Wizz Air Hungary Privacy notice

This Privacy Notice applies to all personal data you provide to us and also to all personal data which we collect about you, either about how you use our website or mobile application (using "cookies") or about your travel patterns if you make bookings with us. The Privacy Notice helps you to better understand how we use your personal data and explains how we collect and use it for and with whom it is shared.

1. WHO WE ARE?

Wizz Air Hungary Ltd. (“Wizz Air” or “we” or “us”) (registered seat: Laurus Offices, Kőér street 2/A, Building B, II-V., H-1103, Budapest, Hungary; company registration number: 01-10-140174) acts as a data controller. It means Wizz Air decides how your personal data is processed and for what purposes.

2. DATA PROTECTION OFFICER

Wizz Air has appointed a Data Protection Officer (“DPO”) to ensure compliance with the applicable data protection laws and oversee our state of compliance, also, to ensure your data protection related questions are answered. The Hungarian Data Protection Authority is the lead data protection supervisory authority for Wizz Air as a data controller.

You always have the right to make a data protection related complaint at any time to a supervisory authority.

If you would like to exercise your data protection related rights you can submit your request HERE after logging in into your Wizz account under the data protection tab.

3. YOUR PERSONAL DATA – WHAT IS IT?

Personal data relates to a living individual who can clearly be identified from that data, in particular your name, address, phone number, email address, credit or bank card number, information on special care. Identification can be made by the information alone or in conjunction with any other information otherwise in the data controller’s possession or likely to come into such possession.

4. HOW DO WE COLLECT PERSONAL DATA?

We collect your data on our website, mobile app, via email, call centre, via post when you send us a postal letter and in certain cases at the airport when we are required or obliged to prepare memorandums or minutes on certain events related to you travel.

5. WHY DO WE COLLECT PERSONAL DATA? (DATA PROCESSING PURPOSES)

We collect and use your personal data for the following purposes:

a) To create your WIZZ Account, for this purpose we collect the following data: title, name, date of birth, gender, mobile phone number, email address, nationality (citizenship).

b) In order to process your booking and payment card verification, we collect the following data: title, passenger names, addresses, passport or Government issued EU National ID card numbers and expiry date, telephone numbers, e-mail and IP addresses, credit/debit card or other payment or bank details.

c) To deliver the services you have purchased from us, for this purpose we collect the following data: passenger name, nationality, gender, age group, passport or Government issued EU National ID card numbers and expiry date, medical conditions for passengers who have special medical requirements and/or dietary requirements, phone number, email address, credit or bank card or bank account details, information on special care (sensitive personal data), flight details, confirmation number, date of birth, details of travel documents, the services you purchased and WIZZ Account number.

d) To facilitate the purchase of third parties’ services or products on our website. For this purpose, we collect the following data: passenger name, nationality, gender, phone number, email address, credit or bank card details, information on special care, flight details, confirmation number, date of birth, details of travel documents, location data (including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address , along with crowd-sourced Wi-Fi hotspot and cell tower locations, if you use location-based features and turn on the Location Services settings on your device and computer) and WIZZ Account number.

e) To communicate with you (for example in the event of flight disruption) via e-mail, telephone, sms, mms, push notification, in app messages, chat service, social media, calls, postal letter. For this purpose, we collect the following data: name and contact details (phone number, e-mail address, postal address), flight data, Wizz Account number.

f) To send you reminders on unfinished bookings. For this purpose, we collect the following data: selected starting point and destination, one-way or return flight, departure and arrival times, number of passengers, selected fare type, total amount of fare price, whether the user is a newsletter subscriber, booking type (normal, WIZZ Discount Club, group), selected services, language of the site/Wizz Air application.

g) To send you newsletters. For this purpose, we collect the following data: name and contact details (phone number, e-mail address), details of your historical searches at wizzair.com and travel habits, travel preference.

h) To provide offers tailored to your preferences and to display personalized ancillary product recommendations. For this purpose, we collect the following data: name and contact details (phone number, e-mail address), travel preference provided to us, details of your historical searches wizzair.com, historic booking details, travel habits location data (including real-time geographic location of your computer or device through GPS, Bluetooth, and your IP Address , along with crowd-sourced Wi-Fi hotspot and cell tower locations, if you use location-based features and turn on the Location Services settings on your device and computer). For the latter purpose we use historic booking/transactional data, live shopping chart data, location data and the route classification applied by Wizz Air.

i) To communicate with you to carry out customer satisfaction survey for analytical purposes, for quality improvements, for service developments, to improve the performance of the website, to measure the success of our advertising campaigns or to tailor services to your needs. For this purpose we collect the following data: name and contact details (phone number, e-mail address) and historic booking details.

j) To support administrative and legal purposes for example anti-fraud screening, for safety, safety-, operational and other reports and security purposes. For this purpose, we collect the following data: passenger name, address, phone number, IP address, geolocation data, booking and transaction history, credit/debit card details, claim and complaint related data.

k) To comply with the mandatory provisions of the applicable laws such as accounting, billing, audit purposes, consumer protection, immigration or public health related purposes. For this purpose, we collect the following data: personal data related to immigration and customs control, personal data related to invoicing, data related to persons requesting special assistance; personal data related to our obligations in case of flight disruption or flight delay.

We would like to draw your attention to the fact that the personal data you provide us with during the creation of your WIZZ Account will be used for booking your flight as a passenger with us.

This is why you should make sure that you provide us with correct personal data during the registration process that exactly matches your travel document that you use for travelling with us.

If your personal data is inaccurate or incomplete, you may have the right to obtain from us the rectification or completion of your personal data.

5.1. Processing sensitive personal data

In certain cases, we also need to process special categories of personal data (sensitive personal data), e.g. health related data, for example when you request special assistance from us and/or an airport operator (such as the provision of oxygen), or when you provide us with information about your fitness to fly (for instance if you are pregnant, or allergy information) for safety reasons.

To process your sensitive personal data, we will need to obtain your specific consent, otherwise, we may not be able to provide you with the requested service(s). We may use your sensitive personal data, where necessary, in order to establish, exercise or defend legal claims, and to ensure compliance with the mandatory legal requirements. The transfer of your sensitive personal data to third parties, even outside the European Economic Area, may also be required during the provision of the services requested from us based on mandatory legal provisions.

5.2. Profiling

We perform profiling in order to provide you with offers tailored to your needs, preferences and interests. Offers might include, inter alia, discounts on flight tickets, discounts on other services, vouchers provided in exchange of participation in surveys. Offers might mean offers of Wizz Air Hungary Ltd., Wizz Air UK Limited, Wizz Air Abu Dhabi or of our contracted partners (e.g. banks issuing WIZZ branded credit/debit cards, with special benefits) or other third persons. The offers might be provided via email, phone, sms or push notifications based on your consent.

Profiling is any form of automated processing of your personal data, consisting of the use of personal data to evaluate certain personal aspects relating to you, in particular to analyse or predict aspects concerning economic situation, personal preferences, interests, reliability, behaviour or your location/movements.

6. LEGAL BASIS OF DATA PROCESSING

The data processing activities indicated in point a)-c) of Section 5 of this Privacy Notice is necessary for the performance of the contract to be concluded between you and Wizz Air or in order to take steps at your request to enter into a contract, therefore the data processing is based on Article 6 (1) (b) of the General Data Protection Regulation No. 2016/679 of the European Parliament and of the Council ("GDPR").

The legal basis of data processing activities indicated in point d)-h) of Section 5 of this Privacy Notice is your consent according to Article 6 (1) (a) and Article 9 (2) (a) of the GDPR.

The data processing activity indicated in point i)-j) of Section 5 of this Privacy Notice is based on Wizz Air’s legitimate interest related to the data processing (Article 6 (1) (f) of the GDPR). If the legal basis is the legitimate interest of Wizz Air, we will carefully consider your interests and fundamental rights and freedoms, and whether these override such legitimate interests (balancing test).

The data processing activity indicated in point k) of Section 5 of this Privacy Notice is necessary for compliance with legal obligation(s) applicable to Wizz Air, therefore the legal base of the data processing is based on Article 6 (1) (c) of the GDPR.

Consequences of refusal/failure of providing personal data.

Please be aware that we need the personal data listed in this Privacy Notice above under Section 5 in order to perform the General Conditions of Carriage and provide you with our services or personalized offers. If you do not provide us with the requested personal data, we will not be able to provide you with all or parts of the services you have requested from us.

If you withdraw your consent or do not provide the consent for the use of your sensitive data, we may not be able to provide all or parts of the services you have requested from us. Please note that in these circumstances you will not be able to cancel or obtain a refund of any fees you have paid.

7. FOR HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We process your personal data for the time required consistent with the purposes set out in this Privacy Notice or for the period of limitation prescribed in the relevant laws.

We keep your personal data for no longer than reasonably necessary: for a period of 6 years from the fulfilment of the contract concluded with us (i.e. deletion of your WIZZ Account) in order to comply with applicable data retention laws.

We store internet search data collected concerning you for four days.

In the case of accounting documents, the retention period is 8 years from the closing of the financial year, in accordance with Section 169 of Act C of 2000 on Accounting.

If a court or disciplinary procedure is initiated, then the personal data will be retained until the termination of the proceedings, including the duration of any possible remedy, which data thereafter, in the case of civil claims, will be deleted after the civil law statute of limitation runs.

In the case of consent-based data processing, personal data will be processed until the consent is withdrawn.

8. FURTHER PROCESSING OF PERSONAL DATA

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, we will provide you with a new notice explaining all conditions relating to the new processing prior to the new processing takes place. If required, we will seek your consent before commencing the new data processing activity.

9. YOUR PERSONAL DATA PROTECTION RIGHTS

Pursuant to the applicable data protection law you may have the right:

to request access to your personal data,
to request rectification of your personal data,
to request erasure of your personal data,
to request restriction of processing of your personal data,
to request data portability,
to object to the processing of your personal data (including objection to profiling as well as other rights in connection with automated decision-making),
to withdraw your consent, and to lodge a complaint with the supervisory authority.

9.1 Right to access

You may have the right to obtain from us confirmation as to whether or not personal data concerning you is processed, and, where that is the case, to request access to the personal data.

You may have the right to obtain a copy of the personal data undergoing processing in accordance with the applicable data protection laws. We may request additional information from you for identification or for further copies requested by you, we may charge a reasonable fee based on administrative costs.

9.2. Right to rectification

You may have the right to obtain from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Your right to rectification is provided by us free of charge in principle, but in the case of passenger name changes in the existing booking up to 3 hours before the scheduled time of departure, we may charge you with the costs of the name change if certain conditions are met in accordance with our General Conditions of Carriage.

For more information in relation to our rules of name change correction, please click here.

9.3. Right to erasure (right to be forgotten)

Under certain circumstances you may have the right to request from us the erasure of your personal data and we may be obliged to erase such personal data. In such cases we will not be able to further provide you with our services.

9.4. Right to restrict processing

Under certain circumstances you may have the right to request from us the restriction of the processing your personal data. In this case the respective data will be marked and may only be processed by us for certain purposes.

9.5. Right to object and rights relating to automated decision-making

Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data, including profiling, by us and we can be required to no longer process your personal data.

Moreover, if your personal data is processed based on our legitimate interest, you have the right to object at any time to the processing of personal data concerning you for such purpose.

Furthermore, under certain circumstances in case of automated individual decision-making, you have the right to obtain human intervention.

We inform you that Wizz Air does not apply an automated decision-making mechanism under the GDPR.

9.6. Right to data portability

Under certain circumstances you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of that data to another entity without hindrance from us if such transmission is technically feasible.

9.7. Right to withdraw consent

When the processing of your personal data is based on your consent, you can withdraw your consent at any time without giving any reason to us, free of charge, by clicking the link provided in each newsletter, or via changing preferences in your Wizz Air account or mobile device. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If you withdraw your consent to our processing your personal data, we may not be able to provide all or parts of the services which you have requested (e.g. in case of special assistance service if the processing of sensitive data is required by us).

9.8. How to contact us and exercise your data protection related rights?

In respect of data protection related questions, to exercise your rights or file a complaint, please contact us by clicking HERE after logging in into your Wizz account.

If you do not have a Wizz account you can contact us by submitting your request HERE.

9.9. Right to lodge a complaint with the supervisory authority

If you feel that your personal data rights have been breached, you can also contact and lodge a complaint with the local data protection authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

You can also contact the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság, H-1125, Hungary, Budapest, Szilágyi Erzsébet fasor 22/C.; telephone: +36-1 391-1400; telefax: +36-1 391-1410).

10. HOW DO WE PROTECT YOUR PERSONAL DATA?

Wizz Air complies with its obligations under the applicable data protection laws by

keeping personal data up to date;
storing and destroying it securely;
not collecting or retaining excessive amounts of data;
protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We take appropriate technical and organisational measures to ensure the protection of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular but not limited to where the processing involves the transmission of data over a network, and against all other unlawful forms of processing.

Wizz Air, in line with this, among other things, applies different levels of access rights to the data, which ensures that only the appropriate authorised person has access to the data, whose knowledge of the data is necessary to fulfil his or her obligation arising out of or in connection with the performance of his or her job.

We pay special attention to the safe transmission of the personal and financial data. This data is transmitted from your computer to the booking server of Wizz Air through encrypted channels with the support of the state-of-the-art Secure Socket Layer (SSL) technology.

11. SHARING YOUR PERSONAL DATA

Wizz Air, in the course of its operation, may utilise the services of various data processors and external service providers to handle and process your personal data for specific purposes, on behalf of and in accordance with the instructions of Wizz Air. In addition, under the applicable aviation laws Wizz Air is required to share your personal data with governmental bodies, authorities and other enforcement bodies.

The data processors shall process the personal data at most as long as the term of the data processing contract concluded with them is valid and in force, or until they are required to keep your data under the applicable data retention laws.

We may disclose your personal data to the following categories of third parties (recipients) for the purposes described below:

travel agents and other third parties who you book travel or other services through;
third party service providers whose services you purchased on our website (including, but not limited to insurance, transfer services), in our application or via our call centre;
our partners in loyalty schemes that you have joined;
ground handling companies and airports to provide the service you requested;
credit card companies, payment service providers to process the payments you initiated on our website, in our application or via our call centre;
third parties running customer surveys on our behalf;
other third party service providers involved by us for data processing;
third parties, such as law firms, courts, other bodies or service providers in order to enforce or apply any contract with you;
government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.

11.1. Wizz Air Group

Your personal data may be shared within the Wizz Air Group as far as such is necessary to provide the services you have purchased from us or to facilitate the purchase of third parties’ services or products on our website, via our mobile application or through our call centre. For more information about Wizz Air Group, please click here.

11.2. Third party service providers

When you purchase the service of a third party service provider on our website, in our application or via our call centre (e.g. you order transport service or any related activities) we will transfer your personal data to the respective service provider to facilitate the purchase and to perform the service you ordered from us.

The data processing of such third parties may also be governed by their own privacy policies. Please review the privacy policies on the website of such third parties directly for more information about their data processing practices. Furthermore, we also receive information about you from third parties, for instance when you participate in a loyalty programme.

11.3. Data Processors

Wizz Air engages certain third parties to provide assistance during the performance of the services bought from us. Such third parties provide the following services:

ground handling services at airports;
payment processing services;
running loyalty schemes;
provision of IT support services;
provision of certain services at the airports, such as sale of tickets, services related to baggage, priority boarding, flight changes;

11.4. Call centre

We engage third party suppliers for the provision of call centre services for us. You can find more information about these suppliers here. Our call centre processes your personal data in accordance with this Privacy Notice. Calls are recorded for the protection and reproducibility of verbal commitments if you give your consent to that and they may be connected with other reservation data . Complaints submitted electronically, via post or via email, are also archived, and may be connected with other reservation data for possible future complaints handling.

11.5. Government authorities and enforcement bodies:

We may transfer your personal data to government authorities or enforcement bodies such as the police and regulatory authorities, upon their request and only as required by applicable law; or to protect our rights or the safety of our customers, staff and assets.

11.6. Border police and immigration authorities:

In certain countries, Wizz Air is required by law to give border control agencies access to booking and travel information. Therefore, any information we hold about you and your travel arrangements may be disclosed to the customs and immigration authorities of your place of departure or your destination or to the local Passenger Information Unit. In addition, applicable laws in certain countries require Wizz Air to collect passport and associated information for all passengers prior to travel to or from those countries. When required by applicable law, Wizz Air will provide this information to the relevant customs and immigration authorities.

Please be informed that under Directive (EU) 2016/681 of the European Parliament and of the Council of 27 April 2016 on the use of passenger name record (PNR) data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime Wizz Air is obliged to forward your travel information for the Passenger Information Unit of the Member State where you are travelling to.

12. TRANSFERRING YOUR PERSONAL DATA TO THIRD COUNTRIES

The transfer of your personal data outside of the European Economic Area is necessary in order to provide you with a service that you have requested, and your personal data may be accessed by Wizz Air Group members and data processors and service providers from countries that do not provide the same level of data protection as provided in the European Economic Area. Wizz Air takes appropriate measures, which in relation to the recipients of your personal data, is necessary to ensure an adequate level of protection as defined by the applicable data protection law, in particular through the application of the Standard Contractual Clauses issued by the European Commission or by a decision of the European Commission which states that the country in which the recipient of the transferred personal data provides an adequate level of data protection.

If, in relation to data transfers abroad, an adequate level of protection of personal data cannot be ensured, then we shall request your express consent relating to any such data transfers abroad. Please note that such data transfers may be associated with certain risks, particularly that in the country of the data recipient, unauthorised third parties may also have unreasonable access to said data and you may not be able to exercise the rights of the data subject and/or your right to object against acts that may harm your personal data and your right to privacy.

On the website among the origins and destinations, you can find the third countries where your personal data may be transferred, or where it may be accessed from, based on your travel destination and the service providers we use to perform our services.

13. CONTACT DETAILS OF DPO

If you have any further questions about the Privacy Notice or how we handle your personal data please contact us by sending your query to us through our webform by clicking HERE or by writing to our Data Protection Officer at Wizz Air Hungary Ltd., Laurus Offices, Kőér street 2/A, Building B, II-V., H-1103 Budapest (or data.protection [at]wizzair.com).

14. COOKIES

When you use our website, cookies are stored by your browser on your device. We use several types of cookies. Some cookies are always on as they are necessary for the website to work properly. Cookies for analytical purposes improve our website and offer you the best possible user experience. Other cookies are used for more comfortable website settings, or for the display of personalised content and allow you to share information. Please note that depending on the settings you choose, some functions of the website may no longer be available or we may not be able to provide you personalized content. Read more about the cookies used by Wizz Air and how you can block them by clicking here.

Until you log in to your Wizz Air Account, the use of such data for the purposes described in the preceding sentence will be in pseudonymised form. That means we will replace your name and other features which may identify you with another identifier in order to make it impossible to identify you as a person and we will not bundle such usage profiles with other data we store about you. Once you are logged in your Wizz Air account, the use of such data for the purposes described in the preceding sentence will be personalised and connected to you.

You are entitled to object against the use of your data for building usage profiles as described above at any time.

We may also transfer your non-personally identifiable data such as, but not limited to, anonymous demographic information and online behaviour to our contracted partners (e.g. third party service providers or banks issuing WIZZ branded credit/debit cards, with special benefits) for the purpose of market research. “Non-personally identifiable data” in this respect means we modify your personal data so that the information concerning personal or material circumstances cannot be attributed to you or that such attribution would require a disproportionate amount of time, expense and effort. We store data sent by your browser and device to our website during the reservation process. No such data will be disclosed to third parties except in aggregate, non-personally identifiable forms.

15. THE USE OF YOUR PERSONAL DATA FOR MARKETING PURPOSES

We send you newsletters in email, sms, push notifications, in-app messages on actual bargains and special offers if you have requested such communication from us by subscribing to such services, or if you provided us with your consent. We will not contact you electronically for marketing purposes unless you have expressly indicated your consent by ticking relevant tick boxes on the data entry form in which you entered your contact information.

16. CHANGES TO OUR PRIVACY NOTICE

If we change this Privacy Notice, we will publish the updated version of it on our website, wizzair.com.

17. THIRD PARTY WEBSITES

The wizzair.com website provides links to other websites for your convenience and information. Please be aware that these sites may be owned and run by other companies and organisations and have different security and privacy policies. Wizz Air has no control over and takes no responsibility for any information, material, products or services contained on or accessible through those websites.

18. THIRD-PARTY LIABILITY

Wizz Air is not responsible for third parties’ use of your data, where such use is permitted for their own purposes. In such cases that these third parties are also considered data controllers, please consult their privacy policies for further information.

This Privacy Policy is effective from 11 August 2020