POLITICA DE PRIVACIDAD

euroAtlantic Airways – Transportes Aéreos, S.A. (hereinafter referred as euroAtlantic) respects individual privacy and is committed to protect your personal data (hereinafter referred as DP’s), valuing the trust of our users, clients and partners.

euroAtlantic is obliged to comply with this EAA Data Protection and Privacy Policy (hereinafter referred as EAA Privacy Policy), in accordance with General Data Protection Regulation (hereinafter referred as GDPR), approved by Regulation (EU) 2016/679 from European Parliament and Council, dated April 27th, 2016, on the protection of natural persons processing their personal data and on the free movement of such data as well as other applicable regulations on data protection.

So, we are committed to be transparent and clear regarding to DP’s we collect and how we process them, and we assure they will be processed lawfully, fairly and in a transparent manner and to make our best efforts to assure safety and privacy of our users, clients and partners DP’s. In this Policy we will share the types of DP´s we collect and process, how they are collected and kept as well as the purposes of the processing and the recipient’s categories to whom we transfer DP’s.

This Privacy Policy applies to DP’s collected and processed by euroAtlantic as “Controller” in the terms and definition in GDPR Article 4th (7), in particular DP’s from our clients and users who visit euroAtlantic website.

In data processing operations, euroAtlantic, as Processor, determines the purposes and means of the processing of DP.

When we refer to “personal data”, DP’s, we mean “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, following pari passu  GDPR definition, Article 4th (1).

As DP’s example: name, electronic mail address, birth date, contact data, payment data.

We collect your DP’s, for example, when you use our services to make a flight reservation, when you use our website or when you contact us.

euroAtlantic may process, namely, following categories of DP’s:

  • Data used to make and manage your flight reservation or to provide a service you have requested, such as: name; electronic address, birth date, telephone contacts, passport number, credit/debit card data or other methods of payment;
  • Data about your flight travel history, including information related to your flights;
  • Data about your medical health, in the case your condition requires special medical care or meals (please see more under Special categories of personal data);
  • Your online registration data to assure we interact with you in a correct way, as you have register in our website;
  • On the communications between you and us or sent thru mail letter, e-mail, phoner calls and social network.

 Special categories of personal data

DP’s like your physical or mental health are deemed as data of special categories under GDPR terms and other legislation on personal data protection. We will restrict processing of such data to the cases strictly referred by law, namely if you have expressed your consent or if you have made public such data.

euroAtlantic will process you DP’s in a lawful way and if at least one of the following conditions apply:

  • You have expressed your consent to the processing of your DP’s to one or more lawful purposes;
  • The processing is needed to prepare or execute a contract in which you are part;
  • The processing is needed to fulfill legal obligations by euroAtlantic;
  • The processing is needed to protect your vital interests or from another natural person;
  • The processing is needed to protect, in the terms of the law, euroAtlantic or third parties legitimate interests.

 

In the cases where processing is based on your consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

We process you DP’s, namely, for the following purposes:

  • Manage your reservations and providing services

When flying with us, we use your DP´s to provide the relevant services related to the flight, for example, to issue the ticket, to check in, to issue boarding pass, to receive you on board and carry you safely to your destination. DP’s are also used to change reservations at your request.

  • To communicate and manage our relationship with you

We contact you in the event of a change in flight schedule or a cancellation, as well as about requested services and changes on those services. Those communications are not made for marketing purposes and you cannot choose not to receive them.

  • To improve our service providing and fulfill our goals

The business goals for which we use your DP’s include accounting, invoicing and audit, credit card checking, fraud investigation, security, protection and juridic matters.

  • Para To fulfill our legal obligations

For example our obligation to provide your DP’s to customs and immigration authorities, in tax matters and other legal or regulatory obligation.

 

In some cases, the communication of your DPs may constitute a legal or contractual obligation of yours, or a necessary requirement to conclude the contract between you and euroAtlantic. In such cases, failure to comply with the obligation to communicate your DP’s to euroAtlantic may result in the impossibility of concluding the contract or, in the case of a contract already concluded, serve as a basis for its termination by euroAtlantic.

In accordance with legal and regulatory requirements regarding the protection of DP’s, the data subject has a set of rights regarding the processing operations of his DP’s.euroAtlantic guarantees you the possibility to exercise, under the legally established terms, your rights in this area, namely:a)     Revoke your consent regarding the processing of personal data;b)    Oppose the further processing of personal data;c)     Request the person responsible for the processing of personal data to access them, as well as their rectification or erasure, including the exercise of the “right to be forgotten”;d)    Be informed, upon request, about the purposes of the processing, the categories of data involved, the identity of the recipients to whom they have been disclosed and the period of storage of my personal data;e)    Be informed about the personal data being processed and any information available on the origin of such data, electronically, if not this document;

  1. f) The right to consult and update your personal data held by

If you have any questions about your rights or how you can exercise them as a DP’s subject, you can contact the euroAtlantic Data Protection Officer via email or a written request sent to:

  • dpo@euroatlantic.pt
  • Data Protection Officer (DPO)
    euroAtlantic Airways, Rua Salgueiro Maia, 16
    2685-374 Prior-Velho, Loures, Portugal

 

Without prejudice to any other administrative or judicial remedy, you also have the right to file a complaint with the National Data Protection Commission (CNPD) or another competent supervisory authority under the Law, if you consider that your data is not to be subject to legitimate processing by euroAtlantic, under the terms of applicable legislation and this Privacy Policy.CNPD Contacts:

With the grounds and for the pursuit of the aforementioned purposes, your DP’s may be transmitted to other entities, in accordance with the legal and contractual provisions in force.In this sense, euroAtlantic, having as its highest priority the security in the processing of its DP’s, ensures that the processing operations carried out by other entities are, in the applicable cases, contractually regulated, delimiting the obligations in terms of DP’s, the specific purpose or the purposes for which the data is processed.Furthermore, and in the applicable cases, euroAtlantic checks, beforehand and subsequently, on a regular basis, that the entities to which it transmits its DP’s are reliable and that they have sufficient and adequate protection guarantees in terms of data protection. Your data may be transmitted, for the purposes described in this Privacy Policy or based on the legal grounds established by the Law, namely to the following recipients/categories of recipients:

  • Government authorities, police forces, regulators and airports on the customer’s itinerary or where the customer’s flight may be heading in accordance with applicable legal requirements;
  • Travel agents or other companies through which you book your euroAtlantic flights;
  • Trusted agents of the Global Distribution System (GDS), through which you book your euroAtlantic flight;
  • Partner airlines whose provision of services is necessary for the customer.
  • Suppliers who provide services to us in order to help us run our business and improve our services and your customer experience. For example, we may transmit your DP’s to companies that provide ground services at the airports where we operate. At euroAtlantic, we select the providers who handle your DP’s on our behalf very carefully, and we require them to meet high security standards for the protection of your DP’s, and ask for consent if necessary
  • Credit and debit card companies
    euroAtlantic transmits some of its DP’s, which include information about your payment method and flight reservation, to the credit or debit card companies that issued the card you used to make your reservation, in order to guarantee the security of your transactions and prevent or detect fraudulent transactions.
  • Sectoral authorities, including the National Civil Aviation Authority
    to ensure compliance with applicable regulatory provisions.
  • euroAtlantic service providers and representatives, namely tax consultants, auditors, lawyers, enforcement agents or other entities to which functions related to the monitoring or management of their contract have been assigned;
  • Judicial entities or other entities that have legal legitimacy to process the data in question

euroAtlantic does business in different jurisdictions, some of which are outside the European Economic Area (EEA), such as São Tomé and Príncipe and Guinea Bissau. In some cases, non-EEA countries do not always have robust data protection laws (confirmed by European Commission decisions).

However, and in accordance with the law, namely when this is necessary to execute the contract between you and euroAtlantic or when standardized methods are used within the scope of European legislation, the international transfer may lawfully take place.

euroAtlantic guarantees that it requires, in applicable cases, that all service providers treat their customers’ DP’s in accordance with security levels comparable to those contained in Portuguese and European legislation on data protection.

We keep your DP’s for the period essential to satisfy the purposes on which the processing is based, so the data may be kept after the end of the contractual relationship for the fulfillment of legal obligations imposed on euroAtlantic or for the defense of a right of euroAtlantic in court proceedings.

In the context of minimizing the processing of your DP’s, we guarantee that the data collected and processed are only strictly necessary and, moreover, that the appropriate technical and organizational measures are adopted to protect your DP’s against accidental loss, misuse or incorrect use, unauthorized access or exposure.

In this sense, we use a range of data security controls, defined according to the needs inherent to our activity and with security policies, we monitor these controls to detect failures or violations, including the review of access authorizations to DP’s, own or from third parties, by DP’s subjects and euroAtlantic employees.

We are committed to ensuring that our team has adequate knowledge of data protection legislation and practices, and the entire team has had the opportunity to participate in awareness training in this area, in order to be able to anticipate and identify any data protection issues. that may arise, in order to guarantee your rights, freedoms and guarantees as a DP’s subject.

In the event of a breach of security, euroAtlantic ensures compliance with all legal obligations specifically applicable in this area.

euroAtlantic Privacy Policy is a dynamic tool and we will update it when there is a change in the way we process your data. We may update this Privacy Policy as necessary to ensure that the information we provide is up to date and in compliance with relevant data protection laws. Any new version of this Policy will be posted on our website.

All your questions, comments and requests related to this privacy policy or your DP’s are welcome and can be sent to:

  • Data Protection Officer (DPO)
    euroAtlantic Airways, Rua Salgueiro Maia, nr. 16,
    2685-374 Prior-Velho, Loures, Portugal