At Jet2.com and Jet2holidays, we are committed to only collecting, using and disclosing your personal data in ways that you expect and have consented to or as we are required or permitted to by law. This policy explains how we use your information and applies to all Jet2.com and Jet2holidays customers and visitors to our apps and our websites (together our “websites”).
We understand that not everybody needs or wants to know how we use their information in the same level of detail, so we have created two levels of information for you. If you just want to know the basics, please read the 'essential information' section for each topic. If you want to know more, please read the ‘detailed information’ section so that you can learn more about a particular issue.
Where you book a flight with us, Jet2.com Limited is the controller of your personal data and where you book one of our holidays, Jet2holidays Limited is the relevant controller. If you have any questions about this policy please contact our Data Protection Officer here: firstname.lastname@example.org.
The main way we use your personal data is to fulfil your booking (be it a flight booking or a holiday booking) to help us understand your needs and to provide you with a better service. We may store information about your travel history and your preferences. We may also use your personal data for marketing purposes, but we will make sure to not send you emails with offers and information if you have told us you would prefer not to receive these.
As well as to fulfil your flight or holiday booking and to provide you with updates about your booking, we use your information in the following ways:
Most of the data we process about you comes from you, for example, information you provide to us so that we can fulfil your travel booking.
Other information is gathered during your use of our websites (e.g. IP addresses or information obtained via cookies) and from your interaction with us at airports and hotels (e.g. data we may receive from airport check-in systems).
A lot of the data we process is data which you provide to us, such as your name, contact details, payment card information, date of birth etc. You usually provide this information when you make a booking via our websites or call centre, or when you contact us via email, letter or phone.
If you use social media sites such as Facebook, Twitter and Instagram, booking engines or personal banking sites, these sites are operated by third party providers and they may share your personal data with us.
Similar to other commercial websites, our websites utilise a standard technology to collect information about how our website is used by individual computers connected to the internet.
This information is gathered through "Cookies". Cookies are small files of letters and numbers that we put on your computer's hard drive. These small files allow us to distinguish you from other users of our website, monitor website traffic and to personalise the content of the site for you. This ultimately helps us provide you with a good experience when you browse our websites and improve the content of our marketing and allows us to improve our site going forward.
Please note however that Cookies cannot retrieve any personal data from your hard drive or pass on computer viruses.
In most cases, providing your personal data to us is optional, however, if you do not provide it, we will probably not be able to fulfil your booking. For example, if you book a flight with us, we need details such as your name and passport details to be able to complete your booking and we will need your payment card details to take your payment. When you make a booking, we will only collect information which is required for the purpose of your booking. In other cases, you have a choice over whether we collect your personal data, for example, you can turn off cookies on your browser and we will not place any cookies on your device or computer (although in this case you may not be able to use all parts of our website). Sometimes, we are required by law to collect certain data for border control purposes and where you have booked a flight with us you cannot prevent this collection of data other than by choosing not to check-in for this flight.
We process information about you that you give us when you make a flight or holiday booking with us or purchase any other product or service from us, such as your name, date of birth, billing and home addresses, booking reference, email address, telephone number and payment card details. You may also create a user name and password if you choose to create a myJet2 profile. Where necessary we will also collect your passport and other travel authorisation documents such as visas. When you visit our websites we also automatically receive your IP address which is a unique identifier for your computer or other device you are using to access our site.
You may provide us with limited details about other people (e.g. where you make a travel or holiday booking on behalf of a group). Where you provide the details of other individuals you should ensure you are have their permission to do so. Please tell these people to read this policy if they want to find out more about our data protection practices.
A more detailed description of the information we process about you can be found below.
Data protection laws require us to tell you what legal basis we use for processing your personal data. These bases are set out in the applicable data protection law. We generally use the following grounds:
Sometimes we process data about you which the law considers to fall within special categories (see section "What personal data do we process?" for more details), in which case, we use one of the following grounds:
Please see the table below if you want to know which particular grounds we use for each particular processing activity.
We explain below which particular ground we use for each activity. Where we rely on the ground that the processing is in our or someone else's legitimate interests, we explain what those interests are (data protection laws require us to tell you about this).
|Type of data/ processing activity||Ground relied on||Ground relied on for special category data||Details about the legitimate interest where this ground relied upon|
Compliance with a legal obligation
Perform-ance of a contract
Jet2.com's/ Jet2holidays legitimate interests
|To make bookings for flights or holidays.||-||-||-||N/A||N/A|
To amend bookings and answer queries relating to existing bookings.
Payment data gathered in the course of making and receiving payments.
|Marketing of flights and holidays to our customers.||-||-||-||N/A||
To market flights and holidays to customers who have a relationship with Jet2.com or Jet2holidays and are likely to be interested in hearing about future offers.
Emails and SMS messages providing updates relating to flight and holiday details.
|-||-||-||N/A||To provide flight and holiday updates to customers relating to their bookings.|
|Answering customer complaints and queries.||-||-||-||
Specific consent where special category data is provided as part of a query / complaint.
|To investigate and respond to complaints and queries about our products and services.|
|To conduct satisfaction surveys with customers.||-||-||-||N/A||To allow Jet2.com and Jet2holidays to improve the quality of the products and services which it provides to customers.|
|To manage safety of customers and report safety incidents.||-||-||-||Necessary for reasons of substantial public interest.||To ensure safety of customers and to manage aircraft and resort safety.|
|Printing and posting travel tickets to customers||-||-||-||N/A||N/A|
|Managing boarding and departures of aircraft.||-||-||-||N/A||N/A|
|To log incidents of disruptive passengers.||-||-||-||N/A||To comply with our responsibility to ensure safety of flights and inform any potential sanction decisions.|
|Manging sales made within airports (e.g. excess baggage).||-||-||-||N/A||N/A|
|To locate lost baggage.||-||-||-||N/A||N/A|
|Tailoring Jet2.com and Jet2holidays website content to customers.||-||-||-||N/A||To assist Jet2.com and Jet2holidays in designing their website and improving the customer experience.|
Selling excursions to Jet2.com and Jet2holidays customers before departure or in resort.
|Management of any customer health and safety issues.||-||-||-||Specific consent where required.||To manage and record passenger medical issues.|
|For training and quality purposes.||-||-||-||N/A||Processing of customer data as part of our ongoing training programme for our team.|
|Detection and prevention of fraud.||-||-||-||N/A||To protect Jet2.com and Jet2holidays and its customers against fraudulent activity|
To manage payment of compensation under The Flight Compensation Regulation 261/2004.
|To respond to Subject Access Requests.||-||-||-||Specific consent as required to process Subject Access Requests||N/A|
To assess and defend claims made against Jet2.com and Jet2holidays
|-||-||-||As necessary to defend claim.||To investigate and manage legal claims.|
|To assist law enforcement bodies with their functions.||-||-||-||N/A||To comply with lawful requests by law enforcement bodies.|
We share your personal data with third parties who provide services to us.
In the course of doing so we may sometimes transfer data outside of the UK and when we do so we make sure that it is protected to the same standards as in the UK.
In relation to passengers making reservations to destinations in the United States of America we are required to transfer to the US Department of Homeland Security ("DHS") certain travel and reservation data about passengers flying between the European Union and the United States of America in accordance with an International Agreement between the European Union and the United States.
US authorities use this information for preventing and combating terrorism and other transnational serious crimes. For further information about the way in which the DHS uses this data please see : www.dhs.gov and this PDF. Depending on the country you are travelling to we may also be required to share your information with other border agencies.
The types of third party service providers who we share your data with include companies which help us understand our customer behaviour or help improve our website, local airports and third party ground handlers who help provide services to you and our local partners in relation to package holidays. We always have contracts in place with these third parties which require them to properly protect your data and only use it for the purposes of providing the particular service.
As part of providing your holiday we will engage local operators (for example, to arrange airport transfers) and we will share your personal data with them so they we can make sure your holiday runs smoothly.
If we sell or buy any business or assets, we will disclose your personal data to the prospective seller or buyer of such business or assets, and if we or part of our business is acquired by a third party, personal data about our customers will be transferred to that third party.
In the event of medical emergency during a flight we may share personal data with third party service providers to call for advice for the purposes of managing and recording passenger medical issues. Your personal data may also be included in a flight report which is sent to the flight operator.
We also share personal data for the purposes of fraud prevention and detection with other group companies and other organisations (including law enforcement agencies) involved in fraud prevention and detection. This includes sharing your details with a third party fraud management solution providers, in order to identify potentially fraudulent bookings.
If there are any incidents with disruptive passengers on board our flights, we may share personal data with law enforcement agencies. We also share personal data relating to reported incidents, complaints and feedback in relation to Jet2holidays with our travel partners and local agents.
In order to assess and defend any legal claims made against us, we may share your personal data with our legal advisors and claims handlers. We may also share your information with law enforcement and government agencies where this is reasonable for the prevention and detection of crime or if we believe a claim is being made fraudulently.
We also pass your information to border agencies where this is required to travel to certain countries.
You have several rights in relation to your personal data. These include accessing your data, correcting any mistakes, having your data erased, restricting the processing of your data, objecting to the processing of your data, data portability, and rights relating to automated decision making and profiling. In most cases there are conditions attached to these rights. Please see the relevant sections below if you want to find out more.
To exercise your rights please contact our Data Protection Officer at: email@example.com or, to make a request to access your data, follow the instructions below.
Accessing your data
You can ask us to confirm whether we are processing your personal data and to give you a copy of that data along with further information about how we use your personal data.
To make a request to access your data please send us your request in writing, signed and dated to the address below along with:
If you are requesting a copy of personal data on behalf of a third party, please also send to us a signed authority from the individual whose data is required and a copy of their passport or driving licence. If the third party is a child under the age of 16, the written authority should come from a person with parental responsibility (along with a copy of the child’s passport).
Please send your request to: Data Protection Department, Legal Services, Jet2.com Limited, PO Box 284, Leeds, LS11 1GE or electronically to: firstname.lastname@example.org.
You do not have to pay a fee for a copy of your information unless your request is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in the circumstances. We will let you know of any charges before completing your request.
We aim to respond to you within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. We will let you know if we are going to take longer than 1 month in dealing with your request. If we have a lot of information about you we might ask you if you can tell us what exactly you want to receive. This will help us action your request more quickly.
Correcting your data
You can ask us to correct any data which is inaccurate or incomplete. This is free of charge.
We aim to deal with requests for correction within 1 month, although it might take us up to 3 months if your request is particularly complicated.
If we can't action a request to correct your data, we will let you know and explain why this is.
Erasing your data
This right is sometimes referred to as "the right to be forgotten". This is not an absolute right but you have the right to have your data erased, free of charge, in certain circumstances.
There are some exceptions to this right. If one of these applies, we will confirm this to you and we do not have to delete the data.
Restricting the processing of your data
You can ask us to restrict the processing of your personal data in some circumstances, free of charge. This is not an absolute right. If processing is restricted we can store the data and retain enough information to make sure the restriction is respected, but we cannot further process your data.
We will tell you if we decide to lift a restriction on processing your data.
Objecting to the processing of your data
Objecting to the processing of your data is free of charge. It is not an absolute right but you can object to our processing of your data where it is:
We will stop processing your personal data unless we have compelling legitimate grounds for the processing which override your interests and rights, or unless we are processing the data for the establishment, exercise or defence of legal claims.
You can require us to stop using your data for direct marketing purposes. We will process your request as soon as it is received but it may take up to 14 days for this to be effective. There are no exemptions or reasons for us to refuse.
This allows you to obtain and reuse your personal data for your own purposes across different services. It applies where the following conditions are met:
you provided the personal data to us yourself;
We will provide your data free of charge in a structured, commonly used and machine readable form. We aim to provide your data within 1 month of receiving your request unless it is particularly complicated or you have made several requests, in which case we aim to respond within 3 months. If we are going to take longer than 1 month we will let you know and explain why we need more time. If we consider that we cannot provide you with your data, we will contact you and explain why this is.
Contact and complaints
If you have any questions about this policy or about how we use your personal data please contact the Data Protection Officer at: email@example.com.
If you are unhappy about how we are processing your data or how we have responded to a request or complaint, you have the right to make a complaint to the UK's data protection regulator, the Information Commissioner's Office (ICO). You can find more details about how to contact the ICO on their website https://ico.org.uk/
Last Updated 24th May 2018