Iberia Privacy Policy for Customers and Passengers

Our Privacy Commitment

Iberia is committed to reseeding your privacy and protecting your personal information.

We will be transparent about the information we are collecting and what we will do with it.
We will use the Information you give us for the purposes described In our Privacy Policy, which include providing you with services you have requested and enhancing your experience with IBERIA.
We will also use the information to help us understand you better and so that we can give you relevant offers.
If you tell us you don't want to receive marketing messages we will stop sending them. We will, of course, continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.
We will put in place measures to protect your information and keep it secure.
We will respect your data protection rights and aim to give you control over your own information.

You can access our full Privacy Policy below to help you to understand better how we use your personal information. In it, we explain in more detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with.

Within our full Privacy Policy you can find some specific examples of why and how we use your personal information. If you have further questions please get in touch with us at our Data Protection Office by email at OficinaDPO@iberia.es

Without prejudice of your rights under the relevant applicable laws, this Privacy Policy and the information above have no contractual nature and are not a part of your contract with us.

Controller of Personal Information

Any personal information processed by Iberia in connection with this Privacy Policy is controlled by Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal, holder of Spanish VAT no. ES-A85850394 (hereinafter "IBERIA"), which Is considered the "data controller" under European Union data protection law. Our contact address for this purpose is "Data Protection Office of Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal" at Calle Martinez Villergas numero 49, 28027 - Madrid (SPAIN) or by email at OficinaDPO@iberia.es

If you made a booking with us but one or more flights are operated by other air carriers, then each of these carriers will also be, independently, a data controller under European Union data protection law.

IBERIA is a legal entity pertaining to IAG Group, the parent company of which is the Spanish legal entity International Consolidated Airlines Group, S.A.. You may learn more about what companies are part of IAG Group below.

In addition, if you are a member of our loyalty scheme IBERIA PLUS then the company Avios Group Limited (AGL) -which is an IAG Group company, as well- will also be a "data controller" together with IBERIA of your personal information being processed within Iberia Plus Loyalty Program. Avios Group Limited's address is Astral Towers, Betts Way, Crawley RH10 9XY - United Kingdom. Its webpage is at www.aviosgroup.com and its Data Protection Office may be reached by ordinary mail to the aforementioned address or by email at data.protection@avios.com .

What do we mean by personal information?

Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

When does this policy apply?

This Privacy Policy applies to personal information about you that we collect, use and otherwise process in connection with your relationship with us as a customer or as a potential customer or as a member of our loyalty schemes IBERIA PLUS or ON BUSINESS, including when you travel with us or use our other services -such as our auction website or our gift cards service- , use our websites or mobile apps, contact our service agents or call centres and book to use our service through third parties such as travel agents and other airlines.

when we refer to other entities being data controllers within Sections "Data controller" or "Who do we share your personal information with?", you should consult their own privacy policies for further information.

If you decide to hire additional services with us, such as making an on board purchase or using our in-flight entertainment devices or taking part in one of our contests organised by Iberia together with third party collaborators, please take into account that further terms and conditions may apply.

How can you protect your personal information?

We make serious efforts to care for and protect your personal information when you share it with us. Below you can find some recommendations on how to keep your personal data safe.

Do not share your booking code or locator

When you make a booking you will be furnished with a reservation code -also known as PNR or Passenger Record. This reference will be included in you booking confirmation email or within the ticket of each passenger within that reservation.

Please always keep your reservation code confidential. If you share it with a third person he/she may access your booking data in our systems.

If you travel with others and you do not want them to have access to your booking data it might be advisable that you carry out your reservation separately.

Do not share your Iberia Plus, Iberia Joven or On Business personal area log-in data

To make sure that access to your personal area in our webpage and mobile application is safe please do not share your Iberia Plus, Iberia Joven or On Business -the specialised companies for companies we sponsor together with British Airways Plc. log-in data with anyone. When you finish using our website, online services or mobile applications please make sure to end your session if someone else may access your computer or device. This is particularly relevant in the case that you are using a public access computer or device.

Be cautious and protect yourself from internet fraud and "Phishing"

There is a broadly spread type of internet fraud practice known as "Phishing" aimed to illegally obtaining your personal information by deception. Unsolicited emails are sent to individuals from a list that has been illegally obtained, and recipients are requested to insert or confirm their passwords or bank details in a false or cloned website.

When do we collect personal information about you?

We collect personal information about you whenever you use our services -whether these services are provided by us or by other companies or agents acting on our behalf- including when you travel with us, when you use our website, or interact with us via email or mobile applications or use our contact centres.

Here are some examples of when and how information Is collected:

When you book or search for a flight or other products or services on our website or app.
When you book a flight or other products through our other sales channels, such as a travel agent.
If you join any of our loyalty schemes Iberia Plus, Iberia Joven, On Business, or when you register in our ticket auctions website or when you decide to purchase one of our gift cards.
When you call our contact centres or service agents.
When you complete a customer survey to provide us with feedback.
When you enter a contest or register for a promotion or if you choose to interact with us via social media such as Facebook or Twitter.
When you travel with us and use our VIP lounge facilities and airports where we operate
If you use our in-flight entertainment and communication services.
When you click on one of our emails or navigate around our website. We may also gather information about how you found us on the internet and the sites you previously visited.

To learn more please refer to Section "What types of personal information do we collect and retain?" below.

In addition, we may receive personal information about you from third parties, such as:

Companies contracted by us to provide services to you.
Companies involved in your travel plans, including airline involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
Companies who provide details to us that you have agreed can be shared with Iberia.

What types of personal information do we collect and retain?

When you use our services you will need to provide us with your personal details or the details of those individual(s) who will be travelling.

We collect the following categories of personal information:

Information you provide in order for Iberia to complete and manage a booking you have made with us or a service you have requested from us.
Examples:Your name, address, email, contact details, date of birth, gender, passport or other national ID number, your account details and payment information.
If you buy tickets for someone else we may collect your billing Information but may communicate with the passengers directly about their flight.
We will know whether you have made your booking at iberia.com or in any other sales channel such as a travel agency or our contact centres.
Information collected during your travel with us
Examples: We may collect information such as your interactions with our personnel and cabin crew before and during the flight.
We may track location data from your devices where you have permitted us to use it.
We collect information about your use of our services during travel, such as your use of our inflight entertainment system or our VIP lounge facilities.
Information about your travel arrangements
Example: Details of your booking, travel itinerary, details of any additional assistance you require and other information related to your travel wits us such as meal preferences or dietary requirements.
Information about the services we have provided to you in the past
Example: Details of your previous travel arrangements, such as your previous flights and travel-related issues, including upgrades received, your baggage requirements, airport disruption, luggage incidents and your customer feedback.
Information about your online logins and other interactions.
Example: We will retain your data to guarantee our correct interaction with you when you have joined our loyalty schemes Iberia Plus or Ob Business or when you have identified yourself as a member of our schemes or any other loyalty scheme we accept.
We will retain your information when you have taken part in any of our contests or promotional initiatives, or when you have interacted with us through social networks such as Facebook or Twitter.
Information about your use of our websites, contact centres and mobile applications
Examples: To help us customise your personal information and to improve our website we use "cookies" and other similar technologies and collect information about your searches and the contents you have visited on our website, such as what website you are surfing from, or the banner advertisements or links appearing in our marketing partners' websites.
We will use the information gathered in the cookie to better understand you as our customer. This information may include, if you have fed it into our website, information on a flight booking or a passenger name in the case these data were linked to your personal profile in Iberia Plus.
From your use data we may learn that you have visited iberia.com and searched for a flight, but you have not made your reservation yet. We might use this information to contact you and offer you further information on this booking or the destination you might be interested in.

When and why do we collect "sensitive personal data"?

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexual orientation or biometric data are considered "sensitive personal data" requiring an additional level of protection under European Union data protection law. In Iberia we generally try to limit the circumstances where we collect and process sensitive personal data. These are examples on circumstances where we might need to collect and process sensitive personal data:

You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
You have otherwise chosen to provide such information to us or It has been passed onto us by a third party such as the travel agent through which you made your booking.

It may also happen that you have requested a particular type of special meal -such as a certain menu- which may imply or suggest you hold particular religious beliefs or have a particular health or medical condition.