I. GENERAL PROVISIONS

A. Principle

The protection of our customers’ privacy is very important to Edelweiss. Hereinafter, we set out the principles we follow and for what purpose we collect and process personal data (information that determines your identity or allows us to identify you; referred to hereinafter also as “data”) via this website, and other websites and applications (referred to hereinafter as "website") operated by Edelweiss.

We collect and process your personal data carefully, only for the purposes described in this Privacy Statement and only to the extent necessary as defined therein and within the scope of the applicable legal regulations. We only store your personal data to the extent and as long as it is required for the performance of our services or as we are legally obligated.

Under Section I you will find the general data protection information, under Section II, the provisions with regard to data processing in connection with carriage, and under Section III you will find further instances where data processing is used.

The terms of the General Conditions of Carriage for the operation of flights also apply.

B. Use of the website and cookies

You can visit the website and obtain information about our offers without disclosing personal data. We only request personal data where required for the performance of our own services and for the processing of transactions that you carry out with Edelweiss or our partners.

When you access our website, our system automatically records technical information about the computer accessing it. The data collected is information about the browser type and the version used, the operating system, the internet provider and the IP address of the user, the date and time of access, the websites from which the user’s system obtains access to our website, and the websites accessed by the user’s system via our website.

Edelweiss uses so-called browser cookies to make it easier to use the Edelweiss website, and other websites and applications operated by Edelweiss, and to obtain ideas for improving the information and services accessible via the website. This analysis is carried out anonymously, i.e. without reference to personal data. In our Cookie Policy we inform you about the use of cookies and analytical services on the Edelweiss website.

C. Storage of customer data

For accounting reasons, Edelweiss generally stores the personal data collected from customers for processing bookings for 10 years after the last processing operation. We store other data as long as is necessary for the execution of the contract and to safeguard our rights. We reserve the right to apply longer statutory and operational storage requirements and reasons.

Personal data collected for marketing activities is generally deleted as soon as the purpose of the activity has been met.

D. Data security

We protect your personal data by means of appropriate technical and organisational security measures and store it solely on our secure servers. The website is secured against loss, destruction and manipulation by means of customary measures in accordance with the state of the art and against access, modification or distribution by unauthorised persons. Especially sensitive data (e.g. access data for your profile account) is encrypted during transmission via the internet (SSL).

However, Edelweiss does not assume any guarantee for the security of your data. It is your responsibility to make an up-to-date back-up of the transferred data at all times and store it separately from the website. You are also responsible for creating a secure password for your customer account, keeping it safe and changing it on regular basis.

E. Rights of customers

You have the right to information, correction, deletion and transferability of your data. Furthermore, you have the right to restrict processing.

Paragraph C (Storage of customer data)and other statutory exceptions are reserved.

You have the right to object to the processing of your personal data. An objection only has future effect and does not affect previous processing. If, on account of the objection, Edelweiss is no longer able to perform the services contractually agreed with you, the objection is deemed to be a breach of contract by the customer and Edelweiss has the right to terminate its contract with you without notice. Payment obligations already contractually entered into by the customer remain in force.

For the assertion of these rights, you can contact Edelweiss at the address given in paragraph F (Contact).

If Edelweiss does not comply with the applicable data protection law, you have the right to file a complaint directed at the competent regulatory authority.

F. Contact

If you have any questions about this Privacy Statement or regarding data protection at Edelweiss, please contact:

Edelweiss Air AG
Betrieblicher Datenschutzverantwortlicher (data protection officer)
P.O. Box
CH-8058 Zurich Airport
Switzerland
dataprotection@flyedelweiss.com

G. Representative in the European Union

Swiss International Air Lines Ltd.
Zweigniederlassung Frankfurt
Cargo City Süd 558
60549 Frankfurt am Main
Germany

H. Updates

We review our Privacy Statement regularly and update it as required. We will inform you of any important changes (e.g. on our website).

II. PROCESSING OF PERSONAL DATA IN CONNECTION WITH CARRIAGE

A. Purpose of data processing

Edelweiss processes the personal data of its customers for the purpose of carriage, which includes in particular

• reservation
• booking
• rebooking
• cancellation
• management of check-in
• communicating with the customer with regard to carriage
• operation of the flight
• simplifying of immigration procedures
• processing of irregularities in relation to baggage
• improvement of offers from Edelweiss and its positioning in the market and
• securing payment transactions (also referred to hereinafter as “carriage”).

B. Sharing of data with the authorities in Switzerland and abroad

1. Definition of API and PNR data

API data (“Advanced Passenger Information”) is basic information about passengers that is required by certain government authorities for entering and leaving the country. It includes the name, date of birth, sex, nationality, travel document data and e-mail address of passengers. API data also includes other data, such as flight information (e.g. flight number and arrival and departure times).

PNR data (“Passenger Name Record”) is all the information and data required for carriage (e.g. booking code, name, e-mail address, flight information, payment information and details of travelling companions), plus any additional data in connection with carriage, in particular information sent by you (e.g. frequent flyer information or special requests) or third parties (e.g. travel agencies).

2. Disclosure to authorities

For legal and regulatory reasons, it is necessary that we share certain personal and booking information (including API and PNR data) with the governmental authorities in Switzerland and abroad.

2.1 Security and entry

For security reasons and to verify the entry formalities, the authorities in some countries require data about travel to and from these countries, as well as for overflights above their territory. In this context, Edelweiss is obliged to transfer your API and PNR data to domestic and foreign authorities. Such data is transferred based on intergovernmental agreements or national laws. Data of this kind is generally required by the authorities in the country of departure and arrival.

For example, under US law the border authorities (U.S. Customs and Border Protection) receive your personal information and information related to your trip when you book a flight between Switzerland and the USA. The US authorities have given the same guarantees with regard to the use of data to Switzerland as they have to the European Union; they will only use the information for combating terrorism and other serious, crossborder criminal offences. The data is stored for at least three years and six months and may also be shared with authorities in other countries. You can find additional information on the use of your data by foreign authorities and the measures to protect your data at www.cbp.gov.

2.2 Investigative activities

Edelweiss is obliged to share your personal data with criminal prosecution, administrative or judicial authorities in Switzerland and abroad in case they require its disclosure for the prevention or prosecution of crimes, misdemeanours, or comparable administrative misconduct. Such a transfer is only performed if based on legal or regulatory requirements.

C. Credit assessment and anti-fraud measures

We reserve the right to verify payment transactions in order to prevent fraud and other improper usage in connection with payments. Internal and external sources of information are used for this purpose. If fraudulent activity is suspected and/or detected, we also reserve the right to share the relevant information (including personal data) with other companies of the Lufthansa Group, which may also check the data for their own purposes.

D. Data processing by third parties in Switzerland and abroad

Edelweiss allows personal data to be processed by third parties in Switzerland and/or abroad (also in countries where legislation does not guarantee appropriate data protection) for the purpose of operating the website and to meet the purposes stated in this Privacy Statement.

In the case of the transfer of data to countries without appropriate data protection, Edelweiss ensures that the measures required are implemented (generally by signing recognised data protection agreements, e.g. based on standard contractual clauses of the EU), in order to protect personal data in accordance with the applicable data protection law.

1. External data recipients

External recipients of personal data include

• service providers in the areas of ground handling, transport, marketing, customer feedback, IT, payment services and credit agencies,
• platforms for sending newsletters,
• operators of live help chat,
• companies of the Lufthansa Group,
• airlines outside the Lufthansa Group,
• partner companies as well as
• government offices and authorities.

2. Combating fraud and “unruly passengers”

“Unruly passengers” are passengers who display improper, aggressive or violent behaviour towards other passengers or the crew, or who damage the aircraft.

Edelweiss is entitled to exchange its passengers’ personal data within the Lufthansa Group and with other airlines in order to document, analyse and prevent cases of fraud and instances of "unruly passengers", and to process the data relating thereto.

If you have harmed or injured other passengers, Edelweiss can also disclose your personal data and information in connection with the harm and injury to other third parties (e.g. the authorities, injured persons and insurance companies).

III. APPLICATION CASES

A. Newsletters

Upon request, we will keep you informed about relevant developments and offers from Edelweiss. We use the so-called double opt-in procedure to subscribe to our newsletter: When you subscribe to our newsletter on the website, for example by clicking a confirmation field, we will send you a notification e-mail. You can confirm your subscription by activating the relevant link. If you no longer wish to receive newsletters from Edelweiss, you can unsubscribe free of charge in the newsletter itself at any time.

We process your data associated with the newsletter in order to send you news about and related to Edelweiss and our partners. In addition, we also process and use the e-mail address you have entered in order to send you personalised offers associated with the newsletter.

If a link in the newsletter directs you to our websites, you also give us permission to process and use your IP address, together with geodata, web beacons or similar technologies, in order to verify whether the offers presented to you in the course of this communication meet your requirements.

Edelweiss works together with external service providers for the dispatch of the newsletter.

B. Live chat service

Edelweiss provides you with online advice on flyedelweiss.com in the form of a live chat service. Edelweiss works together with an external service provider for the operation of the live chat service. The service provider sees your details during a chat session on the Edelweiss website (collected via a cookie of this tool) that helps him/her to assist you. In addition, the service provider has access to the Edelweiss passenger database (e.g. database with bookings and reservations) and can check certain data on your behalf if you give your name to the service provider and ask the service provider to check it.

C. Offers from third parties in the scope of carriage

In the scope of the carriage, Edelweiss will show you offers from third parties (e.g. from hotels or car rental companies) on its website; these offers are created on an anonymous basis. If you have given us your consent to this effect, we will also show you such offers as part of the communication before your departure.

D. Insurance

While booking, Edelweiss will offer you travel insurance on its website, provided by a third party. If you obtain the insurance (i.e. if it is "ordered" online), Edelweiss receives data from you, performs the billing directly on behalf of the third party (payment is made to Edelweiss) and sends data to the third party, such as the name of the person applying, the length of the trip and the booking code. The third party then sends you an e-mail with the relevant policy, of which Edelweiss also receives a copy.

E. Booking process

If you start a booking process, we collect booking data and personal data, in particular your surname, first name, date of birth, telephone number, e-mail address and, in encrypted form, your credit card details.

F. Sponsorship and cooperation requests

For the purpose of verifying and processing requests related to a potential sponsorship/partnership relationship, Edelweiss processes the personal data of the applicants.