Finnair privacy policy

Data Controller

Finnair Plc
Business ID: 0108023-3
Address: Tietotie 9 01530 VANTAA, FINLAND

Privacy online service

Manage your privacy settings and request your personal data on the Finnair website at https://privacy.finnair.com.

Data Protection Officer

If you don’t find what you’re looking for in this policy or the Privacy Online Service linked above, you may contact the Finnair Group Data Protection Officer: privacy@finnair.com or Finnair Data Protection Officer, PO BOX 15, 01053 FINNAIR, FINLAND.

How to use your rights

You can use your rights at privacy.finnair.com.

You will always receive a confirmation of the action we have taken on your request (for example, confirmation of deletion). We will let you know if we cannot fulfil a request you have made, and the reasons behind such decision. Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame, we may charge a reasonable fee to cover the administrative costs involved. We reserve the right to reject requests that are unreasonably repetitive, excessive or clearly unfounded.

Right to access

You have the right to access and be informed about the personal data we process about you. You can view some data directly in our digital channels, and you may request a copy of your personal data at privacy.finnair.com. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.

Right to correction

You have the right to rectify or update inaccurate or incomplete personal data we have about you. You can update some of your personal data through our digital channels, and you have the right to request a correction of your contact details or other personal data by contacting us.

Right to erasure

You may ask us to delete your personal data, and we will erase such data without undue delay, unless we have a lawful reason to continue processing the data, such as for delivering the requested services or if there is a legal requirement or lawful right for us to retain personal data.

Right to restrict and to object

You may ask us to restrict the processing of your personal data, for example when your request to correct or remove your data is pending, or if you have objected to the processing of your personal data and the clarification of the grounds for such processing is pending.

You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message. If you are a Finnair Plus member or Finnair account holder, you may also change your direct marketing preferences in your Finnair Plus or Finnair account profile.

Right to withdraw your consent

You have the right to change your mind and withdraw any consent you have previously given to us. If you are a Finnair Plus member or Finnair account holder, you can withdraw your consent in your Finnair Plus or Finnair account profile.

Right to data portability

You have the right to receive the personal data you have given to us in a structured and commonly used electronic format, and to independently transmit those data to a third party.

Lodging a complaint

If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.

Identification and contact data

We collect and process basic information, such as

• name
• date of birth
• gender
• traveller type (adult, child, infant)
• title (Mr, Mrs, Ms)
• contact information, such as address, billing address, ground transportation address, telephone number and email address.

Personal information may be processed, for example, regarding the person travelling, the person making the booking, the emergency contact person, legal guardians or dependents.

Service-related data

In order to make your journey possible, we process booking and ticket information as well as baggage handling details. This may include:

• booking reference number, ticket number, pricing information
• flight details (departure dates and times, flight number)
• flight itinerary (journey origin and destination and possible stopovers)
• booking date, travel type (one-way or return)
• travel class, seat type and number
• baggage tag codes, routing and possible security screening details.

At your request, we may also process special service request information. These types of requests may involve, for example, meal information, transporting pets in the cabin or in the cargo hold, or required special assistance.

We may also process travel document data for passengers travelling to or from the Schengen area, such as passport number, date of birth, sex, passport validity period, issuing country and nationality. If you have chosen to use our online travel document verification service, the image of your travel document will also be processed. Visa information and destination addresses are also collected when required by the destination authorities.

Please note that all persons on the same flight reservation will be able to access the data in the reservation (including the data of the travel companions), available through the My Booking service. Access to My Booking is terminated shortly after the last flight of the reservation. Please also note that if a flight reservation is split into two different flight reservations, the persons in the new split reservation will continue to have access to the original reservation and the payer of the original reservation will have access to the new split reservation.

When you pay for your trip or other services, we process your payment information, such as payment method and credit card information.

We may process information on sales channel and ancillary services, such as pre-ordered meals, travel class upgrades, retail products and other purchases. We process data about your travel arrangements, such as group information (when traveling with others under the same booking reference), check-in methods and travel companions in case of joint check-in.

At selected airports, we also process the data from airport security checkpoints and automated control gates at the departure gates.

In case you choose to share additional information, by submitting a query or claim through our customer services channels, this data will be processed by Finnair.

If you are a member of Finnair Plus or a member of our alliance partner’s loyalty program, we collect and process information such as frequent flyer number, program and tier information, if you have provided your frequent flyer number.

If you book additional transport or parking services through Finnair, we will process transportation address information, service reservation number information, registration plate numbers, ticket information and given additional information, such as the size of the vehicle or written free format information relating to your booking.

Communication data

We may collect and process your communication with us. This can include customer service phone call recordings, chat history, emails, SMS messages and social media posts (controllership of social media data may rest jointly with the social media platform provider). We may also process your information in connection with satisfaction surveys and feedback forms. We may process your direct marketing-related consents and opt-outs (unsubscriptions).

Data collected in our digital touchpoints

When you log into or navigate our digital touchpoints, we will process your login details, service usage and certain information about devices and connections of users, such as IP address.

Special categories of personal data

We limit the collection of special categories of personal data such as information about your health to a minimum, and only to data given by you.

In connection with your special service requests, we may need to process this type of information, for example due to a special medical assistance request. We will process sensitive personal data also in case you need medical clearance or evidence for Finnair or authorities of admissibility to fly with us.

Security records

Finnair stores a record of passengers who have previously endangered flight safety and security or have committed an unruly or illegal act against Finnair or Finnair staff.

Data for background processes

We process reservation, payment and baggage data to measure performance and to prevent fraudulent behaviour (see more in section How we use your data > Based on our legitimate interest > Background processes).

Based on our contract with you

Providing our services

To create a booking, change a booking and identify all passengers onboard, we need the personal information of those travelling.

To provide you with services throughout your entire journey with us, your data will be processed at the airport at check-in and arrival, service desk, lounge, gate as well as on board. In case of irregularities, we need to reach out to our customers and, in case of the disruption of traffic, reroute the passengers and modify their bookings.

To deliver your baggage to your destination, we process the baggage handling details (e.g. tag codes, routing and possible security screenings).

In case of special service requests, we need to ensure you are provided with the correct service. For instance, your diet preference will be processed to ensure that you get the meal of your choice.

We assist you in queries related to your purchases such as flight reservations or shopping.

In order to help you with any questions, collect your feedback, handle your complaints, claims and refunds we use your personal data as necessary. We may also use your identification data to provide you with better service in disruption situations. We may send you confirmation and informative communication about your travel by email, SMS or other means.

We may save your contact information, reservation data, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when getting in touch with us. To keep you informed about your travel and itinerary, we will need to reach out to you using your contact details and process your booking details.

If you have enrolled in our other services, we will process the data provided during registration or booking in order to provide the requested service.

Based on our legitimate interest

Communication and engagement

We may process your personal data to send you service-related informational communications related to services you have purchased or registered for.

We may engage with you to voluntarily participate in developing our services. If you have participated in a survey, the results are used for analytics and can also be combined with other data in our database, such as reservation and flight data, for customer experience improvement purposes. You may be contacted after the survey for providing additional information. We may also contact a selected or limited group of persons to participate in testing our new products and services.

When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.

Digital touchpoints

Personal data, such as login details and site usage logs, are processed in connection with providing you services in our digital touchpoints, to ensure your identity, to identify you across the different touchpoints and to record usage. Functional cookies are employed to collect data from sessions to ensure the functioning of our online services. For more information on how we use cookies, please see our cookie policy.

Personalisation of services

Aiming to continuously improve the customer experience and to make our offering more relevant to you, we may offer personalised service and content based on an individual transaction, for example offering services related to your destination. We may also perform customer segmentation, for instance for offering upgrades, ancillary services and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the travel purpose.

By identifying the customer and their travel history, we can identify previous communications, past irregularities, purchased services and travel information. Accordingly, we can recognise the specific traveller’s needs and pay special attention to certain elements of the customer journey, experience and interactions. To identify the customer and create one unique customer profile, multiple records need to be linked, both for the same and across different transactions.

Background processes

As part of running our business, we may process personal data when carrying out certain background processes. For tickets, ancillaries and other purchases, we need to make sure bookings are created and ticketing is done in compliance with law and Finnair policies. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft, false bookings, fraudulent claims, and auditing of fares and taxes.

For developing and improving our services further and to analyze our business performance, we follow traffic flows, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.

Based on your consent

Marketing communications

If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our Finnair newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Customers have the right to unsubscribe or opt out of receiving marketing messages at any point.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair customer or a representative of our supplier, partner or subcontractor and have not unsubscribed (opted out) from receiving direct marketing.

Learn more about how we process your personal data for digital marketing communications and content personalisation purposes from our dedicated privacy notice.

Digital touchpoints

In addition to enabling our online services, we use cookies for collecting personal data for the purposes of providing service analytics, personalisation and advertising based on your consent. For more information on how we use cookies, please see our cookie policy.

Online travel document verification

We provide our customers with a secure online, advance travel document verification service during the online check-in to minimise faulty data entries related to manual entering of travel document data, as well as to ease and speed up the customer’s journey by reducing the need to show travel documents at different checkpoints at the airport. The use of the online travel document verification is based on your consent. By choosing to use the online travel document verification, you consent to the collection of the image of your travel document together with the travel document data readable from the image of the travel document. This data will be shared with authorities based on our legal obligation and to ensure safe and secure travel with us.

Instead of online travel document verification, you can always choose to enter the travel document information manually during the online check-in process and verify your travel document with our check-in personnel at the airport.

Processes including special categories of personal data

If the processing of your health-related data is necessary, explicit consent will be requested from you. You may be asked to provide additional information, such as a doctor’s certificate to ensure you can travel according to the evaluation of a medical professional, and to ensure that we have the required information to take care of your safety and security. Once consent has been received, the data will be processed, for example, by customer care, ground handling and inflight crew, only to the extent necessary. Based on your consent, we may also process data obtained e.g. from healthcare providers, if this is necessary to verify admissibility to our flights and/or into a foreign country, during a public health crisis.

Based on our legal obligations

Ensuring a safe and secure travel

To provide you with safe and secure travel, and for complying with the safety requirements such as reporting incidents, we need to make sure we know who is on board the aircraft. We identify passengers with check-in, at the gates and in coordination with security services.

In cases where a passenger has interfered with or may compromise flight safety, security or order during or in connection with a flight, we have the right to refuse to accept the passenger on our flights due to security reasons. This decision may be made for a fixed period or until further notice. This also means that we will record the related passenger information in our security records. We will also define the length of the term during which the passenger cannot board our aircraft. We will inform the passenger about storing their information in our security records.

Local laws may require us to share your personal data with authorities, for example border control agencies, customs, immigration authorities, health authorities, police or tax authorities. In order to comply with the legal obligations, we collect and process personal data such as passport details, visa information and your address in your travel destination as required by legislation or authority requirements.

In the event of crises, Finnair may process your data for the purpose of providing care and assistance as well as in order to respond to the situation and meet our legal obligations.

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by the law.

Storage period

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

Profile data

We collect and process the basic personal data you submit about you or your children when creating your Finnair Plus or Finnair account profile. This may include the following information:

• name
• date of birth
• gender
• family size and other residential information
• title (Mr, Mrs, Ms)
• contact information, such as addresses, telephone number and email address
• occupational data – profession or occupation, name of employer, employer address and work telephone number
• travel document information – passport number, passport validity period, issuing country for passport and nationality.

We process information regarding your membership status and history as well as data regarding your personal preferences and your use of membership benefits. This includes the following information:

• membership and profile information – membership commencement date, type and campaign, seat preference (aisle or window)
• membership card information – membership number, date of issue of last membership card, expiry date
• membership tier information – tier history, tier points total, number of tier flights, membership tier, flight ticket price accrual, tier date details
• Avios and tier points information – total Avios and tier points collected during membership, total Avios spent, total Avios available, total expired Avios
• transaction data – all transactions and purchases that involve your membership
• event-specific information – date of event, event details, such as product name, Avios and tier points collected or spent, service provider’s name, document number (ticket number or another document number) 
• information about whether the customer has a combined Finnair Plus credit card
• interests and preferences – leisure interests, meal preference and other interests provided by the member
• marketing data – dispatch dates of marketing communications and Avios and tier point statements, details of campaigns offered to customer and copies of marketing letters sent to customer 
• airport services – information about airport services, such as the use of lounge services, check-in services and baggage handling services and other airport service details
• Direct marketing-related consents and opt-outs (unsubscriptions).

Your profile also contains the data of your flights as Finnair Plus member or Finnair account holder:

• flight number
• point of departure and destination of the flight
• travel class
• airline code
• travel agency that made the booking
• price information of the ticket
• code name for business travel booking and other booking information
• travel partner information – name of the partner

Based on our contract with you

Providing our services 

As part of the Finnair Plus program, Finnair records your transactions. Transactions include Avios and tier points accrual and redemption. This enables us to calculate your account balance. We may send you information about your Avios and tier point balance and about program changes. 

We also process the data that is provided by you in your Finnair Plus or Finnair account profile. In your profile you may choose to share your preferences and interests. These preferences may be used for pre-filling information when making a booking on the Finnair website or to provide more relevant service.

When you enrol in special events, we will process the participant list. The same applies to marketing competitions and prize draws.

Enabling partner services 

The Finnair Plus partners are a notable part of the Finnair Plus program, as you can collect Avios and tier points and spend Avios when using partner services. For this reason, Finnair sends information about partner services and benefits to members together with information regarding the Finnair Plus program and Finnair services. More information about partners is available on the Finnair website.

To provide the partner service and to keep your account balance up-to-date, Finnair also exchanges data with the Finnair Plus partners. If you use Avios with a partner, Finnair will be informed. Similarly, if you accrue Avios or tier points with one of our partners, we will be informed so you are awarded the Avios and tier points correctly. In order to recognise our customers also through our partners’ services, we may send relevant member information. In case of queries or complaints related to partner services, we might correspond with the partners and share relevant member information.

Communication and engagement

The data recorded is also used for targeted member communication distributed in the Finnair mobile application, the Finnair website and in our other channels.

We may use the data recorded to communicate with you about your account and program features and benefits. For instance, these messages may include but are not limited to when your Avios are due to expire or if you are close to the next tier.

In order to provide you with the correct information about our member offers on third-party channels, we may send a list of member emails to the respective third parties. This ensures that the right offers are displayed when you are identified as a Finnair Plus member.

Based on legitimate interest

Communication and engagement

As part of improving our customer communications, we may follow up on the frequency and engagement of how often these messages lead to further actions on your part in order to calculate the metrics such as click rates.

Analytics 

We may use your personal data for analytics, customer recognition and for providing personalised services and customer recognition. This enables us to provide our customers relevant services and products as well as develop our products and concept and create unique customer profiles. Profiles may be used for targeting marketing and content in our digital channels, for example the Finnair website, our mobile application or newsletters distributed by email. Direct marketing involves member-specific variation in the advertising content in the above-mentioned channels. Direction of individualised advertising at members is an integral part of the Finnair Plus program. Having a complete view of our customers enables us to understand your entire experience and helps us to improve our products and services and your experience. We may also derive other metrics based on your customer behaviour, for example, the likelihood of purchasing certain products, create customer segments, predict other products or destinations you may be interested in.

Based on your consent

Marketing communications

Direct marketing messages are sent to members who have given their consent to receive such messages. These marketing materials may include offers from partners, depending on your direct marketing settings.

We may also send you direct marketing related to Finnair services based on applicable legislation on privacy in electronic communications, if you are an existing Finnair Plus customer and haven’t opted out of direct marketing.

Learn more about how we process your personal data for digital marketing communications and content personalisation purposes from our dedicated privacy notice.

Based on our legal obligations

Keeping required records

Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by law.

Storage period

We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.

This notice complements our general privacy policy available on this website and is referenced therein. Your privacy is of utmost importance to us. Therefore, we have created this dedicated privacy notice to provide you with detailed information on how we process your personal data for marketing communication purposes, based on your consent and our legitimate interest, in compliance with the privacy and data protection legislation applicable to us. We want to ensure you are fully informed about how your data is used and what rights you have concerning the processing of your personal data.

This privacy notice concerns you if you are a person visiting or using our digital touchpoints (such as the Finnair app or website), a customer who has a booking with us or a Finnair Plus program member. We carry out our marketing communications and content personalisation practices in accordance with this privacy notice.

Data controller

Finnair Plc Business ID: 0108023-3 Address: Tietotie 9 01530 VANTAA, FINLAND

How to withdraw consent and exercise your rights

If you have visited our website or the Finnair app and given your consent for emails and advertising while searching or booking flights with us, you can manage your preferences or withdraw your consent at any time in our privacy portal.

If you have visited our website and given your consent in the dedicated sign-up form for emails and advertising, you can manage your preferences or withdraw your consent at any time in our privacy portal.

If you are a member of the Finnair Plus program, you can manage your preferences and withdraw your consent in your Finnair Plus profile.

Kindly note the following:

• If we have obtained your contact details in the context of a sale of our products and services, we can use these contact details for marketing communications of our own similar products or services and ancillary services related to your trip via email based on applicable legislation on privacy in electronic communications. When we use your contact details in such a way, we will give you an opportunity to opt out from such use of your contact details in each email. You will find the opt-out link at the bottom of each of our emails.
• In our marketing communications via email, we provide you with a link to opt out from receiving such communications, to manage your consent and preferences. In this way, we enable you to choose whether you wish to receive our marketing communications.
• Withdrawing your consent later does not affect the legality of processing your personal data for marketing communications purposes before you withdrew your consent.
• Whether or not you have given your consent for receiving our personalised advertising, you may still see our non-personalised, general advertisements on our own digital touchpoints and on third-party channels where we advertise our services.
• Except for marketing communications, we will always send you customer communications that concern the status, changes, and continuation of the products and services you have bought from us. We will do this based on your relationship with us as our customer without your consent.

Under the GDPR, you also have the following rights regarding your personal data:

• Right to access: You can request a copy of the personal data that we hold of you. 
• Right to rectification: You can ask us to correct any inaccurate or incomplete personal data.
• Right to erasure: You can request that we delete your personal data under certain conditions.
• Right to restrict processing: You can ask us to restrict the processing of your personal data in certain circumstances. 
• Right to data portability: When we process your personal data based on your consent, you can request to receive your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
• Right to object: You can object to the processing of your personal data based on our legitimate interest for marketing communications purposes at any time. 

Please refer to our general privacy policy on how to use the above rights.

Contact details concerning the processing of your personal data for marketing communications and content personalisation purposes

If you have any questions concerning this privacy notice, you may contact the Finnair Customer Engagement department: customerdata@finnair.com.

Contact details of the data privacy officer

In any issues concerning the processing of your personal data, you may contact the Finnair Data Privacy Officer: privacy@finnair.com.

Data we collect and process about you

If you have accepted performance cookies, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. We will not collect any of your payment details for marketing communications purposes.
• Marketing-related preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through usage of our website and the Finnair app.

If you have accepted content personalisation cookies, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. Additionally, if you complete a transaction or fill any form, we will collect your name, email address and any other details you provide. We will not collect any of your payment details for marketing communications purposes.
• Marketing-related preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through usage of our website and the Finnair app.

If you have accepted advertising cookies, we collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints. We will not collect any of your payment details for marketing communications purposes.
• Marketing preferences: Information about your preferences and interests related to our products and services.
• Behavioural data: Information about your online behaviour, collected through our website, the Finnair app and third-party channels such as social media interactions.

For more information about our use of cookies, please take a look at our cookie policy.

To deliver you marketing emails, we additionally collect and process the following personal data:

• Personal identification information: Randomised ID given to you when you visit our digital touchpoints, your name and email address.
• Interaction data: Data about your interactions with our marketing communications (e.g. open rates, click-through rates).
• Your transactions with us: Information about the flight(s) and other services you have bought and used with us. We will not collect any of your payment details for marketing communications purposes.
• Finnair Plus member’s additional personal identification information: Your membership number, date of birth, gender. We will only process your postal address information if you have given that information to us.
• Finnair Plus member’s travel profile and interests: Information related to your preferences and interests as a Finnair Plus member if you have given that information to us.
• Finnair Plus membership data: Information about the date of becoming a Finnair Plus member, your tier status and personal tracking period in the Finnair Plus program. We will also process data about how much you have spent as a Finnair Plus member and if you have faced some disruptions during your journeys as a Finnair Plus member. We will also process the information about whether you have a credit card related to the Finnair Plus program or not, and whether you have linked your Finnair Plus account with another loyalty program.
• Finnair Plus member’s transaction history: Information about the flight(s) and other services you have bought and used as a Finnair Plus member and the history of your collection and use of previous Finnair Plus award points and current Avios and tier points throughout your membership. We will not collect any of your payment details for marketing communications purposes.

To deliver you personalised advertising, we additionally collect and process the following personal data:

• Personal identification information: Your email address and phone number.
• Interaction data: Data about your interactions with our marketing communications (e.g. open rates, click-through rates).
• Your transactions with us: Information about the flight(s) and other services you have bought and used with us. We will not collect any payment details for marketing communications purposes.
• Finnair Plus member’s additional personal identification information: Your membership number, date of birth, gender. We will only process your postal address information if you have given that information to us.
• Finnair Plus member’s travel profile and interests: Information related to your preferences and interests as a Finnair Plus member if you have given that information to us.
• Finnair Plus membership data: Information about the date of becoming a Finnair Plus member, your tier status and personal tracking period in the Finnair Plus program. We will also process data about how much you have spent as a Finnair Plus member and if you have faced some disruptions during your journeys as a Finnair Plus member. We will also process the information about whether you have a credit card related to the Finnair Plus program or not, and whether you have linked your Finnair Plus account with another loyalty program.
• Finnair Plus member’s transaction history: Information about the flight(s) and other services you have bought and used as a Finnair Plus member and the history of your collection and use of previous Finnair Plus award points and current Avios and tier points throughout your membership. We will not collect any of your payment details for marketing communications purposes. 

To show you personalised content in our own digital touchpoints, we additionally collect and process the following personal data:

• Personal identification information: Your name, email address and phone number.
• Interaction data: Data about your interactions with our marketing communications (e.g. open rates, click-through rates).
• Your transactions with us: Information about the flight(s) and other services you have bought and used with us. We will not collect any payment details for marketing communications purposes.
• Finnair Plus member’s additional personal identification information: Your membership number, date of birth, gender. We will only process your postal address information if you have given that information to us.
• Finnair Plus member’s travel profile and interests: Information related to your preferences and interests as a Finnair Plus member if you have given that information to us.
• Finnair Plus membership data: Information about the date of becoming a Finnair Plus member, your tier status and personal tracking period in the Finnair Plus program. We will also process data about how much you have spent as a Finnair Plus member and if you have faced some disruptions during your journeys as a Finnair Plus member. We will also process the information about whether you have a credit card related to the Finnair Plus program or not, and whether you have linked your Finnair Plus account with another loyalty program.
• Finnair Plus member’s transaction history: Information about the flight(s) and other services you have bought and used as a Finnair Plus member and the history of your collection and use of previous Finnair Plus award points and current Avios and tier points throughout your membership. We will not collect any of your payment details for marketing communications purposes.

Based on our legitimate interest

• Analytics and performance: If you have accepted performance cookies, we measure traffic on our website and the Finnair app, identify returning customers, and understand how our customers use our website and the Finnair app.
• To create a profile about you: If you have accepted content personalisation cookies, we create a profile about you based on your preferences, behaviour and personal identification data for marketing communications and content personalisation purposes. This profile is not shared with any third party unless you have given your consent to receive personalised advertising. The profile will not be used for automated decision-making or profiling that would produce legal effects concerning you.
• To enable third-party advertising tracking: If you have accepted advertising cookies, we use third-party tracking pixels on our digital touchpoints which are technologies that enable our third-party partners to collect your behavioural data directly from our digital touchpoints. This allows us to optimise, measure and place targeted content on other websites and services through our third-party partners. Please see more information about how we share your data for targeted advertising under the section ‘How we share your data’.
• To enrich your profile data: If you have accepted content personalisation cookies, the profile that is created based on the data we collected with these cookies is further enriched based on your ongoing engagement with our digital touchpoints and data we have collected from you as our customer and as a Finnair Plus member. This does not include automated decision-making or profiling that would produce legal effects concerning you.
• Segmentation and personalisation: We use your profile data to get more insight into how we can better serve you as a customer in the context of our whole customer base. This does not include automated decision-making or profiling that would produce legal effects concerning you.
• To personalise our marketing communications content: We tailor the content for our marketing communications channels and personalise content in our own digital touchpoints based on your profile and the other data we collect and process about you (as explained above). This profiling allows us to segment our customer base and provide you with marketing communications content that is relevant to you and is likely to interest you as our potential or existing customer and a Finnair Plus member. This does not include automated decision-making or profiling that would produce legal effects concerning you.

Based on your consent

To deliver you marketing emails

• To deliver you marketing emails related to Finnair and Finnair Plus: If you have given your consent to receive our marketing emails, we will use your personal data to send you marketing emails about Finnair and Finnair Plus products, services, special offers, news and travel inspiration that may interest you.
• To deliver you marketing emails related to Finnair Plus partners and events: If you are a Finnair Plus member and have given your consent to receive our exclusive membership offers from Finnair Plus partners and event invitations, we will use your personal data to send you marketing emails about exclusive membership offers from Finnair Plus partners’ products and services that may interest you, as well as our event invitations.

To deliver you personalised advertising

• To share and match your data with our third-party partners: If you have given your consent to receive our personalised advertising, we will share your data with third-party partners to facilitate data matching to enhance and personalise your experience with our brand.
• To deliver you personalised advertising: If you have given your consent to receive our personalised advertising, we will use your personal data to conduct targeted marketing through third-party channels (e.g. media and social media platforms) by using information about your online behaviour to show you relevant advertisements

Legal basis for processing your data

We process your personal data based on your explicit consent for delivering you our marketing communications, in accordance with Article 6(1)(a) of the GDPR. Your consent is voluntary, and you have the right to withdraw it at any time without any impact on the legality of processing based on your consent before its withdrawal.

If we have obtained your contact details in the context of a sale of our products and services, we process these contact details for marketing communications of our own similar products or services and ancillary services related to your trip, in accordance with Section 200 paragraph 3 under Chapter 24 in Part VII of the Finnish Act on Electronic Communications Services. When we use your contact details in this way, we will give you an opportunity to opt out from such use of your contact details on each email. You will find the opt-out link at the bottom of each of our emails.

We process your personal data for our own internal marketing communications purposes mentioned above (such as analysis and segmentation) based on our legitimate interest, in accordance with Article 6(1)(f) of the GDPR. We have evaluated our legitimate interest based on our purpose as a company to generate profits for our shareholders in accordance with Section 5 under Chapter 1 in Part I of the Finnish Limited Liability Companies Act, which may be achieved only through cost-efficient and on-point sales and marketing communications content, promoting our services and their value to our existing and potential customers in a relevant and interesting manner, and taking account of the risks related to this processing of personal data for our customers. You can at any time contact us to object to our processing of your personal data based on our legitimate interest.