(Last updated: 10-07-2024 – v1.2)
The purpose of this Privacy Notice (“Privacy Notice”) is to describe the personal data processing we perform in connection with your use of our Chatbot (“Amelia”). In case you wish to know more about our data processing activities, please consult the Privacy Notice available on our website at www.wizzair.com.
Please note that this Privacy Notice applies only if you are using our Chatbot on our website. If you are using our Chatbot via Meta’s Messenger platform, please see our Privacy Notice for the Messenger Chatbot
Joint Data Controllers and their arrangements
WIZZ Air Hungary Ltd. (seat: Lechner Ödön fasor 6., H-1095, Budapest, Hungary), Wizz Air UK Limited (Percival House 134 Percival Way, London Luton Airport Roundabout, Luton, United Kingdom, LU2 9NU), Wizz Air Abu Dhabi LLC (Business Park 01, Plot P6, Office number 208, Abu Dhabi International Airport, Abu Dhabi, UAE) and Wizz Air Malta Limited (Skyparks Business Centre, Level 2, Malta International Airport, Luqa LQA 4000, Malta) (hereinafter jointly referred to as “Wizz Air”, “we”, “our” or “us”) are joint data controllers when processing your personal data regarding your use of our Chatbot.
Wizz Air entities have signed a joint controller arrangement, which sets out our related roles and responsibilities. Wizz Air Hungary Ltd is responsible for replying to your privacy-related questions, queries, or complaints. However, you may exercise your data protection rights in respect of and against each of the joint data controllers. Wizz Air Hungary Ltd is also responsible for providing you with information in relation to this data processing (as set out in this Privacy Notice) and notifying the relevant supervisory authority in the event of a personal data breach. If you need more details regarding the joint controller arrangement, please contact us at data.protection@wizzair.com.
What is the Purpose of Processing the Data?
We will use your data to respond to your queries and requests submitted through the Chatbot. The use of the Chatbot and the provision of your personal data for this purpose are voluntary. However, if you do not provide your data, you may not be able to use the Chatbot.
What Personal Data We Process about you?
We process the so-called “Customer Care” data, which includes your name, address, date of birth, email address, telephone number, Wizz account number, government ID, flight history, content of your requests submitted through the Chatbot, communication with you, payment and credit card data, and information on the actions and measures taken as a result of your use of the Chatbot. If necessary for the purposes outlined in this Privacy Notice, Wizz Air combines your personal data shared with Wizz Air or generated through the use of the Chatbot with 2DC1-Internal Datapersonal data already processed by Wizz Air (e.g. previous queries or complaints submitted electronically, via post, via email, or via calls).
The legal basis for processing your personal data
Wizz Air processes your personal data (under Article 6 (1) b) of the GDPR) to respond to your questions and inquiries because it is essential for fulfilling our obligations to you in connection with your use of the Chatbot. When users contact Wizz Air with queries or complaints, it is necessary to process their data to provide them with the requested information or resolution.
Retention Period for Personal Data Collected via Chatbot Interactions
We store your personal data collected while interacting with our Chatbot for up to three years from the time of the interaction.
With whom do we share your personal data?
Wizz Air engages the following contractual partners to carry out tasks related to your use of the Chatbot. These contracting parties act as “data processors”, meaning they process the personal data defined in this Privacy Notice on behalf of Wizz Air.
Wizz Air should only use data processors that provide sufficient guarantees, particularly in terms of expert knowledge, reliability, and resources, to implement technical and organizational measures ensuring compliance with GDPR requirements. These safeguards include security measures for processing.
The specific tasks and responsibilities of the data processor are outlined in the data processing agreement between Wizz Air and the data processor. Upon completion of processing on behalf of Wizz Air, the data processor should, at Wizz Air's discretion, either return or delete the personal data, unless retention of the personal data is required under European Union or European Union Member State law to which the processor is subject.
- Service providers as data processors: we utilise IT systems or services provided by third party vendors to support internal processes.
Data processors | Seat | Activity |
Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy, L-1855 Luxembourg | Data storage |
DeepL SE | Maarweg 16550825 Cologne, Germany | Translation Services |
Google Ireland Ltd. | Google Building, Gordon House, Barrow Street, Dublin 4, Ireland | Translation Services |
Metis Solutions, S.L. | C/Roc Boronat 117, 2, 08018 Barcelona, Spain | Conversational Platform (Chatbot) development and operation |
salesforce.com EMEA Limited | Floor 26 Salesforce Tower, 110 Bishopsgate EC2N 4AY London, United Kingdom | CRM and LiveChat function |
The United Kingdom is recognised under EU Commission Implementing Regulation No. 2021/1772 for providing an adequate level of protection of personal data equivalent to that provided by European Union law.
Our general privacy notice (https://wizzair.com/en-gb/legal/privacy-notice) contains information on other data sharing and data transfers that are not specific to the use of the Chatbot. For example, Wizz Air shares your personal data within the Wizz Air Group if necessary, or with government authorities, regulatory authorities, or enforcement bodies upon their request and only as required by applicable law or to protect our rights or the safety of our customers, staff, and assets.
Your Rights
You have the data protection rights and remedies outlined in detail in the relevant provisions of the GDPR (such as Articles 15, 16, 17, 18, 19, 20, 21, 22, 77, 78, 79, 80, and 82). The most important provisions are summarised below.
Wizz Air responds without undue delay and no later than one month from receiving your request. The day of receipt is not included in the deadline. Wizz Air may extend this period by an additional two months due to the complexity of the request or the number of requests received. Wizz Air will inform you of any such extension and the reasons for it within one month of receiving the request.
You are entitled to exercise your rights indicated below:
(i) Right of access: You can request confirmation from Wizz Air whether your personal data is being processed. If so, you have the right to access the personal data and the following information:
- The categories of personal data processed by Wizz Air;
- The legal basis for the data processing;
- The purpose of the data processing;
- The period for which the personal data will be stored.
Additionally,
- To whom and when Wizz Air granted access to your personal data or to whom it transferred your personal data, under what law;
- The source of your personal data processed;
- Whether Wizz Air applies automated decision-making and its logic, including profiling.
- Wizz Air will provide a copy of the personal data undergoing processing free of charge for the first time upon your request. Subsequent requests may incur a reasonable fee based on administrative costs.
We may require additional information from you for identification purposes or for fulfilling additional copy requests, or we may charge a reasonable fee based on administrative costs.
(ii) Right to rectification: You have the right to request that Wizz Air rectify inaccurate personal data concerning you without undue delay. If you can demonstrate the accuracy of the corrected data in a credible manner, Wizz Air will complete the request within a maximum of one month and will inform you of the details.
(iii) Right to erasure (right to be forgotten): You have the right to request that Wizz Air erase your personal data without delay when you make such a request, in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed by Wizz Air;
- you object to the processing and there are no overriding legitimate grounds for the processing; or
- the personal data have been unlawfully processed.
The right to erasure shall not apply to the extent that the processing is necessary, among other things, for the establishment, exercise, or defense of legal claims.
(iv) Right to restriction of processing: You have the right to obtain restriction of processing from Wizz Air, which involves a clear indication of the limited nature of the data processing and separate treatment from other data, in the following cases:
- you dispute the accuracy of the data (in which case Wizz Air will limit the processing of the data while verifying its accuracy);
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- Wizz Air no longer needs the personal data for the purposes of processing, but you require the personal data for the establishment, exercise, or defense of legal claims; or
- you have objected to the processing (in this case, the restriction applies until it is determined whether Wizz Air's legitimate grounds override yours).
(v) Right to data portability: You have the right to (i) receive the personal data concerning you, which you have provided to Wizz Air in connection with the use of the Chatbot, in a structured, commonly used, and machine-readable format; and (ii) to transmit those data to another data controller without hindrance from Wizz Air, where the processing is carried out by automated means.
(vi) Complaint procedures: You have the right to file a complaint with a data protection authority, particularly in the jurisdiction of your habitual residence, place of work, or where you suspect an infringement, if you believe that the processing of your personal data violates the GDPR. The contact details of supervisory authorities within the EU can be found here:
https://edpb.europa.eu/about-edpb/about-edpb/members_en. n the UK, you may lodge a complaint with the Information Commissioner’s Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone: 0303 123 1113; fax: 01625 524510; live chat: https://ico.org.uk/global/contact-us/live-chat/live-chat-individuals/). You also have the opportunity to go to court for the protection of your data at your permanent residence, temporary residence, or at Wizz Air's registered seat.
Data Protection Officer
If you have any further questions about the Privacy Notice or how we process your personal data, please contact us by sending your query to us through our webform by clicking HERE or by writing to our Data Protection Officer via email at data.protection@wizzair.com or via letter at Wizz Air Hungary Ltd., Lechner Ödön fasor 6., H-1095 Budapest
