Privacy Notice applies to all personal data you provide to us and also to all
personal data which we collect on you, either about how you use our website or
mobile application (using "cookies") or about your travel patterns if
you make bookings with us.
1. WHO WE ARE?
Hungary Ltd. (“Wizz Air” or “we” or “us”) (registered
seat: Laurus Offices, Kőér street
2/A, Building B, H-1103, Budapest, Hungary; company registration number: 01-09-964332) acts
as a data controller. It means Wizz Air decides
how your personal data is processed and for what purposes.
In case you are the customer or
passenger of Wizz Air UK Limited (London Luton airport, Luton, LU2 9LY, United Kingdom)
the present Privacy Notice applies to you accordingly.In these cases Wizz Air Hungary Ltd. acts as
joint data controller or data processor in respect of the processing of your
personal data. When Wizz Air UK Limited and WiZZ Air Hungary Ltd. act as joint
data controllers, they will in a transparent manner determine their respective
responsibilities for compliance with the obligations under mandatory data
protection laws, in particular as regards the exercising of your rights and
their respective duties to provide the information required by such laws, by
means of an arrangement between them. Irrespective of the
terms of such arrangement you may exercise your rights under mandatory data
protection laws in respect of and against each of the controllers.
As a data controller, Wizz Air is registered by
the Hungarian National Authority for Data Protection and Freedom of Information
(“NAIH”) (the registration number related to the
processing of passenger data is 01001, the registration number related to
direct marketing is NAIH-83118/2015, and the registration number related to
database development is NAIH-83120/2015NAIH).
2. HOW TO CONTACT US
details of Wizz Air
In respect of data protection
related questions, to exercise your rights or file a complaint, please contact the
Data Protection Officer by sending an email to the email address set forth
below. You may alternatively contact us by sending a postal mail to the
following address or choosing the relevant data protection related category of
request after logging
in to your Wizz Air account and clicking on this link.
details of Wizz Air’s Data Protection Officer
Wizz Air has a Data Protection
Officer (DPO) to whom you can turn with your questions.
Contact details of the DPO:
Email: email@example.com Postal address: attn.: DPO; Wizz Air Hungary
Ltd., Laurus Offices, Kőér street 2/A, Building B, H-1103 Budapest.
PERSONAL DATA –
WHAT IS IT?
data relates to a living
individual who can clearly be identified from that data, in particular
your name, address, phone number, e-mail address, credit or bank card number,
information on special care. Identification can be made by the
or in conjunction with any other information otherwise in the data
controller’s possession or likely to come into such possession.
4. HOW DO WE COLLECT
We collect your data on our website, mobile app, via email, call center
5. WHY DO WE COLLECT
(DATA PROCESSING PURPOSES)
We collect and
use your personal data for the following purposes:
a) In order to process your booking, for this purpose we collect the following data: passenger names, addresses, passport or Government issued EU
National ID card numbers, telephone numbers, e-mail and IP addresses,
credit/debit card or other payment details.
b) To deliver the
services you have purchased from us, for this purpose we collect the following
data: passenger name, nationality, gender, phone number, e-mail address, credit
or bank card details, information on special care (sensitive personal data),
flight details, confirmation number, date of birth, details of travel
documents, and WIZZ Account number.
c) To facilitate the purchase of third parties’
services or products on our
website. For this purpose we collect the
following data: passenger name,
nationality, gender, phone number, e-mail address, credit or bank card details,
information on special care, flight details, confirmation number, date of
birth, details of travel documents, and WIZZ Account number.
d) To communicate with you (for example in the event of flight
disruption). For this purpose
we collect the following data: name and contact details, flight.
e) To send you reminders on unfinished bookings. For this purpose we collect the
following data: selected starting point and destination, oneway or return
flight, departure and arrival times, number of passengers, selected fare type, total
amount of fare price, whether the user is a newsletter subscriber, booking type
(normal, Wizz Discount Club, group), selected services, language of the
site/Wizz Air application.
f) To send you newsletters. For this purpose we collect the
following data: name and contact details, details of your historical searches.
g) To provide offers tailored to your preferences. For this purpose we collect the
following data: name and contact details, details of your historical searches
and historic booking details.
h) To communicate with you to carry out customer satisfaction survey for analytical purposes, for quality improvements,
for service developments, to improve the performance of the website, to
measure the success of our advertising campaigns or to tailor services to your
needs. For this purpose we collect the
following data: name and contact details and historic booking details.
i) To support administrative and legal purposes for exampleanti-fraud
screening, for safety and security purposes. For this purpose we collect the
following data: passenger name, address, phone number, IP
address, geolocation data, booking and transaction history, credit/debit card details.
comply with the mandatory provisions of
the applicable laws. For this purpose
we collect the following data: personal data related to immigration and customs
control, personal data related to invoicing, data related to persons requesting
special assistance; personal data related to our obligations in
case of flight disruption or flight delay.
6.1. PROCESSING SENSITIVE
cases we also need to process special categories of personal data (sensitive personal data), e.g. health related data, for example when you request
special assistance from us and/or an airport operator (such as the provision of
oxygen), or when you provide us with information about your fitness to fly
(for instance if you are pregnant, or allergy information) for safety reasons.
To process your sensitive
personal data we will need to
obtain your specific
consent, otherwise, we may not be able to provide you with the
requested service(s). We
may use your sensitive personal data where necessary in order to establish,
exercise or defend legal claims, and to ensure complience with the
mandatory legal requirements. The transfer of your sensitive
personal data to third parties, even outside the European Economic Area may
also be required during the provision of the services requested from
us based on mandatory legal provisions.
Based on your
consent we perform profiling in order to provide you with offers tailored to
your needs, preferences and interests. Offers might include inter alia discounts
on flight tickets, discounts on other services, vouchers provided in exchange
of participation in surveys. Offers might mean offers of Wizz Air Hungary Ltd.,
Wizz Air UK Limited or of our contracted partners (e.g. banks issuing WIZZ
branded credit/debit cards, with special benefits; Wizz Tours Ltd.) or other
third persons. The offers might be provided via email, phone or push
is any form of automated processing of your personal data consisting of the use
of personal data to evaluate certain personal aspects relating to you, in
particular to analyse or predict aspects concerning economic situation, health, personal
preferences, interests, reliability, behaviour, location or movements of you.
7. LEGAL BASIS OF DATA PROCESSING
The legal basis of data
processing activities indicated in point a)-e) of Section 5 of this Privacy
Notice lies in Subsection (a) Paragraph (1) of Article 5 of Act CXII of 2011 on
the Right of Informational Self-Determination and on Freedom of Information
(hereinafter the “Freedom of information
Act”), i.e. based on your consent, and commencing from 25 May 2018 also
Article 6 (1) (b) of the General Data Protection Regulation (Regulation No.
2016/679 of the European Parliament and of the Council) ("GDPR"), i.e. such processing
activities are necessary for the performance of contract or in order to take
steps at the request of data subject to entering into a contract.
The legal basis of data
processing activities indicated in point f)-g) of Section 5 of this Privacy
Notice lies in Subsection (a) Paragraph (1) of Article 5 and Subsection (a)
Paragraph (2) of Article 5 of the Freedom of information Act, i.e. based on
your consent, and commencing from 25 May 2018 also Article 6 (1) (a) and
Article 9 (2) (a) of the GDPR, i.e. such processing activities will be based on
legal basis of data processing activity indicated in point h-i) of Section 5 of
this Privacy Notice lies in Subsection (a) Paragraph (5) of Article 6 of the
Freedom of information Act, i.e. based on your consent, and commencing from 25
May 2018 also Article 6 (1) (f) of the GDPR, i.e. such processing activity will
be based on Wizz Air’s the legitimate interest. If the legal basis is the legitimate interest
of Wizz Air, we will carefully consider your interests and fundamental rights
and freedoms, and whether these override such legitimate interests (balancing
The legal basis of data
processing activity indicated in point j) of Section 5 of this Privacy Notice
lies in Subsection (b) Paragraph (1) of Article 5 and Subsection (a) Paragraph
(5) of Article 6 of the Freedom of information Act, i.e. based on your consent,
and commencing from 25 May 2018 also Article 6 (1) (c) of the GDPR, i.e. such
processing activity is necessary for compliance with legal obligation(s).
of refusal/failure of providing personal data
Please be aware that we need the
personal data listed in Section 5 a) in order to perform the General Conditions
of Carriage and provide you with our services. If you do not provide us with
the requested personal data we will not be able to provide you with all or parts
of the services you have requested.
withdraw your consent or do not provide the consent
for the use of your sensitive data mentioned in Section 6.2, we may not be able to provide all or parts of the
services you have requested. Please note that in these circumstances
you will not be able to cancel or obtain a refund of any fees you have paid.
8. HOW LONG DO WE KEEP YOUR PERSONAL
We process your personal data for
the time required consistent with the purposes set out in this Privacy Notice
or for the period of limitation prescribed in the relevant laws.
We keep your personal data for no
longer than reasonably necessary: for a period of 6 years from the
fulfillment of the contract concluded with us (i.e. deletion of your Wizz
account) in order to comply with applicable data retention laws.
We store internet search data
collected concerning you for four days.
In case of accounting documents,
the retention period is 8 years from the closing of the financial year, in
accordance with Section 169 of Act C of 2000 on Accounting.
If a court or disciplinary procedure
is initiated, then the personal data will be retained until the termination of
the proceedings, including the duration of any possible remedy, which data
thereafter, in the case of civil claims, will be deleted after the civil law
statute of limitation runs.
In the case of consent-based
data processing, personal data will be processed until the consent is
9. FURTHER PROCESSING OF PERSONAL
If we wish to use your personal
data for a new purpose, not covered by this Privacy Notice, we will provide you
with a new notice explaining all condition relating to the new processing prior
to the new processing takes place. If required, we will seek your consent
before commencing the new data processing activity.
10. YOUR PERSONAL DATA PROTECTION
Pursuant to the applicable data
protection law you may have the right
request access to your personal data,
request rectification of your personal data,
request erasure of your personal data,
request restriction of processing of your personal data,
request data portability,
object to the processing of your personal data (including objection to
profiling; also other rights in connection with automated decision-making),
withdraw your consent, and
to lodge a complaint with
the supervisory authority.
You may have the right to obtain
from us confirmation as to whether or not personal data concerning you is
processed, and, where that is the case, to request access to the personal data.
You may have the right to obtain
a copy of the personal data undergoing processing. We may request additional
information from you for identification or for further copies requested by you,
we may charge a reasonable fee based on administrative costs Right to rectification
You may have the right to obtain
from us the rectification of inaccurate personal data concerning you. Depending
on the purposes of the processing, you may have the right to have incomplete
personal data completed, including by means of providing a supplementary
to erasure (right to be forgotten)
Under certain circumstances you may have the right to
request from us the erasure of your personal data and we may be obliged to
erase such personal data. In such cases we will not be able to further provide
you with our services.
to restrict processing
Under certain circumstances you
may have the right to request from us the restriction of processing your
personal data. In this case the respective data will be marked and may only be
processed by us for certain purposes.
to object and rights relating to automated decision-making
Under certain circumstances you
may have the right to object, on grounds relating to your particular situation,
at any time
to the processing of your personal data, including profiling, by us and we can
be required to no longer process your personal data.
Moreover, if your personal data
is processed based on our legitimate interest, you have the right to object at
any time to the processing of personal data concerning you for such purpose.
Furthermore, under certain
circumstances in case of automated individual decision-making, you have the
right to obtain human intervention.. We inform you that Wizz Air does not apply
automated decision-making mechanism.
to data portability
Under certain circumstances you
may have the right to receive your personal data, which you have provided to
us, in a structured, commonly used and machine-readable format (i.e. in digital
form) and you may have the right to request the transmission of those data to
another entity without hindrance from us, if such transmission is technically
to withdraw consent
When the processing of your
personal data is based on your consent, you can withdraw your consent at any
time without giving any reason to us, free of charge by clicking the link
provided in each newsletter, or via changing preferences in your Wizz Air
account or mobile device.. The withdrawal of consent does not affect the
lawfulness of processing based on consent before its withdrawal.
If you withdraw your consent to
our processing your personal data, we may not be able to provide all or parts
of the services which you have requested (e.g. in case of special assistance
service, if the processing of sensitive data is required by us).
to lodge a complaint with the supervisory authority
If you feel that your personal
data rights have been breached, you can also contact and lodge a complaint with
the local data protection authority, in particular in the Member State of your
habitual residence, place of work or place of the alleged infringement.
You can also contact the Hungarian
Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi
és Információszabadság Hatóság, H-1125, Hungary, Budapest, Szilágyi Erzsébet
fasor 22/C.; telephone: +36-1 391-1400; telefax: +36-1 391-1410).
11. HOW DO WE PROTECT YOUR PERSONAL
Wizz Air complies with its
obligations under the applicable data protection laws by
personal data up to date;
and destroying it securely;
collecting or retaining excessive amounts of data;
personal data from loss, misuse, unauthorised access and disclosure and by
ensuring that appropriate technical measures are in place to protect personal
appropriate technical and organizational measures to ensure the protection of
your personal data against accidental or unlawful destruction or accidental
loss, alteration, unauthorized disclosure or access, in particular but not
limited to where the processing involves the transmission of data over a
network, and against all other unlawful forms of processing.
Wizz Air, in line with this,
among other things, applies different levels of access rights to the data,
which ensures that only the appropriate authorized person has accesses to the
data, whose knowledge of the data is necessary to fulfil his or her obligation
arising out of or in connection with the performance of his or her job.
We pay special
attention to the safe transmission of the personal and financial data. This
data is transmitted from your computer to the booking server of Wizz Air
through encrypted channels with the support of the state-of-the-art Secure
Socket Layer (SSL) technology.
12. SHARING YOUR PERSONAL DATA
Wizz Air, in the course of its
operation, may utilize the services of various data processors and external
service providers to handle and process your personal data for specific
purposes, on behalf of and in accordance with the instructions of Wizz Air. In
addition, under the applicable aviation laws Wizz Air is required to share your
personal data with governmental bodies, authorities and other enforcement
The data processors shall process
the personal data at the most as long as the term of the data processing
contract concluded with them is valid and in force, or until they are required
to keep your data under the applicable data retention laws.
We may disclose your personal data to the following categories of third
parties (recipients) for the purposes described below:
agents and other third parties who you book travel or other services through;
party service providers whose services you purchased (including, but not
limited to insurance, transfer services) on our website, in our application or
via our call center;
partners in loyalty schemes that you have joined;
handling companies and airports to provide the service you requested;
- credit card companies, payment service providers to
process the payments you initiated on our website, in our application or via
our call center;
- third parties running customer surveys on our behalf;
third party service providers involved by us for data processing;
parties, such as law firms, courts, other bodies or service providers in order
to enforce or apply any contract with you;
- government authorities or enforcement bodies such as
the police and regulatory authorities, upon their request and only as required
by the applicable law or to protect our rights or the safety of our customers,
staff and assets.
12.1. Wizz Air Group
data may be shared within the Wizz Air Group as far as such is necessary to
provide the services you have purchased from us or to facilitate the purchase
of third parties’ services or products on our website, via our mobile
application or through our call center. For more
information about Wizz Air Group, please
12.2. Third party service providers
purchase the service of a third party service provider on our website, in our
application or via our call center (e.g. you order transport service or any
related activities) we will transfer your personal data to the respective service provider to facilitate the purchase.
processing of such third parties may also be governed by their own privacy
policies. Please review the privacy policies on the website of such third
parties directly for more information about their data processing
practices.Furthermore, we also receive
information about you from third parties, for instance when you participate in
a loyalty program.
Wizz Air engages certain third parties to provide assistance during the
performance of the services bought from us. Such third parties provide the
- ground handling services at
- running loyalty
- provision of IT support services;
- provision of certain services at the
airports, such as sale of tickets, services related to baggage, priority
boarding, flight changes;
12.4. Call center
third party suppliers for the provision of call center services for us. You can
find more information about these suppliers here. Our call center processes your personal data in
accordance with this Privacy Notice
and applicable law. All calls are
recorded and may be connected with other reservation data to identify you and to ensure the quality of our services and for
possible future complaints handling. Complaints submitted electronically, via
post or via email are also archived, and may be connected with other
reservation data for possible future complaints handling.
authorities and enforcement bodies:
transfer your personal data to government authorities or enforcement bodies
such as the police and regulatory authorities, upon their request and only as
required by applicable law; or to protect our rights or the safety of our
customers, staff and assets.
12.6. Border police and immigration authorities:
In certain countries,
Wizz Air is required by law to give border control agencies access to booking
and travel information. Therefore, any information we hold about you and your
travel arrangements may be disclosed to the customs and immigration authorities
of your place of departure or your destination. In addition, applicable laws in
certain countries require Wizz Air to collect passport and associated
information for all passengers prior to travel to or from those countries. When
required by applicable law, Wizz Air will provide this information to the
relevant customs and immigration authorities.
13. TRANSFERRING YOUR PERSONAL DATA
TO THIRD COUNTRIES
The transfer of your personal data outside of the European
Economic Area may be necessary in
order to provide you with a service that you have requested, and your personal
data may be accessed by Wizz Air Group members and data processors and service
providers from countries that do not provide the same level of data protection
as provided in the European Economic Area. Therefore, Wizz Air will, if
necessary, take all measures which in relation to the recipients of your
personal data, is necessary to ensure an adequate level of protection as
defined by the applicable data protection law, in particular through the
application of the Standard Contractual Clauses issued by the European
Commission or by a decision of the European Commission which states that the
country in which the recipient of the transferred data is provides an adequate
level of data protection.
If, in relation to data transfers
abroad, an adequate level of protection of personal data cannot be ensured,
then we shall request your express consent relating to any such data transfers
abroad. Please note that such data transfers may be associated with certain
risks particularly that in the country of the data recipient unauthorized third
parties may also have unreasonable access to said data and you may not be able
to exercise the rights of the data subject and or your right to object against
acts that may harm your personal data and your right to privacy.
You can find on the website among
the origins and destinations the third countries where your personal data may
be transferred, or the same may be accessed from, based on your travel
When you use
our website, cookies are stored by your browser on your device. Read more about
the cookies used by Wizz Air and how you can block them by clicking here. Please note that if you disable cookies our
website may not function properly on your browser. Our aim is to ensure that
our website offers visitors what they are looking for and provides them with
the most relevant marketing communication. In order to achieve this goal, we
may store and use your data, building usage profiles for market research, for quality
improvements of our website and our services, for service developments, to
improve the performance of the website, to measure the success of our
advertising campaigns or to tailor services to your needs.
Until you log
in to your Wizz Air Account, the use of such data for the purposes described in
the preceding sentence will be in pseudonymized form. That means we will replace
your name and other features which may identify you with another identifier in
order to make it impossible to identify you as a person and we will not bundle
such usage profiles with other data we store about you. Once you are logged in
your Wizz Air account, the use of such data for the purposes described in the
preceding sentence will be personalized and connected to you.
entitled to object against the use of your data for building usage profiles as
described above at any time.
We may also transfer
your non-personally identifiable data such as, but not limited to, anonymous
demographic information and online behaviour to our contracted partners (e.g.
third party service providers or banks issuing WIZZ branded credit/debit cards,
with special benefits) for the purpose of market research. “Non-personally
identifiable data” in this respect means we modify your personal data so that
the information concerning personal or material circumstances cannot be
attributed to you or that such attribution would require a disproportionate
amount of time, expense and effort. We store data sent by your browser and
device to our website during the reservation process. No such data will be
disclosed to third parties except in aggregate, non-personally identifiable
15. THE USE OF YOUR PERSONAL DATA FOR
We send you newsletters on actual bargains and special offers if you have requested such
communication from us by subscribing to such services, or if you provided us with your details. We will not contact you
electronically for marketing purposes unless you have expressly indicated your
consent by ticking relevant tick boxes on the data entry form in which you
entered your contact information.
16. CHANGES TO OUR
If we change
this Privacy Notice, we will publish the updated version of it on our
17. THIRD PARTY
The wizzair.com website provides links to other
websites for your convenience and information. Please be aware that these sites
may be owned and run by other companies and organizations and have different
security and privacy policies. Wizz Air has no control over and takes no
responsibility for any information, material, products or services contained on
or accessible through those websites.
18. THIRD PARTIES LIABILITY
Wizz Air is not responsible for third parties’ use of your data, where
such use is permitted for their own purposes. In such cases these third parties
also be considered data controllers, please consult their privacy policies for
Policy is effective from 3 July 2018.