Data protection
Security is the top priority for Austrian Airlines AG. Naturally this applies as much to the protection of your privacy as it does to the security of your personal data.
Our Data Protection Promise
We promise we will handle your personal data carefully and conscientiously. That’s why the processing of your personal data is continually reviewed, and corresponding technical and organisational security measures are taken. The personal data you entrust us with is thereby protected against manipulation, loss or access by unauthorised persons. To be able to offer you this protection in the long-term, our data security measures are, of course, continually reviewed and renewed.
Information concerning data protection
As of: May 2018
Preamble
With the following Privacy Policy, Austrian Airlines AG would like to clarify to users of the austrian.com website what kind of personal data are processed within it.
In addition, the General Terms of Carriage for the operation of flights apply.
For reasons of easier legibility, this Privacy Policy does not make a distinction between male and female persons. The relevant terms apply in all cases to both sexes, in line with gender equality.
1. Responsible authority
Austrian Airlines AG (Office Park 2, Postbox 100, 1300 Vienna Airport, Austria; hereinafter also “we” or “us”) hereby informs you about the processing of your personal data as part of your use of the austrian.com website.
When we refer to the Lufthansa Group below, we mean the airlines Lufthansa, SWISS International Airlines AG, Austrian Airlines AG and Eurowings GmbH, together with Miles & More GmbH and other companies of the Lufthansa Group.
If you have further questions about data protection in connection with the austrian.com website, please contact our Data Protection Officer via the contact details provided under the section “Data subject rights”.
2. Data subjects
Data subjects to whom this Privacy Policy applies are natural persons who use the austrian.com website.
3. Security has the highest priority
Security has the highest priority, according to the Austrian Airlines AG creed. This creed most certainly also applies to the handling of personal data in our company.
You entrust us with a lot of your personal data, whether it’s in the course of booking a flight, checking in or subscribing to our newsletter. It is an important concern for us that we handle your personal data with the greatest care and protect your privacy. Data protection is taken into account in our business processes at all times.
By using the austrian.com website you agree to this Privacy Policy.
This Privacy Policy applies when entering this website as well as all sub-websites of the Austrian Airlines AG. The pages in this website may contain links directing you to other providers outside of Austrian Airlines AG, to which this Privacy Policy does not apply. Austrian Airlines AG does not undertake any liability for the content of other websites and providers. Please note that different data protection regulations apply when you leave this website.
We use the services of selected commissioned data processors for the technical and organisational implementation of our website. These are contractually obliged to process the obtained personal data solely according to our instructions.
4. Purposes of the austrian.com website
The austrian.com website is designed to make Austrian Airlines AG online services easier and more convenient to use. This includes:
- booking flights,
- the use of additional booking services such as booking seats, online check-in, in-flight entertainment, etc.,
- rebooking or cancellations,
- claiming offers from the Lufthansa Group and our partner companies (these are companies with which Austrian Airlines cooperates) in order for us to provide you with further offers.
Brand name | Company name |
A1 | A1 Telekom Austria Aktiengesellschaft |
ACTS | ACTS COMMUNICATION Gesellschaft mit beschränkter Haftung |
AirportDriver | AD Mietwagen Service Gesellschaft mit beschränkter Haftung |
Audible | Audible Gesellschaft mit beschränkter Haftung |
Austrian Miles & More Mastercard World | card complete Service Bank Aktiengesellschaft |
Beachmajors | Beach Majors Gesellschaft mit beschränkter Haftung |
Billa & Billa Online Shop | BILLA Aktiengesellschaft |
Booking.com | Booking.com B.V. |
Breitling | BREITLING Société anonyme |
CAT – City Airport Train | City Air Terminal Betriebsgesellschaft mit beschränkter Haftung |
CarTrawler | ETRAWLER |
Deutsche Zentrale für Tourismus | Deutsche Zentrale für Tourismus eingetragener Verein |
Diners Club Card Austria | DC Bank Aktiengesellschaft |
Diners Club Card Slovakia | Diners Club CS, s.r.o. (DC Bank Aktiengesellschaft) |
ERV | Europäische Reiseversicherung AG |
Italienische Zentrale für Tourismus | ENIT Agenzia nazionale del turismo |
Falstaff Gourmetclub | Falstaff Verlagsgesellschaft mit beschränkter Haftung |
Cercle Diplomatique | FCM firstclassmedia Gesellschaft mit beschränkter Haftung |
Vienna Airport | Flughafen Wien Aktiengesellschaft |
Gebrüder Heinemann | Gebr. Heinemann Wien Gesellschaft mit beschränkter Haftung |
Geomix | geomix Gesellschaft mit beschränkter Haftung |
Hilton Hotels | Hilton International Wien Gesellschaft mit beschränkter Haftung |
Kärnten Tourismus | Kärnten Werbung Marketing & Innovationsmanagement Gesellschaft mit beschränkter Haftung |
Kurier | Mediaprint Zeitungs-und Zeitschriftenverlag Gesellschaft mit beschränkter Haftung & Co KG |
Lifeball | LIFE+ Verein zur direkten Unterstützung von HIV-Positiven und an AIDS erkrankten Menschen (registered association) |
Mastercard | Mastercard Europe Société Anonyme |
Miles & More | Miles & More Gesellschaft mit beschränkter Haftung |
Tourism in Upper Austria | Oberösterreich Tourismus Gesellschaft mit beschränkter Haftung |
ÖAMTC | Österreichischer Automobil-, Motorrad- und Touringclub (ÖAMTC) (registered association) |
ÖBB | ÖBB-Personenverkehr Aktiengesellschaft |
Austria advertising | Österreich Werbung (registered association) |
Payback | PAYBACK Austria Gesellschaft mit beschränkter Haftung |
Raiffeisenbank Mastercard World | Raiffeisen Bank International Aktiengesellschaft |
SalzburgerLand Tourismus | SalzburgerLand Tourismus Gesellschaft mit beschränkter Haftung |
Steiermark Tourismus | Steirischer Tourismus mit beschränkter Haftung |
T-Mobile Austria | T-Mobile Austria Gesellschaft mit beschränkter Haftung |
Tirol Werbung | Tirol Werbung Gesellschaft mit beschränkter Haftung |
Verlagsgruppe News | Verlagsgruppe News Gesellschaft mit beschränkter Haftung |
Vienna Airport Lines | ÖBB-Postbus Gesellschaft mit beschränkter Haftung |
Juwelier Wagner (Wagner Jewellers) | Juwelier Wagner Gesellschaft mit beschränkter Haftung |
Wiesenthal | Wiesenthal Handel und Service Gesellschaft mit beschränkter Haftung |
Wien Tourismus (Vienna Tourist Board) | Wiener Tourismusverband (public law corporation) |
Wiener Johann Strauss Orchester (Vienna Johann Strauss Orchestra) | Wiener Johann Strauss Orchester (registered association) |
4.1. Booking flight tickets
When you book a flight via the austrian.com website, the following personal data is processed:
- title, first name, surname,
- date of birth,
- email address, contact address (street, town and postcode), telephone number,
- frequent flyer programme,
- meal preference (requested menu),
- your specific service requests (e.g. transport assistance, accompanying assistance, etc.) and
- credit card data.
Irrespective of the travel destination, the following personal data may or must be given:
- date of birth
- nationality and passport data
- Visa data
We only process your personal data in order to fulfil the carriage contract, to issue your desired flight ticket and to send you a booking confirmation. Your booking confirmation will be sent unencrypted via electronic channels. In addition, we process your personal booking data solely on the basis of statutory regulations or with your consent. If you provide us with any personal health information when booking your flights so that we can provide you with the relevant assistance in accordance with your medical needs, this data will only be processed for the provision of those services and/or shared with third parties (e.g. airports, security checks, etc.) for the provision of those services.
If you use other services on our website relating to your flight (e.g. downloading e-Journals), the personal data collected is only processed for the fulfilment of the contract.
If you carry out the purchase of a flight ticket not only for yourself but also for a person travelling with you, please note that you must have the relevant power of representation.
Please also note that we will store your passenger data. In principle, the retention period is three years, unless other statutory or legitimate interests prevent the deletion of such data.
4.2. Online check-in
When you use our online check-in, we process the following personal data about you:
- name and booking code
- contact details (email address, telephone number)
- your specific service requests (e.g. meal preferences, transport assistance, accompanying assistance, etc.)
We only process your personal data for the fulfilment of the carriage contract. Please note that we store your passenger and check-in data. In principle, the retention period is three years, unless other statutory or legitimate interests prevent the deletion of such data.
5. Connection with frequent flyer programme
When booking a flight or checking in online, you can indicate a frequent flyer programme by providing your frequent flyer number for the purposes of earning mileage credit.
Please note the data protection information for your frequent flyer programme.
6. Electronic communication
Provided you have given your consent, you will receive information, offers, customer satisfaction surveys and newsletters, including from partner companies, relating to the subject of travel from Austrian Airlines AG by email, SMS, messenger services and telephone.
7. Transmitting personal data to third parties
The personal data you disclosed when successfully booking a flight will only be shared with third parties (e.g. operating airlines, airports, etc.) for the fulfilment of contractual obligations.
The transmission of personal data to domestic and foreign courts, authorities or other state institutions will only be carried out in accordance with applicable statutory requirements.
7.1. Transmission of personal data to foreign authorities
The collection or transmission of personal data to state institutions and authorities will only be carried out in accordance with applicable statutory requirements.
Please note: all data provided by you in the context of a booking may be subject to transmission.
7.2. APIS data (Advance Passenger Information System)
In a variety of countries, airlines are under legal or official obligation to transmit passenger data before the respective flight lands in the destination country, that is, if your destination or transfer airport is based in one of the states affected. Such legal regulations generally involve the transmission of data pertaining to the identity and the travel documents (passport, visa) of the passenger boarding the flight.
We generally do not have access to these data, which is why they must be collected before departure. This is increasingly carried out via the so-called “machine-readable zone” on newer travel documents. The collection of this data is intended solely for direct transmission to the authorities of the destination country.
7.3. Secure Flight
In accordance with the regulations of the Transportation Security Administration (TSA), you are obliged, for the purposes of Watch List Screenings on the basis of 49 U.S.C. Section 114 of the Intelligence Reform and Terrorism Prevention Act of 2004 and 49 C.F.R. Part 1540 and 1560, to provide your full name, date of birth and gender. If available, you can also provide your redress number. If you do not provide your full name, date of birth and gender, you may be denied the right to travel or to access the departure area. Within the scope of its public records system, the TSA can exchange the data provided by you with law enforcement authorities, intelligence services and other organisations.
You can find further information about the Privacy Policy of the TSA, the documentation system and the data protection implications on the TSA website at www.tsa.gov.
8. Collection of contact data
In accordance with EU Regulation No. 996/2010 (EU Regulation No. 996/2010 of the European Parliament and of the Council of 20 October 2010, for the Investigation and Prevention of Accidents and Incidents in Civil Aviation and Repeal of Directive 94/56/EC), we give you the option on our website to provide the name and telephone number, or email address, of a contact person, who should be contacted in the event of an aviation accident. These details will be used exclusively for this purpose and will be deleted after the last flight you have boarded.
Please note: These data are not linked with the reservation – if you rebook, these details must be re-entered.
9. Legitimate interests
Should we process your data, in our legitimate interest, aside from the purposes stated above, it will be for the following purposes:
- to claim, defend or enforce legal claims;
- for the transparency and further development of business processes subject to the stated retention periods.
10. Review of payment transactions
Austrian Airlines AG reviews payment transactions in connection with flight bookings to prevent fraud and other improper use. For this purpose, Austrian Airlines AG uses both internal and external resources. If specific circumstances are detected, Austrian Airlines AG reserves the right to share information, including personal data, with other companies of the Lufthansa Group.
11. Use of cookies
A so-called “browser cookie” is a small text file that a web server (for example, the www.austrian.com web server) sends to your browser when you visit a website. Cookies do not normally represent a danger to your computer, as they are merely text modules and are not exportable executable programmes.
We use cookies in order to identify the preferences of visitors to our websites and to optimise their design. You can call up an overview of the browser cookies used, their function and the service providers used here. Our cookies are deleted 730 days after your visit at the latest. By using this website, you are agreeing to the use of the data we collect from you.
You can set your browser so that your consent to the use of cookies must be obtained, or to disallow the storage of cookies on your computer in general.
If the file is saved, our web server can recognise your computer. During future visits and when making changes to features that require a password from you, the cookie lets you avoid having to make several entries. Cookies thereby make the use of websites that require user information easier. In principle, our offers can be used without cookies, but, in those instances, we cannot guarantee error-free functionality.
On some websites, services and content from other providers (e.g. Adition, Google, Facebook, Zanox) are embedded. These providers may use cookies and active components for their own purposes. We have no influence on the processing of personal data by these providers. Please find out how your data are processed by accessing the websites of the respective providers.
We give you the option of opting out of aggregation and analysis for online marketing purposes.
If you visit our site using other devices or web browsers, you have to opt out on each individual device and browser. To delete existing browser cookies, you can open the link below to access the instructions for your browser:
12. Use of the web analysis tool
Adobe Analytics
We use Adobe Online Marketing Cloud’s Adobe Analytics to save web data and information (“data”) as a host. Adobe is an “ASP” (Application Service Provider) that offers a service called Adobe Analytics that tracks and analyses customer websites. This allows us to analyse visits to our website with the goal of understanding our customers’ needs. We constantly improve the website and mobile app based on this information. The data collected is not associated with a particular individual. It will merely be evaluated as part of web analysis using anonymous, aggregated data for statistical purposes.
ClickTale
On our website, we use the ClickTale analysis service. ClickTale can record mouse clicks, mouse movement and scrolling behaviour. In addition, ClickTale saves your form entries during booking so that we can optimise the process. We use the information that ClickTale processes so that we can continue to improve our website and make it as user-friendly as possible.
13. Austrian Career Cockpit
Apply to us directly online via the Austrian Career Cockpit, or receive interesting job offers via email. To do so, create a profile with your personal details. We handle your data confidentially and do not pass it on to third parties. You can delete both your profile and your online application at any time. To do so, please contact us via email at: karriere@austrian.com.
14. mySelfie App
The mySelfie App was programmed to capture Austrian employee moments and quotes.
The participant grants Austrian Airlines a global, transferable and non-exclusive exploitation right and right of use, until further notice, in relation to contributions and content (e.g. text, photos) provided. Austrian Airlines has an unlimited right to use the photos for communication and advertising purposes. Austrian Airlines can reject content from participants at any time.
Each participant remains responsible for his/her own content. The participant guarantees they will not provide Austrian Airlines with any contributions or content whose provision, publication or use would violate existing laws or the rights of third parties. The provision of contributions that are racist, pornographic, inhuman, offensive or immoral is expressly prohibited. The participant guarantees that the content provided does not violate the rights (especially copyrights) of third parties. The participant indemnifies and holds Austrian Airlines and its employees and partners harmless against any justifiable claim for damages or injury that may result from the publication of their post or content.
If you would like to withdraw your consent for the publication of your photos, please send your photo and withdrawal to public.relations@austrian.com.
15. Data security
Austrian Airlines AG implements technical and organisational data security procedures to protect your personal data against incidental and wilful manipulation, loss and destruction, or against access by unauthorised persons. Data security measures at Austrian Airlines AG are continuously evolving to ensure our technical security procedures reflect the latest standards in technological development. In the same way, our staff at Austrian Airlines AG in the data security and data protection divisions undergo training and are subject to organisational procedures designed for secure data processing.
16. Data subject rights
Austrian Airlines AG is deeply committed to making our data processing procedures clear and transparent. It is therefore important that our customers are not only able to withdraw their consent, but also to exercise the following rights they have:
- Right to information
- Right to correction of their personal data
- Right to deletion
- Right to restriction of processing
- Right of data portability
You must submit your data subject rights request in writing using the online form with proof of your identity (scan or copy of an official photo ID).
You can also send this type of request to us by post:
Austrian Airlines AG
Legal Office - Data Protection
Office Park 2
Postbox 100
1300 Vienna Airport
If you have any concerns about data protection law, please contact us by post at the address given above or contact our company’s data protection officer using our online form.
You also have the right to file a complaint with the Data Protection Authority as the competent supervisory authority. The data protection authority with jurisdiction for Austrian Airlines AG is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Telephone: +43 (0) 52 152 – 0
Email: dsb@dsb.gv.at
17. Disclaimer
This Privacy Policy only applies to the processing of personal data when using the austrian.com website. This Privacy Policy does not cover other websites, in particular third-party websites. If you leave the austrian.com website, we ask you to consult the validity of the applicable data protection provisions of those other websites.
What happens if you receive our newsletter?
Please note: The email notification you have just received may contain confidential information intended only for the use of the addressee named in the email header. If you are not the intended recipient of this message, any use, distribution or reproduction of this message is prohibited.
If you have received this notification in error, please notify us immediately at: impressum@austrian.com
We accept no liability for any damage caused by any virus transmitted in this email.
Data collection for foreign authorities
There is a legal or official obligation for aviation companies in various countries to send passengers’ personal data from the reservation system to the relevant authority. You can find these countries here – and find out what data is shared with just one click
For information, complaints and data information, please contact us on +43 5 1766 1000 (at the local rate from anywhere in Austria, Mon-Sun and holidays 08:00 to 20:00) or contact us via our contact forms.
Austrian Airlines is obliged to send all reservation data due to an agreement between the EU and USA or Canada. The carriage of passengers from, to or via the USA or Canada is not permitted if we do not comply with this obligation.
Austrian Airlines sends the booking codes of those passengers who are travelling with us from, to or via the USA and Canada to the immigration authorities of the USA and Canada (so-called "PNRs"= "Passenger name records") .
PNR data contains all the information you have given during your reservation and that is stored in our reservation system. At present, only the USA and Canada require the transmission of this data.
Please note: PNR data must be distinguished in principle from API data (= Advanced Passenger Information). API data is included in your passport (surname, first name, date of birth, nationality, passport number and gender); it is collected as part of the check-in process (usually via electronic recording of the magnetic strip on the passport) and is sent immediately after departure. This is required by law for entry into countries such as the USA, Canada, Japan and India.
For more detailed information, see Entry provisions.
You will find further information about data collection for foreign authorities via the following links:
- Austrian Terms and Conditions of Carriage
- FAQs about the European Commission
- Agreement between the European Union and the United States of America about the processing of passenger data records
- Agreement between the European Union and the Government of Canada about the processing of expanded passenger data and passenger data records
We send the following data to the American authorities in connection with your booking from/via or to the USA:
- Booking code
- Date of the reservation/issue date of the ticket
- Date of the planned trip
- Name(s)
- Available frequent flyer and benefit information (e.g. free tickets, upgrades, etc.)
- Other names under the same booking code (accompanying persons), including the number of all those travelling under the same booking code
- All the available contact information (including the customer information)
- All the available payment and billing information (does not include other transfer details in connection with credit card or bank account information that is not connected with this trip)
- Total itinerary
- Travel agency/Travel agent
- Information about the operating airline
- Information about distribution of the booking
- Passenger travel status (including confirmation and check-in status)
- Ticketing information, including ticket numbers, one-way tickets and naming of the Automatic Booking Code
- All baggage information
- Seat information, including seat number
- General notes, including other supplementary information (OSI), special service information (SSI) and special service requirement information (SSR)
- Aggregated entries relating to data collection from travel documents (APP and/or API)
- Chronology of the changes in data fields 1-18
We send the data based on an Agreement between the EU and the American government.
We send the following data to the Canadian authorities in connection with your booking from/via or to Canada:
- Booking code
- Date of the reservation/issue date of the ticket
- Date of the planned trip
- Name(s)
- Available frequent flyer and benefit information (e.g. free tickets, upgrades, etc.)
- Other names under the same booking code (accompanying persons), including the number of all those travelling under the same booking code
- All the available contact information (including the customer information)
- All the available payment and billing information (does not include other transfer details in connection with credit card or bank account information that is not connected with this trip)
- Total itinerary
- Travel agency/Travel agent
- Information about the operating airline
- Information about distribution of the booking
- Passenger travel status (including confirmation and check-in status)
- Ticketing information, including ticket numbers, one-way tickets and naming of the Automatic Booking Code
- All baggage information
- Seat information, including seat number
- General notes, including other supplementary information (OSI), special service information (SSI) and special service requirement information (SSR)
- Aggregated entries relating to data collection from travel documents (APP and/or API)
- Chronology of the changes in data fields 1-18
We send the data based on an Agreement between the EU and the Canadian government.
Information about the processing of your personal data
In the course of our business operations, it is sometimes necessary to collect, save and process some of your personal data. For example, this is necessary for carrying out a flight booking or for the creation of your customer profile. However, you can rest assured that we are as transparent as possible when it comes to the processing of your data and that you have control over your personal data at all times.
Your personal data is only processed to the extent that it is absolutely necessary or if we have received your permission to do so.
If you would like to know what personal data we process in detail, please contact us at any time by sending us an Information request. In addition, you have further rights which you can exercise based on the General Data Protection Regulation (in short: “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of individuals with regard to the processing of personal data and on the free movement of such data). You can find a summary of these rights on our Data protection rights page.
In order to optimise the design of our websites for your browsing pleasure, we use cookies. You can find further information about the use of cookies in our Cookie Policy on our website.