We are Transavia Airlines C.V. (also known as Transavia), a Dutch airline with offices at Piet Guilonardweg 15, 1117 EE in Schiphol, the Netherlands and Transavia France S.A.S. (also known as Transavia France), a French airline with offices at 3 allée Hélène Boucher, 91550 Paray-Vieille-Poste, France. Both airlines hereinafter together “Transavia”.
Transavia is part of the AIR FRANCE KLM Group. For more information, please see our corporate website.
Koninklijke Luchtvaart Maatschappij NV (also known as KLM Royal Dutch Airlines or KLM), is a Dutch airline with offices at Amsterdamseweg 55, 1182 GP in Amstelveen, The Netherlands and Air France (formally Société Air France, S.A.) is a company incorporated in France having its registered office at 45, rue de Paris, F-95747, Roissy CDG Cedex. You can find their privacy policies on the KLM and Air France website. For the processing of your personal data in relation to the Flying Blue program Transavia only processes your email address, Flying Blue membership number and amount of miles to enable you to ‘earn’ and ‘burn’ your miles on Transavia products. .
We may collect and process the following categories of personal information:
a. Name, passport number and other identifying information
For example, we may record your name, title, gender and date of birth, your nationality, country of residence and passport number.
b. Your contact details and personal account or registration details
Your contact details may include your address, telephone number and email address. When you create a personal account, or register for a service, we may also record your sign in details and other information you fill out on your personal account or registration form.
c. Information about your bookings and purchases
When you book a flight with us, we process your booking information. This information may include details about your flight, prices and the date of your booking. In addition, we process information in relation to ancillary services (such as seats and luggage) and products you purchase.
d. Information about your travel arrangements
When you travel with us, we process information in relation to your journey. Such as your travel itinerary, (online) check-in, your (mobile) boarding pass and your travel companions. We may also record any specified medical needs and any additional assistance you require.
e. Your membership of the Flying Blue program
When you ‘earn’ or ‘burn’ Flying Blue miles on a Transavia product, we process your email address, membership number and miles.
f. Our communication with you
When you send us an email or chat with us online or via social media, we register your communication with us. We also register your communication preferences. For example when you unsubscribe from one of our newsletters or when you choose to receive your booking related communication (such as confirmation, check-in notification, boarding pass, and flight status updates) via other channels than email (such as WhatsApp or Facebook Messenger). When you call us, our Service Centre will register your questions or complaints in our database. We may also record telephone calls for training purposes.
g. Information we collect when you use our website, app and other digital media
• We may receive an automatic notification when you open our emails or click on a link in such emails.
• With your permission, we may also receive your location data.
h. Information in relation to social media
i. Information you choose to share with us
You may choose to share information with us, for example when you share your interests and preferences with us, leave a comment for us on Facebook, fill out a customer survey or submit an entry for a contest.
Certain categories of personal information we collect and use, such as data revealing racial or ethnic origin or data concerning health, can be considered ‘special categories of personal data’ under applicable data protection law. +
a. We collect data you provide to us
When you book a flight with us, create an online account , contact our Service Centre, subscribe to receive our emails or mobile push notifications, register for one of our events or participate in a promotional contest.
b. We receive your personal data from your travel agent, our airline partners and other companies involved in facilitating your travel arrangements
We receive your data from these parties to handle your bookings and to fulfil your travel arrangements and purchases. For example, when you book a flight through a travel agent, we receive your identifying information and booking details from your travel agent. And if you use a third party platform to search and book a flight, we may receive those details from that provider.
c. When you use our website or mobile app, we collect information via cookies and similar technologies
d. Depending on your social network settings, we may receive information from your social network provider
Please see ‘The types of personal data we process’ above.
a. To provide our services to you
To handle your bookings and to fulfill your travel arrangements and purchases, we need to process most of the information described above. For example, we need your name, passport number and other identifying information to issue your ticket. To confirm your booking and to inform you about changes in your flight status, we need your contact details. And, to ensure that you receive the required care, we require your specified medical needs.
b. To provide our online services and mobile app to you
c. For statistical research
d. To send you updates and special offers tailored to your interests
e. For other direct marketing purposes
f. To communicate with you
We use your contact details to communicate with you in relation to our services or loyalty programs, to answer your questions or to handle your complaints.
g. To secure order and safety aboard flights
h. For record keeping and to comply with statutory obligations
We collect, store and use your data for internal business purposes, such as record keeping and to comply with our legal and fiscal obligations.
We may be required by law to collect and share your identifying information and your booking and travel information with public authorities or governmental organizations for the purpose of border control, immigration, entering the territory of a State, security or combatting terrorism.
We collect, use and store your personal data to comply with the legal obligations we are subject to, if necessary for our legitimate interests or the interests of a third party or on the basis of your consent.
You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent. For example, by clicking the unsubscribe link in the email, adjusting your communication preferences in your account (if available) or by changing your smart phone settings (for mobile push notifications and location data). You may also contact us to withdraw your consent (please see ‘Your Rights’ below).
If you refuse to provide personal data that we require for the performance of the contract or compliance with a legal obligation, we may not be able to provide all or parts of the services you have requested from us. For example, we may have to cancel your flight or we may not be able to provide you with the ancillary services requested by you. If you provide incomplete or inaccurate information, we may be forced to deny you boarding or entry into a foreign territory under applicable Dutch or international laws.
When we process your personal data for our legitimate interests or the interests of a third party, we have balanced these interests against your legitimate interests. Where necessary we have taken appropriate measures to limit implications and prevent unwarranted harm to you. Our legitimate interests may for example include security and safety purposes or to provide better services and offers to you. For more information on these interests, please see the ‘For which purposes we use your data’ above. Where we process your personal data for our legitimate interests or the interests of a third party, you have the right to object at any time on grounds relating to your particular situation (please see ‘Your Rights’ below).
We may disclose or share your personal data with our group companies, airline partners, your travel agents, Flying Blue, service providers or subcontractors for the following purposes.
a. To facilitate your bookings and travel arrangements
To handle your bookings and to fulfill your travel arrangements and purchases, we must share your personal data with our group companies, partner airlines, airport operators and other companies involved in facilitating your travel arrangements. For more information on our group companies and the airlines we work with, please see our corporate website. When you purchase our services through a travel agent or other third party, we also share your personal information data with these parties.
b. For support services
We use third parties to provide our services, such as IT suppliers, social network providers, marketing agencies, credit and charge card companies and anti-fraud screening service providers. All such third parties will be required to adequately safeguard your personal data and only process it in accordance with our instructions.
c. For the Flying Blue program
d. Statistical research and direct marketing
We may share your personal data with group companies and third parties for statistical research and direct marketing. Please see above ‘Statistical research’, ‘To send you updates and special offers tailored to your interests’ and ‘Other direct marketing purposes’ for more information.
e. To secure order and safety aboard flights
We may also be required by law to collect and share your identifying information and your booking and travel information with public authorities or governmental organizations for the purpose of border control, immigration, entering the territory of a State, security or combatting terrorism.
Concerning the flights operated by Transavia France SAS (these flights have a flight number starting with ‘TO’), the following rules shall apply:
In accordance with the Data Protection Law No. 78-18 of 6 January 1978 relating to computers, files and privacy, and Article L. 232-7 of the French Code of Homeland Security, your API and PNR data may be transmitted to the “Passenger Information Unit”. The "Passenger Information Unit" (PIU) is a service of the French administration that brings together the various authorities responsible for the prevention and fight against terrorism and serious crime and to prevent the undermining of fundamental interests of the French Nation.
What kind of data are transmitted?
How do I know if it concerns my flight and my data is transmitted?
Transavia will take appropriate technical and organizational measures to protect your personal data against loss or unlawful use.
Transavia may transfer your personal data to countries other than your country of residence (including countries outside the European Economic Area). This occurs in the course of providing your travel arrangements or because our group companies, partners or service providers have operations in countries across the world. The laws of these countries may not afford the same level of protection to your personal data.
The transfer of personal data to countries other than your country of residence is often necessary to provide our services to you. In other cases, Transavia will ensure that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under applicable privacy laws. For transfers of personal data outside the European Economic Area, Transavia may use Commission approved Standard Contractual Clauses as safeguards.
You may contact our Privacy Office (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to data portability and (6) the right to object to processing.
1. Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
2. Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
3. Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us. Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully.
4. Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continue storing your personal data. We will inform you before the restriction is lifted.
5. Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.
6. Right to object
You also have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see ‘Legal basis’ above).
At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
There may be situations where we are entitled to deny or restrict your rights as described above. In any case, we will carefully assess whether such an exemption applies and inform you accordingly.
We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in case the personal data was not provided by you or if we process the data not on the basis of your consent or for the performance of a contract.