Choose your preferred country and language

warning

Your browser is not supported

The browser you are using - Internet Explorer or old version of Edge – is not supported by our website. Not to face issues while using our website please use the latest version of Edge or any other modern browser like Chrome, Safari or Firefox.

close

Privacy Policy

1.    Introduction 

Luxair pays particular attention to respecting the privacy of individuals and is fully aware of the importance its customers attach to it. For this reason, Luxair is committed to providing its services while ensuring that your personal data is processed transparently, in accordance with the laws and regulations in force in Luxembourg regarding data protection — including the General Data Protection Regulation (GDPR) (hereinafter referred to as “Data Protection Legislation”) — and in strict compliance with your instructions.


At Luxair, we treat data protection as part of our premium travel service. Our Objective is to ensure transparency and trust in every customer interaction. As such, personal data are processed responsibly to enhance and improve the customer experience: enabling smooth booking flows, personalised offers, faster support, and secure travel services.    

 

 

2.    Role of Luxair in the Processing of Your Personal Data

Luxair, Société Luxembourgeoise de Navigation Aérienne S.A. (25, Rue Gabriel Lippmann, L-5365 Munsbach, Luxembourg) (also referred to in this policy as “Luxair,” “we,” or “our”) acts as the data controller for all personal data necessary for the processing activities described below, in the context of its passenger air transport operations, tour operator activities, and related services.

 

 

3.    Origin of Collected Personal Data

Personal data about you are collected when you use our services, when you travel with us, when you browse our websites and mobile applications, and when you use our call centers or mobile apps. This includes data that you provide to us directly or indirectly through third parties. These third parties fall into the following categories: companies involved in your journey, such as travel agencies, hotels, other airlines or airport operators, and companies we engage to provide services to you.

 

 

4.    Description of the Processing Performed by Luxair

The primary processing activities carried out by Luxair in relation to your personal data include the following:


4.1    Performance of the travel services contract


These processing activities are carried out in the context of providing air transport and travel package services. They cover the management of bookings and the end-to-end customer journey, including reservations, ticketing, check-in, boarding, disruption handling, and the delivery of related ancillary services. They also include the organisation of assistance for passengers with special needs, ensuring appropriate support throughout the journey. Processing is further undertaken to verify the validity of travel documents in compliance with applicable legal and regulatory requirements. In addition, customer relationship management activities encompass sales of flights and travel packages, handling enquiries and complaints, managing loyalty programmes, and maintaining customer communications. Finally, these activities also enable passengers to book additional services and to subscribe to travel insurance during the booking process, including coordination with insurance providers for policy issuance.


Please note that certain personal information (for example, travel document details and contact information) is required for multiple products and services we offer. If you do not provide this information when requested for specific services, we may be unable to deliver those products or services in full.


For more detailed information on these processing activities, please refer to the dedicated link: Download as word document or PDF document

 

4.2    Managing Customer Relationships, Personalization, and Marketing


These processing activities relate to managing customer relationships, sending newsletters, personalising the customer experience, and carrying out marketing initiatives. They include analysing customer preferences and behaviour to improve services and tailor offers, such as through satisfaction surveys, retargeting of abandoned carts, customer segmentation and profiling, and personalised content on websites and applications. They also cover the sending and optimisation of marketing and promotional communications, including performance measurement and deliverability management. In addition, these activities encompass interactions with customers and prospects via Luxair’s social media channels, supporting engagement, communication, and brand visibility across platforms such as Facebook, TikTok, Instagram, LinkedIn, and YouTube.


For more detailed information on these processing activities, please refer to the dedicated link: Download as word document or PDF document

 

4.3    Operational and compliance processing


These processing activities relate to operational management and compliance with legal, regulatory, and safety obligations applicable to Luxair’s activities as an airline and tour operator. They include the recording and management of safety and security incidents, the provision of assistance and traceability in the event of accidents, and the screening of passengers against international sanctions lists, as well as the enforcement of flight bans where applicable. They also cover cooperation with public authorities, including the transfer of required information and responses to official requests. In addition, these activities encompass the management of disputes and debt recovery.


Additionally, Luxair can carry out operations for security of involved IT systems, and the implementation of cybersecurity measures. Finally, they include ensuring compliance with data protection and other regulatory requirements, such as handling data subject rights requests and maintaining appropriate records.


For more detailed information on these processing activities, please refer to the dedicated link: Download as word document or PDF document

 

4.4    MyLuxair and loyalty program data processing


These processing activities relate to the creation and management of customer accounts and participation in loyalty initiatives offered by Luxair. They include enabling users to create and manage their MyLuxair account, facilitating booking tracking and simplifying future reservations through pre-filled information. They also cover the option to log in via external providers, such as social networks, to streamline access to services. In addition, these activities encompass the management of participation in loyalty programmes, such as the High Five initiative, allowing customers to benefit from associated advantages and offers.


For more detailed information on these processing activities, please refer to the dedicated link: Download as word document or PDF document

 

4.5    Website operations


These processing activities relate to the operation, security, and optimisation of Luxair’s websites and digital platforms. They include ensuring essential website functionality, such as session management, secure transactions, fraud prevention, and the continuity of bookings. They also cover the management of user consent and compliance with applicable legal requirements. In addition, these activities involve analysing website performance and user behaviour to improve functionality and user experience, including follow-up communications in case of incomplete bookings. Finally, they encompass personalisation and digital advertising efforts, such as tailoring content and offers, optimising the user experience, and measuring advertising performance and conversions. 

For more detailed information on these processing activities, please refer to the dedicated link: Download as word document or PDF document


4.6    Information on Joining the Miles & More Loyalty Program


As a customer, you can register for the Miles & More loyalty program. For more information on the processing of your personal data within the Miles & More program, please refer to the Miles & More Privacy Policy: Go to the Miles & More Privacy Policy.

 

 

5.    What Are the Categories of Recipients of Your Personal Data?

As part of our operations, your personal data may be shared with different recipients, only when necessary and in accordance with Data Protection Legislation.

 

Within Luxair, your data may be disclosed to our staff members and collaborators, strictly within the scope of their respective responsibilities.

 

Business Partners and Service Providers: We share your personal data with third parties involved in the provision of our services, including:

  • Travel partners (airlines, hotels, airports, check-in agents, ground handling services, special assistance, ground transportation, catering services, lounges, fast-tracks, etc.) to organize your travel. The processing of your data by these partners is governed by their own privacy policies, which can be consulted, in particular, via the IATA repository.
  • Payment and fraud prevention service providers in connection with the processing of your payments.
  • Loyalty program partners to enable your participation in the relevant programs.

 

Support Service Providers: We engage third-party providers to help us operate, secure, and improve our services, support Luxair’s marketing efficiency and customer experience as well as to defend ourselves in legal matters. These include:

  • IT and technology providers (hosting, maintenance, reservation systems, customer support),
  • Marketing and advertising service providers,
  • Social media platforms in connection with certain integrated features,
  • Screening or healthcare service providers, where applicable,
  • Legal advisors and representatives to protect our rights or in the context of litigation.
     

Public Authorities and Legal Obligations: We may be legally required to disclose certain personal data:

  • To competent governmental, regulatory, and airport authorities (customs, immigration, border security, health authorities, PNR/API data transmission, consumer protection),
  • To law enforcement authorities, when necessary for the prevention or detection of offenses, or for the protection of individuals, property, or the safety of our passengers, staff, or infrastructure,
  • To competent courts, when required.


Third-Party Websites: Our websites and mobile applications contain links to third-party websites. By clicking on these links, you leave our services. The privacy policies of those third parties will then apply independently of ours.

 

 

6.    Where Are Your Personal Data Transferred?

Your personal data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), depending on the services you subscribe to, the partners involved, or your travel itinerary.


Luxair strives to store and process personal data within the EU/EEA or in countries that have been recognized by the European Commission as providing an adequate level of data protection, equivalent to that under the GDPR.


However, certain processing activities may require a transfer to third countries that do not benefit from such a level of protection. In these cases, we implement appropriate safeguards, including the use of the standard contractual clauses adopted by the European Commission.


In the absence of an adequacy decision or appropriate safeguards, we transfer your personal data only if one of the derogations provided by the GDPR applies—for example, when the transfer is necessary for the performance of your contract (such as organizing your travel or booking with a provider located outside the EU/EEA).


In all cases, we ensure that your data receives a level of protection that complies with the requirements of the GDPR.

 

 

7.    Retention Periods for Your Personal Data

We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, or to comply with our legal, regulatory, or contractual obligations.


The retention periods applied take into account:

  • Specific legal and regulatory requirements for certain categories of data,
  • Statutory limitation periods applicable in civil, commercial, administrative, or criminal matters,
  • Recommendations from data protection supervisory authorities, such as the National Commission for Data Protection (CNPD) in Luxembourg.


In certain cases, data may be retained for up to 10 years, for example, for accounting or tax purposes. They may also be securely archived, with limited access, until the expiration of legal limitation periods—up to 30 years in exceptional cases—when necessary for the establishment, exercise, or defense of legal claims

 

7.1    Contact information 


Luxair has appointed a Data Protection Officer (DPO) responsible for ensuring compliance with Data Protection Legislation and serving as a point of contact for any questions relating to data protection. Luxair’s Data Protection Officer can be contacted by email at the following address:
data.protection@luxairgroup.lu


7.2    Your rights


To the extent that Luxair processes your personal data, you have the following rights at any time, within the limits provided by Data Protection Legislation:

  • To be informed about the personal data processing carried out by Luxair and, where applicable, about the balancing of interests performed for processing based on legitimate interest.
  • To access your personal data, i.e., to know which data concerning you is being processed and to obtain a copy.
  • To request the rectification of your data if it is inaccurate, incomplete, or outdated.
  • To request the erasure or restriction of processing when the legal conditions are met.
  • To object at any time to the processing of your data for legitimate reasons (including for direct marketing purposes).
  • To request data portability, if the conditions are met, i.e., to receive a copy of the personal data you have provided to Luxair in a structured, commonly used, and machine-readable format, or to have these data transmitted to another data controller, unless this right adversely affects the rights and freedoms of others.
  • To withdraw your consent at any time when the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of data processing carried out prior to the withdrawal.


7.3    Information to Provide for Processing Your Request


To ensure the security of your data and verify your identity, we may ask you to provide the following information:

  • Your full name;
  • The email address used for your bookings (current and/or previous);
  • The booking reference and relevant travel dates (if applicable);
  • In cases of reasonable doubt regarding your identity, a copy of an official identification document (passport or ID card)


You can submit your request:


By mail to the following address:
Luxair, Société Luxembourgeoise de Navigation Aérienne S.A. – Data Protection Officer
25 Rue Gabriel Lippmann
L-5365 Munsbach
Luxembourg


By email to the DPO


Via the dedicated contact forms on our websites or mobile applications.


You also have the right to lodge a complaint with the National Commission for Data Protection (CNPD) in Luxembourg or with another competent authority, such as the one in your place of residence.

 


8.    Cookies 

We use cookies and similar technologies, including web beacons, tracking URLs, and pixel tags, to make our website work properly, keep it secure, and help us improve your experience.
For more details about how we handle data and who we work with, please refer to our Cookie Policy available on our website and app. 

 

You can adjust your cookie choices anytime by clicking “Change cookie settings” at the bottom of any page.

 


9.    Updates to Our Privacy Policy

Luxair reserves the right to modify this policy at any time. The most recent version of the policy is available on our websites and mobile applications.
In the event of a material change to this policy, we will notify you before the change takes effect using the contact details we have on file.
21.05.2026