Luxair, Société Luxembourgeoise de Navigation Aérienne S.A., a public limited liability company (société anonyme) incorporated and existing under the laws of the Grand Duchy of Luxembourg, having its registered office at 25 rue Gabriel Lippmann, L-5365 Munsbach, with postal address at L-2987 Luxembourg (Luxair) is the data controller of your personal data and is committed to respecting your privacy and protecting your personal information in accordance with the law.
Luxair has appointed a Data Protection Officer to ensure that your personal data is processed in the correct manner. You can contact the Data Protection Officer with questions or requests concerning our processing of your personal information by sending an email to firstname.lastname@example.org
Luxair collects personal information about you when you use our services, when you travel with us, when you use our websites, or when you use our call centres or mobile applications. This includes information you provide to us directly or indirectly through third parties. Those third parties include the following categories: companies involved in your travel plan such as travel agencies, hotels, other airlines or airport operators and companies contracted by Luxair to provide services to you.
Luxair may process any data you have communicated directly or indirectly, and generally the following categories of data:
• Information about you, such as your name, gender, address, telephone, email, nationality, date of birth, passport and visa. When you create a personal account or register, Luxair may also record your sign in details and other information you fill out on your personal account or registration form. This is for example the case with MyLuxair account;
• Information about your reservation, loyalty program, bookings, purchases, claims and any, additional assistance you require and other information related to your travel with Luxair (e.g. upgrades, extra luggage etc);
• Information about your browsing behavior on our websites and mobile apps and information about when you click on one of our adverts, and the way you access our digital services, including operating system IP address, online identifiers and browser details;
• You may also choose to share sensitive personal data with us regarding your health data because you have requested specific medical or other personalized assistance. In such case and if required by law, you will be requested to provide with your explicit consent in order for us to process those personal data.
The processing of your personal data is performed for the following purposes:
Travel arrangement includes managing your travel details such as booking flight or/and hotel, insurance subscription, boarding process, connecting flight, transfer to the hotel, accomplishment of visas checking at the airport, payment and invoicing, car rental, assistance and claims.
This processing includes also communication regarding the services you have booked such as receiving booking confirmation email with your personal data that you provided to us and travel itinerary (those information will allow you to check the correctness of the personal data that you have provided to us) but also receiving status update and service communication by email or text message regarding your travel arrangements (e.g. flight being delayed). Those communications may also contain options and offers about services you may want to use such as: upgrades, additional baggage etc.
2.2 Marketing information
We may process your personal data to provide you with marketing information by sending you newsletters, promotions or other marketing communications.
Please note that you can always object to the processing of your personal data for marketing purposes, and to receive commercial communications by clicking on the link displayed at the bottom thereof. Please note that if you tell us that you do not wish to be sent further marketing communications, you may still receive service communications which are necessary, for example, to confirm your booking or to provide you with an update on its status.
We may tailor the content of our websites, applications, emails and other communications to ensure that they are relevant to you. If you have searched for flights but not booked or finished the transaction, we may contact you with a reminder and provide assistance on our services via email based on the flights you searched for previously.
2.3 Statistical analysis and customer experience
Statistical analysis and market research are performed to understand how to improve and/or personalize the services we offer and encourage customers to use the full range of our products and services. Luxair performs statistical research into general trends regarding the use of our services, websites, mobile application and the behavior and preferences of our customers.
2.4 Survey, market research and games
We do organize surveys or market research from time to time to better understand the way you use our services in order for us to improve them. Your participation in surveys is made on a voluntary basis.
We do provide from time to time to our customers the possibility to participate to games where for example a prize or gift may be won.
2.5 Safety and legal requirements
We may process your personal data for safety and legal purposes.
We may process your personal data to comply with legal obligations such as immigration and customs obligations or PNR (Passenger Name Record) or API (Advance Passenger Information) obligations. For PNR and API, various countries oblige airlines to disclose passenger data for arriving in and departing from such countries in order to assist the authorities to fight terrorism and serious crime or compliance with local legislation.
We may keep a record and a file of the names of passengers/clients who have interfered with the safety, security, public order, either on board of Luxair’s aircrafts or on the ground or in connection with any services provided or/and offered by Luxair. Those passengers/clients will be notified by Luxair in writing that Luxair would not at any time after the date of such notice carry the passengers on its flights or/and provide any travel packages services to such clients. Such travel ban will not exceed 4 years.
2.6 Administrative reasons
We may process your personal data for administrative reasons such as: claims you may have, accounting, payment card control, fraud control and maintenance of the system.
Depending on concerned processing operations, the processing of your personal data is based on one or several of the following conditions:
3.1 you have given your consent to the processing of your personal data for one or more specific purposes (e.g. sending newsletters, personalized offers and others marketing offers); or
3.2 the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract ; or
3.3 processing is necessary for compliance with a legal obligation to which Luxair is subject; or
3.4 processing is necessary for the purposes of the legitimate interests pursued by Luxair or by its third party (e.g. combat fraud, security or safety issues, cooperate with law enforcement bodies, improve customer experience, develop new services and products enforce our policies).
If you fail to provide requested personal data, this may entail that we will not be able to provide all or parts of the services you have requested. Please be aware that in, in certain instances, you will not be able to cancel or obtain a refund of any fees you have paid for related services.
We may communicate your personal data to the following categories of third parties for the purposes mentioned in this notice:
- travel agencies, airlines, airport operators, insurance companies, call centers, hotels or other companies needed to deliver the services you have requested;
- credit card companies and anti-fraud service providers;
- partners in the loyalty programs that you have joined;
- service providers who ensure the operation and security of our IT system on behalf of Luxair;
- authorized authorities, agencies or administrations, as required by applicable local law such as customs and immigration authorities or competent authorities responsible for PNR/API information; and
- third parties to protect our rights or the security or safety of our customers, employees and assets.
The transfer of your personal data is related to the purpose and localisation to third parties identified in this notice. Luxair intends to store and transfer personal data as much as possible inside the European Union or in third countries being considered by the European Commission as having an adequate level of protection. However, some personal data may be sent to third countries. When personal data is transferred to a non-EU/EEA country without satisfactory levels of protection for personal data, we will apply appropriate measures, usually by including a standard contractual clause that has been adopted by the European Commission. These standard contractual clauses can be found at the following link:
If there is a lack of both a decision on adequate levels of protection by the European Commission and established appropriate safeguards in the form of standard contractual clauses in accordance with the above, we will only transfer your personal data outside the EU/EEA, based on one of the conditions for transfers provided for by data protection legislation, e.g. if the transfer is necessary in order to fulfil the agreement we have with you.
The retention periods Luxair applies take into account laws and regulations which impose a specific retention period for certain categories of data, as well as CNPD recommendations regarding certain types of data processing. These retention periods can go up to 10 years. We may also archive your data until the statutory limitation periods have expired (up to 30 years in some cases), provided that this is necessary for the establishment, exercise or defence of legal claims.
You have the right to request from Luxair access to and rectification of your data. Please note that where you request access to your personal data, since Luxair processes a large quantity of information and as allowed by the law, we may request that, before the information is delivered, you specify the information or processing activities to which the request relates.
You have also the right, subject to conditions imposed by law, to request the erasure of your personal data or the restriction of the processing concerning your data or to object to the processing of your personal data as well as the right to request the data portability of your personal data.
If you have provided your consent to the processing of your personal data you can at any time withdraw such consent.
You may also object, free of charge, to the future processing of your personal data relating to you for the purpose of marketing purposes.
In order to process your request we may ask you to provide us with the following items:
• your name and postal address
• a photocopy of your passport or ID so that we can verify your identity;
• the reason of your request: right of access, rectification, erasure, objection, restriction or portability of your personal data or withdraw your consent if applicable
• your signature and the date of the request
• all email addresses (past and present) used to book
• booking reference and dates if applicable
The above should be sent to the following address:
Luxair S.A. – Data Protection Officer
25 Rue Gabriel Lippmann,
Postal address: L-2987 Luxembourg
Or at the following email address: email@example.com
From the date that we receive the necessary above information, Luxair will start to process your request. Please note that any missing information may delay the processing of your request.
If you wish to raise a complaint on how Luxair has handled your personal data, you can contact the supervisory authority for data protection in Luxembourg:
Commission Nationale pour la Protection des Données
1, avenue du Rock’n’Roll
To ensure security where personal data is collected, our website uses strong encryption methods for the transmission of your data between your web browser and our web servers. The URL of a website using encrypted connections to your browser always starts with https://
If your current browser should not support encryption method you can download the most up-to-date versions for the most popular web browsers on the respective websites.
When you pay for any of our services using a card, all information is sent via a secure connection to ensure that your personal data cannot be read by third parties. The actors with whom we collaborate in terms of card payments are all certified in accordance with the international security standard PCI-DSS, which means a very high level of security for the processing of your card details.