(Last updated: 25 August – v1.5)
The purpose of this full Privacy Notice (“Privacy Notice”) is to describe Amelia, Wizz Air’s virtual assistant’s data processing.
Joint controllers and their arrangement
Wizz Air Hungary Ltd. (contact information) and Facebook Ireland Limited (contact information) are the joint controllers of your data regarding your interactions with Amelia, Wizz Air’s virtual assistant.
Amelia is integrated with the Facebook Messenger platform using Mindsay’s platform. We have entered into a joint controller arrangement relative to the processing of your data when you interact with Amelia. For more information on the joint controller agreement between Facebook and Wizz Air please see Facebook Controller Addendum.
What is the Purpose of Processing the Data?
We will use your data for the purposes below:
1) Responding to your queries and requests: the purpose of processing your personal data is to respond to your questions, queries and requests to us.
2) Improving Amelia: Wizz Air may process your data on your consent when you interact with Amelia to further train Amelia’s natural language processing logic.
The provision of your personal data is voluntary. However, if you do not provide your data, you may not be able to use our services.
Facebook will use your data for the purposes outlined in the Facebook Data Policy.
What Personal Data We Process about you?
For the purposes outlined above Wizz Air will process the data categories indicated below:
A. Facebook Messenger Data: our Chatbot is integrated with the Facebook Messenger platform, therefore Wizz Air may process public information you may already have provided to Facebook such as your name, gender, or information that Wizz Air may receive from Facebook such as your Facebook user ID, message ID, your language.
The use of your Facebook Messenger Data is not necessary to use our chatbot.
B. Conversation Data: including details of your interaction with our chatbot, such as your flights status, questions, inquiries, or our communication with you.
The legal basis for processing your personal data
To process your personal data, Wizz Air will rely on the legal bases below:
- Your consent provided to us under Article 6 (1) a) EU Regulation 679/2016 ("GDPR") (“Consent”).
- The processing of your personal data is possible based on legitimate interest under Article 6 (1) f) GDPR (“Legitimate Interest”).
Wizz Air has a legitimate interest in processing data to respond to your questions, inquiries because it is critical to engage with Users if they have queries to maintain their confidence in Wizz Air. If Users have contacted Wizz Air with a question (or complaint), it is reasonable for them to expect that their data will be processed to facilitate a response.
Wizz Air may process your personal data for the purposes and legal bases indicated below:
Purpose of data processing
Categories of personal data processed
|Responding to your queries and requests|
- Identification data
- Conversation content
|Improving our Chatbot||Consent|
Please find more information about Facebook’s data processing at Facebook Privacy Notice.
How long do we keep your personal data?
Wizz Air stores your personal data only as long as necessary for the performance of Wizz Air’s obligations and strictly for the time necessary to achieve the purposes for which the information was obtained. The personal data will be removed from Wizz Air’s records or properly anonymized when it is no longer needed. Wizz Air may store your personal data collected while interacting with Amelia up to one year. If Wizz Air process your personal data based on your consent, Wizz Air will process and store your personal data until your consent is withdrawn.
Facebook may store your personal data collected during your interaction with Amelia in accordance with the Facebook Privacy Notice.
Who may have access to your data?
Members of our staff with appropriate authorization may have access to your personal data on a “need-to-know” and “least privilege” basis. Wizz Air may engage other persons, third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data to them.
- Service providers: Wizz Air uses externally provided IT-systems or services provided by third party vendors as a support to internal processes.
|Destygo (Mindsay)||131, avenue Parmentier, 75011 Paris, France||Chatbot development and operation.|
|Amazon Web Services||38 Avenue John F. Kennedy, L- 1855 Luxemburg||Cloud services and data storage|
|DeepL||DeepL GmbH, Maarweg 16550825 Köln, Germany||Translation Services|
|Google Ireland Ltd.||Google Building, Gordon House, Barrow Street, Dublin 4, Ireland||Translation Services|
|salesforce.com EMEA Limited||Floor 26 Salesforce Tower, 110 Bishopsgate EC2N 4AY London, United Kingdom||CRM and LiveChat function|
- Wizz Air Group: your personal data may be shared within the Wizz Air Group if needed. For more information about Wizz Air Group, please click https://wizzair.com/en-gb/information-and-services/about-us/company-information.
- Government authorities and enforcement bodies: Wizz Air may share your personal data with government authorities or enforcement bodies such as regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.
- Facebook: Facebook may share your personal data with other persons, third parties in accordance with Facebook Privacy Notice.
Personal data may be provided to parties that are located outside the European Economic Area ("EEA"). In such cases, Wizz Air will ensure that the personal data is subject to measures (such as Standard Contractual Clauses for data transfers) that provide an equivalent level of protection as provided by data privacy laws in the EU (such as the EU General Data Protection Regulation; GDPR).
By way of entering into appropriate data transfer agreements based on the relevant modules of the Commission Implementing Decision (EU) 2021/914 on standard contractual clauses for the transfer of personal data to third countries as referred to in Article 46(5) GDPR or other adequate means, Wizz Air has established that all other recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect Personal Data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
You are entitled to exercise your rights indicated below:
(i) Right of access: You have a right to ask whether or not Wizz Air has personal data about you and, if that is the case, request information on what personal data Wizz Air has.
Wizz Air may request additional information from you for identification or for further copies requested by you, Wizz Air may charge a reasonable fee based on administrative costs.
(ii) Right to rectification: Wizz Air are required to rectify inaccurate personal data, or to complete personal data that is incomplete, on request.
(iii) Right to erasure (Right to be forgotten): Wizz Air are in some circumstances required to erase personal data on request by the data subject.
(iv) Right to restriction of processing: Wizz Air is in some circumstances required to restrict our use of personal data on request by the person concerned. In such cases, Wizz Air may only use the data for certain limited purposes set out by the law.
(v) Right to data portability: You may have the right to receive your personal data to which Wizz Air has access, in a structured, commonly used and machine-readable format and such persons may then have a right to transmit those data to another entity without hindrance from us.
(vi) Right to object:
You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, Wizz Air may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection. The exercise of this right does not entail any costs.
If you consider that your privacy and data protection rights have been infringed by Wizz Air, you may contact the competent data protection authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is or the Hungarian National Data Protection and Freedom of Information Agency (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; seat: H-1055 Budapest, Falk Miksa str. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: email@example.com; fax: +36 1 391 1410
You can exercise your rights directly against Facebook regarding your personal data processed by Facebook.
Contact the data protection officers
If you have any further questions about the Privacy Notice or how Wizz Air handle your personal data please contact us by sending your query to us by e-mail or by writing to our Data Protection Officer at Wizz Air Hungary Ltd., Laurus Offices, Kőér street 2/A, Building B, II-V., H-1103 Budapest (or firstname.lastname@example.org).
If you have any further questions concerning how Facebook handles your data, you can send your query to Facebook online, contacting Facebook’s data protection officer or via mail by writing to the following address: Facebook Ireland Ltd. 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland.