- what personal data are;
- which of your personal data we collect;
- how and why we use them;
- to whom we deliver your personal data;
- how we protect your privacy of your personal data;
- how to contact us ad whom to contact if you have questions about processing of your personal data.
Statement on personal data protection
We seriously regard the issue of protecting personal data of our clients (passengers, persons who could become our passengers, Panorama Club members, and other persons who filed a request or claim with UIA), therefore we strive to protect privacy of your personal data. UIA undertakes to take all necessary measures to prevent improper use of your personal data which become known to us. We will process your personal data in strict compliance with the requirements set forth by the applicable legislation, and only if we have legal grounds for doing so.
We control the ways of collecting your personal data, and determine goals for which UIA uses personal data. We are a “data controller” within the meaning of the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”) and other application European laws pertaining to data protection, and an “owner of personal data” within the meaning of the Law of Ukraine on Personal Data Protection dated 01.06.2010 No. 2297-VI.
We process your personal data only if at least one of the following, but not limited to, terms stipulated by Article 6 of GDPR applies
- you have given consent to the processing of your personal data;
- processing is necessary for entering into or the performance of a carriage agreement with you or in order to render additional services to you;
- processing is necessary for compliance with the legislation of the states to/from where we operate our flights, etc.
When processing special categories of personal data (for instance, data concerning health), at least one of the terms stipulated by Article 9 of GDPR must be complied with (for instance, explicit consent to the processing of those personal data, or the necessity of rendering specific services due to the state of your health).
Main notions (definitions)
Personal data means any personal information allowing a third party to identify a natural person (data subject).
Special categories of personal data means so-called “sensitive” personal data which might hurt the data subject at work, at educational institution, at the place he/she lives, or might cause discrimination against him/her. For instance, personal data containing information about racial origin, political opinions, religious beliefs, trade union membership, state of health, sex life, biometric or genetic data. Ukrainian legislation defines them as personal data the processing of which entails special risk for personal data subjects.
Identifiable natural person means one who can be identified, directly or indirectly, in particular, by reference to an identifier (such as, a name, surname, document number, or any other identifier), or through analysis of several factors specific to the physical, genetic, mental, economic, cultural or another identity of that natural person.
Personal data subject means a natural person to whom personal data are related, and who can be identified by means of such personal data, or who has been identified.
Personal data controller means a natural or legal person which determines the purposes and means of the processing of personal data, and bears the primary responsibility for their processing. Personal data controller is an “owner of personal data” under the terms of the Ukrainian legislation.
Personal data processor means a natural or legal person which based on the controller’s instructions (directives, orders) processes personal data for the controller. Personal data processor is an “administrator of personal data” under the terms of the Ukrainian legislation.
Personal data processing means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, alteration, adjustment, retrieval, use, dissemination or otherwise making available to third parties, including, staff of the personal data controller or processor, or destruction.
Laws regulating personal data processing
Your personal data are processed in compliance with the requirements set forth by the Law of Ukraine on Personal Data Protection as of 1 June 2010. Personal data of the clients being on the EU territory or being EU citizens is regulated, in particular, by the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as “GDPR”). Furthermore, legislation of the states to where we operate flights may determine additional requirements.
Goals of personal data processing
UIA provides air carriage services in the majority of states worldwide. We need to have your personal data in order for us and our partners to arrange air carriage for you, in particular:
- issue an air ticket
- make adjustments in booking;
- ensure your check-in for a flight;
- take you and your baggage for carriage;
- provide you with the whole range of our services;
- have a possibility to familiarize you with all our special offers of tickets and other services, including co-operative promotional actions of UIA and our partners;
- ensure provision of services relating to passenger and baggage grounds handling;
- perform security control procedures, customs and border clearance;
- arrange for baggage tracing and alert system;
- give consultations on entry/exit along the carriage route;
- provide information support of your trip.
In order to send you commercial (marketing) information, you get this specific consent of yours which can be canceled at any time.
We can also send you Push Notifications, messages via Skype, Viber, WhatsApp and other messages using various ОТТ Apps, SMS texts, messages through other communication means to inform you about your flight, or to get your feedback concerning the quality of in-flight service.
We ask you to inform us only about such personal data that are required to render the service or newsletters you chose, or a reply to you special request/claim. At the same time, if you decide to inform us about any additional personal data, we will be able to process them with due level of protection.
If you wish to know more about the companies to which we may disclose your personal data, please see their list on UIA web-site. Please, be advised that this list can be not complete.
Personal data that we process
Please see the table below to find out which of your personal data we process to provide your services to you:
* These personal data are processed when a service is purchased via UIA website or UIA smartphone app. Our partners may request you to provide other personal data if you purchase a service at the airport, from a travel agency, at the ticket office, or during the flight.
** From time to time, we may contact you to inform you of special ticket offers, advantages of our services, co-operative promotional actions of UIA and partners, our news, including our E-news via e-mail. You can accept or refuse to receive such information, indication the option you choose when booking services. Later, you will be able to opt out of marketing newsletters in each e-mail you receive from us.
In addition to the aforesaid, we can process any other personal data if you decide to provide them to UIA.
If storage of your personal data is not necessary for the provision of services to you, or is not required under applicable legislation, we will delete them.
Special categories of data
When rendering services to you, we may process personal data using which it is possible to determine your physical or mental health. Such information is deemed “sensitive personal data” in accordance with GDPR. We collect these personal data only if it is required to do so to provide you with carriage services, or if you deliberately submitted them to us.
For instance, we can collect this information in the following cases:
- For your safety. If your state of health is specific, you must inform us thereof, and, if required, present a medical certificate or have medical checkup.
- If you request special in-flight services or assistance, thus you may discloser to us the data on your health (for instance, if you request to provide you auxiliary means of conveyance).
To know more about medical information which you might be required to furnish, please study the information for passengers with special needs.
If you do not allow us to process any personal data of special categories, it might mean that we will not be able to provide you with special services you have requested from us.
Place of personal data storage
UIA has a large database of personal data. To ensure their safety, we use cloud services of Amazon Web Services EMEA SARL (5 rue Plaetis, L-2338, Luxembourg). Data stored by Amazon Web Services EMEA SARL are kept at data processing centers in Germany.
Disclosure of your personal data to third parties
In order to enable you to use our services, we must disclose your personal information to third parties, which include the following:
In cases stipulated by law, we are required to disclose your personal information to government agencies. These agencies may include law enforcement agencies, border guard offices, immigration authorities of the countries to which you travel with us. If we do not disclose your personal data to these authorities according to their legal requirement, you may be denied traveling at the point of departure or you will not give permission to enter the point of destination.
While providing air transport services we must share some of your personal information with our partner airlines. Among them: Windrose, Air Moldova, Air France, Air Baltic, AZAL, KLM, Czech Airlines, Iberia, TAP Portugal, Turkish Airlines, Vietnam Airlines, Belavia, Air Canada, Austrian Airlines, Lufthansa and other airlines which are member of IATA. We will share your personal information with these airlines only in cases where they are involved in your transportation. In addition, if any of the partner airlines is involved in your transportation, it will have a possibility to disclose your personal data to their ground handling agents.
Ground handling partners
UIA cooperates both with ground handling companies in the Boryspil International Airport, and other ground handling agents at the airports of UIA destinations. The main handling partners in Ukraine include Aerohandling, LLC; Interavia, LLC; "Company "Dniproaviaservice", LLC; NEW SYSTEMS AM, LLC; State Enterprise "Danylo Halytskyi International Airport "Lviv"". For a more detailed list of our partners please visit UIA website here. We need to disclose your personal data to our partners to check you and your baggage in for the flight. In addition, for flights to certain destinations, we instruct our ground handling agents to check your personal data for their compliance with the terms of entry, such as a visa availability.
Panorama Club Partners
The list of our partners in the loyalty programs Panorama Club/Panorama Club Corporate is available on UIA When you purchase their services, please read the section on personal data protection on their websites. We share with our partners the information about your use of their services, while UIA does not disclose any personal data.
You often book tickets for our flights through a network of agents that use the services of the global distribution system (GDS). Thus, booking systems get access to your personal information at the moment of booking. In addition, the air ticket booking processes directly involves the airline reservation system that allows such a booking. This happens for the sole purpose of enabling you to book a ticket, order any other additional services or make changes to your booking.
Our main booking and ticketing system, through which we transfer personal data at booking, is Amadeus Altéa operated by AMADEUS IT GROUP SA. This system meets all safety standards.
We also provide access to your personal data to the developers of our booking and ticketing system and online check-in systems, who are personal data processors, in order to maintain the operation of these systems. The main developer is Solring Holdings Ltd.
If you want to know more about the companies we may share your personal data with, please see their list on UIA website. Please note that this list may be incomplete.
If you want to know more about the rules of processing of your personal data by our counteragents, you can also read their privacy policies.
Technical, organizational and other measures of data protection
For safe storage of your personal data we have implemented various technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage.
UIA observe the principle of personal data minimization. We process only the information we need, or the information you provide of your own free will beyond the required processing range. In addition, we have configured all the interfaces of our website and services application to comply with highest confidentiality requirements, which settings you can adjust at your own convenience.
We always use the safest and most proven routes of data transmission, when transferring personal data to public authorities.
Personal data processing (storage) time
We will not store your data longer than it is necessary to fulfill the purpose for which they are processed, or to comply with the statutory requirements.
To determine the appropriate storage period, we identify the nature and category of personal data, the purposes for which we process them, and if we can achieve purpose through other means.
By the general rule, the time limit for personal data processing in our airline company is 2555 days from the date of submission of tax reports for the period in which the corresponding transaction was performed (e.g. passenger transportation). The specified processing time is consistent with the provisions of the Tax Code of Ukraine on the document retention period, where such documents are connected with taxes and fees charge and payment. As legislation of the countries, to/from which UIA perform transportation services, may establish additional requirements, periods for personal data storage may differ from those specified in this paragraph.
In particular, if legislation of any country, to/from which UIA perform transportation services, contains provisions on the statute on limitations on claims, during which you have the right to submit a claim or file a suit against UIA, and we need evidence for the existence of the legal relationship between us, we may process your personal data during this period.
We also need to take into account the periods for which we may need to save your personal data to comply with our legal obligations to you or regulatory authorities (for example, in relation to claims and suits on cancellation/delay of flights in accordance with EU Regulation 261/2004).
In case of any query to our contact centre, or at regular interaction with UIA, for example, when you try to purchase a ticket at the box office, without successful completion (without payment) and without giving us explicit consent to your personal data processing, we will not retain such personal information.
Over time, we can minimize your personal data that we use, or can even make your data anonymous, for them not to be any more associated with you personally. In this case, we can use this information without further notice to you.
Cookies and other tracking technologies
Cookies are small text files that save websites on your computer or mobile devices at the moment when you start to use them. Thus, the website for some time will remember your preferences and the actions you performed, including, for the purposes you do not have to re-enter the data. Our cookies do not identify any individual user by themselves, but identify only a computer or a mobile device you use.
You can find the list of cookies, other tracking technologies, which UIA use, as well as their exact purpose on our website here.
For more information about what cookies are, how they work and how to manage or how to delete them, visit www.allaboutcookies.org
Please be informed that you can disable cookies and other tracking technologies in the settings of some Internet browsers. In this case, you must understand that if you disable some cookies, functionality of UIA website and our mobile application may be restricted, including possible incorrect operation of some services, and you will not be able to take advantage of all their benefits.
Rights of personal data subjects
The rights of personal data subjects in accordance with the legislation of Ukraine
We are pleased to inform you about your rights regarding the processing of personal data in accordance with the legislation of Ukraine:
- you have the right to know about the sources of collection, storage of your personal data, purpose of their processing, the location or place of residence (stay) of the controller or processor of personal data, or give appropriate instructions on obtaining this information to their authorized persons, except to the extent permitted by applicable law;
- to obtain information on the terms for granting access to personal data, including information about third parties who your personal data are disclosed to;
- to access to your personal data;
- to obtain the answer on whether your personal data are being processed, no later than thirty calendar days from the date of receipt of the request, except to the extent permitted by applicable law, as well as to obtain the contents of such personal data;
- to submit a reasoned request to the personal data controller with objection against your personal data processing;
- to submit a reasoned request for the modification or destruction of your personal data by any controller and processor of personal data, if such data are processed illegally or are inaccurate;
- to protect your personal data against unlawful processing and accidental loss, destruction, damage in connection with concealment, failure to provide or untimely provision of them, as well as to protection from provision of the information that is unreliable or discrediting the honor, dignity and business reputation of an individual;
- to file complaints as to processing of your personal data to the Ukrainian Parliament Commissioner for Human Rights or to the court;
- to apply legal remedies in case of violation of data protection laws;
- to make a reservation on the limitation of the right to process your personal data when granting consent;
- to withdraw your consent to personal data processing;
- to know the mechanism of automatic processing of personal data;
- for protection against an automated solution that has legal consequences for you.
Other rights of personal data subjects in accordance with GDPR
In addition to the Ukrainian data protection laws, UIA are considerate towards ensuring your rights established by GDPR.
Right to information
We are ready to give data subjects the information on their personal data which we process.
If you want to know which of your personal data we process, you can request this information at any time, including by reference to the UIA data protection officer. You can find the list of data we must provide you in Articles 13 and 14 of the GDPR. Thus, when applying you must state your specific requirements, so we could legitimately consider your request and provide a response.
Please note that if we are unable to verify your identity by e-mail messages or at your application to the call center, or in the case of reasonable doubts concerning your identity, we may ask you to provide a proof of identity, including by personal appearance in UIA office. This is the only way we can avoid disclosing your personal data to a person who can perpetrate your identity.
We will process your request in the shortest possible time, but at the same time please remember that it is a complex process to provide you a full and legitimate answer in relation to your personal data, that can take up to a month.
Right to correct your personal data
If you find that some personal data which we process about you are incorrect or outdated, please inform us about it, including through UIA data protection officer. In this case, we may ask you to provide a proof of identity, including by your personal appearance in UIA office.
If you want to correct your personal data processed within our loyalty program Panorama Club, you can do it yourself by logging in to your personal account on UIA website.
In some cases we will not be able to change your personal information. In particular, such case can include the event when your personal information has already been used during the execution of the contract of carriage and/or they are contained in a tax document that was issued in accordance with tax legislation.
Withdrawal of consent to personal data processing and right to be forgotten
If UIA processes your personal data subject to a consent to personal data processing (in particular, for the purpose of transmitting commercial newsletters), further processing can be terminated at any time. All you must do is to withdraw your consent to such processing.
You may also exercise your right to be forgotten. In cases stipulated in Article 17 of GDPR, UIA will delete your personal data it processes, except for those personal data which we are obliged to store in accordance with the requirements set forth by the applicable legislation.
Furthermore, in this case, for the purposes of safety, UIA may request you to present your ID document, including directly at the UIA office.
Persons you can address to protect your personal data
Data Protection Officer of UIA
UIA has a position of the Data Protection Officer (DPO) to ensure more reliable data protection. Should you have any questions, remarks, complaints or comments relating to the protection and processing of your personal data, feel free to apply to the Data Protection Officer:
Mr. Stanislav Kovalenko
Ukraine International Airlines
201-203 Kharkivske Shose, Kyiv, 02121, Ukraine
You can also send your questions, remarks, or complaints relating to your personal data via UIA website.
UIA Representative in EU
For your convenience, we assigned a representative in EU for you to be able to contact us on the territory of the European Union.
Personal Data Protection Authority in Ukraine
The administrative authority in charge of the personal data protection in Ukraine is the Department for Personal Data Protection of the Secretariat of the Ukrainian Parliament Commissioner for Human Rights. You may submit your complaints or comments thereto if you believe that your rights are violated due to the processing of your personal data.