Privacy
Our Privacy Policy was updated on 29 June 2018.
We have revamped the Privacy Policy front and back so that it can provide privacy details on how we manage your Personal Data for SATA and its affiliated companies within SATA Group:
- SATA Air Açores;
- SATA International – Azores Airlines;
- SATA Gestão de Aerodromos;
- Azores Airlines Vacations America; and
- Azores Airlines Vacations Canada.
Please take a moment to familiarize yourself with our privacy practices and let us know if you have any questions.
Our Commitment to your Personal Data Privacy
This Privacy Policy sets out how SATA and its affiliated companies within SATA Group collect, use, disclose, process and protect any information that you give us when you use our products and services located at SATA’s website. If during the consultation or use of services/products in SATA’s website, we request certain information by which you can be identified, it will only be used in accordance with this Privacy Policy.
In this Privacy Policy, Personal Data means information that can be used to directly or indirectly identify an individual, either from that information alone or from that information combined with other information SATA has access about that individual. Such Personal Data may include your name, address, telephone number and email address.
The application of the principles enumerated in this document does not prevent the use of complementary measures of information security during the protection of your Personal Data.
SATA is committed to protecting the privacy, confidentiality and security of your Personal Data, and this obligation is extended to all its employees and suppliers who deal with them.
By using SATA services/products, you confirm that you are of legal age and you are deemed to have read, acknowledged and accepted all the provisions stated here in the Privacy Policy, including any changes we may make from time to time. We are committed to review the Privacy Policy as and when required to maintain compliance with laws and regulations that address best privacy practices such as the General Rules on Data Protection (RGPD).
In addition, in order to ensure compliance with the Payment Card Industry Data Security Standards (PCI-DSS) we do not collect or process your Personal Data or your card when performing transactions with your card.
Ultimately, what we want is the best for all of our users. If you have any questions or concerns about how we manage your Personal Data, you should contact our Data Protection Officer (see Contact Us).
What information is collected and how we use it?
In order to provide our services/products to you, we will ask you to provide Personal Data that is necessary to provide those services to you. However, at all Personal Data acquisition points, the purpose for which they are intended is clearly and explicitly indicated. Also, this information will not be processed for other purposes than those indicated. If you do not provide your Personal Data, we may not be able to provide you our services/products.
Types of information collected
We may collect the following types of information, which may or may not be Personal Data:
- Information provided by the user (includes contact information): We may collect Personal Data that you submit through our acquisition points. Examples include your name, phone number, e-mail address, address, citizen's card number, passport number and details, billing details, user account details (e.g. account security information, date of birth, address, special preferences and tastes), among others;
- Financial information: information related to billing and purchases made on websites (e.g. tax identification number);
- Academic-professional information: information related to your social activities and recruitment (e.g. name of enterprise, current position, academic background, profession, curriculum vitae);
- Device information: information related to the device with which you are accessing our services/products (e.g. operating system version, device manufacturer details, and model name); and
- Records information: information related to the use of certain website functions and applications (e.g. cookies and other anonymous identifier technologies, IP addresses, network request information, temporary message history, standard system logs, crash information).
We may also collect other types of information which is not linked to you and which is aggregated or anonymized. This information is collected for the purpose of providing you with a better user experience.
How the Personal Data is used?
In brief, Personal Data is collected for providing services/products to you, and legal compliance on our part under applicable laws. You hereby consent that we may process and disclose Personal Data to SATA Group and third parties for the purposes stated in this Privacy Policy.
We may use your Personal Data for the following purposes:
- Providing, processing, maintaining, improving and developing our services/produtcts to you, including after-sales and customer support and for services on your device or through our websites, namely in what concerns to flight reservations;
- Perform customer support activities;
- Processing purchase orders or sales services;
- Provide informative information such as services/products updates, events, among others;
- Carry out activities related to marketing, such as sending materials and promotional marketing campaigns;
- Analyze and develop statistical information on the use of our services/products;
- Collect your feedback to help us improve our services; and
- To store and maintain information necessary to meet the legal obligations.
Minors Personal Data
We consider it the responsibility of parents to monitor their children’s use of our services/products. Nevertheless, it is our policy not to require Personal Data from minors or offer to send any promotional materials to persons in that category.
Should a legal representative have reasons to believe that a minor has provided us Personal Data without their prior consent, please contact us to ensure that all Personal Data is removed and the minor unsubscribes any of the applicable services/products.
Direct marketing
We may use your name, phone number, and email address to provide marketing materials to you relating to services/products that we offer. To provide better user experience, we may recommend services/products based on information about your purchase history, website browsing history, birthday, age, gender, and location. We will only so use your Personal Data after we have obtained your consent or indication of no objection in accordance with local data protection laws, which may require separate explicit consent.
You have the right to opt out of our proposed use of your Personal Data for direct marketing. If you no longer wish to receive certain types of email communications, you may opt-out them using the available mechanism.
We will not transfer your personal data to our business partners for use by our business partners in direct marketing, without your informed and active prior consent.
Cookies and other technologies
Cookies are small text fragments sent by websites that you visit. These fragments are stored in the computer through your browser, retaining only information related to your preferences, not including, as such, your personal data.
Web beacons or pixel tags are small graphic images that may be included on our sites, services, applications, messaging, and tools, that typically work in conjunction with cookies to identify our users and user behavior.
Cookies help our website to store information about your visit, such as your preferred language and other settings, allowing a faster and efficient browsing, eliminating the need to repeatedly introduce the same information. This can ease your next visit and make our website more useful to you. Cookies play an important role.
For more information on how we use cookies and how you can remove them, please see our Cookies Policy.
With whom we share your information
We do not sell any Personal Data to third parties, however, we may disclose your Personal Data on occasion to third parties in order to provide the services/products that you have requested.
SATA Group
SATA Group is composed of a legal group of enterprises. When you expressly consent, you allow us to disclose your Personal Data to any SATA Group enterprise. Aiming to provide and improve the services/products you want.
We undertake to take the necessary and appropriate organizational and technical measures to ensure the security of your Personal Data during the sharing process.
If any of the companies are merged, acquiring or selling assets in whole or in part, we will notify you by informing you of ownership changes and by asking you about the options you can make about your Personal Data.
Third parties
We need to disclose your Personal Data to third parties in order to conduct business operations smoothly in providing you with the full capabilities of our products and services, namely to Ground Handlers, Customs and Airport Security Services. Apart from that, we will only share your Personal Data with your consent.
If we share Personal Data with third parties, we will be obliged to specify in a contractual manner that the external entity will be subject to the practices and obligations mentioned in this policy and the legislation in force regarding the collection, processing and storage of Personal Data.
Legal entities
We are required to disclose your Personal Data without further consent, when required by applicable law.
Sharing without consent
We may share anonymized information and statistics in aggregate form with third parties for business purposes (e.g. ads on the website). We may also share trends about the general use of our services, such as the number of customers in certain demographic groups who purchased certain flights or who have made certain transactions or routes.
Transfer of Personal Data outsider of European Union
If we may need to transfer Personal Data outside of your jurisdiction, we shall do so in accordance with the applicable laws, namely for countries considered appropriate by the European Commission. In particular, we will ensure that all transfers will be in accordance with requirements under your applicable local data protection laws by putting in place appropriate safeguards.
What security safeguards do we use?
We are committed to ensuring that your Personal Data is secure. In order to prevent unauthorized access, disclosure or other similar risks, we have put in place reasonable physical, electronic and managerial procedures to safeguard and secure the information we collect on websites. We will use all reasonable efforts to safeguard your Personal Data.
Security safeguards
When you access our websites, cryptographic protocols such as Secure Sockets Layer (SSL) or Transport Layer Security (TLS) are used to ensure the communications confidentiality and integrity. Also, all Personal Data is stored on secure servers in protected premises.
In order to guarantee all levels of security, your Personal Data is classified based on importance and sensitivity ensuring that they have the most appropriate level of security. We also guarantee that our employees and external entities that may access your Personal Data are subject to strict contractual confidentiality obligations and may be held liable if they do not comply with such obligations. We also guarantee special access controls for the storage of Personal Data located in cloud services.
We undertake to regularly review our practices for the collection, storage and processing of Personal Data, including physical security measures, to protect any unauthorized access to our resources and your Personal Data.
Although we will take all practicable steps to safeguard your Personal Data, you should be aware that the use of the Internet is not entirely secure, and for this reason we cannot guarantee the security or integrity of any Personal Data which is transferred from you or to you via the Internet.
In case of data breaches detection, we undertake to notify you and the supervisory authority, complying with all legal and regulatory requirements, including the GDPR.
Liability
In addition to correct functioning of our security mechanisms, we also need your help, and it is your responsibility to safeguard your Personal Data, adopting a posture of minimum exposure to the risk of loss or theft of information.
As so, you can play your part in safeguarding your Personal Data by not disclosing your login password or account information to anybody unless such person is duly authorized by you. Whenever you log in any SATA websites, particularly on somebody's computer or on public Internet terminals, you should always log out at the end of your session. We cannot be held responsible for lapses in security caused by third party accesses to your Personal Data as a result of your failure to keep your Personal Data private.
Notwithstanding the foregoing, you must notify us immediately if there is any unauthorized use of your account by any other Internet user or any other breach of security.
What is our retention policy?
Personal Data will be held for as long as it is necessary to fulfill the purpose for which it was collected, or as required or permitted by applicable laws.
We shall cease to retain Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that Personal Data was collected is no longer being served by retention of the Personal Data.
We shall cease to retain Personal Data, or remove the means by which the Personal Data can be associated with particular individuals, as soon as it is reasonable to assume that the purpose for which that Personal Data was collected is no longer being served by retention of the Personal Data.
Have control over your information
According to GDPR, we put at your disposal the possibility of accessing, updating, correcting, eliminating or limiting the processing of your Personal Data.
Data subject rights
You have the right to request access to and/or correction of any other Personal Data that we hold about you. When you update your Personal Data, you will be asked to verify your identity before we proceed with your request. Once we obtain sufficient information to accommodate your request for access to or correction of your Personal Data, we shall proceed to respond to your request within any timeframe set out under your applicable data protection laws. SATA normally provide such services for free but reserve the right to charge a reasonable fee for your data access request, based on actual administrative costs and as defined by applicable data protection laws. If requested, we may also provide you with a copy of your Personal Data collected and processed by us in a structured and commonly used format so that you can exercise your portability right.
If you wish to proceed with the deletion of your Personal Data, we will evaluate the reasons for the request for deletion of your Personal Data and we will take reasonable steps, including technical measures, to proceed with the safe disposal if the grounds apply to GDPR.
You may also limit our processing of your Personal Data. We will also consider the reasons for your request for restriction and if the grounds apply to the GDPR, and we will only collect and process your Personal Data under applicable circumstances defined in the Regulation, informing you before the processing limitation is implemented.
We also guarantee that you can decide whether to be or not to be subject to a decision based solely on automated processing, where you can include the creation of a profile user.
The requests described above must be forwarded to the Data Protection Officer and will be executed only after confirmation of identity, committing us to respond within the time period defined according to the GDPR.
In order to help you to exercise your above rights, we recommend you to complete our form here and send it to data.protection@sata.pt.
Withdrawal of consent
You may withdraw your consent for the collection, use and/or disclosure of your Personal Data in our possession or control by submitting a request. We will process your request within a reasonable time from when the request was made, and thereafter not collect, use and/or disclose your Personal Data as per your request. However, it is important to know that the request to withdraw consent may result in the inability to provide you with our services/products.
Services and third party websites
Our websites, products, applications and services may contain links to third-party websites, products and services. Our products and services may also use or provide products and provide services to third parties.
Information collected by third parties is governed by their privacy practices. We recommend that you obtain information about the privacy practices of these entities.
Updates to our Privacy Policy
Our Privacy Policy is a dynamic tool and we will modify it when there is a change to the way we process your data, in accordance with the relevant data protection laws. SATA reserves the right at any time to make updates to this Privacy Policy and publish them on our websites. We suggest that you check them regularity to be aware of any changes.
Contact us
If you have any comments or questions about any content contained in this Privacy Policy, please do not hesitate to contact our Data Protection Officer through the mechanisms below:
Address
SATA – Segurança da informação
Avenida Infante D. Henrique, nº 55 – 2º andar
9500-528 Ponta Delgada