Data protection regulation

A. Principle

Protecting the privacy of our customers is very important to Edelweiss. In the following, we set out the principles according to which we collect and process personal data (information that determines your identity or makes it determinable for us; hereinafter also referred to as "data") via this website and other websites and applications operated by Edelweiss (hereinafter also referred to as "website") and for what purposes.

We collect and process your personal data carefully, only for the purposes described in this privacy policy and only to the extent necessary for this purpose and within the scope of the applicable legal provisions. We retain your personal data only to the extent that and for as long as it is necessary for the provision of our services, or we are required to do so by law.

Section I contains the general data protection information, section II contains the provisions regarding data processing in connection with a promotion, and section III contains further applications of data processing.

In addition, the Terms of Use for the General Conditions of Carriage for the performance of flights apply.

B. Use of the website and cookies

You can visit the website and obtain information about our offers without disclosing personal data. We only request personal data where required for the performance of our own services and for the processing of transactions that you carry out with Edelweiss or our partners.

When you access our website, our system automatically records technical information about the computer accessing it. The data collected is information about the browser type and the version used, the operating system, the internet provider and the IP address of the user, the date and time of access, the websites from which the user’s system obtains access to our website, and the websites accessed by the user’s system via our website.

Edelweiss uses so-called browser cookies to make it easier to use the Edelweiss website, and other websites and applications operated by Edelweiss, and to obtain ideas for improving the information and services accessible via the website. This analysis is carried out anonymously, i.e. without reference to personal data. In our Cookie Policy we inform you about the use of cookies and analytical services on the Edelweiss website.

The basis for this data processing is Article 31 DSG / Article 6 Paragraph 1 lit. a and f GDPR

C. Storage of customer data

For accounting reasons, Edelweiss generally stores the personal data collected from customers for processing bookings for 10 years after the last processing operation. We store other data as long as is necessary for the execution of the contract and to safeguard our rights. We reserve the right to apply longer statutory and operational storage requirements and reasons.

Personal data collected for marketing activities is generally deleted as soon as the purpose of the activity has been met.

The basis for this processing of data is Art. 31 FADP / Art. 6 Sec. 1 Letter f GDPR

D. Data security

We protect your personal data by means of appropriate technical and organisational security measures and store it solely on our secure servers. The website is secured against loss, destruction and manipulation by means of customary measures in accordance with the state of the art and against access, modification or distribution by unauthorised persons. Especially sensitive data (e.g. access data for your profile account) is encrypted during transmission via the internet (SSL).

However, Edelweiss does not assume any guarantee for the security of your data. It is your responsibility to make an up-to-date back-up of the transferred data at all times and store it separately from the website. You are also responsible for creating a secure password for your customer account, keeping it safe and changing it on regular basis.

E. Rights of customers

You have the right to information, correction, deletion and transferability of your data. Furthermore, you have the right to restrict processing.

Paragraph C (Storage of customer data) and other statutory exceptions are reserved.

You have the right to object to the processing of your personal data. An objection only has future effect and does not affect previous processing. If, on account of the objection, Edelweiss is no longer able to perform the services contractually agreed with you, the objection is deemed to be a breach of contract by the customer and Edelweiss has the right to terminate its contract with you without notice. Payment obligations already contractually entered into by the customer remain in force.

For the assertion of these rights, you can contact Edelweiss at the address given in paragraph F (Contact).

If Edelweiss does not comply with the applicable data protection law, you have the right to file a complaint directed at the competent regulatory authority.

F. Contact

If you have any questions about this Privacy Statement or regarding data protection at Edelweiss, please contact:

Edelweiss Air AG
Betrieblicher Datenschutzverantwortlicher (data protection officer)
P.O. Box
8058 Zurich Airport
Switzerland

 

dataprotection@flyedelweiss.com

G. Representative in the European Union

Swiss International Air Lines AG
Zweigniederlassung Frankfurt
Cargo City Süd 558 c
60549 Frankfurt am Main
Germany

H. Updates

We review our Privacy Statement regularly and update it as required. We will inform you of any important changes (e.g. on our website).

A. Purpose of data processing

Edelweiss processes the personal data of its customers for the purpose of carriage, which includes in particular

  • reservation,
  • booking,
  • rebooking,
  • cancellation,
  • management of check-in,
  • communicating with the customer with regard to carriage,
  • operation of the flight,
  • simplifying of immigration procedures,
  • processing of irregularities in relation to baggage,
  • improvement of offers from Edelweiss and its positioning in the market and
  • securing payment transactions (also referred to hereinafter as “carriage”).

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b GDPR

B. Sharing of data with the authorities in Switzerland and abroad

 

1. Definition API and PNR data

API data (“Advanced Passenger Information”) is basic information about passengers that is required by certain government authorities for entering and leaving the country. It includes the name, date of birth, sex, nationality, travel document data and e-mail address of passengers. API data also includes other data, such as flight information (e.g. flight number and arrival and departure times).

PNR data (“Passenger Name Record”) is all the information and data required for carriage (e.g. booking code, name, e-mail address, flight information, payment information and details of travelling companions), plus any additional data in connection with carriage, in particular information sent by you (e.g. frequent flyer information or special requests) or third parties (e.g. travel agencies).

2. Disclosure to authorities

For legal and regulatory reasons, it is necessary that we share certain personal and booking information (including API and PNR data) with the governmental authorities in Switzerland and abroad.

2.1 Security and entry

For security reasons and to verify the entry formalities, the authorities in some countries require data about travel to and from these countries, as well as for overflights above their territory. In this context, Edelweiss is obliged to transfer your API and PNR data to domestic and foreign authorities. Such data is transferred based on intergovernmental agreements or national laws. Data of this kind is generally required by the authorities in the country of departure and arrival.

For example, under US law the border authorities (U.S. Customs and Border Protection) receive your personal information and information related to your trip when you book a flight between Switzerland and the USA. The US authorities have given the same guarantees with regard to the use of data to Switzerland as they have to the European Union; they will only use the information for combating terrorism and other serious, crossborder criminal offences. The data is stored for at least three years and six months and may also be shared with authorities in other countries. You can find additional information on the use of your data by foreign authorities and the measures to protect your data at the following link:

 

www.cbp.gov

2.2 Investigative activities

Edelweiss is obliged to share your personal data with criminal prosecution, administrative or judicial authorities in Switzerland and abroad in case they require its disclosure for the prevention or prosecution of crimes, misdemeanours, or comparable administrative misconduct. Such a transfer is only performed if based on legal or regulatory requirements.

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

C. Credit assessment and anti-fraud measures

We reserve the right to verify payment transactions in order to prevent fraud and other improper usage in connection with payments. Internal and external sources of information are used for this purpose. If fraudulent activity is suspected and/or detected, we also reserve the right to share the relevant information (including personal data) with other companies of the Lufthansa Group. The target page is possibly not barrier free., which may also check the data for their own purposes.).

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

D. Data processing by third parties in Switzerland and abroad

Edelweiss allows personal data to be processed by third parties in Switzerland and/or abroad (also in countries where legislation does not guarantee appropriate data protection) for the purpose of operating the website and to meet the purposes stated in this Privacy Statement.

In the case of the transfer of data to countries without appropriate data protection, Edelweiss ensures that the measures required are implemented (generally by signing recognised data protection agreements, e.g. based on standard contractual clauses of the EU), in order to protect personal data in accordance with the applicable data protection law.

Namely, Edelweiss transfers data for processing in all places where an Edelweiss flight destination is linked. Furthermore, within the framework of the Data Protection Act, data may also be transferred for processing within Europe, India, USA and Canada.

1. External data recipients

External recipients of personal data include

  • service providers in the areas of ground handling, transport, marketing, customer feedback, IT, payment services and credit agencies,
  • platforms for sending newsletters,
  • operators of live help chat,
  • companies of the Lufthansa Group,
  • airlines outside the Lufthansa Group,
  • partner companies as well as
  • government offices and authorities.

2. Combating fraud and “unruly passengers”

“Unruly passengers” are passengers who display improper, aggressive or violent behaviour towards other passengers or the crew, or who damage the aircraft.

Edelweiss is entitled to exchange its passengers’ personal data within the Lufthansa Group and with other airlines in order to document, analyse and prevent cases of fraud and instances of "unruly passengers", and to process the data relating thereto.

If you have harmed or injured other passengers, Edelweiss can also disclose your personal data and information in connection with the harm and injury to other third parties (e.g. the authorities, injured persons and insurance companies).

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

3. Booking process

If you start a booking process, we collect booking data and personal data, in particular your name, first name, date of birth, telephone number, e-mail address and, in encrypted form, your credit card information. This data is only stored if a payment process is initiated by the customer.

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b and f GDPR

A. Newsletters

Upon request, we will keep you informed about relevant developments and offers from Edelweiss. We use the so-called double opt-in procedure to subscribe to our newsletter: When you subscribe to our newsletter on the website, for example by clicking a confirmation field, we will send you a notification e-mail. You can confirm your subscription by activating the relevant link. If you no longer wish to receive newsletters from Edelweiss, you can unsubscribe free of charge in the newsletter itself at any time.

We process your data associated with the newsletter in order to send you news about and related to Edelweiss and our partners. In addition, we also process and use the e-mail address you have entered in order to send you personalised offers associated with the newsletter.

If a link in the newsletter directs you to our websites, you also give us permission to process and use your IP address, together with geodata, web beacons or similar technologies, in order to verify whether the offers presented to you in the course of this communication meet your requirements.

Edelweiss works together with external service providers for the dispatch of the newsletter.

The basis for this processing of data is Art. 31 Sec. 1 FADP / Art. 6 Sec. 1 Letter a GDPR

B. Customer satisfaction surveys

As part of analysis activities and in order to be able to offer better customer service, Edelweiss may ask you to participate in customer satisfaction surveys after you have completed your Edelweiss flight. If you would like to refrain from receiving such offers or requests at a later date, you can unsubscribe from them at any time free of charge in the corresponding e-mail via the link listed there.

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

C. Live Chat

Edelweiss provides you with online advice on flyedelweiss.com in the form of a live chat service. Edelweiss works together with an external service provider for the operation of the live chat service. The service provider sees your details during a chat session on the Edelweiss website (collected via a cookie of this tool) that helps him/her to assist you. In addition, the service provider has access to the Edelweiss passenger database (e.g. database with bookings and reservations) and can check certain data on your behalf if you give your name to the service provider and ask the service provider to check it.

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

D. Facebook and Instagram

Edelweiss' official Facebook and Instagram pages are used to communicate company and product innovations, as well as attractive short- and long-haul offers.

In addition, Edelweiss offers customer support via Facebook and Instagram.

We process data for the following purposes, based on our legitimate interests:

  • Evaluating analyses and statistics for the Facebook and Instagram page in relation to the interactions of their user
  • Optimization of the Facebook and Instagram page in terms of its usability and attractiveness, as well as the introduction of user-friendly marketing measures
  • Other communication and interaction initiated by Facebook and Instagram users.

The basis for this processing of data is Art. 31 Sec. 2 FADP / Art. 6 Sec. 1 Letter f GDPR

E. Upgrade for offer

On certain routes Edelweiss offers you an upgrade against offer. Here you have the option of your desired bid for an upgrade to a next higher class of carriage. Edelweiss offers you this service in cooperation with an external service provider. In order to carry out this process, flight-related information (name, e-mail address, flight information, class of carriage) as well as the amount of your offer are transmitted to the service provider. This is used to allocate your upgrade to your originally issued flight ticket if your offer is accepted and to automatically adjust this for you. Detailed information on the processing of your data when using the Upgrade vs. Offer service can be found at the following link:

 

www.plusgrade.com

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b GDPR

F. Offers from third parties in the scope of carriage

In the scope of the carriage, Edelweiss will show you offers from third parties (e.g. from hotels or car rental companies) on its website; these offers are created on an anonymous basis. If you have given us your consent to this effect, we will also show you such offers as part of the communication before your departure.

The basis for this processing of data is Art. 31 Sec. 1 FADP / Art. 6 Sec. 1 Letter a GDPR

G. Insurance

While booking, Edelweiss will offer you travel insurance on its website, provided by a third party. If you obtain the insurance (i.e. if it is "ordered" online), Edelweiss receives data from you, performs the billing directly on behalf of the third party (payment is made to Edelweiss) and sends data to the third party, such as the name of the person applying, the length of the trip and the booking code. The third party then sends you an e-mail with the relevant policy, of which Edelweiss also receives a copy.

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b GDPR

H. Booking process

If you start a booking process, we collect booking data and personal data, in particular your surname, first name, date of birth, telephone number, e-mail address and, in encrypted form, your credit card details.

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b GDPR

I. Sponsorship and cooperation requests

For the purpose of verifying and processing requests related to a potential sponsorship/partnership relationship, Edelweiss processes the personal data of the applicants.

The basis for this processing of data is Art. 31 Sec. 2 Letter a FADP / Art. 6 Sec. 1 Letter b GDPR

Automated decision-making including profiling does not take place.