Privacy Policy | Icelandair
Pingdom Check

Icelandair Privacy Policy

Icelandair takes protection of your personal information seriously and respects your privacy.

Here is a summary of how Icelandair approaches your privacy rights, collection, usage and processing of your personal information:

  • Icelandair will provide you with details about the information we are gathering and what we will do with it.
  • Icelandair will put in place measures and use methods to keep your information secure and protected.
  • Icelandair will make sure your data protection rights are respected and to give you more control over your own information.
  • Icelandair will use the information you give us for the purposes described in our Privacy Policy. These purposes include providing you with
  • services you have requested and enhancing your experience with Icelandair.
  • Icelandair will also use the information to help us understand you better and so that we can give you relevant offers.
  • Icelandair will not send you marketing material if you tell us you don’t want to receive it. However, we will continue to send you important updates and information on a service or product which you have purchased, in order to keep you informed of your booking, service or travel itinerary.
  • By clicking the sections below, you can read our Privacy Policy in more detail. Reading the Privacy Policy will give you a better understanding of how your personal information is used, what types of information we collect, how it is collected, what purposes it will be used for and who it may be shared with.

We will provide you with some specific examples of the processing of your personal information. If you have further inquiries, please contact us via e-mail by writing to privacy@icelandair.is.

Please keep in mind that the summary above, and the Privacy Policy below, are not contractual and do therefore not form part of your contract with us, without prejudice to your rights under applicable laws.

When will we send you marketing?

When you provide your information directly to us you may be asked if you don’t want to receive our marketing material. Icelandair sometimes promotes the products and services of third parties and other Icelandair Group subsidiaries.

Icelandair may ask you to consent to receive marketing material from other third parties outside the Icelandair Group.

Whatever your choice on receiving marketing material from us or by which methods they are delivered, we will respect it.

What options do you have when receiving marketing material from us?

You can change your mind at any time on whether you would like to be sent marketing material or not. To stop receiving marketing material from us, you can use the following methods:

  • If you are a member of Icelandair Saga Club, you can change your preferences online by logging in to your profile via our website. Additionally, you can call our service center on +1-800-223-5500 or write to Icelandair Saga Club using the Contact Us form on the Icelandair website.
  • Furthermore, each marketing communication sent to you via e-mail will provide you with the option to unsubscribe from receiving any further marketing materials from us.
  • Alternatively, you can call our service center on +1-800-223-5500 and ask to be unsubscribed from marketing materials in the future.

Even if you choose not to receive marketing material, we will still communicate with you in relation to services or products you have purchased. For example, we will still send you messages reminding you that check-in for your flight has been opened, to send you an electronic ticket or to inform you of any changes or disruptions to the services. Additionally, if you are a member of Icelandair Saga Club, we will send you information on your membership or important service information, such as if and when your benefits are due to expire.

Please be aware that if you indicate that you would not like to receive marketing material from us, we will retain your personal information in order to fulfil your wishes not to receive such material.

For how long do we retain personal information?

Your personal information will be kept as long as it is needed for the purpose it is being processed. For example, we will need to retain information related to your travel for as long as it is needed to fulfil your travel arrangements and after that so that we can respond to claims, disputes or questions about the booking. Your information may also be retained so that we can provide you with improved and personalized services, as well as so that you may enjoy any loyalty benefits which you have accrued.

Icelandair actively reviews personal information so that it is not retained longer than there is a legal basis for it being processed. In some cases, it may be anonymized and in other cases, deleted.

Details about the data controller of your personal information

Where Icelandair processes your personal information under this Privacy Policy, it is considered to be the “data controller” of your personal information under European Union and Icelandic data protection law. Our address is as follows:

Icelandair ehf.
Reykjavíkurflugvelli,
101 Reykjavík
Iceland

Icelandair has appointed a Data Protection Officer, whom you can reach by e-mailing privacy@icelandair.is or writing to the above address.

 

Whenever you make a flight booking with Icelandair, but some parts of your journey are to be provided by other airlines, then those airlines are separate “data controllers” under European Union data protection law. In that case, Icelandair and any other airlines will be joint controllers of your personal information.

Any additional service providers, e.g. a travel agent, hotel or car rental company, which provide a part of your services will also be separate “data controllers”. Their privacy policies will be accessible from them directly.

Please be aware that, depending on the services that you have requested, other agreements will form your contractual relationship with Icelandair. Examples of such agreements are Icelandair’s Conditions of Carriage for Passengers and Baggage and Conditions for Saga Club Membership.

If you have requested additional non-flight related services or booked a package including such services, then the providers of such services will be identified in the booking or ordering process. The providers of such services will also separately be “data controllers”.

When does this policy apply?

The Privacy Policy of Icelandair applies when we collect, use or otherwise process your personal information regarding your relationship with us as a customer or potential customer. This includes when you book flights or travel with us, use our additional services, websites or mobile applications. Additionally, the Privacy Policy applies when you contact our service agents or book our services through third parties. An example of such third party would be a travel agent or another airline.

Where we reference that others are data controllers in the sections ’Controller of Personal Information’ and ’Who do we share your personal information with?’ you should consult their privacy policies for further information.

For further information on the applicability of privacy policies, such as when there are additional “data controllers” as described in the section “Details about the data controller of your personal information” or when we share your personal information, as described in the section “In which cases and with whom do we share your personal information?” we advise that you refer to their privacy policies for additional details.

Additional Terms and Conditions or policies may apply if you request additional services from us, e.g. if you use our on-board Wi-Fi, enter a competition linked to Icelandair and other third parties or if you sign up for Icelandair Saga Club.

What is personal information?

Whenever information provides details which identify your person or could be used for the same purpose, it is considered to be personal information. An example might be your name, your contact details, your Icelandair Saga Club member ID, or your purchase history. Details on how you use our websites and mobile applications may also be personal information.

In which cases do we process and from whom might we receive your personal information?

Whenever you use our services, website, mobile applications, make contact with us via e-mail, social media or our service agents, we collect your personal information. The same applies when the services are provided by third parties or agents acting on behalf of Icelandair. Please be aware that if you do not wish to provide us with personal data which is necessary for the performance of a contract or which we are legally required to process, we may not be able to provide you with part or all of the services requested.

Furthermore, we may receive your personal information from third parties, such as:

  • When a company that is contracted by Icelandair provides services to you.
  • When a company or third party that is involved in your travel provides you with services, such as customs or immigration authorities, airport operators, airlines involved in your prior or onward journey.
  • When a company is involved in our loyalty schemes, competitions or other customer programs, such as a hotel, other airlines, travel provider or a rental car company.
  • When a company provides your information to Icelandair as stated in their privacy policy.

To see which types of personal information Icelandair processes about you, please see the section “What types of personal information do we process?”

What types of personal information do we process?

To provide you with our services, or the services of other data controllers which deliver part of the services that you have requested, we will need to process your personal information. Further processing may take place to provide you with relevant marketing materials and enhance your experience with Icelandair.

Icelandair processes the following types of personal information:

  • Information that you provide which is used to manage and complete a booking or provide you with services which you have requested.
    • Your name, address, email, contact details, date of birth, gender, passport number, your account details and payment information.
    • If you book for someone else, we may collect your billing information but may communicate with the passenger directly about their flight.
    • We will know if you booked your flight on our website or used another sales channel such as a travel agent, our service center or our social media accounts.
  • Information which is collected during your journey with us.
    • We may collect information such as your interactions with staff and cabin crew before and during the flight.
  • Information about your travel arrangements.
    • Details of your booking and travel itinerary.
    • Details of any specific preferences such as meal requests, seating requests, required additional assistance or services and other relevant information.
  • Information about services that you have previously used.
    • Information on your previous travels, travel arrangements, travel-related issues and disruptions, service changes such as upgrades, baggage requirements, lost luggage and customer feedback.
  • Information about online interactions and registrations.
    • We will retain your information to ensure we interact with you appropriately if you have registered with us, either through Icelandair Saga Club, other loyalty schemes or customer programs.
    • We will retain your information if you have entered a competition, registered for a promotion or interacted with us via social media such as Facebook or Twitter.
  • Information about how you use and interact with our websites, service agents and mobile applications.
    • To help us to personalize your information, improve our website and resolve issues related to the booking process we collect information about your searches and the content you have viewed and interacted with on our website using cookies and similar technologies, such as the website you come from, internet banner advertisements and links which appear on our marketing partners’ websites.
    • We will use previous web usage data stored within the cookie to personalize and understand you as a customer. This could include if you have entered any booking or passenger name information on our website or if you used your Icelandair Saga Club membership number.
    • We would be able understand from your data usage that you have visited our website and searched for a flight, but did not complete your booking. We may use this information to contact you to offer more information about the booking and destinations which you have shown interest in.
  • Information about your location from your device if you have been browsing on our website or using our mobile application. (This is your IP address. An IP address (i.e. Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device).
    • Identifying the country from which you are accessing the relevant website or application which will enable us to provide more relevant content and use an appropriate language.
    • If you have given permission we may use the functionality on your device (such as Bluetooth, Wi-Fi and GPS) to determine your location to assist with flight connections, boarding our aircraft as well as provide a personalized service (you can access or change this option by amending the location settings on your device).

For more information, please see our Cookie Policy.

When and why do we collect ‘sensitive personal data’?

In some cases, Icelandair may process your personal information which is considered to be sensitive. Specific categories of personal information, such as on religion, health or ethnicity require additional safeguards under European Union and Icelandic data protection law. These categories are referred to as “sensitive personal data”. Icelandair will only process these categories of data in specific circumstances.

Following are examples where we may process “sensitive personal data”:

  • If you have requested specific medical assistance, such as wheelchair assistance or oxygen.
  • Some requested services, such as certain types of meals, may provide suggestions of your religion, health or other preferences. These types of information may or may not be considered “sensitive personal data”.
  • If you have requested clearance to fly with a medical condition or because you are more than 28 weeks pregnant.
  • If you have chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through which you made your booking.

For which purposes do we process your personal information?

The main purposes for which we process your personal information are:

  • To provide you with the services you have requested and make sure your travel arrangements are fulfilled.
    • We will need to use information such as your name, address, contact details, date of birth, gender, passport number, your account details and payment information so that we can process bookings, fulfil your travel arrangements, process payments, provide information to relevant authorities (such as tax, customs and immigration authorities) and so that Icelandair agents know who is booked on a flight.
  • To manage the boarding process and to facilitate flight connections at the airport.
    • If your flight is due to leave and you not have not boarded the aircraft, we may need to check whether you have passed through airport security or whether you were on a connecting flight in order to understand how to contact you about boarding the flight.
    • If you have a connecting flight, we may need to know where your checked-in luggage needs to be transported so that it arrives at your final destination.
  • To send you updates about your flight or other services.
    • We may send you information when check-in is open for your flight or if there have been disruptions or alterations.
  • To keep track of you in advance of your flight and at the airport.
    • When you are travelling with us and using an airport where we operate, we may have the ability to monitor where you are within the airport to assist you with flight connections and boarding of our aircraft as well as providing a personalized service.
    • If you have presented your boarding pass to gain access to one of our lounges.
  • To help maintain safety and to meet certain legal and regulatory requirements which apply to Icelandair as an airline.
    • As an airline there are regulatory obligations on Icelandair to maintain a record of passenger information on our aircraft.
    • The laws of certain countries, such as the United States, Canada and the United Kingdom, require airlines to provide certain passenger information to the border and immigration authorities.
    • Icelandair maintains data which may be used to deny services to certain individuals due to previous incidents, e.g. jeopardizing of safety, harassment of other passengers or staff.

  • To provide services tailored to your requirements or preferences and to treat you in a more personal way.
    • If you are a member of Icelandair Saga Club, we may personalize the experience you have while flying with us in Saga Class. For example, a member of our cabin crew may welcome you back on board an Icelandair
    • We may update and share non-personal information with our media agencies, in order to serve tailored and relevant advertising from our partners and third parties on our websites, applications and electronic communications.
  • To carry out analysis and market research.
    • We will analyze the way in which our sales channels, products and services are being used by customers so that we can understand how to improve the service we offer and encourage customers to use the full range of our products and services.
  • To market and keep you informed of Icelandair products and services.
    • We may send you information about our products and services, as well as the products and services of other Icelandair Group companies, by email or text message.
    • We may tailor the content of our websites, applications, emails and other communications to ensure they are as relevant to you as possible – including previous destinations including offers and/or services relating to that or a similar destination.
    • Understand your flying preferences and provide information about offers, such as upgrades.
    • If you’ve searched for flights but not booked, we may remind you about our services via social media, e.g. Facebook or Twitter based on the flights you searched for previously.
    • We may combine anonymized customer relationship marketing data with a third party (e.g. Google, Facebook) so both companies can understand behavioral activities such as knowing other sites visited.
  • To send you status updates and service communications.
    • Even if you have opted-out of receiving marketing material from us, we may still send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from the services we provide and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
    • We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it successfully.
  • To improve our websites, products and services.
    • We may monitor the way that you and other customers use our website so that we can identify ways to improve the website experience and enhance the security of our website.
  • For purposes related to legal claims or disagreements.
    • We may use your personal information to uphold our legal rights as a business or the rights of our employees, e.g. in cases related to illegal activities, claims, fraud or harassment.
  • For management and administrative purposes.
    • We may use and retain your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.
    • We may process your personal information when performing searches related to requests for copy or deletion of personal information.

In which cases and with whom do we share your personal information?

Icelandair may share your personal information with its sister companies within the Icelandair Group, which include Air Iceland Connect, Icelandair Hotels, Iceland Travel, Fjárvakur-Shared Services, Feria and Icelandair Cargo. Icelandair shares details within the Icelandair Group so that our sister companies can help us provide, improve and market our services. As an example, if you have used the services of our sister companies, we may use this information to learn more about the sorts of services or products you may be interested in. For more information about the companies within the Icelandair Group, please see our parent company's website of our parent company.

Icelandair may share your personal information with other airlines which participate in the fulfilment of your travel arrangements. Icelandair will only share your information as part of its business operations as a commercial airline and travel provider, or if we have a legal og regulatory obligation to do so.

Your personal information may also be shared with the following third parties:

  • Authorities, customs and immigration agencies of countries in your travel itinerary. This includes countries which you might fly over. Icelandair is required by law to share your personal information with immigration, customs or border control agencies of countries such as the United States, Canada and the United Kingdom.
    • For example, all passengers travelling to the United States, Canada or the United Kingdom need to submit their Advance Passenger Information (API). For more information, see the APIS page on our website.
  • Other airlines and service providers which participate in providing the services you have requested. For example, if you have flight connections or will be staying at a hotel as part of your journey which you have booked through Icelandair, your personal information will need to be shared with any additional airlines or service providers needed to provide you with these services. These additional service providers will be identified in the booking process.
  • If you become a member of Icelandair Saga Club or an affiliated loyalty program and you accrue benefits, your personal information may be shared with those loyalty programs to make sure your benefits are delivered to you.
    • If you are a member of Icelandair Saga Club and you fly with Finnair (or another affiliated loyalty program), you may be eligible for benefits within Saga Club. In order to issue those benefits to you, we will need to share details of your Saga Club membership with Finnair.
  • Payment and credit card companies, credit reference agencies and companies involved in anti-fraud screening in order to process and receive payments from you and to protect ourselves against possible fraud.
  • In cases where we are legally required to share your information with government and law enforcement agencies.
  • Third party providers which we use to process data in order to provide you with products, services and marketing material. For example, third party providers which are involved in the storage of data, ground handling agents on airports or marketing services.
  • Third parties involved in the conduct of legal claims, such as law firms or courts.
  • Third parties, such as security companies, the police and regulatory authorities, when we may need to safeguard our property and assets, provide safety to our customers, staff and assets or have our rights enforced.
  • Icelandair may provide non-personalized data on usage to other websites which will allow them to know whether you have visited our websites. For further information, please see our Cookie Policy.
  • Icelandair may need to provide your personal information if we are legally required to do so, including if Icelandair decides to start operating from a new destination where local laws require us to provide personal information.

If the services you have requested include other Icelandair Group companies, such as if they provide you with stay at a hotel or day tours, your personal information will be provided to Icelandair as well as other Icelandair Group companies involved.

Icelandair will not sell your personal information to third parties. We will not allow third parties outside the Icelandair Group to send you marketing material unless you have provided your consent.

What countries will your personal information be transferred to?

As a commercial airline, Icelandair has business partners located in countries around the world. Icelandair may therefore transfer and store your personal information in countries outside the European Economic Area. Icelandair may share your information with third parties in countries located outside the European Economic Area in order to provide you with services you have requested or for other legitimate reasons. For example, Icelandair is required by the laws of some countries to share your personal information with customs and immigrations authorities. To read more about who your personal information may be shared with, please refer to the section “+ In which cases and with whom do we share your personal information?”.

Please be aware that this means that your personal information may be transferred to third parties which are located in countries where may have fewer legal rights than provided by your local laws.

How does Icelandair safeguard personal information that is transferred to third countries?

According to European Union and Icelandic data protection laws, certain requirements need to be fulfilled when your personal information is transferred to a country outside the European Economic Area. The purpose of these requirements is to make sure your personal information is adequately protected, even when being transferred outside the European Economic Area.

When Icelandair transfers your personal information to a third country, one of the following will apply:

  • The transfer is made to a country deemed to provide adequate protection of personal information according to a decision by the European Commission. When data is transferred to the US, transfers may be based on the EU-US Privacy Shield.
  • The recipient of the personal information has approved binding corporate rules which provide an adequate level of protection for your personal information.
  • Icelandair and the recipient of your personal information have made contracts regarding the transfer of data using standard contractual clauses which the European Commission has decided provide an adequate level of protection for your personal information.
  • The data in question is PNR data and the transfer is made on the basis of a bilateral agreement by the EU and a third country that provides a high level of personal data protection.
  • The recipient of the personal information has approved Codes of Conduct which satisfy the requirements of European Union and Icelandic data protection law.
  • The recipient of the personal information has obtained certification issued by an accredited certification body according to European Union and Icelandic data protection laws.

What can you do to keep your personal information secure?

Icelandair makes every effort to protect your personal information. We encourage you to take steps to secure your personal information. Here are some measures that you can take to keep your information safe:

Don’t share your booking reference with others

Whenever you book a flight, you will be provided with a booking reference, known as a PNR (Passenger Name Record). A booking reference will appear on the ticket or e-mail confirmation of each passenger in a booking. You should never share your booking reference with others, as it may allow other people to access the details of the booking.

If you are booking a flight for yourself as well as others and would not like them to see your booking details, we recommend that each passenger make separate bookings.

Keep your login credentials confidential

If you are a member of Icelandair Saga Club, you will be issued unique user credentials in order to be able to access your online profile on our websites or mobile applications. To make sure those credentials stay secure, you should never share them with anyone else. Icelandair recommends that whenever you finish using our online services, you should log out to make sure others cannot gain access to your online profile.

Be careful when online and avoid internet fraud

Dishonest individuals may try to gather your personal information by trying to deceive you online. This illegal activity is called “phishing”. Phishing is often performed by sending you an e-mail which has been designed to make you think that it has been sent a legitimate business. However, such e-mails may often form part of a scam to trick you into disclosing details, such as your personal information, login credentials or bank information. Phishing e-mails will often contain links to fraudulent websites which imitate the look and feel of legitimate websites.

Changes and amendments to this policy

Icelandair may make changes to this Privacy Policy so that it reflects how we process personal information from time to time. Icelandair may place a notice on its website or communicate with you in other ways whenever the Privacy Policy is amended. You can review the latest version of our Privacy Policy on this site.

If you do not wish that we process your information under our Privacy Policy, you will have to discontinue using our services and delete your account, if applicable. Furthermore, you may make a request for access, rectification, restriction or deletion of your personal information. For further information, please see the Sections “What are your rights as our customer?” and “How can I make a request for a copy or deletion of my personal information and how do I lodge a complaint?” below.

What are your rights as our customer?

As our customer, you have a right to request access, rectification, restriction and deletion of your personal information held by us. Furthermore, you may receive a copy of your personal information. For more information on such requests, please refer to the Section “How can I make a request for a copy or deletion of my personal information and how do I lodge a complaint?” below.

As our customer, you also have rights to object to some of the processing. In cases where processing is based on your consent, you may withdraw it at any time. For more information on withdrawal of your consent, please refer to the Section “Processing based on consent” above. Please be aware that your rights as stated above may be limited. As an example, where we can demonstrate that there is a legal requirement to process your data, we may not be able to delete it.

Please be aware that if you request for your personal information to be deleted, such requests may affect your relationship with us as a customer. For example, deletion of your personal information might result in your accrued Icelandair Saga Club benefits being forfeited.