised to please check these policies before submitting any personal data to these websites or using these services.
We may monitor or record telephone conversations to enhance your security and ours, to enable us to handle complaints efficiently, improve our client service and for staff training purposes. If your telephone conversation with us will be recorded then you will receive a message to this effect prior to the start of your conversation with us.
Providing information about someone else
If you are providing personal data to us about someone else you confirm that they have appointed you to act for them, to consent to the processing of their personal data, and that you have informed them of our identity, of this Policy, and of the purposes (as set out in this Policy) for which their personal data will be processed.
How to access, review, transfer and delete your personal data
We will make your personal data available to you for review pursuant to a simple request from you. If you tell us that the personal data which we hold about you is incorrect or is used inappropriately, we will correct, update or delete such personal data as appropriate. You also have other rights such as the right to request from us erasure of personal data or portability of personal data or restriction of processing or to object to processing.
Complaint, applicable law and Jurisdiction
Any dispute arising from or related to the acceptance, interpretation or observance of this Policy shall be submitted to the exclusive jurisdiction of the competent Court of Malta which shall apply the laws of Malta; provided however, that:
1. any dispute concerning Malta MedAir shall be submitted to the exclusive jurisdiction of the competent Court of Malta which shall apply the laws of Malta.; and,
2. if this Policy is incorporated by reference into a contract having its own choice of law and jurisdiction, then any dispute arising from or related to the acceptance, interpretation or observance of this Policy shall be submitted to the jurisdiction, and shall be subject to the governing law, of that contract.
You also have the right to lodge a complaint with a supervisory authority.
Further details about your rights can be accessed on the Malta Office of the Information and Data Protection Commissioner website at: https://idpc.gov.mt
and on the European Commission’s website at: http://ec.europa.eu/justice/data-rotection/individuals/rights/index_en.htm