Comair is committed to respecting your privacy and protecting your personal information.
Controller of / Responsible Party for Personal Information:
If you have made a flight booking with us but one or more flights are to be provided by other airline(s), then that other airline will also separately be considered a “controller” or “responsible party” under European Union and South African data protection law, respectively. You can access the privacy policies of the other airlines from them directly.
Any provider of products or services, such as a hotel or car rental company, will also separately be a “controller” or “responsible party”. You can access the privacy policies of those providers from them directly.
If you are a member of the British Airways Executive Club, Avios Group (AGL) Limited will also separately be a “controller” or “responsible party” of your personal information. Avios Group (AGL) Limited’s address is Astral Towers, Betts Way, Crawley RH10 9XX. The Avios Data Protection Officer can also be contacted by email addressed to email@example.com.
What do we mean by Personal Information?
Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.
When does this policy apply?
Where we reference that others are controllers or responsible parties in the sections “Controller of /Responsible party for personal information” and “Who do we share your personal information with?” you should consult their privacy policies for further information.
Additional terms and conditions or policies may apply if you elect to take additional products or services from us.
How can you keep your Personal Information Secure?
We are committed to implementing leading data security safeguards and we take great care to protect the personal information you provide to us.
We have specialised security personnel who constantly review and improve our measures to protect your personal information from unauthorised access, accidental loss, disclosure or destruction.
Here are some things you can do to keep your information secure.
Keep your booking reference confidential.
When you make a booking, you will be given a booking reference (also known as a “PNR” or “Passenger Name Record”). This will appear on the email confirmation or ticket of each person in your booking. You should always keep your booking reference confidential.
Giving your booking reference to others may allow them to access your booking details through our systems.
If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.
Keep your registered customer log-in details confidential.
To make sure your access to our websites, other online services, and mobile applications is secure, you should not share your log-in details with anyone else. When you finish using the website, online services or mobile app you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.
Be aware of and protect yourself against Internet fraud and “phishing”.
There is an Internet fraud practice known as “phishing” which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a “cloned” or illegal copy website.
We will only ask you for your bank or credit card details in the case of a refund and will never ask you for your password or PIN. Make sure you are dealing with Comair when you are asked for your bank or credit card details for refund purposes and never share your password or PIN with anyone, including us.
When do we collect Personal Information about you?
We collect personal information about you whenever you use our products and services (whether these products or services are provided by us or by other companies or agents acting on our behalf), including when you travel with us; use our Website or mobile applications; interact with us through email or our contact centres.
We may also collect information about you from other companies within our group, or third parties, if this is appropriate and allowed by law. These include fraud-prevention agencies, business directories, credit reference agencies and business partners.
For additional details see “What types of personal information do we collect and retain?” below.
In addition, we may receive personal information about you from third parties, such as:
- Companies contracted by us to provide products or services to you.
- Companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
- Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
- Companies who provide details to us under privacy polices providing for information to be shared with Comair.
What types of Personal Information do we collect and retain?
When you use our products or services, you will need to provide us with your personal details or the details of those individual(s) who will be travelling.
We collect the following categories of personal information:
- Information you provide for Comair to complete and manage a booking you have made with us or a service you have requested from us, such as your name, date of birth, home language, address, account information and email address.
- Information collected during your travels with us.
- Information about your travel arrangements.
- Information about the products or services we have provided to you in the past.
- Information about online registration and other interactions.
- Information about your use of our websites, contact centres and mobile applications.
- Information about your device and your location if you have been browsing on our website, for example your “Internet Protocol” or “IP” address (i.e. a numeric code that can act as a unique identifier for your computer or other device, which can be turned off from your device) or unique device ID.
- Your preferences for particular products, services or lifestyle activities when you tell us what they are – or when we assume what they are, depending on how you use our products and services.
- Your contact with us – such as a note or recording of a call you make to one of our contact centres, an email or letter you send to us or other records of any contact you have with us.
When and why do we collect “Special Personal Information”?
Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and South African data protection law and are referred to here as “special personal information”. Generally, we try to limit the circumstances where we collect and process special personal information.
Examples of where we may collect and process special personal information includes the following:
- Where you have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
- Where you have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
- Where you have otherwise chosen to provide such information to us or it has been passed onto us by a third party, such as the travel agent through which you made your booking.
- Biometric information (for example, facial and voice recognition) may be collected during the security clearance process prior to, and after, flying with us.
In addition, you may have requested products or services (such as a meal) which is not special personal information data, but may imply or suggest your religion, health or other information.
What do we use your Personal Information for?
The main purposes for which we use your personal information are:
- To fulfil your travel arrangements and deliver the products or services you have asked for.
- To manage the boarding process and to facilitate flight connections at the airport.
- To send status updates and service communications to you.
- To keep track of you in advance of your flight and at the airport.
- To help keep you safe when you fly with us and to meet certain legal and regulatory requirements which apply to Comair.
- To provide products or services tailored to your requirements and to treat you in a more personal way.
- To carry out analysis and market research.
- To, subject to applicable law, carry out marketing including targeted online advertising and keep you informed of Comair’s products and services.
- To send you status updates and service communications.
- To improve our websites, products and services.
- For management and administrative purposes.
- For internal business & operational purposes.
- To respond to any questions or concerns you may have about our products or services.
- To carry out research and statistical analysis including to monitor how customers use our products or services on an anonymous or personal basis.
- To prevent and detect fraud or other crimes, recover debts or trace those who owe us money.
- To provide aggregated reports to third parties (such reports do not contain any information which may identify you as an individual).
When will we send you Direct Marketing?
We will not use your personal information for electronic direct marketing purposes unless we are permitted to do so by law. With your consent, we may sometimes send direct marketing communications that include a business partners’ products and services related to the travel you are undertaking.
We will only allow third parties or other members of our group to send direct marketing communications to you when you have agreed to receive marketing from third parties.
We will respect your choice as to what communications you wish to receive and how these are sent.
How can you change what Direct Marketing Communications you receive, how you receive them and unsubscribe:
If you decide you would no longer like to be sent direct marketing communications, you can unsubscribe or opt out at any time. The ways to stop being sent direct marketing communications are described below:
If you are a member of one of our loyalty programmes, or if you are with a member of one of our brands, such as Kulula, mtbeds or SLOW, you can log into that account and go to your account profile page/section to unsubscribe and manage your direct marketing consent for email, sms or push notifications.
In addition, each direct marketing communication we send by email will have an unsubscribe option, which will allow you to stop you receiving further direct marketing emails. You may also stop any further text messages by replying with the word “STOP”. We aim to action requests to stop being sent direct marketing communications as soon as possible, but it is possible that you will receive some marketing in the period prior to that change being made.
If you ask us to stop sending direct marketing communications, please note we will retain your personal information for the purposes of indicating that you do not want to receive direct marketing communications.
Please note that if you tell us that you do not wish to be sent further direct marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update on its status. If you have subscribed to any of our loyalty programmes, or if you are a member of any of our brands, we will continue to keep you informed about your membership and other important service information relating to that programme or brand.
If you wish to change how we use your personal information, including exercising your right to be forgotten or have your personal information destroyed or deleted, please see section “What are your legal rights in relation to the personal information we hold about you?” and “How can you exercise your legal rights and change how we use your personal information?”.
What is our Legal basis for using your Personal Information?
Comair will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons that Comair has collected and needs to use your information. Under European Union and South African data protection laws in almost all cases the legal basis will be:
- Because we need to use your personal information so that we can process your booking, fulfil your travel arrangements and otherwise perform the contract we have with you.
- Because it is in Comair’s legitimate interests as an airline to use your personal information to operate and improve our business as an airline and travel provider.
- Because Comair needs to use your personal information to comply with a legal obligation.
- To protect the legitimate or vital interests of you or another person.
- Because you have consented to Comair using your personal information for a particular purpose.
More information on each legal basis is provided below.
If processing of your personal information is subject to any other laws, then the basis of processing your personal information may be different to that set out above and may in those circumstances be based on your consent.
How long do we keep Personal Information?
We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you book a flight with us, we will keep the information related to your booking, so we can fulfil the specific travel arrangements you have made. After that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you.
We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. If you stop interacting with us as a customer, we will remove or anonymise your information after 7 years.
Performance of a Contract with you:
It will be necessary for Comair to use your personal information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information, to provide you with the flight, holiday and/or car hire you have requested and paid for.
As a commercial airline and travel provider, Comair has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.
Compliance with Legal Obligations:
There are situations where Comair is subject to a legal obligation and needs to use your personal information to comply with those obligations, including cases where we are required to share your personal information with regulators.
To Protect the Legitimate or Vital Interest of You or Another Person:
There are situations where we may need to use your personal information to protect the vital interests of you or another person.
We may collect and use your personal information where you have given your specific consent to us doing so.
However, if you withdraw your full consent, in some circumstances, and subject to applicable law, we may not be able to provide all or parts of the products or services you have requested from us and you will not be able to cancel your booking or obtain a refund of any charges you have paid.
Who do we transfer to, disclose or share your Personal Information with?
Your personal information may be shared within our group with entities or brands such as kulula.com, British Airways operated by Comair, Bidair Services, Kulula Air (Pty) Ltd trading as Slow in the City, Comair Catering (Pty) Ltd T/A Food Directions, Comair Retail Travel Services (Pty) Ltd and our business partners. We share information with them, so they can assist us in providing products and services to you and to understand more about you.
For example, if you have flown with one of the other airlines we may use this information to understand more about the sorts of travel services you are likely to be interested in.
We may also disclose your personal information ( subject to applicable law) to the following third parties for the purpose described here:
- Customs and immigration authorities of any country in your itinerary or to which your flight may fly over. (Comair is required to give border control agencies and customs authorities access to booking and travel information when you fly to and from countries including stop-overs and where you may overfly countries to your destination.)
- Airlines and other service providers needed to deliver the products and services you have asked for, where, for instance, part of your travel itinerary involves a flight operated by a different airline or includes car hire or a hotel booking. Those airlines and other service providers will be identified when you make a booking.
- If you have joined one of our loyalty programmes or another affiliated loyalty programme, our partners in the loyalty programme and other loyalty schemes that you have joined so that we can administer the benefits of the loyalty programme to you.
- Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening.
- In response to a valid, legal request from government or a law enforcement agency, such as a customs and immigration authority.
- Third party service providers we use to provide products and services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf.
- Third parties, such as law firms and law courts, to enforce or apply any contract with you.
- Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
- We may provide usage information including your personal details if we have your consent, to marketing agencies to deliver online advertising on websites or social networks.
- Online or social media platforms, such as Google (Adwords, Youtube etc), Instagram, Twitter and Facebook, in order to facilitate target segmentation with online advertising. Should you no longer wish to be targeted, you can opt out through the preference settings on the respective platforms. For example, on Facebook, you can opt out through the ‘Ad settings’ once logged into your Facebook account at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen.
- If necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision).
- If we are reorganised or sold to another organisation, we may transfer any personal information we hold about you to that organisation.
Where appropriate, before disclosing personal information to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable law.
What Countries will your Personal Information be sent to?
Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located.
The nature of our business means it is often necessary for us to send your personal information to other countries to fulfil your travel arrangements. This occurs because our business and the third parties identified in “Who do we share your personal information with?” have operations across the world.
In addition, we may transfer your data to parties in countries outside the country in which you are located to provide products and services to you or to us.
This may involve sending your data to countries where under their local laws you may have fewer legal rights than you do in the country in which you are located.
If you would like more information on these safeguards, please contact the Data Protection Officer.
What are your Legal Rights in relation to the Personal Information we hold about you?
Under data protection laws in the European Union and South Africa, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to 3 months, but we will let you know if this is the case.
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.
Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?”
Your rights include the following:
- You may request us to stop sending you direct marketing. To see how to change your permission to receive direct marketing please refer to “How can you change what marketing communications you receive and how you receive them?" which can be located in "When will we send you direct marketing?". If you do so, we will no longer be able to send you direct marketing communications. However, if you subsequently book a flight with us, we will need to send you communications about the products or services you have booked, such as your travel arrangements. These communications will help you get the most from the products and services we provide and may also contain options and other details about the products or services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
- You may request us to stop using your personal information where we are doing so under legitimate interests (see the section “What is our legal basis for using your personal information” for examples of when that applies) unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.
- Also see “Who do we transfer, disclose or share your information with” in respect of online or social media platform settings.
- You may access the personal information we hold on you.
There are some limited exceptions to this right, such as information relating to others who have not consented to the disclosure of their information and information which is legally privileged. Please see “Accessing your personal information” which can be located within "How can you exercise your legal rights and change how we use your data?" for more details.
- You may ask us to correct your personal information (the “right of rectification”) if that information is inaccurate. In this regard see section on “How can you change what marketing communications you receive and how you receive them?”
- You may ask for personal information which identifies you to be erased (or forgotten). To do this we will remove the information that identifies you from the data we hold in our active systems (“anonymise”). However, a separate and restricted copy of the identifying information will (subject to applicable law) be kept for 7 years to meet the obligations we have to law enforcement, national authorities and legal proceedings.
Considerations when you submit a request to have your personal information erased:
- We may need to retain certain elements that relate to a contract between you and Comair because we need it for our own legal and auditing purposes (for more information on the basis on which we process your personal information see the section “What is our legal basis for using your personal information?”).
- A record of your request including the personal information you supplied will be retained in the application used to carry this out for 3 years.
- In some circumstances it may mean we will not be able to provide all or parts of the products or services you have requested from us in relation to previous travel or retain any preferences you have previously shared with us.
- We cannot erase your personal information if you are a member of one of our loyalty programmes or brands, as we require this information to deliver our contract with you. If you wish to proceed you will need to resign from such loyalty programme or membership.
- We cannot erase your personal information if you have either flown with us in the past 13 months or you hold a forward booking with us. For legal reasons, we need to keep information linked to these flights. You may come back to us once this time period has passed and submit a request for erasure.
- We cannot erase your personal information if we have identified that you either have an open complaint with us or we hold a previous case for you within the past 6 years. We are required to retain this information in case there is a need to re-open the complaint.
How can you Exercise your Legal Rights and Change how we use your Data?
If you wish to change how we use your personal information, please contact our Data Protection Officer.
We will ask for some information to identify you, which will only be used to process your request. We will verify your identify by email before processing your request.
Accessing your Personal Information:
If you wish to receive a copy of your information, you can make your request in writing to the Data Protection Officer and include the following information with your request:
- Your name and postal address.
- Details of your request.
- A photocopy of your passport, photo identification or driving licence, so that we can verify your identity.
- Your signature and the date of the request.
- If you are applying on behalf of another person then signed authority from the individual is required.
Any details which may help us locate the information which is the subject of your request, for example:
- Booking reference or flight numbers and dates.
- Loyalty programme name and number.
- Telephone recording details [identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)].
If you wish the information to be provided to you in a machine-readable copy, please indicate that at the time of making your request.
How to get in touch with us and your Right to Complain:
We work hard to handle your information responsibly. We hope that we will be able to resolve any concerns you may have, but in the unlikely event that we do not, you have the right to contact the relevant data protection supervisory authority or regulator. For example, the Information Regulator in South Africa, once operational, can be contacted at firstname.lastname@example.org