Any personal information processed by LEVEL in connection with this Privacy Policy is controlled by FLYLEVEL, S.L., which is considered the “data controller” of your personal information under European Union data protection law. Our address is Data Protection Officer, FLYLEVEL, S.L., Camino de la Muñoza s/n, 28042, Madrid, Spain.

If you have made a flight booking with us but one or more flights are to be provided by other airline(s) then that other airline will also separately be considered a “data controller” under European Union data protection law.

Any provider of services such as a hotel or car rental company will also separately be a “data controller”. You can access the privacy policies of those providers from them directly.

If you are a member of Avios Group (AGL) Limited will also separately be a “data controller” of your personal information. Avios Group (AGL) Limited’s address is Astral Towers, Betts Way, Crawley RH10 9XX. Avios Data Protection Officer can be contacted by email addressed to data.protection@avios.com.

Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.

This Privacy Policy applies to personal information about you that we collect, use and otherwise process regarding your relationship with us as a customer or potential customer, including when you travel with us or use our other services, use our website or mobile applications, contact our service agents or call centres and book to use our services through third parties (such as travel agents and other airlines).

Where we reference that others are data controllers in the section “Controller of Personal Information “or “Who do we share your personal information with?” you should consult their privacy policies for further information.

Additional terms and conditions or policies may apply if you elect to take additional services from us such as using our on-board Wi-Fi or entering a competition linked to LEVEL and other third parties.

We take great care to protect the personal information you provide to us. Here are some things you can do to keep your information secure.

Keep your booking reference confidential

When you make a booking, you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation of each person in your booking. You should keep your booking reference confidential always.

Giving your booking reference to others may allow them to access your booking details through our system.

If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.

Keep your Registered Customer log-in details confidential

To make sure your access to our websites, other online services, and mobile applications is secure, you should not share your log in details with anyone else. When you finish using the website, online services or mobile application you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.

Be aware of and protect yourself against Internet fraud and “Phishing”

There is an Internet fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.

We collect personal information about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website or mobile applications, or interact with us via email or use our contact centres.

For additional details see “What types of Personal Information do we collect and retain?” below.

In addition, we may receive personal information about you from third parties, such as:

We can also collect your personal data from third parties, such as:

• Companies contracted by us to provide services to you.
• Companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities.
• Companies that participate in our loyalty schemes and other customer programmes (e.g. car hire providers and hotels).
• Companies who provide details to us under privacy polices providing information to be shared with LEVEL.

When you use our services, you will need to provide us with your personal details or the details of those individual(s) who will be travelling.

We collect the following categories of personal information:

Information you provide for LEVEL to complete and manage a booking you have made with us or a service you have requested from us.

Your name, address, email, contact details, date of birth, gender, passport number, your account details and payment information.
If you buy tickets for someone else, we may collect your billing information but may communicate with the passenger directly about their flight.
We will know if you booked your flight on flylevel.com or used another sales channel such as a travel agent or our contact centre.

Information collected during your travel with us

We may collect information such as your interactions with staff and cabin crew before and during the flight.

Information about your travel arrangements

Details of your booking, travel itinerary, details of any additional assistance you require, and other information related to your travel with us such as dietary requirements.

Information about the services we have provided to you in the past

Details of your previous travel arrangements, such as your previous flights and travel-related issues, including upgrades received, your baggage requirements, airport disruption, lost luggage and your customer feedback

Information about online registration and other interactions

We will retain your information to ensure we interact with you appropriately if you have registered with us.
We will retain your information if you have entered a competition, registered for a promotion or interacted with us via social media such as Facebook or Twitter.

Information about your use of our website, contact centre and mobile applications.

To help us to personalise your information and improve our website we collect information about your searches and the content you have viewed on our website using cookies and similar technologies, such as the website you come from, internet banner advertisements and links which appear on our marketing partner’ websites.
We will use previous web usage data stored within the cookie to personalise and understand you as a customer. This could include if you have entered any booking or passenger name information on our website or if you used your Registered Customer Number.
We would be able understand from your data usage that you have visited flylevel.com and searched for a flight, but did not complete your booking. We may use this information to contact you to offer more information about the booking and the location.

Information about your location if you have been browsing on flylevel.com or using our mobile application we will collect information about your device.

This is your IP address. An IP address (i.e. Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device).

Identifying the county from which you are accessing the relevant website or application which will enable us to provide more relevant content and use an appropriate language.
If we have your permission we may use the functionality on your device (such as Bluetooth, Wi-Fi and GPS) to determine your location to assist with flight connections, boarding our aircraft as well as provide a personalised service (You can access or change this option by amending the location settings on your device).

Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union law and is referred to here as “sensitive personal data”. Generally, we try to limit the circumstances where we collect and process sensitive personal data. Examples of where we may collect and process “sensitive personal data” includes the following:

• You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
• You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
• You have otherwise chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through which you made your booking.
• Biometric information (for example, facial recognition) may be collected during the security clearance process prior to, and after, flying with us.

In addition, you may have requested services (such as a meal) which is not “sensitive data” but may imply or suggest your religion, health or other information.

The main purposes for which we use your personal information are:

To fulfil your travel arrangements and deliver the services you have asked for

We will need to use your name, address, email, contact details, date of birth, gender, passport number, your account details and payment information so that we can process bookings, fulfil your travel arrangements, take payment, provide information to relevant authorities (such as tax, customs and immigration authorities) and so that Level agents know who is booked on a flight.

To manage the boarding process and to facilitate flight connections at the airport.

If you have not arrived at the gate to board your flight, we may need to check whether you have passed through airport security or whether you were on a connecting flight in order to understand how to contact you about boarding the flight.
At some airports where we operate facial recognition. (Use of this technology unless legally required is voluntary)

To send status updates and service communications to you

We may send a communication informing you that check in is open or if your flight has been delayed.

To keep track of you in advance of your flight and at the airport.

When you are travelling with us and using an airport where we operate, we may have the ability to monitor where you are within the airport to assist you with flight connections and boarding of our aircraft as well as providing a personalised service.
If you have presented your boarding pass to gain access to one of our lounge.

To help keep you safe when you fly with us and to meet certain legal and regulatory requirements which apply to LEVEL as an airline.

As an airline there are regulatory obligations on LEVEL to maintain a record of passenger information on our aircraft.
The laws of certain countries, such as the UK and USA, require airlines to provide certain passenger information to the border and immigration authorities.

To provide services tailored to your requirements and to treat you in a more personal way.

We may update and share non-personal information with our media agency, in order to serve tailored and relevant advertising from our partners and third parties on our websites, applications and electronic boarding passes.

To carry out analysis and market research.

We will analyse the way in which our sales channels, products and services are being used by customers so that we can understand how to improve the service we offer and encourage customers to use the full range of our products and services.

To carry out marketing and keep you informed of LEVEL’ products and services.

We may send you information about our products and services by email or text message.
Tailor the content of our websites, applications, emails and other communications to ensure they are relevant to you as possible – including previous destinations including offers and/or services relating to that or a similar destination.
Understand your flying preferences and provide information about offers, such as upgrades.
If you’ve searched for flights but not booked, we may remind you about our services via Facebook or Twitter based on the flights you searched for previously.
We may combine / match anonymised customer relationship marketing data with a third party (e.g. Google, Facebook) so both companies can understand behavioural activities such as knowing other sites visited.

To send you status updates and service communications.

Even if you have opted-out of receiving marketing information from us, we may still send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from the services we provide and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it successfully.

To improve our website, products and services.

We may monitor the way that you and other customers use our website so that we can identify ways to improve the website experience.

For management and administrative purposes.

We may use and retain your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.

When we collect information directly from you we may ask you if you do not want to receive our marketing communications. Please be aware that we do sometimes send marketing communications that promote a third party’s products and services (for example, those of our business partners) as well as our own.

We may ask if you consent to receiving marketing communications from other members of our group or from third parties.

We will respect your choice as to what communications you wish to receive and the methods by which you are sent them.

If you decide you would no longer like to be sent marketing communications, you can change your mind at any time. Each marketing communication we send by email will also have an “unsubscribe” option which will allow you to stop you receiving further marketing emails.

Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update you on its status.

LEVEL will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons LEVEL collected and needs to use your information. Under EU data protection laws in almost all cases the legal basis will be:

• Because we need to use your information so that we can process your booking, fulfil your travel arrangements and otherwise perform the contract we have with you.
• Because it is in LEVEL’ legitimate interests as an airline to use your personal information to operate and improve our business as an airline and travel provider.
• Because LEVEL needs to use your personal information to comply with a legal obligation.
• To protect the vital interests of you or another person.
• Because you have consented to LEVEL using your information for a particular purpose.

More information on each legal basis is provided below.

If processing of your data is subject to any other laws then the basis of processing your data may be different to that set out above and may in those circumstances be based on your consent in all cases.

It will be necessary for LEVEL to use your personal information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information to provide you with the flight you have requested and paid for.

As a commercial airline and travel provider LEVEL has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.

We will carry out analysis and use data to personalise your experience.
When needed for the conduct of legal claims.

There are situations where LEVEL is subject to a legal obligation and needs to use your personal information to comply with those obligations.

If your flight is delayed or your baggage is delayed or misplaced.
We are legally required to provide passenger information to border control and immigration in some countries such as the USA.

There are situations where we may need to use your personal information to protect the vital interests of you or another person.

If we collect and process medical information in the event of a medical emergency and you are incapable of giving your consent.

Alternatively, we may collect and use your personal information where you have given your specific consent to us doing so.

We ask you to inform us if you flight is for business or leisure usage which we may analyse and use to personalise our interactions with you.

If the basis of our processing your data is consent, you can withdraw your consent to such processing at any time, including by writing to us at dpo@flylevel.com.

However, if you withdraw this consent, in some circumstances, it may mean we will not be able to provide all or parts of the services you have requested from us and you will not be able to cancel your booking or obtain a refund of any charges you have paid.

We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you book a flight with us we will keep the information related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your LEVEL experience and to ensure that you receive any loyalty rewards which are due to you.

We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.

Your personal information may be shared with the companies within our group, which includes International Consolidated Airlines Group S.A (IAG), British Airways, Iberia, Iberia Express, Vueling, Aer Lingus, OpenSkies, British Airways Holidays, Avios, BA CityFlyer, IAG Connect and IAG GBS. For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the other airlines in the IAG Group we may use this information to understand more about the sorts of travel services you are likely to be interested in.

You will only be sent marketing emails from other companies within our group where you have provided your consent to those companies.

We may also disclose your personal information to the following third parties for the purpose described here:

Customs and immigration authorities of any country in your itinerary or to which your flight may fly over. LEVEL and other airlines are required by laws in the UK, USA and other countries to give border control agencies and customs authorities access to booking and travel information when you fly to and from countries including stop-overs and where you may overfly countries to your destination.

If you’re flight involves flying over the USA, then the information will be supplied to the relevant authority in the USA.

Airlines and other service providers needed to deliver the services you have asked for where. For instance, if part of your travel itinerary involves a flight operated by a different airline or includes car hire or a hotel booking. Those airlines and other service providers will be identified when you make a booking.

If your destination involves transferring from LEVEL onto another airline both within and outside the IAG group.

Our partner airlines and franchisees. For example, to facilitate your flight transfers or to administer benefits because of cooperation between loyalty programmes. Travel agents and other third parties who you book travel through:

• Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening.
• In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities.
• Third party service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf.
• Third parties, such as law firms and law courts, to enforce or apply any contract with you.
• Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
• To third parties’ websites we may provide usage information (but not your personal details) to other websites so that they know that you have visited our websites (see more at our Cookies Policy.

If necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises because of a voluntary act or decision by us (e.g. our decision to operate to a country or a related decision).

We do not sell personal information to third parties, and we only allow third parties to send you marketing information where we have your consent to do so.

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located and outside the European Economic Area and the UK.

The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK to fulfil your travel arrangements. This occurs because our business and the third parties identified in “Who do we share your personal information with?” have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, your personal information will be transferred to border control and immigration outside of these territories.

In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to us.

This may involve sending your data to countries where under their local laws you may have fewer legal rights.

In accordance with Article L232-6 of French Internal Security Code, please be informed that air carriers may transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N°2014-1095 dated 26/09/2014.

Pursuant to European data protection regulations and local data protection regulations, you have the following rights:

Access

You may request a copy of all your personal data saved by LEVEL. No charge is applied for this request.

Rectification

You may change your personal data when they are inaccurate.

Erasure

You may ask for your personal data to be erased.

Objection

You may request that your personal data not be processed.

Restriction of processing

You may request restriction of processing in the following cases:

• While verifications are being made concerning the contested accuracy of your data.
• When processing is unlawful, yet you oppose the erasure of your data.
• When LEVEL no longer needs to process your data but you need them to establish, exercise or defend yourself from legal claims.
• While verifications are being made as to whether there are compelling legitimate grounds for the processing which override your interests, rights and freedoms when you have objected to the processing of your data for the performance of a task of public interest or to satisfy a legitimate interest.

Portability

You may receive the personal data concerning you, which you have provided to us and those which have been obtained due to your contractual relationship with LEVEL, in electronic format and have the right to transmit those data to another entity.

If you wish to change how we use your personal information, please get in touch with us by writing to Data Protection Officer, Plaza Pla de l’Estany, 5, 08820, El Prat de Llobregat, Barcelona.

We will ask for some information to identify you, which will only be used to process your request. We will verify your identify via email before processing your request.

The request must be made in writing and include the following information:

• Your full name and postal address.
• The details subject of your request.
• Any information that may help us locate the data subject in your request, such as a locator or flight numbers and dates or telephone records (identifier number, number from which you called and the option chosen, the date and time of your call or calls).
• While verifications are being made as to whether there are compelling legitimate grounds for the processing which override your interests, rights and freedoms when you have objected to the processing of your data for the performance of a task of public interest or to satisfy a legitimate interest.

You must also provide:

• A photocopy of your passport or driving licence, so we can verify your identity.
• Your signature and the date of your request.
• If you are submitting the request on behalf of another person, you will need signed authorisation from that person.

If you wish the information to be provided to you in a machine-readable copy, please indicate that at the time of making your request. Please send your request to: DPO@flylevel.com.

If you have any questions about this policy, please contact the Data Protection Officer.

The Data Protection Officer for LEVEL can be contacted at DPO@flylevel.com.

We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact LEVEL’ Data Protection Officer who will address your concerns.

We hope that we will be able to resolve any concerns you may have.

However, you have a right to complain to the Spain’s Supervisory Authority for data protection, the Agencia Española de Protección de Datos (AEPD).