Ryanair is committed to protecting our customer privacy and takes its responsibility regarding the security of customer information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.
This Policy sets out the following:
All personal data is collected and processed in accordance with Irish, EU and UK data protection laws as applicable.
“Ryanair” (referred to as “we”, “us”, “our” or “Ryanair” in this policy) in this policy primarily refers to Ryanair D.A.C., the main operating company of the Ryanair group, and, where appropriate, to other companies in the Ryanair group (Ryanair DAC, Ryanair Sun, Ryanair UK, Laudamotion and Malta Air) or other entities over which Ryanair exercises management control. Ryanair D.A.C. is the “data controller” of all personal information that is collected and used about Ryanair customers for the purposes of the Irish Data Protection Act 2018 or, as applicable in respect of UK customers, the UK Data Protection Act 2018. Ryanair is registered in Ireland with registration number 104547 and registered offices at Ryanair Dublin Office, Airside Business Park, Swords, Co. Dublin.
We may engage third parties to provide services on our behalf. If you book a service offered by a third party (eg travel insurance, car hire, room booking) the third party will be identified in the applicable booking terms and conditions. The third party will be a “data controller” of your personal data in respect of the service they are providing. You should access the privacy policies/statements of those providers directly
Personal data means any information relating to you which allows us to identify you, such as your name, contact details, booking reference number, payment details and information about your access and use of our website and app.
We collect personal data from you when you: (i) book a flight with us (either directly or indirectly through our trusted third party partners such as global distribution systems or tour operators who charter our aircraft), (ii) create a myRyanair account, (iii) apply for a refund, (iv) make a claim under EU Regulation 261/2004 (EU261), (v) use our website and / or app and other websites accessible through our website and / or app, (vi) participate in a survey or competition, or (vii) contact us. We may also process personal data about you, which we receive from law enforcement authorities.
The types of personal data we collect from you are listed below:
Booking Data |
Identity Information |
Name, home address, e-mail address, telephone number, passport or other recognized personal ID card numbers and your image (on a temporary basis for online verification provided by our trusted identity verification partner). |
Payment Information |
Credit/debit card, IBAN & BIC, copy of a bank statement with name and IBAN & BIC details and or Paypal Unique ID. |
|
API (Advance Passenger Information) |
Name, nationality, date of birth, gender, passport or photographic ID number, expiry date, country of issue, visa or residence permit number. |
|
Flight Information |
Flight number, origin airport, destination airport, flight date and time (for current and previous flights). |
|
PNR (Passenger Name Record) |
May include every type of data provided, such as, Flight Information, Identity Information, Payment Information and Health Information. |
|
Health Information |
Physical or mental health conditions or illnesses, medical requirements and/or dietary requirements. |
|
Transaction Information |
Information related to the services/travel products booked in connection with your flights (e.g., if you purchase allocated seats or additional luggage). |
|
Covid-19 Data |
Vaccination status, PCR/antigen Covid-19 test results and Passenger Locator Forms. |
|
myRyanair Data |
Email address for login and password, information you provide about you and your companions including travel documents, Covid-19 Data, voucher details within the Wallet feature which are stored in your myRyanair account. Passport details and date of birth in myRyanair are masked. |
|
Information about your use of our website and/or app including browser settings, domain name, browser type, browser language, device ID, operating system type, device name and model, pages or screens viewed, links clicked, IP address, when and the length of time you visit our website and/or app and the referring URL, or the webpage that led you to our website and/or app. |
||
Third Party Purchases |
Information about your interest in purchasing our trusted partners’ products and services where you initiate such purchase during the flight booking process. |
|
Location Data |
IP address, website market (e.g., English or Spanish) for making bookings and purchases of services/travel products booked in connection with your flight (e.g., if you purchase allocated seats or additional luggage) and postal address. |
|
Communications Data |
Information contained in the communications you exchange with us or direct to us via letters, emails, chat service, calls, and social media and logs of data protection requests. |
|
Health Information
Personal details about your physical or mental health are considered “special categories of personal data” under the GDPR and applicable data protection laws. We will only process such data where you have given your explicit consent (for example, where you request special assistance before or during a flight, we will need to provide this information to our staff or our service providers at those airports to and from which you will be flying so they can provide the assistance you have requested), or where it is necessary to protect your vital interests or those of other people (for instance, if you request special assistance), or where you have deliberately made this information public. The processing of such personal data, including Covid-19 Data (as defined above), may also be necessary for compliance with public health legislation, regulatory requirements or other entry requirements in your destination/s. Some of these requirements apply directly to you as a passenger and some apply to Ryanair and we are required to ensure (and may be required to demonstrate to our regulators, law enforcement and public health authorities) that these requirements have been complied with in the interests of public health.
When you upload Covid-19 Data during online check-in, in relation to a single booking, you do so on a voluntary basis, in which case the documents will be deleted from your device 48 hours after your flight departure. We will retain a copy for three years (unless you request that we erase the copy) solely for the purpose of demonstrating our compliance with public health travel requirements as airlines are subject to heavy fines for allowing passengers without valid vaccine certificates and/or test certificates and/or locator forms to board their flight. In addition to the above you can also choose to upload your Digital Covid Cert to your mobile phone during online check-in, in which case it will be saved for future bookings on your mobile phone, and you may remove this document at any time.
When you have a specific medical condition, you need to inform us of that and in some instances provide us with a medical certificate. This is for your safety and the safety of other passengers. Our General Terms & Conditions of Carriage provide more detail on what medical information you need to disclose to us.
Where you apply for a refund on the basis of you or someone on your booking becoming seriously ill and unable to travel, we will require you to provide suitable evidence in accordance with our General Terms & Conditions of Carriage.
In most cases we will need to process your personal data so we can process your booking, enter into our contract of carriage and perform that contract with you.
We have described below these purposes and all the other purposes your data may be used for. We will only process your data for these stated purposes.
How we use your data |
Why we process your data |
Legal Justification |
We collect and use Booking Data |
To book your flight, to process payments (including refunds and amounts you may be entitled to under EU261), to manage your booking (for example to make requested flight changes), to contact you in relation to your booking (for example in the event of a flight time change or cancellation or refund or to process mishandled baggage claims). Please be aware that service communications relating to a flight change, cancellation or refund are not made for marketing purposes and cannot be opted-out of. |
Performance of our contract with you (see our General Terms & Conditions of Carriage) Legal obligation with regard to EU261 claims |
We collect and use Booking Data and any documents related to expenses which you can claim under EU261 (such as accommodation, transport or refreshments) |
To process EU261 claims. |
Regulation (EC) No 261/2004 on common rules on compensation and assistance to passengers in the event of denied boarding and of cancellation or long delay of flights |
We process Covid-19 Data |
To comply with public health requirements. |
Legal obligation under various public health requirements. For example, in Ireland, we are required to check Covid-19 Data pursuant to S.I. No. 45/2021 - Health Act 1947 (Section 31A - Temporary Requirements) (Covid-19 Passenger Locator Form) Regulations 2021. |
We collect Covid-19 Data that you upload during online check in |
To save these documents in one place with booking to facilitate ease of boarding and presentation to agents (this data will be deleted from your device 48 hours after departure and retained by us for three years (unless you request erasure of this data) in order to demonstrate our compliance with public health travel requirements) or To save your DCC where you upload it to your mobile phone during online check in so that you can use the saved document for future bookings without having to re-upload (in which case your DCC will be saved until you remove it from your mobile phone). |
Explicit consent and legitimate interest in defending against fines imposed on airlines for allowing passengers without valid Covid-19 Data to board their flight. |
We collect your image (on a temporary basis) |
To verify your identity online where a risk of fraud is identified. You will also be offered an option for manual verification. To verify your identity during online check-in and to verify your identity to process refund and/or EU261 requests to ensure you comply with our General Terms & Conditions of Carriage. You will also be offered an option for manual verification in both cases. To verify your identity where you suspect that an unauthorised third party may not have given us your correct details. |
Explicit consent |
We collect your Identity Information when you provide it through our online portal or by email to make a data subject request |
To respond to data subject requests and to keep a log of data subject requests that have been processed. |
Our legitimate interest to verify your identity to respond to GDPR requests. In relation to logs, to demonstrate our compliance with the GDPR and applicable data protection law. |
We process myRyanair Data |
To allow you to login and use the myRyanair service and to save travel documents and Covid-19 Data in your myRyanair account. |
Legitimate interest in providing the myRyanair service, providing a means of reference for travel documents, for Covid-19 compliance purposes and allowing efficient booking mechanism. |
We process Payment Information |
To conduct audits. |
Legitimate interest in ensuring that our financial records are accurate. |
We collect and use Payment Information and combine it with Identity Information, Location Data (specifically name, address, telephone number, email address, passport details, card number, cardholder name, IP address, IP country and device ID) |
To comply with payment card scheme rules and requirements. To enable us to engage in credit or other payment card verification / screening and to detect and prevent fraudulent activities. |
Legitimate interest in detecting and preventing fraudulent activities and complying with regulatory obligations and payment card scheme rules. |
We process your Health Information |
To provide you with assistance at your request (see Health Information section above). To process a claim for refund based on serious illness. |
Consent In the case of a medical emergency, your or another person’s vital interests. In the case of a refund claim, explicit consent and also legitimate interest in preventing fraud. |
We process any information you give us and information we collect from your use of Ryanair’s services, such as your nationality, previous flight origins and destinations and current flight origin and destination and any specific information provided by local law enforcement authorities. |
To determine whether we need to request that you provide your documents for review by our agents and our Immigration department to assess if we are permitted to allow you to board a particular flight (in light of passport and visa requirements). We do not collect and do not use any information on race, ethnicity, religion or health status in making this assessment. This process may involve automated assessments as part of our efforts to detect and prevent unlawful activity. These assessments may lead to additional document checks. Pursuant to our General Terms & Conditions of Carriage, if a person presents false documents when requested to do so, they will not be permitted to board. |
Legitimate interest in ensuring that a passenger has valid travel documents as failure to have valid travel documents on arrival will result in Ryanair having to facilitate the return of the passenger to their country of departure. |
We may process all the categories of data listed above |
To ensure compliance with our General Terms & Conditions of Carriage and our website and app Terms of Use and where necessary for the establishment, exercise or defence of legal claims, prospective legal claims, legal proceedings or prospective legal proceedings, whether before a court, tribunal or other administrative proceeding. |
Legitimate interest in enforcing Ryanair’s legal rights. For special categories of data including, Health Information or Covid-19 Data, as necessary for the establishment, exercise or defence of legal claims or for the purpose of demonstrating compliance with public health legislation or regulatory requirements or enquiries. |
We also process Booking Data and combine it with Purchase Data and Location Data |
To perform statistical and marketing analysis, systems testing, maintenance and development which may include the combination of data for profiling purposes. |
Legitimate interest in improving marketing and promoting Ryanair’s services. |
We also process Identity Information and Travel History |
To contact you for feedback as part of our customer service communications. |
Legitimate interest in improving our services and enhancing your experience with us. |
We also process Booking Data and Location Data |
To provide you with information we believe is of interest to you, prior to, during, and after your travel with us and to personalise the services we offer to you, such as special offers to your favourite destinations. |
Legitimate interest in improving our services and enhancing your experience with us. Any marketing will be based on your consent and you can opt out at any time. |
You will have the choice to opt in or opt out of receiving marketing communications by indicating your choice on the payment page when booking your flight or by updating your app settings. You will also be given the opportunity at the bottom of every marketing e-mail to unsubscribe / opt out. See also the section below on your data subject rights.
To unsubscribe from push notifications you must update your app settings. Push notifications are set out in the initial permissions when downloading an app and vary depending on whether you have an IOS or android device. You should check the settings and permissions on your device in relation to push notifications and change your settings according to your preferences.
We aim to action opt out requests as quickly as we can but it is possible you will receive some marketing communications in the period prior to the request being actioned.
Please note that if you opt out of marketing communications you will still receive service communications in relation to existing bookings (such as flight time change notices).
Only children aged 16 or over can provide their own consent. For children under this age, consent of the children’s parents or legal guardians is required.
We will not retain your data for longer than is necessary to fulfil the purpose it is being processed for. We must also consider periods for which we need to retain personal data in order to meet our legal obligations (e.g., in relation to claims for cancelled flights under EU261) or to deal with complaints, queries, regulatory requirements, for audit purposes, to demonstrate compliance with public health regulations and relevant entry requirements and to protect our legal rights in the event of a claim being made. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process it and whether we can achieve those purposes through other means. We will also consider if and how we can minimise over time the personal data that we use, and if we can anonymise your personal data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
Booking Data is archived 18 months from the date of the flight, once there are no outstanding refunds or money due. In general, most Booking Data is deleted 7 years after the date of the flight. Once this information is archived all payment and travel document information is obscured. Only limited roles within Ryanair have access to this archived data which is stored in order to create summarised models of data and in some instances data to respond to legal claims.
For myRyanair accounts, inactive accounts are generally closed 3 years after the last flight was flown. You can make an erasure request at any time by submitting your request through our dedicated web-form (see ‘Your data protection rights’ section). Once you exercise your right to erasure your myRyanair account will be closed and any data associated with any companion will be deleted. However, a copy of the Booking Data will be retained in our systems as described above. You can change the personal data in your myRyanair account directly in the account. Any changes made by you will only apply to bookings made after these changes were made and will not alter existing bookings.
We process data subject requests using a specialised data protection tool provided by OneTrust. Access to this system is restricted to a limited number of roles in Ryanair and data held in OneTrust is encrypted. We separately keep a log of erasure requests made through our online form, for one year.
We use a third party tool called Zendesk to manage customer service interactions, including complaints, chats, refund requests, EU261 claims, serious illness claims and mishandled baggage claims. This data is retained for a period that reflects the statute of limitations period for contract claims which is at most 10 years.
We are committed to ensuring the security and confidentiality of your personal data. Taking into account the nature of your personal data and the risks of processing, we have put in place appropriate technical and organizational measures as required by applicable legal provisions to ensure an appropriate level of security and to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to these data.
All payment details are transmitted and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).
We may disclose your information to trusted third parties for the purposes set out in this Privacy Policy. We require all third parties to have appropriate technical and operational security measures in place to protect your personal data, in line with Irish, UK and EU law on data protection rules.
In the event that Ryanair suffers a breach involving your personal data and this breach creates a high risk to your rights, we will inform you about the breach, the likely consequences of it and the measures we have put in place to protect you and others in accordance with our GDPR requirements.
Ryanair conducts business in multiple jurisdictions, some of which are not located in the European Economic Area (EEA) such as: Bosnia & Herzegovina, Israel, Jordan, Montenegro, Morocco, Serbia, Turkey, Ukraine and the UK. While countries outside the EEA do not always have strong data protection laws, we require all partners and services providers to process your information in a secure manner and in accordance with GDPR requirements and mainly rely on European Commission approved standard contractual clauses that ensure protection for your data even when it leaves the EEA.
Ryanair Group - Your personal data may be shared with other companies within the Ryanair Group:
Ryanair Company |
Type of Data |
Basis for Transfer if outside EEA |
Buzz, Lauda Europe, Malta Air, Ryanair UK, Travel Labs Spain, Ryanair Labs Wroclaw (Poland), TLPT Aviation Solutions (Portugal) |
Booking Data and Communications Data |
Adequacy decision (linked here) in the case of Ryanair UK N/A in the case of EEA entities |
Service Providers - We will also share your data with our trusted service providers who provide services on our behalf where such service providers are obliged to safeguard your data in accordance with the relevant data protection agreement:
Service Providers |
Type of Data and Services |
Basis for Transfers if outside EEA |
Ground handling agents inside and outside the EEA (please see list below of agents located outside the EEA) |
Process Booking Data to assist you at airports and to demonstrate your compliance with any relevant entry requirements. |
To ground handling agents in non-EEA countries (other than in Israel and the UK): European Commission approved standard contractual clauses To ground handling agents in Israel: adequacy decision (linked here). To ground handling agents in the UK: adequacy decision (linked here). |
Call centres and flight connection service providers including Armatis in Poland, Romania and Portugal and Transcosmos in Hungary |
Process Booking Data and Communications Data to provide assistance to our customers in relation to their bookings. |
N/A |
Our cloud service and e-mail marketing service providers including IMS, Swrve, SurveyMonkey and Boxever |
Process Booking Data to assist us with customer surveys and marketing campaigns. |
N/A |
Payment service providers and currency conversion providers (such as AIBMS (Ireland), ELAVON (Ireland and UK), BARCLAYS (Ireland), AMEX (UK), PAYPAL (Ireland), UATP (Germany), ADYEN (UK/Netherlands), TNS (UK), CYBS (UK), Monex (Ireland), SCA- Cardinal (US) |
Process Booking Data to facilitate your payments to us, and anti-fraud screening, which may need information about your method of payment and flight booking to process payment or ensure the security of your payment transaction. |
To the UK: adequacy decision (linked here). To the US: European Commission approved standard contractual clauses |
Legal and other professional advisers |
May process any and all data to enforce our legal rights in relation to our contract with you and to assist in the investigation of illegal or fraudulent activities or where required by law or court order. |
Generally non-EEA legal and professional advisors do not have access to EEA data. In the limited cases where they do, we put in place European Commission approved standard contractual clauses. |
Ground handling agents outside of the EEA: Bosnia & Herzegovina - Aerodrom Banja Luka; Israel - QAS; Jordan - AHS Group; Montenegro - Airports of Montenegro; Morocco - Swissport; Serbia - Airports of Serbia; Turkey - Turkish Ground Services; Ukraine - Interavia, Kherson Airport, Aerohandling, Lviv Airport, Company Sky Service; the UK - Dalcross Handling, Swissport, Bournemoth Airport Handling, City of Derry Airport Handling, Exter Airport Handling, Prestwick Airport Handling, Menzies Aviation, Blue Handling, Newquay Airport Handling, Teeside Airport Handling.
Third Parties - We may also share your personal data with the following third parties:
Third Party |
Type of Data and Purpose |
Lawful Basis to Share |
Basis for Transfer if outside of EEA |
Airports in your itinerary or to which your flight may fly over located in and outside of the EEA (non-EEA airports are located in the countries listed in the section above on ground handling agents outside of the EEA) |
To process Booking Data to comply with PNR legislation and airport security regulations. |
Contract and compliance with legal obligation. |
To airports in non-EEA countries (other than Israel and the UK): European Commission approved standard contractual clauses To airports in Israel: adequacy decision (linked here). To airports in the UK: adequacy decision (linked here). |
Governments in the EEA and outside the EEA in Israel, Jordan, Morocco, Turkey, Ukraine |
To process API pursuant to local law requirements. API is sent as a secure electronic message to the government system |
Legal obligation pursuant to EU API Directive or for non-EEA countries, local legislation requiring API. |
To Israel: adequacy decision (linked here). To the UK: adequacy decision (linked here). To Jordan, Morocco, Turkey and Ukraine: Derogation for occasional transfers where necessary on public interest grounds (Art 49(1)(d) GDPR). |
Immigration, customs and border control authorities |
To process Booking Data and PNR to comply with PNR legislation, immigration, customs and border control requirements or binding law enforcement requests and court orders. |
Legal obligation, for example the EU PNR Directive 2016/681 |
To the UK: adequacy decision (linked here). |
Governmental agencies and law enforcement authorities for public health reasons |
To process Booking Data to comply with public health legislation and entry requirements in your destination, to demonstrate we have met these requirements to our regulators and to respond to legally binding requests from law enforcement and public health authorities. |
Legal obligation under various national public health laws |
Derogation for occasional transfers for the transfer is necessary for important reasons of public interest (Art 49(1)(d) GDPR) |
Our trusted third party ancillary partners located mostly in the EEA (set out below) who offer travel related products and services on our website |
If you choose to purchase products or services offered on our website as part of your flight booking by third parties (such as Car Trawler, Rentalcars or Cover Genius), then you may be a customer of both Ryanair and these third parties. Ryanair may share your Identity Information and Payment Information with these partners. We are not responsible for third parties’ use of your personal data for their own purposes once they receive it which is covered by that partner’s privacy policy. |
Consent to share data with partner |
N/A |
Courts and law enforcement bodies in all countries we operate in |
To share Booking Data, API and PNR in relation to any investigation or legal claims. |
Legitimate interest in complying with legal request for information. |
To non-EEA countries: Derogation for occasional transfers on basis of legal claims (Art 49(1)(e) GDPR) |
Trusted third party partners:
- Car Hire: RentalCars (Booking.com)
- Private Transfers: Car Trawler
- Hotels: Expedia.com (Hotels.com), Hotelopia, Hostelclub
- Insurance: Cover Genius, Europ Assistance
- Tickets: Coras, Get your Guide
- Parking & Transfers: Looking4, Aircoach, Unipark, Aquacar, National Express, Parkcloud, Malta Transfers, Ma-navette, Transferamigo, Autostradale, Shuttlebus, Nordeka, Plusairportonline, Pickmecab, Transpers, Airexpress, Viajes Rusadir, Translink, ADR mobility, Park Via, Sacbo, SEA
We use cookies on our website. Ryanair DAC is the data controller of any information we obtain from the use of cookies. Please refer to our Cookie Policy and cookie preference centre.
We have appointed a Data Protection Officer (“DPO”) to oversee compliance with this policy. In addition, you always have the right to make a complaint at any time to a supervisory authority. The Irish Data Protection Commission is the lead data protection supervisory authority for Ryanair DAC so please be aware that your complaint may be transferred to the Irish Data Protection Commission.
The GDPR and other data protection laws give you specific rights in relation to your personal information. Details of these rights and how to exercise them are set out below.
DATA RIGHTS
Your rights include the following:
· Opt out / Unsubscribe. You can request to be removed from our marketing mailing list by clicking here. This requires verification of your email address. Please follow the instructions provided through the link.
Please note that if you opt out of marketing communications you will still receive service communications in relation to existing bookings. These can include information about the services you may be using (e.g., seat reservation, checked baggage, etc.).
· Request for erasure of your personal information (right to be forgotten). You may ask us to delete or remove personal data, where we have no legal basis to continue to process it. This includes deletion of the myRyanair account linked to the email address provided and/or used in booking a flight. However, we will retain the personal data that relates to a contract between you and Ryanair (flight booking) to perform the contract, defend or pursue our legal rights and meet our obligations towards regulatory or governmental authorities.
You can request erasure by clicking here. This requires verification of your email address. Please follow the instructions provided through the link.
Please note we will make every effort to erase data where this right has been exercised by you and we no longer have a legal basis for processing same but some personal data sets are impossible (or infeasible) to edit or remove (e.g., server backup or microfiche).
· Object to processing. You have the right to object to the use of your data for direct marketing purposes at any time through this form. This will remove you from our marketing databases. It requires verification of your email address. Please follow the instructions provided through the link. You may also request us to stop processing your personal data where we are doing so based on legitimate interests (e.g., address personalized offers to you in the booking process) unless we require your data for dealing with legal claims or we have compelling legitimate grounds which override your rights. If this is the basis for your objection, then click here for our online request form and set out in the comment area your basis for objection.
· Request information. The section on ‘What personal data we collect’ sets out what personal data we collect and the section ‘What we use your personal data for’ sets out the reasons we collect it.
· Request access to the personal data we hold about you. If you have a myRyanair account, you can view the personal data held in this account by logging into your account. If you wish to access other personal data we hold about you other than what is in your myRyanair account, then you can use our webform available here. You will need to provide a copy of your photo ID, either passport or national ID, when making your request so we can verify your identity. We may not be able to provide you access to the data when it involves information relating to others who have not consented to the disclosure of their information. We will also have to verify your email address before we can send the data to the email address provided in the request.
· Request correction of the personal information that we hold about you. This can be done by you through your myRyanair account. We have included tools in your myRyanair account, allowing you to directly change personal data you have provided there.
Please note that if you require changes in active bookings (i.e., where the flight has not yet taken place), you need to contact our Customer Services directly, as set out in our General Terms and Conditions of Carriage and FAQs.
· Object to automated decision-making including profiling, which produce a legal effect or similarly significant effects. We do use personal data to personalize the services and offers you receive. We also use automated processes to assist us in determining where additional in-person travel document checks are required. We do not engage in automated processing with legal or similarly significant effects.
· Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, but only in limited circumstances, which you must set out in the comment section of our webform. Click here
· Request portability of your personal information in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your data from us in an electronically useable format and to be able to transfer your data to another party in an electronically useable format. Click here
· Withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. In relation to marketing communications, this can be done as set out above under opt out / unsubscribe. In your myRyanair account this can be done through your account by using the delete buttons provided where consent is the basis for our processing. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
· Third parties. If you are applying on behalf of another person then we require a signed letter of authority from the data subject in the form provided here. If you are applying as a parent/guardian of children then we require the signed letter of authority provided here. In addition to the other requirements set out below, we will also verify the email of the data subject before processing such requests. If you wish to make a request on behalf of someone else, please use our third party webform, which allows for attachment of 1) required documents to allow us to validate the identity of the data subject and 2) the above signed letter of authority from the person making the request on behalf of a data subject.
We will respond to any request you make to exercise your rights within one month. However, where required for complex or numerous requests, we may notify you (within the initial one month period) that a further period of up to two months is required in order to respond to the request.
These requests cannot be processed if made via email, due to their volume and the need to verify your identity before we can act on your request. This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may make changes to this privacy policy at any time and if we make any material changes we will bring these changes to your attention.
If you have any further questions about this policy or how we handle your personal information, which are not dealt with here or through our webform or through your myRyanair account, please get in touch with us by writing to our Data Protection Officer at Ryanair Head Office, Airside Business Park, Swords, County Dublin, Ireland or emailing our DPO at [email protected].