Personal data protection policy

Valid since 5 July 2021

Iberia Privacy Policy for Customers and Passengers

Our Privacy Commitment

Iberia is committed to respecting your privacy and protecting your personal information.

  • We will be transparent about the information we are collecting and what we will do with it.

  • We will use the information you give us for the purposes described in our Privacy Policy, which include providing you with services you have requested and enhancing your experience with IBERIA.

  • We will also use the information to help us understand you better and so that we can give you relevant offers.

  • If you tell us you don’t want to receive marketing messages we will stop sending them. We will, of course, continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.

  • We will put in place measures to protect your information and keep it secure.

  • We will respect your data protection rights and aim to give you control over your own information.

You can access our full Privacy Policy below to help you to understand better how we use your personal information. In it, we explain in more detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with.

Within our full Privacy Policy you can find some specific examples of why and how we use your personal information. If you have further questions please get in touch with us at our Data Protection Office by email at OficinaDPO@iberia.es .

Without prejudice of your rights under the relevant applicable laws, this Privacy Policy and the information above have no contractual nature and are not a part of your contract with us.

Responsible for Processing Personal Data

All the personal data processed by Iberia with regard to this Privacy Policy are the responsibility of Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal, with tax code A85850394 (hereinafter “IBERIA”), which has the status of "data controller" in accordance with the applicable data protection legislation. Our contact address for these purposes is “Oficina de Protección de Datos de Iberia Líneas Aéreas de España S.A. Operadora, Sociedad Unipersonal”, Calle Martínez Villergas 49, 28027 Madrid, Spain or alternatively the above-mentioned e-mail address.

If you have made a booking with us but one or more of the flights are operated by other airlines, each of those airlines will be the individual data controller, in accordance with the applicable data protection legislation.

Any third-party service provider accessible through our website, such as a hotel or vehicle hire company, will also be the individual data controller. You may access the services provided by these third-party companies through our website, which will automatically redirect you to their websites where you will find the data protection policies of these providers.

IBERIA belongs to the IAG Group, whose parent company is a Spanish registered company called International Consolidated Airlines Group, S.A. You will find additional information about the companies that make up the IAG Group below.

If you are a member of the IBERIA PLUS loyalty programme, Avios Group Limited (“AGL”), which also belongs to the IAG Group, will be jointly responsible with IBERIA for processing your personal data relating to the management of this loyalty programme. The address of Avios Group (AGL) Limited is: Astral Towers, Betts Way, Crawley RH10 9XX, United Kingdom. Its website is www.aviosgroup.com and you can contact its Data Protection Office by post, addressing your correspondence to the “Data Protection Officer” at the above-mentioned address, and also by sending an e-mail addressed to data.protection@avios.com.

If you are a member of the ON BUSINESS loyalty programme, British Airways Plc ("BA"), also belonging to the IAG Group, and American Airlines jointly with IBERIA will also be responsible for processing your personal data relating to the processing undertaken for the management of this loyalty programme. The address for British Airways is Waterside (HCB3), PO Box 365, Harmondsworth, UB7 0GB, UK, and for American Airlines is 1 Skyview Drive, MD 8B503 Fort Worth, TX 76155 (US A). On their websites (www.britishairways.com and www.aa.com), you will find information regarding their privacy policies and you will be able to contact their data protection offices: DPO@ba.com and privacy@aa.com.

If you have registered for the "Facial Recognition" functionality through the Iberia application for mobile devices, Aena, S.M.E., S.A., with Tax ID Nº A86212420 and registered offices at Calle Peonías 12, 28042 Madrid will be jointly responsible with IBERIA for the processing related to registration for this functionality for the purposes of transit through airports that have such functionality, passing security filters and identification on boarding the flight. Aena's privacy policy is available at http://www.aena.es/es/politica-privacidad.html, and you can contact the data protection office by e-mail dpd@aena.es.

What do we mean by personal information?

Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

When does this policy apply?

This Privacy Policy applies to personal information about you that we collect, use and otherwise process in connection with your relationship with us as a customer or as a potential customer or as a member of our loyalty schemes IBERIA PLUS or ON BUSINESS, including when you travel with us or use our other services –such as our auction website or our gift cards service- , use our websites or mobile apps, contact our service agents or call centres and book to use our services through third parties -such as travel agents and other airlines.

When we refer to other entities being data controllers within Sections “Data Controller” or “Who do we share your personal information with?”, you should consult their own privacy policies for further information.

If you decide to hire additional services with us, such as making an on board purchase or using our in-flight entertainment devices or taking part in one of our contests organised by Iberia together with third party collaborators, please take into account that further terms and conditions may apply.

How can you protect your personal information?

We make serious efforts to care for and protect your personal information when you share it with us. Below you can find some recommendations on how to keep your personal data safe.

Do not share your booking code or locator

When you make a booking you will be furnished with a reservation code –also known as PNR or Passenger Record. This reference will be included in your booking confirmation email or within the ticket of each passenger within that reservation.

Please always keep your reservation code confidential. If you share it with a third person he/she may access your booking data in our systems.

If you travel with others and you do not want them to have access to your booking data it might be advisable that you carry out your reservation separately.

Do not share your Iberia Plus, Iberia Joven or On Business personal area log-in data

To make sure that access to your personal area in our webpage and mobile application is safe please do not share your Iberia Plus; Iberia Joven or On Business –the specialised companies for companies we sponsor together with British Airways Plc- log-in data with anyone. When you finish using our website, online services or mobile applications please make sure to end your session if someone else may access your computer or device. This is particularly relevant in the case that you are using a public access computer or device.

Be cautious and protect yourself from internet fraud and “Phishing”

There is a broadly spread type of internet fraud practice known as “Phishing” aimed to illegally obtaining your personal information by deception. Unsolicited emails are sent to individuals from a list that has been illegally obtained, and recipients are requested to insert or confirm their passwords or bank details in a false or cloned website.

When do we collect personal data?

We collect personal data about you every time you use our services (whether provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website and when you interact with us via electronic means or our customer service centres.

The following are some examples of when and how we collect information:

  • When you book or search for a flight or other products or services on our website or mobile app.

  • When you book a flight or any other product through other sales channels, such as a travel agency.

  • When you show up at the boarding gate for any of the flights listed in your reservation.

  • When you register with our Iberia Plus, Iberia Joven or On Business loyalty programmes, our auction service, or when you buy one of our gift cards.

  • When you use one of our virtual assistants to check in for flights, request information about the status of your flights or book services related to them.

  • When you contact us through our call centres or other customer service agents.

  • When you fill in a customer satisfaction survey or send us complaints, praise, recommendations or suggestions.

  • When you take part in our competitions or register for one of our promotions, and when you decide to interact with us through your social media profile, Facebook or Twitter, for example.

  • When you travel with us and use the VIP lounges at the airports where we operate.

  • When you use our on-board entertainment systems or our communications services.

  • When you click on any of our e-mails or browse on our website. We may also receive information about how you found us on the internet or about the sites you have visited previously.

In all of the above cases and directly from you, we may collect personal data about third parties who may be adults or minors. In those cases, when you supply data about these people you must have previously obtained their consent and/or necessary legal powers to provide their data for processing on the grounds indicated in this privacy policy. If you do not have their consent, kindly refrain from providing us with that information.

For further information, please refer to the section below "What type of personal data do we collect and keep?"

We may also receive personal data about you from third parties such as:

  • Companies to which we have outsourced the provision of specific services to you.

  • Companies involved in your travel plans, including airlines and other types of transport companies involved in your previous or subsequent journey, airport operators and customs and immigration authorities.

  • Companies involved in our loyalty programmes and other customer programmes (such as car hire companies and hotels).

  • Companies that provide us with data in accordance with privacy policies that include information that may be shared with Iberia.

What types of personal information do we collect and retain?

When you use our services you will need to provide us with your personal details or the details of those individual(s) who will be travelling.

We collect the following categories of personal information:

  • Information you provide in order for Iberia to complete and manage a booking you have made with us or a service you have requested from us.

    Examples: Your name, address, email, contact details, date of birth, gender, passport or other national ID number, your account details and payment information.

    If you buy tickets for someone else we may collect your billing information but may communicate with the passengers directly about their flight.

    We will know whether you have made your booking at iberia.com or in any other sales channel such as a travel agency or our contact centres.

  • Information collected during your travel with us

    Examples: We may collect information such as your interactions with our personnel and cabin crew before and during the flight.

    We may track location data from your devices where you have permitted us to use it.

    We collect information about your use of our services during travel, such as your use of our inflight entertainment system or our VIP lounge facilities.

  • Information about your travel arrangements
     

    Example: Details of your booking, travel itinerary, details of any additional assistance you require and other information related to your travel with us such as meal preferences or dietary requirements.

  • Information about the services we have provided to you in the past
     

    Example: Details of your previous travel arrangements, such as your previous flights and travel-related issues, including upgrades received, your baggage requirements, airport disruption, luggage incidents and your customer feedback.

  • Information about your online logins and other interactions.
     

    Examples We will retain your data to guarantee our correct interaction with you when you have joined our loyalty schemes Iberia Plus or Ob Business or when you have identified yourself as a member of our schemes or any other loyalty scheme we accept.

    We will retain your information when you have taken part in any of our contests or promotional initiatives, or when you have interacted with us through social networks such as Facebook or Twitter.

  • Information about your use of our websites, contact centres and mobile applications
     

    Examples: To help us customise your personal information and to improve our website we use “cookies” and other similar technologies and collect information about your searches and the contents you have visited on our website, such as what website you are surfing from, or the banner advertisements or links appearing in our marketing partners’ websites.

    We will use the information gathered in the cookie to better understand you as our customer. This information may include, if you have fed it into our website, information on a flight booking or a passenger name in the case these data were linked to your personal profile in Iberia Plus.

    From your use data we may learn that you have visited iberia.com and searched for a flight, but you have not made your reservation yet. We might use this information to contact you and offer you further information on this booking or the destination you might be interested in.

When and why do we collect 'sensitive personal data'?

Personal data relating to racial origin, ethnic group, religion, health, sexual orientation and biometric data constitute special categories of personal data and are referred to as sensitive personal data requiring additional protection in line with European Union legislation. Iberia does all it can to restrict the circumstances in which these categories of data are collected and processed. The following are examples of cases in which we may collect and process sensitive personal data.

  • When in compliance with legal obligations or requirements you need to show us or provide us, or we need to review, your necessary travel documentation that includes health data such as, for example, results of medical tests or tests to verify contagion or infection by some type of disease (for example, COVID-19).
  • If you ask Iberia and/or an airport operator for specific medical assistance, such as a wheelchair or oxygen.
  • If you have requested permission to fly with us with a specific medical condition or if you are over 28 weeks pregnant.
  • If you have chosen to provide this information for any other reason and we have received it from a third party, such as the travel agency through which you booked your flight.
  • When you use biometric boarding systems available at some of the airports where we operate flights.

You may also have requested a special service (such as a menu) which does not in itself constitute sensitive data but which may imply or suggest information about your religion, health or other data.

What do we do with your personal data and what is the lawful basis for this?

The main purposes for which we process your personal data are as follows:

In certain cases, this purpose may also be based on the consent that you have previously given us. For example, during the process of consulting or booking tickets through our website, we may request your authorisation to send you specific information by electronic means about your visit to the site and about any interests that you have shown, even if you eventually did not end up making any purchases during that visit.

  • Based on our contractual relationship with you, to process all issues relating to your trip and provide you with the requested services.
     

    For example: We will need to use your name, address, e-mail, contact information, date of birth, gender, passport number or identity document, your data and payment information in order to process your reservations, process services related to your trip, charge for our services, provide information to the proper authorities (such as tax, customs and immigration authorities) and for Iberia to know who has a reservation on a flight.

  • Based on our contractual relationship with you, to manage the boarding process and provide connecting flights at the airport.
     

    For example: If you do not show up at the boarding gate to board your flight, we may have to check whether you have passed through airport security control or if you were on a connecting flight, to find out how to contact you to inform you of the boarding for the flight.

    In some airports where we operate the facial recognition system is used (the use of this technology, unless required by law, is voluntary).

  • Based on our contractual relationship with you, to send you status updates and service or operational communications regarding the contracted service, regardless of the channel (direct sales or through agencies/other airlines, online or over-the-counter sales, etc.) you have used to contract our services.
     

    For example: We may send you a communication informing you that check-in is open or that your flight has been delayed or cancelled, or in general of changes that affect the services contracted with Iberia or with those airlines with which Iberia may have some kind of transportation agreement.

    We may also use the contact information you have provided to notify you of other types of operational communications.

    If, for example, you have presented your boarding pass to access one of our VIP lounges, we can offer you information and notices about your flight, such as changes to the gate number or the flight boarding time.

  • Based on the fulfilment of our legal obligations, to manage immigration procedures and/or entry or exit from the territory of a State, ensure your safety and comply with any other legal requirements applicable to Iberia as an airline. In certain cases we will need to or be obliged to report your contact details to local or international health authorities.
     

    For example: As an airline, Iberia is obliged to keep a record with information on the passengers who are on board its aircraft.

    The laws of certain countries such as the USA or the European Union require airlines to provide certain information about their passengers to customs and immigration authorities.

    Furthermore, national regulations that establish requirements for passengers to enter certain countries oblige airlines in many cases to verify the accreditations for such requirements with a view to admitting or denying boarding for a flight.

    Also, if you have flown on any of our flights and a case of infectious disease has been detected in any of the passengers on board, we may have to communicate your data to the proper health authorities, either because a law requires us to do so, for reasons of public interest in the field of public health or to safeguard your own vital interests, those of other passengers and those of third parties in general.

    Finally, in the fight against fraud and major crimes (illegal trafficking of people, substances or merchandise, terrorism, etc.) airlines are obliged to respond to the requirements for information issued by the proper security forces of the States where they operate.

  • Based on our legitimate business interests, to provide you with services that suit your needs and to offer you more personalised service.
     

    For example: We can personalise your experience when you travel with us. For example, a member of our crew may welcome you back on board an Iberia flight.

  • Based on our legitimate business interest, to undertake analysis and market research.
     

    For example: We will analyse how customers use our sales channels, products and services, to learn how to improve the service we offer.

  • Based on our legitimate business interest, to undertake direct marketing activities and keep you informed about Iberia products and services that in our opinion best suit your needs or preferences.
     

    For example: We may send you information about our products and services by e-mail, "push" messages from our app, and text messages.

    We will be able to adapt the content of our websites, applications, e-mails and other communications, to ensure that they are of the greatest possible interest to you, including previous destinations with offers and/or services relating to these destinations or other similar ones.

    To understand your flight preferences and your needs when travelling with us and offer you information on special offers, like selecting a certain type of seat, checking in additional baggage and access to upgrades.

    In certain cases, this may also be based on the consent that you have previously given us. For example, during the process of consulting or booking tickets through our website, we may request your authorisation to send you specific information by electronic means about your visit to the site and about any interest that you have shown, even if you eventually did not end up making any purchases during that visit.

  • If you are a member of the IBERIA PLUS programme, and based on the consent that you have previously given us, to undertake direct marketing activities by electronic means and keep you informed about Iberia products and services that in our opinion best suit your needs or preferences, as well as to send you personalised electronic commercial communications about products and services provided by other companies in the IAG Group and by partner companies in the Iberia Plus programme.
     
  • Based, as appropriate, either on our legitimate business interest, or on the consent that you have previously given us, we may record the communications and telematic instructions that take place when you are using the customer service or sales office of Iberia, Iberia Express or Iberia Regional/Air Nostrum and as a result, we will process your personal data, including your voice when you contact us through these channels, to record the transactions made for the appropriate legal purposes.
     
  • Based on our legitimate business interest and providing you do not expressly oppose it, we may also use the information you provide or that we obtain to enrich the profiling of our customer database, defining market and client segments, establishing or calculating different degrees of connection between our clients and Iberia and/or its products and services, in order to offer you more personalised service, such as: offering to participate in campaigns or events that better suit your preferences, or developing products, services or shopping interfaces that improve your shopping experience or that give you greater satisfaction.
     
  • Based on the consent that you have previously given us through your clear intention to contract services, to communicate your data to other companies in the IAG Group to which Iberia belongs or to third companies that collaborate with the Group (such as, for example, third companies whose products or services are offered and/or may be contracted through our website, as well as the partners in our Iberia Plus programme), whenever you contract any of these products or services. In these cases, the transfer will exclusively affect a limited number of identifying data that you have provided us and that are necessary for contracting the products and services in question.
     

    The complete list of IBERIA PLUS partners may be accessed via the following URL: https://www.iberia.com/es/iberiaplus/partners/ofertas/

  • Based on our contractual relationship with you, to send you updated information and operational communications.
     

    For example: Even if you have chosen to stop receiving commercial information, we may continue to send you operational communications regarding any services that you have already booked or contracted, such as your travel itinerary. These communications will help you to obtain the details of the contracted services and may include options and complements to the services you are going to use (for example, advance seat selection, additional luggage and advance booking of menus).

  • Based on our legitimate business interest, to improve our website, products and services.
     

    For example: We will be able to monitor how you and other customers use our website, so that we can identify ways to improve your browsing experience. We may also use this information to define and compare common patterns of behaviour and distinguish them from others that may be considered malicious, to detect and prevent cases of fraud, and to apply and improve established security and cybersecurity protocols.

    We will review the communications you make and send us through social networks and other types of online channels, in order to give you a response and to take business actions that will enable us to improve your perception of our brand and our services.

    We may also invite you to participate in surveys to find out your degree of satisfaction with the services and benefits received when travelling with Iberia and using our services.

    If you are a member of the Iberia Plus programme, we may also send you surveys regarding your satisfaction with the programme, with offers and promotions and/or with services and products offered by our partners. In this case, this processing will be based on the consent that you have previously given us.

  • Based on our contractual relationship with you, to be able to manage any transactions, operations, contracting of products and services that may take place by any means, or any type of query, complaint, claim or suggestion that you could make to us.
     
  • Based on compliance with our legal obligations, depending on the case, we may also use your data for other management and administration purposes.
     

    For example: We may use and retain your personal data, including your purchase history, for administrative purposes, which may include, for example, accounting and invoicing, auditing, verification of credit cards or other payment cards, control of fraud (including the use of credit reporting agencies, comparison for these purposes with information from financial institutions and with other companies that operate using electronic means of payment, and validation checks for payment cards) testing, maintenance and development of systems.

  • Based on the exercise of a legal obligation to correctly manage emergency situations, catastrophes and force majeure in general, we may need to communicate your data to different types of people, companies or organisations whose collaboration is essential for Iberia under these circumstances.
     

In which cases do we undertake automated processing of your data?

There are situations in which the processing of your data is totally or partially automated. For example:

  • When you make use of our internet bots and virtual assistants, based on artificial intelligence. The use of these interfaces is voluntary, and you can always choose as an alternative to contact one of our agents at our customer call centre.
  • When you use our online Aircheck application to check in advance whether your "COVID19" travel documentation meets the requirements of the country to which you are travelling. Once again, the use of this application is voluntary, and you can always opt for the documentation to be reviewed by our agents at the boarding gate. If you use Aircheck and do not get initial validation of the documentation submitted, we give you the option of re-checking it online and this second review is made manually by one of our agents.
  • When you buy or book tickets on our website or app, there are a number automated processes, from the inclusion of your booking in our systems and sending electronic communications to confirm this, to the verification of the legality of the transaction with the means of payment that you have used in the purchase.
  • When changes are made to your booking, as a result of a disruption in your flight or a change to the schedule of our flights, and we send you a communication to inform you of these changes and the alternatives that we offer you in compliance with the terms and conditions of our transport contract and/or our legal obligations towards you as a result of this contract.
  • When we send you personalised information with regard to products and services that we believe may be of special interest to you, or when we suggest modifications to your booking that, in our opinion, may better suit your needs or be of special interest to you; Either because you have given us your prior consent to do so, or because we have informed you of our intention and you have not shown any objection to this.
  • In order to resolve certain types of claims that you have submitted through our website (for example, requests for compensation for delay or cancellation of flights), unless you have informed us of your objection to this automated processing.
  • When you make use of the biometric identification and boarding systems existing in some of the airports where we operate, provided that you have consented to the use of your data when registering for this type of service through our applications or those of third parties (such as, for example, airport management agencies or those of any other airline associated with the same programme).

In those cases where any of our automated processing is based on our legitimate business interests, or with your prior consent, you can always object to processing or revoke your consent later where applicable, although this objection or revocation may not be applied retroactively.

When will we send marketing to you?

When we collect information directly from you we will ask you if you are happy to receive our marketing communications or to join our Iberia Plus loyalty program. Please note that these communications may refer to our own products and services and, sometimes, they may refer to products and services from other IAG Group companies or even from third party entities –such as, in the case of Iberia Plus, from our partners in this loyalty program where our avios currency may be obtained or redeemed.

Should our intention not be based on your consent previously granted for such a purpose, but on our legitimate business interest, we will inform you on this in a clear way and you will be granted the right to opt-out from receiving such communications.

How can you change what marketing communications you receive and how you receive them?

If you decide you would no longer like to receive marketing communications you can change your mind at any time. The ways to withdraw your consent are described below:

  • IF YOU ARE AN IBERIA PLUS MEMBER, you can change your marketing preferences at any time by amending your communication preferences on your membership profile online at www.iberia.com, accessing your Iberia Plus private area, section “My Profile / Preferences”; or by using online application form for Data Protection Individuals Rights Requests available at https://www.iberia.com/es/management-of-personal-data/
  • IF YOU ARE AN ON BUSINESS MEMBER you can change your marketing preferences at any time by amending your communications preferences on your membership profile online at https://onbusiness.iberia.com and accessing your On Business private area; or by using online applicable form for Data Protection Individual Right Requests available at https://www.iberia.com/gb/management-of-personal-data/
  • • IF YOU ARE NOT A MEMBER EITHER OFN IBERIA PLUS OR OF ON BUSINESS LOYALTY SCHEMES, then you may oppose to receiving these communications by using online application form for Data Protection Individual Right Requests available at https://www.iberia.com/es/management-of-personal-data/

In addition, each marketing communication we send by email will also have an “unsubscribe” or an “amend my contact preferences” option which will allow you to stop you receiving further marketing emails or customise the way you receive such communications.

We will respect your decision on what communications you want to receive and the means or channels you prefer that we use for such purposes, as long as we are able to provide options for you to personalise our communications to you.

You may also stop any further SMS/MMS messages by replying with the word “STOP”.

We will do our best to manage your unsubscribe or customise requests as soon as feasible within a maximum term of 30 calendar days.

Please note that if you tell us that you do not wish to receive further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update you on its status. If you are an Iberia Plus or an On Business member, we will continue to keep you informed about your membership and other important service information relating to the loyalty program such as, for example, a new partner joining the program.

How long do we keep personal information?

We will keep your information for as long as we need it for the purpose it was collected, unless you request us to delete it and in such a case provided that the Iberia has no longer the need to keep your information for other reasons.

For example, where you book a flight with us we will keep the information related to your booking so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with Iberia and to ensure that you receive any loyalty rewards which are due to you.

We will actively review the information we hold and either delete it securely when there is no longer a legal, business or customer need for it to be retained; or in some cases anonymise it in order to keep using it for administrative or statistic purposes or to develop generic profiles and segmentations that help us learn more about our types of customers in general and their relevant needs and preferences.

Please note that when we have collected the personal information based on your consent and you withdraw such consent, or in the cases where you exercise your right to supress your personal information we may still to keep the information blocked and available to courts, tribunals and other relevant authorities for the minimum term established by law in each particular case and in order for Iberia to meet its responsibilities arising from processing your data.

Who do we share your personal data with?

We may share your personal data with the companies in our business group, “IAG”, which includes International Consolidated Airlines Group S.A. (IAG), British Airways, Iberia Express, Vueling, Aer Lingus, OpenSkies, Flylevel, S.L., British Airways Holidays, Avios Group Ltd., BA CityFlyer, IAG Connect and IAG GBS. For more information about our group, visit the website of our parent IAG at www.iairgroup.com.

We may share information with these companies so that they can help us to provide services to you or inform us about your preferences. For example, if you have flown with any other IAG airlines or you belong to their loyalty programmes, we may use that information to form a clearer picture of the type of travel services that probably interest you.

You will only receive commercial emails from other companies in our group if you have given your consent to them.

We may also disclose your personal data to the following third parties for the purposes specified below:

  • Customs and immigration authorities in any country in your itinerary or over whose airspace you may fly. Iberia and all other airlines are obliged by the laws of the United States and other countries to provide the border and customs authorities with access to information about bookings and travel if the flight originates or lands in those countries, including stopovers, or if you fly over them to reach your destination.

    For example, if your flight involves flying over the USA, we will supply this information to the relevant US authorities.

  • Airlines, maritime or land transport operators and other service providers that are necessary to provide you with the services you request: for example, if part of your travel itinerary includes a flight operated by a different airline and includes specific services related with your flight that you have decided to book. These airlines, transport operators and service providers will be identified when you make your booking and we will inform you of the data we will need disclose to them, either in advance or when we disclose your data. Your interest in booking these services with third parties will be understood as your express consent to disclose your data.

    Iberia follows strict criteria when selecting service providers in order to comply with data protection obligations. It also undertakes to sign a data protection agreement with them imposing a set of obligations, including the following: use appropriate technical and organisational methods; process personal data for the agreed purposes and strictly in accordance with the written instructions from Iberia; and erase or return the data to Iberia once the services have been provided.

    Examples: If travelling to your destination involves changing from an Iberia flight to a flight operated by a different company, whether it belongs to IAG or not.

    If you book a ticket through our website to make a journey with a pre-booked transport service, we will provide your name and email address to the transport company so that they can issue your ticket and make your booking.

    If you book Bag On Board (“BOB”), the service where we collect your baggage from your home, take it to the airport and check it in, which is available for certain Iberia flights, we will have to provide your data to the service provider so that they can manage the contractual relationship you have requested.

  • Our franchise airlines (such as Air Nostrum Líneas Aéreas del Mediterráneo, S.A., or 'Air Nostrum'): for example, to facilitate your connecting flights or manage benefits derived from the collaboration between loyalty programmes. Plus, travel agencies and other third parties through which you book journeys.
  • If you are a member of the ON BUSINESS or IBERIA PLUS programmes, or any other associated loyalty programme (such as those belonging to other airlines in the ONEWORLD ALLIANCE), we will share information with our partners so that we can manage the joint benefits to which you are entitled. To find out more about the members of OneWorld, please go the official website: https://es.oneworld.com/
  • Credit and debit card companies, credit reporting agencies and fraud control service providers, to process payments and (where necessary) carry out fraud controls.
  • With those entities that you have used to obtain information about our flights or service offers (example: metasearch engines, flights, trips and offers), for the exclusive purposes of managing relations between Iberia and said entities (i.e: accrual of conversion commissions on purchases) and always trying to ensure that the personal information to be communicated, where appropriate, is the minimum necessary.
  • In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities, or security forces in charge of fighting against fraud and major crimes, as well as information requests from health authorities in investigations of possible infectious outbreaks or infections on board, to trace possible contacts with infected people and contain the spread of diseases. Please remember that, for reasons of control and public safety, Iberia is authorised to pass your passenger details to the national security governmental authorities of the country of origin, transit or destination at any time prior to arrival. The United States also requires this information for aircraft that fly over its airspace. This information may also be provided to other states which, by virtue of the applicable laws or treaties, require these details for aircraft that fly over their airspace.
  • External providers to which we outsource services such as carrying out marketing initiatives or conducting customer surveys on our behalf.
  • Third parties such as law firms and courts, insurance companies, intermediaries like experts, to demand compliance with or the execution of an agreement with you, or to defend our legitimate interests in legal, administrative, judicial or extrajudicial actions and proceedings.
  • Third parties such as the police and regulatory authorities, to protect our rights and properties or the safety of our customers, employees and assets.
  • If required to comply with a legal obligation in any jurisdiction, even if the obligation is derived from an action or omission by Iberia (for example, our decision to operate in a specific country or a decision related to that).

We will not sell your personal data to third parties and we will only allow third parties to send you commercial communications if you have given your consent.

What countries will your personal information be sent to?

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located and in particular outside the European Economic Area.

The nature of Iberia’s business means it is often necessary for us to send your personal information outside the European Economic Area in order to fulfil your travel arrangements, in order to either fulfil our contractual relationship with you or to fulfil our legal obligations as an airline, in accordance to what we have explained in section “What do we use your personal information for and under what legal basis do we use it?” above.

This occurs in the course of providing your travel arrangements and the services you have requested because our business and the third parties identified in “Who do we share your personal information with?” have operations in countries across the world. For example, where you are flying outside of the European Economic Area, your personal information will be transferred to border control and immigration outside of these territories.

Likewise we may have to transfer your personal information to third parties located outside your country in order to allow such third parties deliver services and products you have requested us for.

  • Example: we will need to provide access to our booking and check-in systems to agents of our handling companies that provide these services to us outside Spain.

Legal statement for flights operated by OpenSkies

In accordance with Article L232-6 of French Internal Security Code, please be informed that air carriers may transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N°2014-1095 dated 26/09/2014.

What are your legal rights in relation to the personal information we hold about you and how can you exercise them?

You may exercise, at your convenience, the rights to access, amend and delete your personal information; to limit processing carried out with your data or to oppose to such processing; to request portability of your personal information as well as to request not to be affected by automated decisions by any of the following means:

  • If you are a MEMBER OF IBERIA PLUS then you may exercise most of the aforementioned rights in your own personal membership area at www.iberia.com, accessing your personal Iberia Plus area, section “My Profile / Preferences”.
  • • If you are a MEMBER OF ON BUSINESS then you may likewise exercise most of the aforementioned rights in your own personal membership area at https://onbusiness.iberia.com, accessing your On Business personal area.
  • To exercise any other right or if you are NOT A MEMBER OF EITHER IBERIA PLUS OR ON BUSINESS then you may exercise your rights through our online webform for personal data rights request available at https://www.iberia.com/es/management-of-personal-data/.

In order to answer your request we will ask you to provide personal information and documentation:

  • Full name of the requestor
  • ID number
  • Contact details (at least, a contact email)
  • Details of your request
  • Any information that may help us locate the data you are requesting for like, for example, your flight locator, or your flight number and/or date/s. .
  • A copy of your ID card or passport so that we may verify who you are
  • If you are requesting information on behalf of someone else then we will ask you to provide a signed authorisation from such individual and a copy of his/her ID card or passport.

What Data Protection Authority should I address in order to defend or exercise my rights?

You may always address the Spanish Data Protection Authority (“Agencia Española de Protección de Datos”) and submit a claim, especially in the cases where you deem that we have not satisfied your individual rights regarding how we process your personal information. To learn more please visit www.agpd.es .

Loading...