Introduction

SAUDIA is committed to respecting your privacy and protecting your personal information

  • We will be transparent about the information we are collecting and what we will do with it.
  • We will use the information you give us for the purposes described in our Privacy Policy, which include providing you with services you have requested and enhancing your experience with SAUDIA.
  • We will also use the information to help us understand you better and so that we can give you relevant offers.
  • If you tell us, you don’t want to receive marketing messages we will stop sending them. We will, of course, continue to send essential information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.
  • We will put in place measures to protect your information and keep it secure.
  • We will respect your data protection rights and aim to give you control over your own information.

You can access our full Privacy Policy below to help you to understand better how we use your personal information. In it, we explain in more detail the types of personal information we collect, how we collect it, what we may use it for and who we may share it with.

Without prejudice to your rights under applicable laws, the above and the Privacy Policy are not contractual and do not form part of your contract with us.

Full Privacy Policy

Controller of Personal Information

Any personal information processed by SAUDIA in connection with this Privacy Policy is controlled by SAUDIA, which is considered the “data controller” of your personal information under European Union and UK data protection law. To contact the Data Protection Officer, please visit our Contact Form page.

If you have made a flight booking with us but one or more flights are to be provided by other airline(s) then that other airline will also separately be considered a “Data Controller” under data protection law. You can access the privacy policies of the other airlines via their own websites.

Any provider of services such as a hotel or car rental company will also separately be a “Data Controller”. You can access the privacy policies of those providers from them directly.

What do we mean by personal information?

Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

When does this policy apply?

This Privacy Policy applies to personal information about you that we collect, use and otherwise process regarding your relationship with us as a customer or potential customer, including when you travel with us or use our other services, use our websites or mobile applications, contact our service agents or call centres and book to use our services through third parties (such as travel agents and other airlines).

Where we reference that others are data controllers in the sections ’Controller of Personal Information’ and ’Who do we share your personal information with?’ you should consult their privacy policies for further information.

Additional Terms and Conditions or policies may apply if you elect to take additional services from us such as making a Highlife purchase on board, using our on-board Wi-Fi or entering a competition linked to SAUDIA and other third parties.

How can you keep your personal information secure?

We take great care to protect the personal information you provide to us. You can read more about how we do this in our Data Protection Policy. Here are some things you can do to keep your information secure.

Keep your booking reference confidential

When you make a booking, you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation or ticket of each person in your booking.

You should always keep your booking reference confidential. Giving your booking reference to others may allow them to access your booking details through our systems.

If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.

Loyalty / web app log-in details confidential

To make sure your access to our websites, other online services, and mobile applications is secure, you should not share your log in details with anyone else. When you finish using the website, online services or mobile app you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.

Be aware of and protect yourself against Internet fraud and ‘phishing’

There is an Internet fraud practice known as ‘phishing’ which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.

When do we collect personal information about you?

We collect personal information about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website or mobile applications, or interact with us via email or use our contact centres.

For additional details see ’What types of personal information do we collect and retain?’ below.

In addition, we may receive personal information about you from third parties, such as:

  • Companies contracted by us to provide services to you.
  • Companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
  • Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
  • Companies who provide details to us under privacy polices providing information to be shared with SAUDIA.

What types of personal information do we collect and retain?

When you use our services, you will need to provide us with your personal details or the details of those individual(s) who will be travelling.

We collect the following categories of personal information:

  • Information you provide for SAUDIA to complete and manage a booking you have made with us or a service you have requested from us.
  • Information collected during your travel with us.
  • Information about your travel arrangements.
  • Information about the services we have provided to you in the past.
  • Information about online registration and other interactions.
  • Information about your use of our websites, contact centres and mobile applications. For more details of the methods please see 'How we use cookies and other methods for the collection of website usage data'.
  • Information about your device and your location if you have been browsing on www.saudia.com or using our mobile application, for example your IP address or unique device ID. (An IP address (i.e. Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device).

When and why do we collect ‘sensitive personal data’?

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and UK data protection law and is referred to here as “sensitive personal data”. Generally, we try to limit the circumstances where we collect and process sensitive personal data. Examples of where we may collect and process ’sensitive personal data’ includes the following:

  • You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
  • You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
  • You have otherwise chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through which you made your booking.
  • Biometric information (for example, facial recognition) may be collected during the security clearance process prior to, and after, flying with us.
  • In addition, you may have requested services (such as a meal) which is not ’sensitive data’ but may imply or suggest your religion, health or other information.

What do we use your personal information for?

The main purposes for which we use your personal information are:

  • To fulfil your travel arrangements and deliver the services you have asked for.
  • To manage the boarding process and to facilitate flight connections at the airport.
  • To send status updates and service communications to you.
  • To keep track of you in advance of your flight and at the airport.
  • To help keep you safe when you fly with us and to meet certain legal and regulatory requirements which apply to SAUDIA as an airline.
  • To provide services tailored to your requirements and to treat you in a more personal way.
  • To carry out analysis and market research.
  • To carry out marketing including online advertising and keep you informed of SAUDIA products and services.
  • To undertake targeted online advertising.
  • To send you status updates and service communications.
  • To improve our websites, products and services.
  • For management and administrative purposes.

When will we send you marketing?

When we have your permission, we will send you marketing communications from SAUDIA. As SAUDIA, we do sometimes send marketing communications that include a business partners’ products and services related to the travel you are undertaking, as well as our own.

We will only allow third parties or other members of our group to send marketing communications to you when we have agreed marketing from third parties.

We will respect your choice as to what communications you wish to receive and how these are sent.

How can you change what marketing communications you receive, how you receive them and unsubscribe?

If you decide you would no longer like to be sent marketing communications, you can change your mind at any time. The ways to stop being sent marketing communications, If you are an Loyalty Member you can change your marketing preferences at any time in your online account.

In addition, each marketing communication we send by email will also have an unsubscribe option which will allow you to stop you receiving further marketing emails. We aim to action requests to stop being sent marketing communications within 10 working days of receiving those requests, but it is possible you will receive some marketing in the period prior to that change being made.

Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update on its status.

What is our legal basis for using your personal information?

SAUDIA will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons SAUDIA collected and needs to use your information. Under EU GDPR data protection laws in almost all cases the legal basis will be:

  • Because we need to use your information so that we can process your booking, fulfill your travel arrangements and otherwise perform the contract we have with you.
  • Because it is in SAUDIA legitimate interests as an airline to use your personal information to operate and improve our business as an airline and travel provider.
  • Because SAUDIA needs to use your personal information to comply with a legal obligation.
  • To protect the vital interests of you or another person.
  • Because you have consented to SAUDIA using your information for a particular purpose.

More information on each legal basis is provided below.

If processing of your data is subject to any other laws, then the basis of processing your data may be different to that set out above and may in those circumstances be based on your consent in all cases.

How long do we keep personal information?

We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you book a flight with us we will keep the information related to your booking, so we can fulfill the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. 

The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you.

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. If you stop interacting with us as a customer, we will remove or anonymise your information after 7 years.

Performance of a contract with you

It will be necessary for SAUDIA to use your personal information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information to provide you with the flight, holiday and/or car hire you have requested and paid for.

Legitimate Interests

As a commercial airline and travel provider SAUDIA has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.

Compliance with legal obligations

There are situations where SAUDIA is subject to a legal obligation and needs to use your personal information to comply with those obligations.

To protect the vital interest of you or another person

There are situations where we may need to use your personal information to protect the vital interests of you or another person.

Consent

Alternatively, we may collect and use your personal information where you have given your specific consent to us doing so.

If the basis of our processing your data is consent to marketing, you can withdraw your consent to such processing at any time, including by amending your account online or alternately contact us via our Contact Form page.

However, if you withdraw your full consent, in some circumstances, it may mean we will not be able to provide all or parts of the services you have requested from us and you will not be able to cancel your booking or obtain a refund of any charges you have paid.

Who do we share your personal information with?

Your personal information may be shared with the companies within our group. You will only be sent marketing emails from other companies within our group where you have provided your consent to those companies. We may also disclose your personal information to the following third parties for the purpose described here:

  • Customs and immigration authorities of any country in your itinerary or to which your flight may fly over. SAUDIA and other airlines are required by laws in the UK, USA and other countries to give border control agencies and customs authorities access to booking and travel information when you fly to and from countries including stop-overs and where you may overfly countries to your destination.
  • Further information about passport, visas and API (Advanced Passenger Information).
  • Airlines and other service providers needed to deliver the services you have asked for where, for instance, part of your travel itinerary involves a flight operated by a different airline or includes car hire or a hotel booking. Those airlines and other service providers will be identified when you make a booking.
  • If you have joined the SAUDIA loyalty programme, so that we can administer the benefits of the loyalty programme to you.
  • Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening.
  • In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities.
  • Third party service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf.
  • Third parties, such as law firms and law courts, to enforce or apply any contract with you.
  • Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
  • We may provide usage information (but not your personal details) to other websites so that they know that you have visited our websites (see ’How we use cookies and other methods for the collection of website usage data' above).
  • We may provide usage information including your personal details to marketing agencies to deliver online advertising on websites or social networks.
  • If necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision).

We do not sell personal information to third parties, and we only allow third parties to send you marketing information where we have your consent to do so.

What countries will your personal information be sent to?

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located.

The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area to fulfil your travel arrangements. This occurs because our business and the third parties identified in ’Who do we share your personal information with?’ have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, your personal information will be transferred to border control and immigration outside of these territories.

In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to us.

This may involve sending your data to countries where under their local laws you may have fewer legal rights.

Where your personal information is transferred, and we are using a service provider in a third country, we will implement safeguards so that your personal information continues to be protected to the standards set out in this privacy policy.

Requesting a copy of your personal information

Under EU GDPR Data Protection Regulation, you may request a copy of any personal data about you held by SAUDIA. There is no fee for this request.

The request must be in writing and must contain the following:

  • Your name and postal address.
  • Details of your request.
  • Any details which may help us locate the information which is the subject of your request, for example:
  • Booking reference or flight numbers and dates.
  • Executive Club number.
  • Telephone recording details (identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)).
  • You must also provide:
  • A photocopy of your passport or driving licence, so that we can verify your identity.
  • Your signature and the date of the request.
  • If you are applying on behalf of another person then signed authority from the individual is required.

Please send your request to the Data Protection Officer via our Contact Form.

What are your legal rights in relation to the personal information we hold about you?

Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to three months, but we will let you know if this is the case.

We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.

Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?

Your rights include the following:

  1. You may request us to stop sending you marketing. To see how to change your permission to market please refer to “How can you change what marketing communications you receive and how you receive them?" which can be located in "When will we send you marketing?". If you do so we will no longer be able to send you marketing communications. However, if you subsequently book a flight with us we will need to send you communications about the services you have booked to use, such as your travel. These communications will help you get the most from the services we provide and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
  2. You may request us to stop using your personal information where we are doing so under legitimate interests (see the section “What is our legal basis for using your personal information” for examples of when that applies) unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.
  3. You may request us to stop processing of your personal information for marketing purposes including analytics for the purposes of targeted marketing, including online advertising.
  4. You may access the personal information we hold on you.
  5. There are some limited exceptions to this right, such as information relating to others who have not consented to the disclosure of their information and information which is legally privileged. Please see “Accessing your personal information” which can be located within "How can you exercise your legal rights and change how we use your data?" for more details.
  6. You may ask us to correct your personal information (the 'right of rectification’) if that information is inaccurate. How to do this see section on “How can you change what marketing communications you receive and how you receive them?”
  7. You may ask for personal information which identifies you to be erased (or forgotten).
  8. To do this we will remove the information that identifies you from the data we hold in our active systems (“anonymise”). However, a separate and restricted copy of the identifying information will be kept for 7 years to meet the obligations we have to law enforcement, national authorities and legal proceedings.

Considerations:

  • We may need to retain certain elements that relate to a contract between you and SAUDIA because we need it for our own legal and auditing purposes (for more information on the basis on which we process your personal information see the section “What is our legal basis for using your personal information”).
  • A record of your request including the personal information you supplied will be retained in the application used to carry this out for 3 years.
  • In some circumstances it may mean we will not be able to provide all or parts of the services you have requested from us in relation to previous travel or retain any preferences you have previously shared with us.
  • We cannot erase your personal information if you are a member of our Loyalty Programme as we require this information to deliver our contract with you. If you wish to proceed you will need to resign from the Loyalty Programme.
  • We cannot erase your personal information if you have either flown with us in the past 18 months or you hold a forward booking with us. For Legal reasons, we need to keep information linked to these flights. You may come back to us once this time period has passed and submit a request.
  • We cannot erase your personal information if we have identified that you either have an open complaint with us or we hold a previous case for you within the past 6 years. We are required to retain this information in case there is a need to re-open the complaint.

How can you exercise your legal rights and change how we use your data?

If you wish to change how we use your personal information, please contact us.

We will ask for some information to identify you, which will only be used to process your request. We will verify your identify via email before processing your request.

Alternatively, you can make a request to us via our Contact Form, ensuring you mark the request for Customer Permissions (Data Protection Office).

Accessing your personal information

If you wish to receive a copy of your information, you can make your request in writing and include the following information with your request:

  • Your name and postal address
  • Details of your request
  • A photocopy of your passport or driving license, so that we can verify your identity
  • Your signature and the date of the request
  • If you are applying on behalf of another person then signed authority from the individual is required
  • Any details which may help us locate the information which is the subject of your request
  • Booking reference or flight numbers and dates
  • Loyalty membership number
  • Telephone recording details (identifier number, the number you call from, the number and option you detailed, the date and time of your call(s)).

If you wish the information to be provided to you in a machine-readable copy, please indicate that at the time of making your request.

Please send your request via our Contact Form.

How will we inform you of changes to this Privacy Policy?

If we change this Privacy Policy, we will let you know about the changes by publishing the updated version on www.saudia.com. We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Privacy Policy.

How to get in touch with us and your right to complain to our supervisory authority?

If you have any questions about this policy, please contact the Data Protection Officer.

The Data Protection Officer for SAUDIA can be contacted via the Contact Form.