Politik om beskyttelse af personlige oplysninger og cookies
PLAY is committed to protecting our customer privacy and we take the security of our customers' personal information very seriously. We promise to be transparent about the information we collect and how we use it. This Privacy Policy explains what types of personal data we collect, how and why we use it, who we share the information with, the legal basis for the use of your personal information, your rights, and how we protect your privacy.
By using our website services or otherwise interacting with PLAY, you are accepting the practices and policies described in this Privacy Policy.
Who is responsible for your personal data and why do we have a privacy policy
Any references in this Privacy Policy to “PLAY”, “we”, “us” or “our” means PLAY, a company registered in Iceland with registration number no. 660319-0180 and registered office at Suðurlandsbraut 14, 108 Reykjavík, Iceland. PLAY is the “data controller” for the purposes of the Icelandic Data Protection Act and other applicable European data protection legislation, namely GDPR. This means PLAY controls how your personal data is collected and is responsible for defining the purposes for processing your personal data.
We do collect personal data relating to you. However, we are committed to ensuring your right to privacy and will only process your personal data as set out in this Privacy Policy. This Privacy Policy applies to the personal data PLAY collects and uses.
We promise that we´ll tell you how to use your data and we´ll use it to keep your flight safe and affordable. PLAY is committed to protecting its customer personal data and guarantees that it takes the security of customer information very seriously. PLAY promises to collect and store your data securely.
Below, we will explain how we collect, use, transfer, store or otherwise process any personal data relating to you. Our aim is to be as clear, transparent and candid as possible.
Without prejudice to your rights under applicable laws, this Privacy Policy is not contractual and does not form part of your contract with us.
Personal data and data processing
When we use the term “personal data” in this Privacy Policy, we mean any information relating to you and through which you can be identified, directly or indirectly, or in combination with other information that we may hold. Personal data may include all sorts of things, for example, your name, phone number, email address, payment details, information relating to your travel itinerary (e.g. your booking reference number) or information on how you use our website and app or how you otherwise interact with us.
When we use the term “processing” of personal data, we mean any operation or set of operations performed on personal data, whether or not by automated means. All actions carried out on personal data, from collection and storage to alteration, use or disclosure thus constitute ‘processing’, e.g. we process your personal data when you change your booking or otherwise seek other support from us or when we send you newsletters or offers based on your preferences.
Personal data we collect about you
The types of personal data that we collect will depend on our relationship with you, the circumstances of collection and the type of service you request from us. We collect some of your personal data directly from you, for example when you book a flight with us, use our website or our app, use our services or contact us. We may also receive your personal data from our suppliers who provide services to you on our behalf (for example when you provide feedback on our services), our partners when you purchase their travel-related products or third parties who act on your behalf, for example, travel agents, tour operators or other parties through which you may book a flight.
We will only collect your personal data when we need to. Depending on the purposes for which we need to use your personal data, we may collect and process the following categories of information about you:
Your name, surname and contact information, such as e-mail address, phone number, and postal address.
Information about other passengers in your booking such as the age range of children traveling with you.
Advance Passenger Information or (API), this information includes your full name, nationality, date of birth, gender, number and type of travel document, its expiry date and country of issue.
Details collected regarding your bookings and your travel itinerary, such as date, origin, and destination for the trip, type of tickets and services bought, seat purchase, any luggage purchase, pre-ordered meals, duration of stay, time of purchase and amounts paid. If you require special assistance or if you have specific dietary requirements. This information includes changes to your bookings or any travel products that relate to your bookings, for example, if you purchase travel insurance, buy a tour, rent a car or book a hotel along with your flight booking. Also, information about the purchase of products available on board.
Information concerning your health, for example, if you have a medical condition that may affect your flight, or if you need wheelchair services (see further below regarding sensitive personal data for more information).
Payment or transaction details (for example credit/debit card number and expiration date) regarding the purchase of products or services.
Any information concerning customer care and travel irregularities, such as delayed or canceled flights, lost or delayed luggage, and complaints, refunds, and compensation.
Any communications or feedback you exchange with us, such as your emails, letters, calls, or your messages or posts on social media directed to us.
Details about how you use our website or our mobile app, such as your searches for flights.
Special categories of personal data
For the purpose of providing service to you, we might need to collect information revealing your race, ethnicity, physical or mental health or religious beliefs. Information of this nature is considered, “special categories of personal data” under GDPR. We will only collect and use this information where you have given your explicit consent, it is necessary to protect your interests, or you have deliberately made the information public.
We collect the above information for your safety, for example, if you have a specific medical condition you need to inform us of that.
If you require special assistance before or during a flight it can reveal information about your health, for example, we do need to know if you require a wheelchair to board a flight or if you are in your third trimester.
Also, if you inform us about certain dietary requirements you have, this could indicate that you have specific religious beliefs. If you do not allow us to process any sensitive personal data, we may be unable to provide all or parts of the services you have requested from us.
When you provide us with information that could be considered a special category of personal data, we will use it only in accordance with this Privacy Policy.
How do we collect personal data?
We collect your personal data whenever you use our services (both services provided directly by us or by other companies or agents we work with), our website, call center or mobile applications when you travel with us. This includes, for example:
- when you book, search or browse for a flight or other products or services on our website or mobile apps;
- when you purchase our products or services;
- when you make a booking on behalf of other passengers;
- when you contact us or we contact you;
- when you check-in for specific travel routes;
- when you register to receive our newsletters or other communications;
- when you enter into one of our competitions, register for a promotion, complete one of our surveys or otherwise interact with us;
- when you complete a customer survey or provide us with feedback;
- when you interact with us via social media services, such as Facebook or Twitter.
We may also receive your personal data from suppliers who provide services to you on our behalf. This includes, for example, our partners when you purchase their travel-related products or third parties like travel agents or other parties who book a flight for you. You should know that if you book a flight on behalf of someone else, you must have their consent to use their personal information.
How and why do we use personal data?
Data protection laws allow us to process your personal data if we have a legal basis to do so. The legal basis will depend on the reasons why we have collected and need to use your personal data (see further below for more information on the legal basis). Most of the time we will process your data in order to perform our contract with you and process your booking.
We collect and process personal data for the following purposes:
A) To provide our services to you and to manage your travel bookings
When you make a booking, we will create an account through which you can complete and manage your booking. We may also do so when you make a booking through another party or by using another website. If you no longer wish to use your account, you can deactivate it, but if you decide to make a booking again, you will need to create a new account with us.
When you book a flight with us, we use your data to perform our services in relation to your flight and to deliver other services you have asked us to provide, for example, to process and manage your booking, to verify credit or other charge card details, issue your flight ticket, check you in for your flight, accept you on board and get you to your destination. We also use your information when you are using our airport services, such as when you check-in at our desks at the airport and to change your flight bookings if you request such changes.
B) To communicate with you and manage our relationship with you
We may need to use your contact information to keep you informed of your bookings. We will send you confirmation of your bookings and your payment. We may also send you reminders or information regarding your flight, for example when the check-in opens, gate change information and to advise you of any disruption and changes to your flight. If you are using our mobile app, we may also send you app notifications for these purposes. These communications are made for operational purposes, not for marketing purposes, and as such, you will continue to receive them even if you opt-out from receiving marketing communications.
If you contact customer support, send us a request, fill in a web-form through our website or contact us on social media, we will process your personal data to identify you and help you as best we can, for example in relation to mishandled or missing baggage claims or responding to other inquiries or requests. We may also examine the content of our communication with you, for example, the correspondence between us where we deal with your complaint, to improve our services and experiences for customers.
When you contact us by phone, please note that your calls may be recorded for training and quality control purposes, including for monitoring the services we provide to you.
C) To personalize and improve your customer experience
We will also use your information to fulfill our legitimate business interests. We strive to improve and simplify your booking experience while also tailoring our services to your needs and preferences. We want to give you personalized customer experience. In order to do all these things, we may use your personal data. For example, by knowing your preferred departure airport – we can provide you with offers for flights relevant to your location, as well as enabling us to provide you with more relevant communications on our webpage and in other channels.
We may also collect information on which products or services you buy, how you use our website, etc. We do this in an effort to better understand what you like. We may use this information to personally tailor the content and offers you see, for example by delivering messages, offers and information that we think is relevant and may be of interest to you, prior to, during, and after your travel with us. They may also be used to personalize the services, content and offers on our websites and other sales and service channels including third-party websites and applications and via social media services.
D) For marketing communications
We may want to send you marketing communications for our flights, services, competitions, promotions or events. In addition, we may send you offers related to your upcoming flights or communications promoting our partner’s products and services that may relate to your travel arrangements. For this purpose, we will process your personal data, such as e-mail address, booking history or campaign participation history.
In addition, we will send you communications promoting our partner’s products and services that may relate to your travel arrangements.
For the purposes of providing you with marketing material, we will mainly contact you via email or send you notifications on our app. We might also use other ways to provide you with marketing material, news and offers, for example on your PLAY online account, through social media or when you contact us.
We value your privacy and will always respect your choice not to receive marketing communication. If you decide you would no longer be sent marketing communication, you can change your mind at any time.
E) To improve ourselves and to protect our business interests
We may use personal data to conduct statistical and marketing analyses for our products and services or products and services of third parties. Furthermore, we may use personal data to research or improve our products, services and marketing activities.
We also use personal data to protect our business interests. For example, we will be using data related to you, for example, your name, email address, IP address and other credit card information for fraud screening, safety, security, and legal purposes.
F) To fulfill our legal obligations
We may process your personal data to comply with our legal obligations, for instance when we are obliged to maintain or provide information to government authorities or border control agencies. For this purpose, the data we process may include your name, address, e-mail address, IP address, payment details, and passport details.
Cookies or other tracking technologies
We use cookies or other technologies to improve our services, to provide you with more relevant content and to analyze how visitors use our website and app. Cookies allow us to recognize your device or computer and to see how you interact with our website. We will in most cases not be able to identify you from the information we collect using these technologies.
For example, cookies give you features such as remembering aspects of your last flight search to make the next search faster. You can modify your browser settings to decline cookies, but this may prevent you from taking full advantage of the website or our app.
Who do we share your personal information with?
We share information on users internally and to companies within our group so they can assist us in providing services to you and to understand more about you.
We may also share some of your personal data, or obtain your personal data, to/from certain third parties as follows:
- Airports, law enforcement, and government authorities when required by law, regulation, legal process or enforceable governmental request. For example, there are specific destinations where we are required to provide your personal data to border control agencies with information that relates to your documents and travel itinerary (Advance Passenger Information).
- Third parties, such as law firms and law courts, to enforce or apply any contract with you.
- Travel agents or other such companies through which you book your services with us or otherwise interact with us on your behalf, including when you make an inquiry with a travel agent but do not proceed to book.
- Payment service providers such as credit and debit card companies. You will be providing us with your payment details in addition to other personal data to complete your payment. These data, for instance, your name, address, e-mail address and IP address will be disclosed to our payment service provider to complete your booking. In order to prevent and detect fraudulent transactions, we may also share your data with a fraud screening partner.
- Third-party service providers who perform operations or work on our behalf and on our instructions as data processors. These service providers help us to run our business and improve our services as well as your customer experience. For instance, we will need to share your data with our ground handling agents who handle your check-in at the airport you are traveling from. We may also share your data with our call center or other companies who help us get your feedback on our services. Third-party service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf.
- Business partners who offer related products or services which we think may interest you. We do allow third parties to make offers available through our website. If you decide to purchase their services or products, some of your personal data may be disclosed to that third party.
- Other business partners. We may share aggregated data for the purposes of improving our service, research, statistics and system administration.
- Also, note that through our website we sometimes provide links to third-party websites that are subject to separate Privacy Policies. Please be aware that this Privacy Policy does not apply to such websites and that we are not responsible for your information that third parties may collect through these websites.
What is our legal basis for using your personal information?
We will only process your personal data where we have a legal basis to do so. The legal basis will depend on the reason we collected and our need to use your information. Our legal basis for the processing of your personal data are:
- We need to use your data so that we can provide our services to you, that is to, process your booking, fulfill your travel arrangements and otherwise perform the contract we have with you.
- It is in our legitimate interest as an airline to use your data in order to operate and improve our business as an airline or a travel provider.
- We need to use your data in order to comply with legal obligations.
- We need to use your data to protect the vital interest of you or another person.
- You have given us consent to use your information in a particular manner.
How long do we keep personal information
We will not keep your data for longer than is necessary to fulfill the purpose it is being processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means.
We will retain personal data in order to meet our legal obligations or to deal with complaints, queries and to protect our legal rights in the event of a claim being made.
When we no longer need your personal data, we will securely delete or destroy it. We will also consider if and how we can minimize over time the personal data that we use, and if we can anonymize your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
Your rights - Requesting access to your personal data
The GDPR and other data protection laws give you specific rights in relation to your personal information. Your rights include the following:
- Right to know whether we hold information about you and, if so, what that information is and further details how/why we use and process your personal information.
- Right of access to your personal information we hold. If requested (see below) you will receive an electronic copy of the personal information we hold about you.
- Request correction of the personal data that we hold about you, for example, if it is inaccurate.
- Request erasure of your personal data. In certain instances, you can ask us to delete or remove personal data, for example where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below). We will retain your information for the period required to fulfill the purposes set out in this Policy and when there is a legal obligation to do so.
- The right to revoke consent to the processing of data where consent is relied upon by us as the basis of processing for a specific purpose. You have the right to withdraw your consent for that specific processing at any time. If we receive notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have a legal basis to do so or if your withdrawal of consent was limited to certain processing activities. Please note that if you withdraw this consent it may mean we will not be able to provide all or parts of the services you have requested from us.
- Object to processing of your personal data if we are relying on legitimate interest as a basis for our processing unless our reasons for the underlying processing outweigh your interests, rights, and freedoms. Also, you have the right to object where we are processing your personal information for direct marketing purposes. Please note if you exercise this right in relation to our marketing communications we will no longer send you marketing communications. However, we will still send you communications about the services you have booked to use, such as your travel itinerary.
- Object to automated decision-making, such as profiling, that is not to be subject to any automated decision-making by us using your personal information or profiling of you. We do point out that although we use personal information to personalize our services and offers to you we don't engage in automated processing.
- Request transfer of your personal data to you or to a third party (also known as data portability). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format.
- Third parties. If you are applying on behalf of another person then we require a signed letter of authority from the data subject in the form provided here. If you are applying as a parent/guardian of children then we require the signed letter of authority provided here. In addition to the other requirements set out below, we will also verify the email of the data subject before processing such requests.
If you wish to exercise any of the rights set out above, please contact [email protected]Link åbner i ny fane.
Responses to requests will be provided within one month. If your request is particularly complicated, we may extend the deadline for responding to three months but will let you know if this is the case.
Security of your personal data
We are committed to protecting the personal information we hold and take the appropriate security measures to safeguard the collection, transmission, and storage of the data we collect in order to prevent it from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
In addition, we limit access to your personal data within PLAY and our service providers to a “business need to know”. In other words: they are not to be able to access or process your data unless they need to, and where they need to, they are doing it on our instructions, under a duty of confidentiality and have appropriate technical and operational security measures in place to protect your data.
Furthermore, we have put in place procedures to deal with any suspected personal data breach. We will notify you and any applicable regulator of a breach where we are legally required to do so.
Transfer of personal data to other countries
Transfer of personal data to a third country outside of the EEA will only take place if appropriate safeguards under EU law which legitimize data transfers outside are provided, such as by entering into standard contractual clauses adopted by the European Commission. The standard contractual clauses can be found on the European Commission website.
MyPLAY account
All data collected upon registration to the MyPLAY account will be processed in line with this Privacy Policy.
When our use of your personal data is based on your consent, you have the option to withdraw your consent of our processing and delete your personal data at any time. You can do this by submitting your request to us.
If your account includes information about a travel companion you can also request that we delete their information.
We keep your personal information contained in your account for as long as you hold the account. You can change the personal data in your account directly in the account. Any changes made by you will only show in bookings made after these changes have been made and not in existing bookings.
Please note that general retention periods apply to any personal data we collect to enter into a contract with you or to perform that contract or because we have a legal obligation to process it.
Updates to our Privacy Policy
From time to time, we may make changes to this Privacy Policy. Changes will be communicated to you by way of an e-mail or a notice on our website.