Who we are
This is the main Privacy Notice for the Alaska Air Group airlines: Alaska Airlines, Inc. and Horizon Air Industries, Inc. ("Alaska," “we,” “us”). Alaska's contact information appears at the end of this Privacy Notice.
California consumers can find specific disclosures, including “Notice at Collection” details regarding how we collect, use, disclose, sell or share, and retain personal data.
What this privacy notice covers
This Privacy Notice applies to the personal data Alaska collects via its services, websites and apps that refer to this Privacy Notice, as well as to Alaska's own privacy practices in connection with our services, including offline transactions such as when you speak with Alaska’s customer support team or when providing information at the ticket counter or boarding gate. This Privacy Notice does not cover data collection, use, and sharing by third parties related to our services that are subject to a separate privacy notice. For example:
- When you arrange travel on our airlines through third parties (such as travel agents, other airlines, search engines and travel websites) those third parties' own privacy policies apply to their processing of the personal data they collect, use, and disclose, and Alaska will process the personal data that Alaska receives from them or you under this Privacy Notice.
- Alaska Mileage Plan™-branded credit cards and related financial products are provided by Bank of America (for U.S. residents) and The Toronto-Dominion Bank (MBNA, for Canadian residents). These financial institutions process personal data (including to assess your application, eligibility, and administer the card) is subject to their own privacy notice and practices. When they disclose personal data to Alaska (such as to coordinate eligibility for Mileage Plan™ miles based on card usage), we handle that limited data pursuant to this Privacy Notice.
- This Privacy Notice does not cover our human resources activities, other than our online Careers pages that collect data for recruiting purposes.
How we collect personal data
The personal data we collect depends on how you interact with and use our websites, apps, and services, and the choices you make.
For example, we collect personal data from you directly at the airport (such as at our ticket counters, kiosks, and boarding gate) and through other online or offline channels, such as our websites, apps, inflight entertainment systems, and call centers. We also receive personal data collected by our affiliates, partners, loyalty program participants, service providers, travel agents, other airlines, and others who are involved in your travel experience, as well as other third parties such as companies that provide demographic information we use to supplement information to personalize your experience and our marketing and advertising.
Categories of personal data we collect
We collect the following types of personal data:
- Name and contact information. We collect name, username, and other contact details such as postal address, telephone number, and email address.
- Demographic information. Demographic information, such as birth date and gender.
- Commercial information.
- Payment information, such as debit or credit card number and expiration date.
- Gift card and travel certificate information, such as card code and expiration date.
- Mileage Plan™ number and other awards or loyalty program numbers.
- Transactional and online activity data, including activity related to purchases or points earned as part of your Mileage Plan™ account or through Mileage Plan™ partners. For example when you purchase Alaska products and services (e.g. purchase of tickets, inflight food and beverage, cargo sales, etc.).
- Social media information, including your social-media “handle,” and other information communicated to us directly through social media such as messages or posts directed at us.
- Survey and marketing responses, including Information you provide in responses to surveys, marketing, focus groups, and research.
- Content and files, such as the information you provide to us directly or provided to Alaska by a third party site or agent you used to book your travel (such as a travel agency, third party travel app) or other entity.
- Travel information, such as flight, hotel and vehicle reservation information, as well as confirmation codes and e-ticket numbers.
- Geolocation data. Depending on your device and settings, we collect the location of the device on which you install our app or access our website.
- Audio or electronic information. Records of your communications with us (for example, we record all calls to our call center, and keep copies of the contents of your correspondence with us on our website, app, chat features, and other channels).
- Internet or other electronic network activity.
- We use cookies and similar technology to collect data through automated means when you visit our websites or if you have installed our apps. This data is used for marketing, analytics and other purposes described in this Privacy Notice. For more details, including the data collected by cookies and similar technologies and how to manage your preferences, visit our Cookie Policy.
- We automatically log your activity on our websites and apps, including the URL of the website from which you came to our sites, pages you viewed, how long you spent on a page, access times, and other details about your use of and actions on our website and app.
- We also use tools to record and analyze your interaction with our websites and app to help us improve your experience.
- Sensitive Personal Information.
- Government IDs. Governmental identifiers, such as driver's license and passport information, Transportation Security Administration (TSA) Redress Number and Known Traveler Number.
- Health information. Health information, such vaccination, health, or wellness information required by applicable laws or regulations or necessary to assist you in the event of a medical or other emergency. Also, we collect data related to special requests or needs (such as dietary requests, wheelchair use during travel, or other medical needs).
- Online Account Access. Account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.
- Biometrics. At some locations, biometric information may be collected during the security clearance and boarding process. At boarding, U.S. Customs and Border Protection (CBP) may ask us to collect photographs of facial images for flights leaving the United States. Photographs shared with CBP will be compared to image(s) associated with your passport, other government issued travel documents, or prior border inspections. If you do not wish to have your biometrics collected for this purpose, you can speak to a Customer Service Agent and request an alternative verification procedure. For more information on CBP's program, please visit https://www.cbp.gov/travel/biometrics.
- Additionally, we may collect your fingerprint for activities such as accessing our airport lounge. Participation is completely optional. If you enroll, our system will scan your fingerprint, take certain measurements of it, and convert these measurements into an identifying code. We delete the initial image but retain the identifying code based on the measurements. We can't work backwards from this information to reproduce an image of your fingerprint, but the next time you scan your fingerprint, we'll repeat the measurement process and compare the identifying code to confirm your identity.
How we use your personal data
We use the categories of personal data noted above for the purposes described below or as otherwise disclosed to you, including:
- Providing our services, including troubleshooting, improving and personalizing those services
- Processing, evaluating, and responding to your requests, inquiries, and applications
- Contacting or otherwise communicating with you (such as by text message, email, online chat, prerecorded or automated phone calls, live phone calls, mail, push notifications, or messages on third-party platforms):
- to provide transactional information (such as updates about purchased travel);
- to send you marketing communications, offers, and invitations to events, which may be based upon previous interactions with our sites, services and modelling of your personal information; or
- to provide customer support and respond to your questions and correspondence with us;
- for any other purpose described in this Privacy Notice
- Administering contests, sweepstakes, and events
- Tailoring our products, services, and advertising for you, including anticipating your likely preferences based on information concerning your previous travel with us, previous transactions, or communications with us, any of which we may combine with other information we have about you, and which may be based on our modelling of your personal information
- Determining appropriate advertising channels and venues and to place ads on such channels and venues, including social networking sites
- Measuring and managing the effectiveness of our advertising and marketing
- Conducting surveys, and performing market research and data analytics
- Creating aggregated or otherwise de-identified data, which we may use and disclose without restriction
- Verifying your identity, protecting against and preventing fraud, unauthorized, or illegal activity, claims and other liabilities, and managing risk exposure (for example, monitoring our wi-fi networks for purposes such as security, abuse prevention and network management)
- Complying with and enforcing applicable legal obligations or requirements, industry standards and our policies and terms, such as our terms of use and contract of carriage
- Maintaining the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical)
- Operating, evaluating, and improving our business in other ways, including through billing, accounting, and analysis and research
- Biometric information:
- With your consent, Alaska will only use biometrics information on your day of travel for the purposes you consented to, such as Self-Bag Drop, security clearance, boarding, and Alaska Lounge access.
- At boarding, U.S. Customs and Border Protection (CBP) may ask us to collect photographs of facial images for flights leaving the United States. Photographs shared with CBP will be compared to image(s) associated with your passport, other government issued travel documents, or prior border inspections. If you do not wish to have your biometric information collected for this purpose, you can speak to a Customer Service Agent and request an alternative verification procedure. For more information on CBP’s program, please visit https://www.cbp.gov/travel/biometrics
- Self-Bag Drop processing will also use facial recognition technology to collect and use biometric information for authentication purposes and to generate your bag tag. If you do not wish to have your biometric information collected for this purpose, you can speak to a Customer Service Agent to obtain a bag tag.
- We may also use your biometric data to allow access to our Alaska Lounges. For Alaska Lounge access, you can use a third party application that stores your biometric information on your mobile device for Alaska Lounge Pass to enter the Alaska Lounges. Alaska does not store biometric measurement data. If you do not wish to have your biometric information collected and used for this purpose, please speak with a Lounge Attendant.
Alaska does not store your biometrics nor use biometric information for any other purpose. Biometrics necessary for Alaska Lounge access is remains stored on your own device. Self Bag Drop and Lounge Access uses of biometric information is unrelated to Customs and Border Protection use described above.
Finally, we combine data we collect from different sources for these purposes and to give you a more seamless, consistent, and personalized experience.
How we disclose your personal data
We disclose personal data with your consent or as we determine necessary to complete your transactions or provide the services you have requested or authorized. In addition, we disclose each of the categories of personal data described above, to the categories of recipients described below, for the following business purposes:
- Affiliates. We disclose personal data within the Alaska Air Group companies. For example, where we share common data systems or where access is needed to provide our services and operate our business.
- Non-Affiliated Third Parties. We disclose personal data to travel agents, other travel, transportation, and hospitality companies, including those you select to share your information with. And, we disclose personal data to Mileage Plan™ partners, such as companies with whom you may earn or use miles. For example, when you purchase travel from us that will be provided by another airline with whom we have a code-sharing agreement, we disclose personal data to the airline. As another example, when you choose to reserve or purchase third-party products or services through Alaska Airlines Cars, we disclose your personal data to the third parties and their service providers.
- Financial services & payment processing. When you provide payment data, for example to make a purchase, we will share payment and transactional data with banks and other entities as necessary for payment processing, fraud prevention, credit risk reduction, or other related financial services.
- Legal, Law Enforcement, and Safety. We may disclose personal data about you (i) if we are required to do so by laws or legal process, (ii) to law enforcement authorities under appropriate circumstances, or (iii) when we believe disclosure is necessary or appropriate for health and safety of any person, to prevent harm or loss or in connection with an investigation of suspected or actual illegal activity. For example, for flights to, from, within or over the U.S., the TSA Secure Flight program requires Alaska to collect and provide the TSA with each passenger's name, birth date, gender and, if available, Redress Number and Known Traveler Number. Additionally, in certain circumstances, Alaska may be required to disclose traveler biometric information to the U.S. Customs and Border Protection (CBP) as part of the security clearance and boarding process. For more information on CBP’s program, please visit https://www.cbp.gov/travel/biometrics
- Service Providers. We disclose personal data with companies that process personal data described in this policy on our behalf. Examples include data hosting platforms, data backup companies, email service providers, and social media aggregators. Additionally, when using our Alaska’s Self Bag Drop service at participating airports, the service verifies the traveler checking the bag by comparing your facial measurements to the image on your government issued identifications. For this service, we use a third party service provider to generate and store information on your personal mobile device. Neither Alaska nor the third party service provider permanently store biometric data on their systems.
- Measurement, Advertising and Marketing Providers. We disclose personal data with Measurement Partners such as third party analytics and advertising companies which also collect personal data through our website and apps including identifiers and device information (such as cookie IDs, device IDs, and IP address), geolocation data, usage data, and inferences based on and associated with that data, as described in the Cookies section of this Privacy Notice. These third-party vendors may combine this data across multiple sites to improve analytics for their own purpose and others. For example, we use Google Analytics on our website to help us understand how users interact with our website; you can learn how Google collects and uses information at www.google.com/policies/privacy/partners.
- Corporate Transactions. We may transfer personal data in connection with a corporate transaction, business sale, merger, consolidation, divesture, change in control, transfer of substantial assets, bankruptcy, liquidation or reorganization, or as part of pre-transaction review in relation to these transactions. Whether the recipient of data in these cases will handle the data pursuant to this Privacy Notice depends on applicable law and other factors.
- Third Party Integrations. We may allow you to connect your Alaska account with a third-party system, or to authorize a particular third-party website, application or service to access certain data we hold about you. For example, if you log in through an authorized third-party app that allows you to view your Mileage Plan™ account, we may disclose personal data to the operator of the app. Such operators' use of the information may be subject to their own privacy policies.
Some third parties' embedded content, pixels, or plugins on Sites and in our emails, such as third party analytics and ad tech companies, Facebook "Like" buttons on our websites or apps, may allow their operators to use cookie IDs, device IDs, IP address, and other technology to learn that you have visited or interacted with us and how, they may use this information to create inferences about you, and they may combine this information with other, identifiable information they have collected about your visits to other websites or online services. These third parties may process this information, and other information they directly collect through their content, pixels, and plugins, pursuant to their own privacy policies.
- Deidentified Data. We may disclose de-identified data in accordance with applicable law.
International transfers of personal data
Alaska is based in the United States and has locations in other countries. The recipients of the personal data disclosures described in the "How we disclose your personal data" section above may be located in the United States or elsewhere in the world. Privacy laws in these countries may not provide protections equivalent to those of your country of residence, and your government may or may not deem such protections adequate. Where required by law or regulation, we use legal mechanisms, including contracts, to help ensure your rights and protections.
How long we keep personal data
We retain personal data for as long as necessary to provide the services and fulfill the transactions you have requested, comply with our legal obligations, resolve disputes, enforce our agreements, and other legitimate and lawful business purposes. Because these needs can vary for different data types in the context of different services, actual retention periods can vary significantly based on criteria such as user expectations or consent, the sensitivity of the data, the availability of automated controls that enable users to delete data, and our legal or contractual obligations. To dispose of personal data, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.
Data security practices
Alaska takes Information Security seriously. We leverage appropriate industry frameworks, guidance, and practices to guide our implementation efforts through reasonable technical, physical, and administrative controls that help safeguard our systems and the customer data we collect and maintain. In the event of a data breach, Alaska adheres to incident reporting and data breach notification requirements to appropriate State, Federal, and/or international authorities and/or data subjects, as required by applicable laws and in compliance with time frames established and remedies set forth by such laws. We also recommend that our customers take steps to protect the security of their own information, for example by not re-using their passwords across multiple websites or using less secure passwords, and by not providing account information such as usernames and passwords over the phone or by e-mail.
Children's privacy
Due to the nature of our business, we may collect personal data about children from parents or legal guardians when it is required to comply with the law, including federal aviation or security regulations, or as otherwise required to provide transportation and other requested services. We may retain personal information when required to provide transportation and related services to a child.
Our websites and apps are not directed to individuals under 16 years old. As appropriate under applicable law, parents or legal guardians with questions or requests regarding their children's personal data may contact us as described below.
Your rights and choices
You can view, update certain information and make certain privacy choices by logging in to the relevant portions of Alaska or third-party websites and apps. For example:
- If you have an online account at alaskair.com, you can login and visit the profile and settings of your account
- To view and manage notifications and preferences relating to our apps, visit the settings menu of both the app and of your operating system. For example, you can follow those steps to disable or adjust precise geolocation, biometric (such as Apple Touch ID™ in our iOS app) or other features in our mobile apps.
Additional options are available:
- You can unsubscribe from certain types of emails by clicking the "unsubscribe" link they contain.
- You can unsubscribe from text messages by replying “STOP“ as indicated within the message.
- You can opt out by contacting Customer Care.
- You can cancel your participation in the fingerprint identity verification service at an enrollment station or by contacting us as described below.
- You can update your preferences or opt out from certain cookie-related processing by following the instructions in our Cookie Policy below.
- Under U.S. law, we must deny boarding or take other steps when a ticketholder on a flight to, from, within or over the United States appears in certain databases maintained by the U.S. government. For inquiries or to resolve problems relating to your possible inclusion in such a database, you may contact the Department of Homeland Security Traveler Redress Inquiry Program (DHS TRIP). You may also contact us for confirmation that the boarding denial or other step is not the result of an error in our records or processes.
- You can request to opt out of receiving prescreened offers of credit for Mileage Plan™-branded cards from Bank of America by calling 1-888-341-5000 or from The Toronto-Dominion Bank (MBNA, for Canadian residents) by calling 1-866-845-0980.
Data protection rights for non-us guests and visitors
The following applies if a data protection law outside of the United States provides such rights and applies to our processing of your personal data:
- You can request access to, and rectification or erasure of, personal data;
- If any automated processing of personal data is based on your consent or a contract with you, you have a right to transfer or receive a copy of the personal data in a usable and portable format;
- If the processing of personal data is based on your consent, you can withdraw consent at any time for future processing;
- You can object to, or obtain a restriction of, the processing of personal data under certain circumstances; and
- For residents of France, you can send us specific instructions regarding the use of your data after your death.
To make such requests, please use the contact information at the bottom of this statement. You also have the right to lodge a complaint with a supervisory authority, but we encourage you to first contact us with any questions or concerns.
For our guests who reside in the European Economic Area, United Kingdom, and Switzerland, we must also disclose our legal bases for processing personal data about you. Our legal bases are as follows:
- To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers' request in anticipation of entering into a contract with them. For example, we handle personal data on this basis for some of our reservation, ticketing and boarding processes, and for some aspects of our management of the Mileage Plan™ program.
- Consent: Where required by applicable law, and in some other cases, we handle personal data on the basis of your implied or express consent.
- Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
- Providing a safe and enjoyable travel experience
- Customer service
- Marketing
- Protecting our customers, personnel and property
- Analyzing and improving our business
- Processing job applications
- Managing legal issues
- We may also process personal data for the legitimate interests of our business partners, such as to coordinate loyalty programs, facilitate code-sharing relationships with other airlines or assist with marketing.
- Legal compliance: We need to use and disclose personal data in certain ways to comply with our legal obligations (such as our obligation to share data with the TSA through the Secure Flight program described above).
- To protect the vital interests of the individual or others: For example, we may collect or disclose personal data to help resolve an urgent medical situation.
State specific disclosures
The following applies to residents in specific states.
California
Notice at Collection. At or before the time of collection, you have a right to receive notice of our practices, including the categories of personal information and sensitive personal information to be collected, the purposes for which such information is collected or used, whether such information is sold or shared, and how long such information is retained. You can find those details in this statement by clicking on the above links.
Right to Opt-Out / “Do Not Sell or Share My Personal Information.” The CCPA requires us to describe the categories of personal information we sell or share to third parties and how to opt-out of future sales. It is important to know that the definition of “sale” and “share” is very broad and the common flow of information for advertising and analytics may be considered a sale or sharing. We not provide information that you might typically think of as personal information to third parties in exchange for money; however, under the CCPA, personal information includes unique identifiers, including things like IP addresses, cookie IDs, pixel tags, and mobile ad IDs. The law defines a “sale” broadly to include simply making such personal information available to third parties in some cases. “Share” is defined as providing personal information to a third party to target advertising to a consumer based on information about their activity on multiple websites across the internet. In the last 12 months, when you access our online services, we let advertising and analytics providers collect things like IP addresses, cookie IDs, advertising IDs, and other unique identifiers, which may be collected along with device and usage data, and information about your interactions with our online services and advertisements.
We do not knowingly sell or share the personal information of minors under 16 years of age.
To submit a request to opt-out, please visit our Cookie Policy to learn about the controls available.
Right to Know. You have a right to request that we disclose to you the personal information we have collected about you. You also have a right to request additional information about our collection, use, disclosure, or sale of such personal information. Note that we have provided much of this information in this privacy statement.
Rights to Request Correction or Deletion. You also have rights to request that we correct inaccurate personal information and that we delete personal information under certain circumstances, subject to a number of exceptions.
Right to Limit Use and Disclosure of Sensitive Personal Information. You have a right to limit our use of sensitive personal information for any purposes other than to provide the services or goods you request or as otherwise permitted by law. Note that we do not use sensitive personal information for any such additional purposes.
Right to non-discrimination. You have a right to not be discriminated against for exercising these rights set out in the CCPA.
Under California Civil Code section 1798.83, also known as the “Shine the Light” law, California residents who have provided personal information to a business with which the individual has established a business relationship for personal, family, or household purposes (“California Customers”) may request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes.
We comply with this law by offering our customers a choice about the disclosure of personal information to third parties for their direct marketing purposes, and you can make or change such choice by reaching out to our Bank of America Credit Card Partner to stop direct marketing.
You may designate, in writing or through a power of attorney, an authorized agent to make requests on your behalf to exercise your rights under the CCPA. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
For Virginia Residents
Right to opt-out of targeted advertising. Virginia residents have the right to opt-out of targeted advertising. See choices available in our Cookie Policy.
Right to appeal. If you would like to appeal a decision we have made in response to your request to exercise your rights, you may contact us at [email protected].
To exercise your right to know, correct, or delete, or opt out of profiling, please visit the “How to Contact Us” section below.
Updates to our privacy notice
We may change this Privacy Notice to reflect changes in the law, our data handling practices or the features of our services, websites and apps. The new version will be posted at alaskaair.com. We will indicate at the top of the notice when it was updated. Where required by applicable law, we will apply changes only with your consent
Cookie policy
On our websites and apps, we and third parties may collect certain information by automated means such as cookies, Web beacons, JavaScript and mobile device functionality. The information we collect includes unique browser identifiers, IP address, browser and operating system information, device identifiers (such as the Apple IDFA or Android Advertising ID), geolocation, other device information, Internet connection information, as well as details about individuals' interactions with websites and apps. This information is used to store your preferences and settings, enable you to sign-in, analyze how our websites and apps perform, track your interaction with the site or app, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes.
You may be able to set your web browser to refuse certain types of cookies, or to alert you when certain types of cookies are being sent. However, if you block or otherwise reject our cookies, local storage, JavaScript or other technologies, certain websites (including our own websites) and features may not function properly. Blocking or rejecting cookies will also remove cookies that reflect your advertising and analytics opt-out choices. Please see our cookie related Privacy Preference Center for more information. What controls are available?
- Advertising controls. Our advertising partners may participate in associations that provide simple ways to opt out of ad targeting, which you can access at:
- United States: NAI (http://optout.networkadvertising.org) and DAA (http://optout.aboutads.info/)
- Canada: Digital Advertising Alliance of Canada (https://youradchoices.ca/)
- Europe: European Digital Advertising Alliance (http://www.youronlinechoices.com/)
These choices are specific to the browser you are using. If you access our services from other devices or browsers, take these actions from those systems to ensure your choices apply to the data collected when you use those systems.
- Browser cookie controls. Most web browsers are set to accept cookies by default. If you prefer, you can go to your browser settings to learn how to delete or reject cookies. If you choose to delete or reject cookies, this could affect certain features or services of our website. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, may be deleted and may need to be recreated.
- Mobile advertising ID controls. iOS and Android operating systems provide options to limit tracking and/or reset the advertising IDs.
- Email web beacons. Most email clients have settings which allow you to prevent the automatic downloading of images, including web beacons, which prevents the automatic connection to the web servers that host those images.
- Do Not Track. Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Because there is not a common understanding of how to interpret the DNT signal, our websites do not currently respond to browser DNT signals. Instead, you can use the range of other tools to control data collection and use, including the cookie controls and advertising controls described above.
How to contact us
Any request you make to the Data Privacy Office must be in writing and include your name and address and any other information that may identify you, such as the booking reference (e.g., confirmation number or record locator number), Mileage Plan™ account number if applicable, the dates on which the travel took place, and any other relevant information that will assist us to identify you. For certain requests, you must also provide a photocopy of your passport or driver’s license so we can verify your identity.
To exercise your rights under applicable privacy law, to raise a privacy concern, or to make a data-related request, please fill out the form here, or by calling us at 1-800-654-5669, or mail the request to the below mailing address below:
Data Privacy Office
Alaska Airlines, Inc.
P.O. Box 68900 - SEAES
Seattle, WA 98168
If you are a former employee or applicant who is a California Resident and you would like to exercise your rights under applicable privacy law, please submit your request here.
For basic requests (like a change of address), you can also reach our customer care representatives at the international contact number in your country.