PRIVACY STATEMENT CORENDON DUTCH AIRLINES B.V.
1. WHO WE ARE
Corendon values your trust in our company. This privacy statement informs you about how we handle your personal data. In this privacy statement, references to “Corendon”, “we”, “us” or “our” mean Corendon Dutch Airlines B.V., part of the Corendon Holiday Group, located at Schipholweg 335 A, 1171 PL in Badhoevedorp.
2. ABOUT THIS PRIVACY STATEMENT
This privacy statement applies to the processing of your personal data if you use www.corendon.com, the Corendon App, and/or our services. This statement explains what categories of personal data we process, why we do so, and with whom we may share your personal data.
Our processing operations comply with privacy regulations, including in any case the General Data Protection Regulation (GDPR) and the Dutch GDPR Implementation Act. This means, among other things, that:
- We clearly state the purposes for which we process your personal data;
- We collect no more personal data than necessary for these purposes;
- In cases where (explicit) consent is required, we will ask you for this consent;
- We will take appropriate technical and organisational measures to protect your personal data;
- We respect your rights with regard to your own personal data.
3. WHAT PERSONAL DATA WE COLLECT AND HOW
When you visit our website or use our app, we may process the following personal data:
- Your travel preferences;
- Information about your surfing behaviour on our websites and mobile apps;
- Information about when you click on one of our ads, even if it is on the websites of other organisations;
- Information about how you access our digital services, such as your operating system, IP address, online identifiers, and information from your browser;
- Your social preferences, interests, and activities.
When you fly with us or make another purchase, we may process the following data:
- Your identification details, such as your name, date of birth, and passport number;
- Your contact details, such as your phone number and email address, to send information related to your purchase;
- Your booking and purchase details, such as your flight, payment, date, and upgrades;
- Information required due to local legal obligations or safety procedures, such as a copy of your passport, (entry) travel documents, and health information;
- Relevant medical information and any special requests you have provided to us, such as for airport assistance and in-flight meals;
- Information about when you click on one of our advertisements, even if they are on other organizations' websites;
- We use personal data of others that you have provided, for example of the people that are on your booking because you are going on holiday together. If you provide the personal data of others, you must be sure that they agree to this and that you may provide these data. Also, if applicable, please make sure they understand how we may use their personal data.
When you use our loyalty program ‘Corendon Membership’, we may process the following data:
- Your membership number;
- Your points balance, rewards, and benefits;
- Your membership level (Bronze, Silver, Gold) and payments made with your points.
When you contact us or vice versa, or in the context of promotions and services, we may process the following data:
- Personal data that you provide when you email us, send a letter, call us, or contact us via social media. These include data such as your name, username, telephone number, and (email) address;
- Our incoming and outgoing telephone calls may be recorded for complaint review and for quality and training purposes;
- Data from emails and other digital communications that we send you and that you open, such as the links that you click on;
- Your feedback and participation in customer surveys and questionnaires.
When a customer/passenger causes a nuisance and or misuses our services, we may process the following data:
- Data relating to the person or persons involved, such as name, date of birth, flight data;
- A description of the incident, the seriousness of the nuisance, and the safety measures taken;
- If applicable: a copy of the official report.
Personal data we receive from other sources:
- We may also use personal data from other sources, such as from specialized companies providing information, from our partners, or from public registers;
- We may receive personal data from the (local) government, such as the Royal Netherlands Marechaussee at Schiphol, if prohibited narcotics are detected, so that we can take the necessary measures;
- Your insurance company, their intermediaries, and medical staff may provide relevant personal data and exchange special categories of personal data with us if we/they have to act on your behalf, for example in an emergency or in the interest of other customers;
- If you log in via social networks such as Facebook, WhatsApp, or Twitter to access our platforms and online services, you give permission to share your user data with us. These are, for example, your name, email address, date of birth, location, and other information that you voluntarily share with us.
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
We process your personal data on the basis of the following legal bases under the GDPR:
- Consent: For example, if you have given consent for subscribing to the newsletter. If you have given permission for certain processing operations, you may also withdraw this permission at any time.
- To fulfil an agreement: To take steps at your request before we conclude an agreement with you. We need your personal data to book your holiday or to be able to provide you with the services you want to buy. We also need your data to be able to make payments.
- Compliance with a legal obligation: Corendon may be required by law to provide personal data to third parties, for example where government authorities so require at the point of departure or arrival. This is important for border control, immigration, security, anti-terrorism purposes, or for other purposes.
- Protection of vital interests: For example, exchanging relevant data with intermediaries and/or medical staff in emergencies.
- To fulfil a task carried out in the public interest or in the exercise of official authority: For example, the use of personal data in the event of accidents, security incidents, or similar incidents.
- Legitimate interest: For example, when we try to predict in our commercial interest what other products, services, and information you may be interested in as a customer so that we can improve and adapt our information and services. Another example is to prevent fraud and abuse of our services and to monitor the use of our products.
Special personal data
We process medical or other special data only in those situations where this is explicitly permitted under the GDPR. For example, if we have your express consent, if it is necessary to protect your vital interests or those of someone else, and you are physically or legally incapable of giving consent, if it is necessary to file, exercise, or defend legal claims, or for reasons of substantial public interest.
Children’s Personal Data
Our services do not target children under the age of 16, and we will not process their data unless these are provided by (and with the consent of) a parent or guardian. The cases where we need to process the personal data of children under the age of 16 are: as part of a booking, the purchase of other travel-related services, or in other exceptional circumstances (such as functions aimed at families).
If we become aware that we have processed information from a child under the age of 16 without the valid consent of the parent or guardian, we will delete this information.
Refusing to provide personal data
If you refuse to provide the personal data we need to fulfil the agreement we have with you or a legal obligation, we may not be able to provide all services. In that case, for example, we will have to cancel your trip or we will not be able to provide any other services.
5. PURPOSES
We will be happy to explain what we use your personal data for.
To provide the travel and products
We need your personal data to manage your booking and to provide the products and services you would like to purchase from us.
For the purposes of business operations and improving our services
Based on the personal data you give us, we try to improve our services and products. This may include our website, the app, and related products. We monitor the use of our products to protect your personal data, prevent fraud and abuse of our services.
We may use your personal data in security operations, accidents or similar incidents, and for medical and insurance purposes. In addition, we may use your personal data for market research and research and development at Corendon. We are always working to develop and improve our product offering, our services, IT systems, security, knowledge, and the way we communicate with you.
We carry out surveys of the effectiveness of our services through static analysis. We use the information to provide insight into how our information and services contribute to the operating results. For example, we check whether the information and offers in newsletters are being responded to and which services are most in demand. The results of these surveys are reported on an aggregate basis and cannot be traced to individuals.
Corendon keeps a list of customers who have caused a nuisance or abused our services. Depending on the seriousness of the behaviour, we may exclude such customers from our services/flights for a certain period.
Personalisation of user experience
If you have signed up for this, you may see advertisements and other marketing communications from Corendon that suit you. For example, because we look at your surfing behaviour using cookies, we can ensure that you see offers that match your interests. We try to predict what other products, services, and information you might be interested in and are, therefore, more relevant to you.
If you prefer not to receive personalised information from us, you may always submit your preferences online in your account, by telephone, in writing (for example via privacy@corendon.nl), or by unsubscribing from the newsletter. We will then adjust your preferences as soon as possible.
Contact
We use your personal data when you contact us, for example by email, post, telephone, or social media.
Marketing communication
If you have stated in advance that you wish to receive marketing communications or have previously travelled with us, we will send you relevant travel offers or news about our services. You may change these settings at any time via the newsletter, our website, by telephone, or by email via privacy@corendon.nl. You will still be able to receive service messages from us in the context of your booking.
Recruitment and selection
If you apply for one of our vacancies, we will process the information you provide us in order to decide whether or not we will invite you for an interview and to decide whether we will offer you a job. You can find more information about how we process your data in the context of recruitment at werkenbijcorendon.nl/privacy-verklaring.
6. SHARING PERSONAL DATA WITH SUPPLIERS, PARTNERS, AND OTHER THIRD PARTIES
- We share your personal data with your travel suppliers, such as airlines, hotels, and transport companies. We also share your personal data with service providers, such as IT service providers and third parties who analyse and personalise your website use. We make arrangements with these third parties regarding the careful processing of personal data. We only share the necessary personal data with our suppliers and partners. This means that they only get access to the data that are needed to provide you with their services.
- Sometimes we share personal data to establish, exercise, or defend our legal rights; in this respect, we may provide personal data to third parties to prevent fraud.
- In addition, we may share personal data with government agencies or authorities to the extent necessary to comply with a legal obligation or a competent order issued by an authority. For example, we are required to provide your identification and booking details (PNR and API data) for border controls or for the prevention of crimes.
- In certain specific cases, we transfer your data to partners located outside the European Economic Area (EEA), as this is necessary to fulfil the agreement we have concluded with you. This is the case if, for example, a trip is booked to a country outside the EEA. Countries to which your data are transferred may not have legislation that provides the same level of protection for your personal data as the legislation within the EEA. Where this is the case, we will take appropriate contractual and security measures to ensure that such transfers comply with European legislation, such as agreeing standard data protection clauses drawn up by the European Commission.
7. SHARING PERSONAL DATA WITHIN THE CORENDON HOLIDAY GROUP
To the extent necessary, we may share your personal data with other companies within the Corendon Holiday Group. We do this to provide you with the services you want and to manage and improve our services and day-to-day operations. If you have given your consent, we may also share your data with our companies to personalise your user experience or for marketing purposes or market research.
8. PROTECTING YOUR PERSONAL DATA
We take appropriate technical and organisational security measures to protect your data against accidental loss and against unauthorised access, use, change and disclosure. You are also responsible for the protection of your data, for example by not sharing your password or booking data with third parties.
9. RETENTION PERIODS
We store the data for as long as necessary for the purposes described in this privacy statement and for compliance with laws and regulations. In particular, we retain personal data that we obtain in connection with bookings, purchases, or for the fulfilment of other agreements for as long as necessary to handle your booking(s), including administration, feedback, complaints, damage, insurance, etc. After processing, we will retain data for a maximum of 5 years and a minimum of 7 years with regard to the tax data. At the end of that period, the data will be deleted, unless the data must be retained for a longer period on the basis of a legal obligation or other purpose (such as a pending claim). Recorded phone calls with customer service are kept for 1 year.
After the expiry of the retention periods, we will delete or anonymise your personal data.
10. LINKS TO OTHER WEBSITES
Our websites may contain links to websites managed by other organisations with their own privacy statements. Please be sure to read these terms and conditions and privacy statement carefully before entering personal data on the website of another organisation; we do not accept any responsibility or liability for the websites of other organisations.
11. SOCIAL MEDIA FUNCTIONS
Our websites contain social media functionalities such as Facebook and Twitter, which have their own privacy statements. Please be sure to read these terms and conditions and privacy statement carefully before entering personal data; we do not accept any responsibility or liability for these positions.
12. RIGHTS AND COMPLAINTS
Of course, you can always access your own personal data on our websites. These details are linked to your account or to the booking of your trip. In addition, every person whose data we process has the following rights:
Right to access your personal data
You have the right to inspect your personal data. This means that you can request which personal data about you have been registered and for which purposes those data are used.
Right to correct or delete your personal data
You have the right to have your personal data corrected if these data are incorrect. You can also request the deletion of your data. We can only comply with this if we are not obliged to retain your data or no longer need the data for our purposes.
Right of objection and right to restriction of use
You have a number of options for opposing further use of your data. Even if you have given your consent at an earlier stage, you can object to further use of your data or withdraw your consent. You may object to the use of your personal data free of charge if your personal data are used for purposes other than those necessary for the fulfilment of an agreement or if they are necessary for compliance with a legal obligation.
Right to data portability
You may request to obtain the data we have about you (electronically).
If you wish to exercise any of these rights, please submit a request via the email address privacy@corendon.nl. In principle, we will comply with your request within one month. However, this period may be extended for reasons relating to the specific rights of data subjects or the complexity of the request. If we extend this period, we will inform you in good time.
We will do our best to deal with your personal data as best we can. If you do have a complaint about how we collect, store, or use your personal data, please let us know by sending your written question or complaint to the Legal Department and/or Data Protection Officer. You always have the option of submitting a complaint to the Dutch Data Protection Authority via the website www.autoriteitpersoonsgegevens.nl.
Contact data
PO Box 349
1170 AH Badhoevedorp
Email address:
privacy@corendon.nl
Before handling your request or complaint, we may ask you for additional information to confirm your identity. If you contact us on behalf of someone else, we may also ask you for additional information. We do this to ensure that you are entitled to submit such a request or complaint.
13. CHANGES TO THIS STATEMENT
This statement replaces all previous versions. We may update this statement at any time, so please check our website(s) regularly for updates. In the case of significant changes, we will post a clear notice on our website(s), possibly with an electronic notice about the changes in the privacy statement.
Last Updated: June 4, 2024