Privacy Policy
1. This Privacy Policy
All information described in this Privacy Policy is processed by Delta Air Lines, Inc. ("Delta", "we", "us", or "our") as data controller. This Privacy Policy describes our practices related to the use, storage, and disclosure of personal information we collect from or about you when you interact with us in the course of our providing commercial air travel services, ancillary services, or other services provided by us or by others acting on our behalf, including when you use our website Delta.com ("Website") or our Fly Delta App ("App"). This Privacy Policy also describes our processing of the personal data of individuals representing our business customers and suppliers. The manner in which we process information depends on the type of information and purpose for processing and may include collection, organization, storage, alteration, retrieval, consultation, disclosure, restriction, erasure, or destruction.
Delta reserves the right to modify this Privacy Policy at any time and without prior notice. We will post any changes to our Website. This Privacy Policy is not a contract and does not create any contractual rights or obligations.
Delta has a Privacy Team, including a Data Protection Officer, that is dedicated to protecting your privacy. If you have any questions or comments regarding this Privacy Policy or any complaints about our adherence to it, please contact our Data Protection Officer, Renee Lopez-Pineda, at [email protected] or contact our Customer Care Center by telephone or mail. We adhere to applicable notification requirements and reporting obligations to supervising authorities and/or data subjects regarding violations of this Privacy Policy as required by law. The substance and time frames applicable to these remedies are set forth in applicable laws.
Additional remedies available in the event of a perceived violation of your privacy rights are discussed in sections 9.7 and section 12 regarding information security safeguards and data breach notification procedures.
3.1 We collect information from you
We may collect and receive information from you, including when you:
- Use or access our Website or App, such as when you enter information during the course of a booking, even if you do not complete the booking;
- Register, create, or modify an online or in-app account with us, including your SkyMiles Partners account and Promotional Partners account, or any account to use our online corporate travel tool(s), communicate with us by email, including when you email us at [email protected], telephone, in writing, through our customer services pages, or social media;
- Our SkyMiles Partners are hotel, car rental, shopping, dining, vacation, and other businesses with whom you can earn, transfer, or redeem miles in the SkyMiles Program or otherwise qualify for discounts or benefits in connection with SkyMiles membership or Medallion Status. Our Promotional Partners are businesses with whom you may be offered a discount or benefit as a result of your transactions with Delta.
- Use any of our services, including when you travel with us, use airports where we operate, or use any facilities, such as Delta Sky Club lounge facilities, within those airports;
- Through cookies and other tracking technologies on our Website and App (see section 6 below); and
- Are associated to a company we do business with
3.2 Automatic access and data collection from our App
Our App may access certain device information and/or components automatically.
3.3 We collect information from other sources
We may receive your personal information from other airlines, and from travel agencies and your employer or company in connection with your travel booking.
We may also receive your personal information from SkyMiles Partners and Promotional Partners in connection with our SkyMiles Program.
Our suppliers and other businesses we deal with provide us personal information of their representatives.
This Privacy Policy applies to information we receive from those other sources, as well as to information we collect from you or generate about you. Delta is committed to limiting the information collected to what is necessary for the purposes for which the information is collected.
4.1 Information about you and how we use it
This section describes what personal information we collect about you, the purposes for which we use it, and the legal basis under applicable law pursuant to which we process it. Please also see section 4.2 regarding information collected through our App, and section 4.6 regarding our use of sensitive types of information.
4.1.a
Information related to a flight booking or purchase of our products or services, whether provided on line, over the phone, in person, at an airport kiosk or self-service device, in flight, or otherwise, and whether bought privately or through your employer or company including:
- your name and title;
- your national ID, in certain circumstances;
- your contact details, such as postal address, telephone numbers, and email address;
- your flight, luggage, boarding and other ticketing information, such as bag tag tracking number and luggage screening information, including X-ray images of checked luggage;
- special assistance requests and preferences;
- your billing and transaction information such as credit/debit card type and number(s), corporate forms of payment, and related data including associated billing address, and expiration date(s);
- emergency contact(s);
- seating preferences, medical needs, and dietary requests;
- flight, car, and hotel preferences;
- travel companions’ personal information;
- information about who is meeting or dropping you off;
- your order for other services, such as cargo, animal services, and inflight services such as upgrades, beverages/food, and goods;
- any employer or company information associated with your booking;
- your reason for travel.
We use this information to:
- provide you with your flight and other products and services;
- provide assistance with bookings and seat assignments including where relevant for our corporate travel program customers, in cooperation with their corporate travel managers;
- confirm your travel arrangements and remind you about incomplete bookings;
- take your payment and make any refunds or credits and send any confirmations;
- send you service communications, such as notifications of flight schedule changes, and check-in opening;
- manage and administer our services and business, including performing our record-keeping requirements;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical);
- confirm your identity and to prevent fraud;
- improve our products and services, including through statistical analysis and research for program development;
- send you marketing communications, offers, and invitations to events, which may be based on our segmentation and modelling of your personal information;
- provide you with assistance in an emergency, including communicating with your emergency contacts;
- share it with other airlines for the purposes of your itinerary or re-booking you if there is a travel disruption;
- share it with our SkyMiles Partners and Promotional Partners for the purpose of their providing services to you;
- share it with authorized government agencies and as otherwise described in section 7.
- share it for luggage security screening to enable you to travel within and between countries.
- tailor our products and services for you, including anticipating your likely preferences based on information concerning your previous travel with us, previous transactions, or communications with us, any of which we may combine with other information we have about you, and which may be based on our segmentation and modelling of your personal information.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, for example, to us using information related to your health and dietary requirements, certain credit card information, or information to send you marketing communications;
- it is necessary to protect your or a third party’s vital interests or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations, such as those related to flight operations, identity verification, and emergencies;
- the information is publicly available;
- we have a legitimate business interest, for example, in assisting you with making and managing your bookings with us, managing and administering our business and protecting it from fraud, improving and promoting our service and better understanding how customers use it, ensuring that our technical systems operate properly, protecting against risks to customers and aircraft, streamlining customs clearance processes for our customers, enabling Delta to support public health authorities’ efforts to inhibit the spread of COVID-19 or other global pandemic symptoms, and ensuring the health and safety of customers traveling on Delta flights, and complying with applicable law and regulations;
- we and third party airlines have a legitimate business interest in making and operating connections between multiple flights and expediting baggage clearance across international borders; or
- we and our SkyMiles Partners, Promotional Partners and other businesses that are providing services that you request have a legitimate business interest in using the information to provide their services.
4.1.b
Customer identification information, including:
- Secure Flight Passenger Data, such as your government issued ID; your full name; your contact details, such as postal address (or temporary address in the U.S. for non-U.S. customers); telephone numbers; email address; date of birth, gender; Known Traveler Number; and Redress Number;
- Advance Passenger Information such as passport or other travel document number (including machine-readable information), nationality, issue date and location, expiry date, and country of residence;
- information from the Department of Homeland Security or similar authorities responsible for security in other countries, if traveling from certain airports;
- biometric information (such as finger, face, voice, or iris).
We use this information to:
- verify and authenticate your identity;
- undertake security screening to enable you to travel within and between countries, as required by most governments;
- comply with legal and regulatory requirements;
- confirm your identity at check-in, bag check location, security checkpoints, and when boarding the aircraft;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical);
- share it with governments and as otherwise described in section 7;
- provide you with your flight and other products and services;
- send you service communications, such as expired or expiring passport.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, for example, to us using information related to your passport (beyond what is necessary for us to provide your flight), biometric information, or information to send you marketing communications;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest, such as protecting against risks to customer and public health, customer and aircraft safety, and unlawful cross-border activities;
- it is necessary to comply with applicable law and regulations, such as those related to flight operations, identity verification, and emergencies;
- the information is publicly available; or
- we have a legitimate business interest, for example, in protecting the security of your SkyMiles account and your travel reservations, ensuring that our technical systems operate properly, enabling Delta to support public health authorities’ efforts to inhibit the spread of COVID-19 or other global pandemic symptoms, ensuring the health and safety of customers traveling on Delta flights, and complying with applicable law and regulations.
4.1.c
Information related to your membership in our Delta Sky Club, the SkyMiles Program or other account, or activities within our SkyMiles Partners and Promotional Partners, including:
- your name and contact details;
- your SkyMiles status;
- your SkyMiles account number;
- your transactions and SkyMiles Program activity;
- your choice of SkyMiles benefits;
- your flight information including any travel group to which you are assigned;
- your membership information for SkyMiles Partner or other account and Promotional Partner loyalty programs;
- your employer or company details, your role, use of corporate forms of payment, and other information submitted through our online corporate travel tool(s), where you agree to associate your SkyMiles Program account with your employer’s or corporate business SkyBonus or other travel program;
- your date of birth;
- your gender;
- your user ID, password and log-in credentials when using our online corporate travel tool(s) and access your accounts with us;
- your digital image, if you consent to its collection in connection with access to our lounges.
We use this information to:
- provide you with services related to your SkyMiles Program membership and activity with SkyMiles Partners, or Promotional Partners, if applicable, including mileage tracking;
- tailor our products and services for you, including anticipating your likely preferences based on information concerning your previous travel with us, previous transactions, or communications with us, any of which we may combine with other information we have about you, and which may be based on our segmentation and modelling of your personal information;
- improve our products and services, including through statistical analysis, segmentation, and research for program development;
- manage and administer our Delta Sky Clubs or the SkyMiles Program and for our related record-keeping requirements;
- associate · your SkyMiles Program account with your employer’s or corporate business SkyBonus or other travel program to enable you to earn SkyMiles on your business travel, enable your employer or company to earn any business bonuses; enable your employer or company to administer and allocate your expenses, ticket, and other travel payments and procure travel assistance; and to otherwise operate that business account;
- send you information about our products and services;
- send you marketing communications, offers, and invitations to events, which may be based on segmentation and modelling of your personal information;
- recognize your loyalty to the SkyMiles Program;
- share your information with SkyMiles Partners and Promotional Partners as mentioned in section 7;
- verify and authenticate your identity to prevent fraud ; and
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical).
We use this information because:
- it is necessary to enter into or to perform a contract with you relating to SkyMiles Program membership;
- you have given consent, for example, to us using information to personalize your in-flight experience, using your digital image to grant you lounge access, or using information to send you marketing communications;
- it is necessary to comply with applicable law and regulations;
- the information is publicly available; or
- we have a legitimate business interest, for example, in improving our service, personalizing it for our customers, and better understanding how customers use it, managing and administering our business and protecting it from fraud, ensuring that our technical systems operate properly, promoting and developing our business, and complying with applicable law and regulations.
4.1.d
Information related to your preferences and personal and professional interests, and your opinions of our services,including:
- information about your Internet activity;
- your survey responses;
- your responses to our marketing efforts;
- your demographics;
- your contact preferences;
- your experience with our products and services.
We use this information to:
- provide our products and services to you;
- tailor our products and services for you based on this information alone and in combination with other information we have about you;
- improve our products and services, including through statistical analysis and research for program development;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical):
- send you marketing communications, offers, and invitations to events, which may be based on segmentation and modelling of your personal information;
- send you online messages about products and services provided by us or our SkyMiles Partners, Promotional Partners, and other third parties that may be of interest to you.
We use this information because:
- it is necessary to enter into or to perform a contract with you;
- you have given consent, for example, to us using information to send you marketing communications;
- the information is publicly available; or
- we have a legitimate business interest, for example, in enabling you to manage your preferences and account details, improving our service, personalizing it for our customers, and better understanding how customers use it, ensuring that our technical systems operate properly, and promoting and developing our business.
4.1.e
Information from your use of our Website or App including corporate travel online tool(s) accessed through them, including:
- your Internet service provider;
- your browser type;
- your operating system;
- pages you access on our Website or App;
- the date and time of your access to our Website or App;
- your device type;
- the IP address or unique identifier of your device;
- your location, established from GPS or network based features;
- feedback you provide to us;
- your log-in credentials, if you have a SkyMiles or other account with us;
- your online transactions with us;
- your role or registration when using our corporate travel online tool(s).
We use this information to:
- operate and administer our Website and App;
- provide our products and services to you. In the case of services provided through the App, these will be only the services you have chosen within the App, as further described in section 4.2;
- improve our products and services, including through statistical analysis and research for program development;
- send you messages and offers, about products and services provided by us or our SkyMiles Partners, Promotional Partners and other third parties that may be of interest to you, which may be based on your online behavior combined with other information we have about you and/or segmentation and modelling of your personal information;
- tailor products and services for you, based or your browsing history on our Website, and use of the App, and combining this information with other information we have about you;
- identify issues with our Website and App and users' experience of them;
- monitor the way our Website and App are used;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical);
- support your use of location-based tools, such as airport directions and map views, city code search, displaying local Delta Sky Clubs, and locating parking spaces;
- send you information about services in your location which may be of interest;
- administer your online account, if you have one;
- recognize your role when administering our corporate travel program to generate appropriate training, support and promotional content within the tool or by email.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, for example, to us using information to send you marketing communications;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations;
- the information is publicly available; or
- we have a legitimate business interest, for example, in understanding how our Website and App are accessed, how they are used, any security issues affecting their operation, and any problems users have with the Website or App across multiple devices, improving our service and better understanding how customers use it, providing you with information relevant to your travel with us, ensuring that our technical systems operate properly, promoting our products and services and those of third parties, and in personalizing the information that our Website or App sends to you about these things, and complying with applicable law and regulations.
4.1.f
Information from your communications with us and our staff, including:
- interactions in person on board our flights, or with ground staff;
- emails, letters, online "chats", surveys, and telephone calls with our staff including our customer service teams;
- via social media.
We use this information to:
- deal with any issues and concerns;
- provide our products and services to you;
- personalize our services;
- manage and administer our services and business and for our record-keeping requirements;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical);
- improve our products and services, including through research for program development;
- send you marketing communications, offers, and invitations to events, which may be based on segmentation and modelling of your personal information;
- monitor communications for staff training, and quality checking purposes.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, such as in the case of information used to send you marketing communications;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations, such as those related to flight operations, identity verification, and emergencies;
- the information is publicly available; or
- we have a legitimate business interest, for example, in managing and administering our business and our relationship with you, ensuring that our technical systems operate properly, improving and developing our products and services, promoting and developing our business, and complying with applicable law and regulations.
4.1.g
Information relating to travel and aircraft emergencies, including:
- your involvement in medical incidents affecting you and others during your travel with us;
- professional information about individuals involved in your care;
- your designated emergency contact.
We use this information to:
- assist you and your family members if there is an emergency;
- provide you with your program benefits;
- provide you with appropriate and timely communications;
- comply with legal and regulatory requirements;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical).
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations, such as those related to flight operations, identity verification, and emergencies;
- the information is publicly available; or
- we have a legitimate business interest, for example, in ensuring that our technical systems operate properly, complying with applicable legal and regulatory requirements, and complying with applicable law and regulations.
4.1.h
Information we receive about you from other sources, including:
- from SkyMiles Partners, or other account, Promotional Partners, your SkyMiles Program activity and redemptions;
- from other airlines, your and your fellow travelers' Passenger Name Record containing your names and itineraries;
- from travel agencies;
- from your employer;
- demographic information from public records and third parties;
- from financial institutions and credit checking agencies.
We use this information to:
- administer your SkyMiles Program membership and rewards;
- administer your Delta Sky Club membership;
- provide you with flights;
- manage and administer our services and business and for our record-keeping requirements;
- combine it with other information for statistical research and marketing purposes;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical);
- develop and promote our products and services;
- check for and receive payment approval.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, for example, to us using information to send you marketing communications;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations, such as those related to flight operations, identity verification, and emergencies;
- the information is publicly available; or
- we have a legitimate business interest, for example, in improving and developing our products and services, performing our contract with your employer, ensuring the health and safety of customers traveling on Delta flights, ensuring that our technical systems operate properly, and complying with applicable law and regulations.
4.1.i
Business information of travelers on corporate accounts and of representatives of suppliers, customers, and other businesses (including for cargo) we deal with, including:
- name, role and personal contact details at the company and personal information in communications with you;
- corporate contact, and employer or affiliation (e.g., employer name, title, contact details, and contract information);
- user ID, password and log-in credentials when using our corporate travel online tool(s).
We use this information to:
- conduct our business dealings with our suppliers, customers, partners, and other businesses including for sales and purchases, and enabling use of our corporate travel online tool(s);
- tailor our products and services for you based on this information alone and in combination with other information we have about you;
- administer your company’s SkyBonus program benefits;
- send you or your company marketing communications, offers, and invitations to events, which may be based on segmentation and modelling of your personal information;
- recognize your role when administering our corporate traveler program to generate appropriate training, support and promotional content within the tool or by email;
- maintain the operational availability and reliability of our IT systems with infrastructure backups and testing (which may use a copy of live data where test data is not practical).
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent, for example, to us using information to send you marketing communications;
- the information is publicly available; or
- we have a legitimate business interest, for example, in performing our contracts with our corporate customers, suppliers and other business, developing our business with our corporate customers, and ensuring that our technical systems operate properly.
4.1.j
Information required by public health authorities or other government agencies or collected to demonstrate fitness to fly, including:
- contact information, such as name, nationality, country of residence, originating address, destination address, telephone, and email;
- information regarding the presence or absence of possible COVID-19 or other global pandemic symptoms;
- information regarding potential exposure to COVID-19 or other global pandemic;
- information collected by our ground or reservations staff pursuant to directives by public health organizations or other government agencies.
We use this information to:
- comply with legal and regulatory requirements;
- determine your fitness to travel consistent with applicable government regulations and guidelines.
We use this information because:
- it is necessary to enter into or to perform a contract with you to provide flights or other products or services;
- you have given consent;
- it is necessary to protect your or a third party’s vital interests, or to respond to a public health incident;
- it is necessary to act in the public interest;
- it is necessary to comply with applicable law and regulations, such as those related to public health;
- the information is publicly available; or
- we have a legitimate business interest, for example, in ensuring the health and safety of customers traveling on Delta flights, and complying with applicable law and regulations.
We only base our use of personal data on our legitimate interests when we consider that our legitimate interest is not overridden by the individual's interests or rights in the data.
As used in this Privacy Policy, “consent” means any statement or clear affirmative action by which you agree to the processing of personal data for a specific purpose. Please note that where you have provided your consent to us for processing your information, you can withdraw this at any time as described in section 8.
4.2. Information collected through our App
Delta may collect and receive personal information from the App users through the Software Development Tools (SDKs) deployed on the Fly Delta App. Depending on the SDK, the type of personal information collected and received via the SDKs may include, without limitation, the App user’s name, email address, phone number, mailing address, SkyMiles number, credit card information (to the extent a credit card transaction is being made through the App), customer flight information, App usage metrics, and device information such as IP address. Delta may use such information to verify and authorize credit card transactions, to receive feedback about the App and services, and to track and analyze usage of the App.
Please find below the current list of the Software Development Tools (SDKs) deployed on the Fly Delta App. Delta may update this list of SDKs from time to time if services provided by Delta change.
List of the SDKs deployed on the Fly Delta App as of April 1, 2022:
- Adobe Marketing Cloud + branch.io plugin
- Cardinal Commerce
- ForeSee
- American Express
We use push notification tokens in the App to send notifications to your mobile device with updates for flight times, gate changes, and flight cancellations. The App will activate your camera if you choose to take a picture for a parking reminder, and will store the photo for you to look at later. If you choose, the App can access your device calendar to save itinerary information in your personal schedule. It can also bring up your default e-mail program, so you can send notes and reminders while traveling.
At times, we may promote the App via internet advertising on external websites. If you click on these advertisements and navigate directly to a third party application or other platform, information such as your phone’s device identification number may be sent to the advertising network, so that they and we may track the effectiveness of our advertising. This information might also be used for capping the number of times a specific visitor to a website is shown a particular advertisement, estimating the number of unique users, debugging, or security and fraud detection.
4.3. Legal requirements and professional advice
We may also use your personal information where this is necessary to comply with a reasonable request by a law enforcement or regulatory authority, body, or agency, or in the defense of legal claims.
We may also use your personal information when obtaining legal and other professional advice including for audits. We consider this to be in our legitimate interest in the management of our business.
4.4. What if you do not provide information?
In some cases, we are legally required to collect certain information from you so we can provide the services you have requested, such as Secure Flight Passenger Data or Advance Passenger Information when you make a reservation to fly within, into, or out of the United States, or for point-to-point international travel. Failure to provide this information will mean we cannot provide the service.
In some circumstances we need your information to perform our contract with you or to provide products and services, such as payment details and, on occasion, credit checking information. If you do not provide this information, we may not be able to enter into or perform the contract or provide the products and services.
4.5. Authorization on behalf of another customer
When you provide information to us about your travel companions or other individuals (if, for example, you have arranged to make a booking on their behalf), you confirm to us that you have obtained their authorization to provide us their information and their consent to your use of their information in accordance with this Privacy Policy. If you cannot make these confirmations, you must not provide us with any personal information about these individuals.
4.6. Sensitive Information
We may process sensitive or special categories of personal information, such as that relating to health, disabilities, race, ethnicity, political opinions, biometrics, or religion, for the purpose(s) for which it was provided or for which you have provided express consent. For example, we may collect and receive sensitive personal information from you when you:
- provide such information to us, a travel agent, or another third party involved in your travel arrangements at the time of or following your booking;
- disclose to us that you have a specific medical condition, will have an accompanying service animal, or request specific medical care or assistance, such as the provision of an accompanying nurse or wheelchair assistance, from us, an airport, or a third party involved in your travel arrangements;
- make a request that implies or suggests something about you which could be interpreted as sensitive personal information, such as a request for a specific type of meal that may suggest that you have a certain medical condition or hold a particular religious belief;
- consent to the collection of your digital image to enable our supplier's facial recognition system for lounge access purposes; or
- provide information required by public health authorities or other government agencies as contemplated by 4.1.j.
We occasionally receive personal information from law enforcement agencies and other sources relating to criminal activity (or alleged criminal activity) and may use that information where necessary, and where permitted by applicable law, to detect or prevent unlawful activity occurring during air travel. We consider this to be in the substantial public interest.
We store your information for as long as legally required or for so long as necessary to support business purposes described in section 4 and consistent with our record retention policies. In general, this storage will be (i) at least for the duration of our relationship, (ii) for as long as you can bring a claim against us and for us to be able to defend ourselves, and (iii) for any period required by tax, aviation, and other applicable laws and regulations.
Our App will store user-provided data for as long as you use the related feature of the App, unless you choose to delete the App. Only information provided for travel clearance, purchases, and related activities will be stored in our operational systems as needed to provide your requested services.
6.1. Cookies
Delta uses cookies, tags, and other similar technologies. For simplicity, we refer to all these technologies as "cookies". These technologies allow us to recognize your preference information, keep track of your purchases, remember your SkyMiles number, and facilitate effective Website administration. We use the information we collect to enhance your visit to the Website and to provide you with information tailored to your needs.
Your Internet browser(s) will offer you the option to refuse cookies, but doing so may affect your use of some portions of Delta’s and our SkyMiles Partners' and Promotional Partners’ web services. Please refer to your browser options to learn more about cookie management.
Delta has engaged third party tracking and advertising providers to act on Delta's behalf to track and analyze your usage of our Website through the use of cookies, pixel tags / web beacons, and similar technologies. At our request, these third parties collect, and share with us, usage information about visits to our Website, measure and research the effectiveness of our advertisements, track page usage and paths followed during visits through our Website, help us target our Internet banner advertisements on our Website and on other sites, and track use of our Internet banner advertisements and other links from our marketing partners' sites to our Website. To learn about the available mechanisms for opting out of cookies and technologies related to interest-based advertising, see the descriptions and links in the table below.
Our Website and App are not configured to read or respond to “do not track” settings or signals in your browser headings or mobile device settings, which vary by provider. In lieu of a browser- or device-based opt-out solution, we have identified in the table below certain Digital Advertising Alliance and other approved methods for placement of “opt-out” cookies. Our Website and those of our third party advertisers or other vendors are configured to read and honor these opt-out cookies, so long as they are present on your computer or device. If you delete all cookies, you will need to reset your opt-out cookies. Please be aware that Delta does not control these opt-out processes.
6.2. Types of cookies and tags on our Website
We use these kinds of cookies and tags on our Website and App:
Cookie name / type
Required Cookies:
Performance
Functionality
Essential
What these cookies do
Required Cookies are essential for basic and enhanced website functionality and performance. Without these cookies, services you have asked for and choices you have made for better functionality and features cannot be provided.
These cookies, such as those used for Google Analytics, collect information on how users use our Website, in order to help us fix technical issues or errors, and highlight areas such as navigation where we can improve our Website. For example, Google Analytics uses cookie identifiers to track the number of visitors to the Website, providing us with the volumes and sources of web page traffic. This allows us to analyse web traffic patterns and run tests to optimize web pages and visits against key metrics.
These cookies, such as language preference, help us customize our Website content based on a user's preferences. They remember the user's choices, their language, the country pages visited, and any changes the user makes to text size or other parts of our Website pages. The information these cookies collect may be anonymized and they cannot track browsing activity on other websites.
These cookies, such as jsessionid, xssid, xssidsec, and dlsite, are essential for parts of our Website or App to operate. They enable users to move around our Website and allow us to recognize a user within our Website or using our App, so that we can provide users with service they asked for, such as remembering the user's sign-in details. They are required to maintain a record of your Do Not Track preferences, so that we may respect them for future visits.
These cookies remain
30 days from last visit to our Website or App, respectively
Advertising Cookies:
Targeting
Advertising cookies enable us to understand your interests so that we can show you relevant offers and direct personalized advertising to you
We may use other cookies, such as those used by advertising platforms we may use, such as Facebook or Twitter, to target and re-target visitors to our Website and App with digital advertising that is most relevant to the user. These cookies are also used to limit the number of times you see an advertisement or particular content, as well as help measure the effectiveness of an advertising or marketing campaign. Using existing cookies from many sites already on your computer, we partner with third party companies to deliver advertising to specific computers.
The information collected by Google Analytics itself is anonymous, but if you respond to a marketing email, then a random ID is generated for Google Analytics which we can use along with your email address to manually identify you from other information we already hold in your customer profile. We may then use this information to generate potential sales leads or advertising.
You can find more information about how Google Analytics safeguards your data at:
http://www.google.com/intl/en/analytics/privacyoverview.html, opens in a new window
For more information about digital advertising visit AdChoices at: www.youradchoices.com, opens in a new window.
30 days from last visit to our Website or App, respectively
6.3. Website tracking preferences and opt out
To opt out of first party tracking (that is, tracking with cookies placed by Delta) on our Website, you may choose from these options:
- Click here to opt out of analytics and usage tracking on our Website
- Click here, opens in a new window to opt out of content targeting on our Website
To opt out of third party tracking (that is, tracking with cookies placed by persons other than Delta):
- Click here, opens in a new window to visit the Network Advertising Initiative site to set preferences and opt out of third party targeting programs
- Click here, opens in a new window to opt out of the Google Ad Network (DoubleClick, AdSense)
- Click here, opens in a new window to opt out of Google Analytics
- Click here, opens in a new window to opt out of Adobe Site Services
EU visitors can find general information and opt-out resources at https://youronlinechoices.eu, opens in a new window and US visitors can see https://aboutads.info, opens in a new window.
6.4. App tracking preferences and opt out
You may opt out of all information collected via the App by uninstalling it. You may use the standard uninstall, application, and data management processes available through your mobile device. Once you have uninstalled the App, all information that is stored in the App is deleted, including any preferences you previously set for location permissions and whether you have allowed Delta to send you push notifications. Once the App is uninstalled and preferences are deleted, push notifications from the App will stop. You may also refrain from using application features that collect specific types of data.
You may at any time opt out from allowing the App’s access to your location data by disabling location tracking features as provided in your mobile device settings. If you use our App without disabling location tracking features, you consent to our use of your location data as provided in section 4.1
The “limited tracking” or similar advertising-related privacy settings offered by device manufacturers do not change how your device is tracked by Delta.
7.1. In general
We do not sell your name or other personal information to third parties, and do not intend to do so in the future.
We may disclose your information we collect or receive:
- To third parties to process your information on our behalf, or to assist us in providing our services and/or products, such as our customer care center operators and providers of technical services such as data centers, biometric verification services, and online tools.
- To the party providing the service or product when you request or purchase services or products through Delta that are to be provided by another party (for example, a travel segment on another carrier, hotel accommodations, or rental car).
- To you or those acting on your behalf. Where local regulations require, we may obtain your consent in writing for the purpose of allowing someone else to act on your behalf.
- To our SkyMiles Partners, Promotional Partners and other Delta Group Companies for the purposes described in and in accordance with this Privacy Policy. Further information regarding Delta Group Companies is available in Delta’s filings with the U.S. Securities and Exchange Commission, including SEC Form 10-K.
- To other airlines, including members of our SkyTeam alliance, for the purpose of servicing your travel, servicing your flight reservation, recognizing your loyalty program status, rebooking your flight in the event of an unexpected disruption in your travel, or protecting crewmembers, customers, and the overall safety and security of our flight operations and those of our alliance partners.
- where your SkyMiles Program account is associated with your employer’s or corporate business account, or when you use your employer’s corporate account, SkyBonus number or a corporate form of payment to book your travel, to that employer or company, to third party expenses administration providers, to suppliers of corporate travel assistance services, to travel agencies and corporate travel managers through which your travel was arranged, and to duty of care providers.
- To banks, financial firms and payment services for the purposes of processing payments and refunds.
- To government agencies and authorities, law enforcement officials, law courts, or to third parties: (a) if we believe disclosure is required by applicable law, regulation or legal process (such as pursuant to a subpoena or judicial order); or (b) to protect and defend our rights, or the rights or the rights, health, or safety of third parties, including to establish, make, or defend against legal claims; or (c) in the interest of public health and safety.
- To customs and immigrations authorities, which require by law access to booking and travel itinerary information including "Advance Passenger Information" (passport and associated personal information) for all customers prior to travel.
- To customers traveling under the same booking as you.
- To persons providing services to Delta, including its professional advisers (e.g. auditors, lawyers, and technical consultants).
- To persons with whom we are discussing selling any part of our business or to whom we sell any part of our business.
We may share with third parties anonymous, aggregated information about all our users.
If your ticket is purchased pursuant to a corporate incentive agreement, we may disclose information concerning your travel to your employer or corporate travel manager.
When you use the App, a unique ID (which varies by device manufacturer and operating system) is read from or associated with your device to be used as an anonymous identifier for analytics and performance purposes. This ID might be generated by or shared with third parties providing us with analytics services, such as Adobe.
If you have questions about third parties with whom Delta may disclose information, please email [email protected]
7.2. Social Media and Messaging Platforms
You may wish to share information regarding your travel or other activities with Delta on social media and messaging platforms provided by third parties. To utilize social media and message sharing features, you will be prompted to grant permissions within those third-party platforms, as you choose. For example, you will need to allow account login and publishing permissions. If you choose to contact or interact with us on a third-party social media or messaging platform, you understand that you are responsible for reviewing and understanding the terms and conditions, information security practices, and privacy policy applicable to the third-party platform, and that Delta is not responsible for how third-party social media and messaging platforms use, share, or protect your information. The activity on third-party social media and messaging platforms, and the data processed, stored, and provided on them, including data regarding interactions with Delta, is governed by the terms and conditions, information security practices, and privacy policy of those third-party platforms.
7.3. Disclosure of personal information to customers traveling under the same booking
When you make a booking, you will be provided with a booking reference such as a confirmation number or record locator number. Your booking reference should be kept confidential at all times. Disclosing your booking reference to other customers may allow them to access your booking details through our systems. If you are traveling with others under the same booking and would not like your individual booking details to be disclosed to them, you may prefer to have each person make and pay for separate bookings.
7.4. Optional biometrics services
Delta offers eligible customers, including eligible customers flying on Aeromexico, Air France-KLM, or Virgin Atlantic, the ability to improve their airport experience using optional biometrics services, including facial comparison technology, at participating airports.
You may choose to use facial comparison technology for identity verification, including at flight check-in, bag drop, and boarding gates. If you choose to use facial comparison technology, your image is taken when you would otherwise present another form of identification. The image is encrypted and sent to U.S. Customs and Border Protection (CBP) for the purpose of verifying your identity. If CBP determines that the image matches images associated with your passport or images in CBP's database, CBP transmits a unique identifier back to Delta through an encrypted channel. Delta may associate the unique identifier with other information about you, such as your name and flight number, for the purpose of providing the relevant service. Delta does not receive any biometric information.
For more information about CBP’s facial comparison technology, see the CBP Traveler Verification Service Privacy Impact Assessment, opens in a new window. Please note that if you choose to use facial comparison technology at TSA check points or during CBP processing, TSA and CBP control the processing of your personal information, and this Privacy Policy does not apply.
7.5. Contact Tracing
To promote healthy travel and prevent the spread of COVID-19, all Delta customers entering the United States, including U.S. passport holders, are encouraged to provide contact tracing information. Participation in contact tracing is voluntary unless specified by a specific flight, country, city or region. The Centers for Disease Control and Prevention (CDC) in collaboration with U.S. Customs and Border Protection (CBP) supports domestic COVID-19 control efforts by making contact information for customers traveling internationally available to state and local health departments to contact you and provide follow-up instructions for testing and/or potential quarantine. Delta shares this information with the CDC via CBP utilizing established channels for the Advance Passenger Information System (APIS). For more information, go to www.CDC.gov, opens in a new window or www.CBP.gov, opens in a new window, or see CBP’s Privacy Impact Assessment for the Advance Passenger Information System, opens in a new window for details about how CBP uses APIS information.
7.6. COVID Tested Flights
As part of the Delta CareStandardSM and with guidance from trusted medical partners, Delta flights labeled as “COVID-Tested” require customers to consent during purchase to COVID-19 testing and for select flights must also consent to submit contact tracing information as a condition of boarding the COVID-Tested flight. For more information go to https://www.delta.com/us/en/travel-update-center/covid-tested-flights/italy-covid-tested-flights.
COVID-19 testing: Information related to your COVID-19 test, including test results and related demographic information, such as your name, contact information and date of birth (“COVID-19 Test Information”), may be used for administration of Delta’s COVID-19 testing program, including, but not limited to, for purposes of monitoring, quality control, auditing, analysis, and reporting to a government authority, and you understand that your COVID-19 Test Information may be shared with Delta, any third party acting on Delta’s behalf in connection with COVID-19 Testing Program and any U.S. or non-U.S. local, state or national government agency or authority for public health reasons, or as otherwise required by applicable law. Delta also collects contact tracing information for select Delta flights labeled as “COVID-Tested”; for more information, see section 7.5.
If you believe that any information we hold about you is incorrect or incomplete, or if you want to change your marketing preferences, you have a number of options:
- You can log in and visit our SkyMiles Partners and Promotional Partners on our Website if you want to modify your subscription, email or contact preferences.
- You can withdraw consent you have given us to process your information at any time by opting out in your SkyMiles Profile, or by contacting us by using the Email Us page.
- You may contact us by using the Email Us page if you have questions about removing your name from our subscription lists.
- You may call our Customer Care Offices at +1-800-455-2720 if you have any questions about changing your contact preference or require assistance in removing your name from our subscription lists.
- Assistance in changing contact preferences for those with disabilities is available at +1-404- 209-3434.
We will make reasonable efforts to revise any information that is incorrect, or update or change your information or preferences as we are required to do by applicable law.
Please see section 6 regarding consents to cookies and tracking.
This section 9 applies only to individuals in the European Union, UK and other countries which grant the rights described here. These rights will apply only in certain circumstances.
9.1. Requesting a copy of your information
To the extent you are legally entitled, you can request confirmation of whether or not we process your personal information, and details of the information that we hold about you and how we use it.
You also have a right to access your personal information and to be provided with a copy.
9.2. Right to rectification of personal data
If you believe that the personal data we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete.
9.3. Right to restrict processing of personal data
You have the right to request that we restrict processing of your personal information where one of the following applies:
- You claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.
- The processing is unlawful, but you do not want us to erase the personal data.
- We no longer require the personal data for the purposes of processing, but you still need it in connection with a legal claim.
- You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing
9.4. Right to request deletion of personal data ("right to be forgotten")
You may request the erasure, suspension of processing or anonymization of your personal information in certain circumstances. For example, you may request erasure, suspension of processing or anonymization if:
- The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You have withdrawn your consent and we have no other legal basis for processing the personal information.
- You have exercised your right to object to processing the personal information, and we have no overriding legitimate grounds to continue processing it.
- The personal information is excessive for the purposes for which it was collected or otherwise processed.
Under certain circumstances, we may refuse a request for erasure, suspension of processing or anonymization, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims.
If you exercise your right to erasure or anonymization, this will potentially remove records which we hold for your benefit, such as your SkyMiles account information (including miles that may be in your SkyMiles account) and your presence on a marketing suppression list.
9.5. Right to object to processing of personal data
You have a right, at any stage, to object to our using your personal information to send you marketing information.
You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.
9.6. Right to data portability
This right applies where:
- Our reason for using your personal information is either that you have given consent or that the processing is necessary for us to perform a contract with you; and
- We process the personal information by automated means.
This is a right to receive all the personal information which you have provided to us in a structured, commonly used, and machine-readable format and to transmit this to another controller directly, where this is technically feasible.
9.7. Complaints to regulator
You have a right to complain to a supervisory authority (i.e., a regulator which oversees data protection law compliance), for example, in the UK or the European Union country where you live or work or where you believe we have infringed your privacy rights.
9.8. Rights Applicable Only in Brazil
9.8.1. Right to request information concerning data transfer
You have the right to request information identifying the public and private entities with which your personal information has been shared.
9.8.2. Information on Right to Deny Consent
You have the right to request information concerning the consequences of not giving your consent.
9.9. Exercising these rights
We may charge you a small administration fee to respond to your request as allowed by applicable law. In general, we do not charge any fee where the right is based on European Union law, UK law, the Brazilian General Data Protection law, and other applicable laws. (We can charge an administrative fee for extra copies of your information and in certain exceptional circumstances.)
Where we receive a request to exercise one of these rights, we will provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This time may be extended by a further two months in certain circumstances, for example, where requests are complex or numerous.
Where we do not carry out your request, we will tell you without delay and in any event within one month of receipt of the request, and we will explain our reasons for not taking the action requested.
Any request you make must be in writing and include your name and address and any other information that may identify you, such as where your request relates to a travel booking, please provide your booking reference (e.g., confirmation number or record locator number), SkyMiles Account number if you have one, the dates on which the travel took place, and any other relevant information that will assist us to identify your booking. You must also provide a photocopy of your passport or driver’s license so we can verify your identity. Please send your written requests to:
Data Protection Officer
1030 Delta Blvd
Department 981
Atlanta, GA 30354, USA
Or, you can submit this request to our Data Protection Officer by emailing us at [email protected].
9.10. Representation
As regards Delta's personal data processing activities regulated by the UK GDPR, Delta has appointed its branch at Metro Building 1, Butterwick, London as its UK representative.
As regards Delta's personal data processing activities regulated by the GDPR, Delta has appointed its branch at Vertrekpassage 1 – 110, 1118 AP Schiphol, The Netherlands as its European Union representative.
As regards Delta’s personal data processing activities regulated by the China Personal Information Protection Act, Delta has appointed the following branches as its representatives:
Room 2105 and 2106, Yueyang Plaza, 1601 Nanjing West Road, Jing'an District, Shanghai
Room 1008, Beijing Kerry Centre South Tower,No.1 Guanghua Road, Chaoyang District, Beijing, PR China
Other than information required to complete a booking, Delta does not knowingly collect personal identifiable information from children under the age of 13. If a child under 13 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us by emailing us at [email protected]. We will remove the information and unsubscribe the child from any of our electronic marketing lists. Where required by applicable law, we may ask children for consent from their parents or guardians before we book their flight or provide a product or service to them.
Our Website contains links to other sites. We are not responsible for the content or privacy practices of those sites, and Delta’s Privacy Policy does not apply to information collected from you by those sites. We encourage you to read the privacy statements of each site that collects information from you. When you are leaving our Website via a link to interact with a site that is not governed by this Privacy Policy, a new browser window will open.
Information Security is important to Delta. We have established appropriate physical, electronic, and managerial safeguards to protect the information we collect in accordance with this Privacy Policy. These safeguards are regularly reviewed to protect against unauthorized access, disclosure, and improper use of your information, and to maintain the accuracy and integrity of that data. In the event of a data breach, we adhere to data breach notification requirements and incident reporting obligations to supervising authorities and/or data subjects, as required by applicable laws. The substance and time frames applicable to these remedies are set forth in applicable laws. Please note that your information may be processed on third-party infrastructure that is not owned by Delta or its affiliates.
Delta is based in Atlanta, Georgia, USA and we may transfer personal information in compliance with applicable law to the US and other jurisdictions where Delta provides services.
Some of the countries where Delta operates or where third parties operate on behalf of Delta may not have the equivalent level of data protection laws as those in your location. If we need to transfer personal data from your location to such countries, we will take steps to make sure your personal data continues to be protected and safeguarded. In particular, we may require parties to whom we transfer your data to agree to abide by suitable contractual obligations, such as, in the case of transfers from the EU or UK, the Model Clauses approved by the European Commission and permitted under Article 46 of the European Union General Data Protection Regulation ("GDPR") or the UK secretary of state or under other relevant body. If you would like to obtain the details of such safeguards, you can request them from the Data Protection Officer at [email protected]. In some limited circumstances, we may also transfer your information from your location to other countries where permitted by applicable law (for example under Article 49, GDPR in the case of transfers from the European Economic Area). This includes where it is necessary for the performance of a contract between us and you and where the transfer is necessary in connection with legal proceedings. To exercise your rights with respect to personal data transferred to third parties, you may submit your request directly to Delta in accordance with Section 9.
We want to give you more opportunities to earn miles in the Delta SkyMiles Program. One of the ways we do this is by sharing your information with Promotional Partners. Typically, these promotional offerings are limited in quantity and geographic reach and targeted to specific demographic audiences. If you fall within the audience a Promotional Partner is trying to reach, and (where required under applicable law) you have consented to receive information about their services, you may receive a promotional e-mail or direct mail. Although we select our partners with care, these partners have their own privacy policies that apply to the way they use your personal data.
If you do not want us to share your information with one of these partners, you can always opt out by contacting us by using the Email Us page or by calling the SkyMiles Service Center at +1-800-323-2323.
In addition to the Data Transfers explained in section 13, information you provide in connection with the SkyMiles Program (as summarized in the table at section 4.1.c.), may be transferred to Delta entities in other jurisdictions, including the Cayman Islands. This may include sensitive information as defined under the Data Protection Law, 2017 of the Cayman Islands ("DPL"), the GDPR, the UK GDPR, or other applicable law if you have provided such information to Delta in connection with your SkyMiles account. Where your information is shared with a Delta entity established in the Cayman Islands, you may have various rights under the DPL. These rights are similar to the rights described in section 9. Where your information is shared with a Delta entity established in the Cayman Islands, you also may have the right to lodge a complaint with the Cayman Islands Ombudsman. Any onward transfer of your information by any Delta entities in the Cayman Islands shall be in accordance with the requirements of the DPL and may include measures similar to those described in section 13 above. If you have any questions regarding this section, or if you would like to exercise your data protection rights under the DPL, please contact our Data Protection Officer at [email protected] or contact our Customer Care center by telephone or mail.
In addition, each of SkyMiles IP Ltd. and SkyMiles IP Finance Ltd., whose address is at c/o Maples Corporate Services Limited, P.O. Box 309, Ugland House, Grand Cayman, KY1-1104, Cayman Islands, will be a data controller of personal information of SkyMiles members. This Privacy Policy constitutes a notice by such entities to those SkyMiles members about its use of their personal information, which only concerns the SkyMiles Program.
This section describes our specific practices related to the use, storage, and disclosure of your personal information in Peru and supplements the generally applicable sections 1 through 14 in this Privacy Policy. It applies to personal information we collect from or about you when you interact with us in the course of our providing commercial air travel services, ancillary services, or other services provided by us or by others acting on our behalf in Peru, including when you use our Website or our App. With respect to personal data collected or processed by Delta’s branch office in Peru, the provisions discussed here take precedence over any inconsistent or deviating provisions set out in the generally applicable sections 1 through 14 in this Privacy Policy.
1. Updates
Delta reserves the right to modify this Privacy Policy and will post any changes in an updated version of this policy.
2. How to Contact Us?
For the exercise of data protection rights and/or if you have any questions or comments regarding this Privacy Policy, please contact our Data Protection Officer at [email protected] or contact our Customer Care center by telephone or mail.
3. How Delta Uses Your Data
This section describes what personal information we collect about you, the purposes for which we use it, and why we use it. Your personal data will be collected and processed in accordance with Law N° 29733 - Law of Protection of Personal Data, and applicable regulations, approved by D.S. 003-2013-JUS. Your personal data will be incorporated into the Personal Data Database named "Pasajeros", "Skymiles Usuarios Web" and "Procedimientos, quejas y reclamos” identified with RNPDP code No. 17069, 17065 and 17063 (Databases). Any processing of personal data that we perform is in accordance with the provisions of the privacy laws in Peru, and this data may only be used for the limited purposes discussed in this section.
The data controller in Peru is Delta’s Branch office in Peru, DELTA AIR LINES INC. SUCURSAL DEL PERÚ (en adelante, “Delta”), con Registro Único de Contribuyente No. 20387428331, located at Av. Elmer Faucett 2851, Edificio Lima Cargo City, Oficina 406, Callao, Lima, Peru.
Information we collect
a. Information related to the provision of our services, including:
- your first and last name;
- your national ID number;
- your postal address, telephone numbers, and email address;
- your Skymiles number;
- your billing and transaction information such as credit/debit card type and number(s), related data including associated bank details and billing address, and expiration date(s);
- your date of birth;
- your gender;
- your nationality;
- your emergency contact information; and
- information related to your physical and mental health.
Purposes for which we use it
We use this information to:
- manage the requested service;
- facilitate the provision of complementary services when you have ordered them or consented to them;
- contact you if necessary and/or use your information for any service(s) related to the ticket sale;
- your protection in case of delays or cancellation of the service;
- provide you with the benefits of the SkyMiles program and the attention to complaints.
Why we use it
We use this information for the reasons, and subject to the limitations, specified below:
- it is necessary to enter into and perform our contract with you to provide flights or other products or services;
- we have a legitimate business interest in assisting you with making and managing your bookings with us;
- we have a legitimate business interest in managing and administering our business and protecting it from fraud;
- in the case of information relating to your health, and dietary requirements, if you have consented to our using it to meet special assistance requests and preferences at the point of collection;
- in the case of our storage of information related to your credit card (beyond what is necessary to process your payment), if you have provided your consent at the point of collection;
- we have a legitimate business interest in improving and promoting our service and better understanding how customers use it;
- we do not use your personal information to send you marketing communications unless you have provided your consent at the time of collection, which communications may include marketing communications related to our SkyMiles Program, promotions, communications related to additional services and advertisements;
- we do not use your personal data to send you marketing communications when you provide us with your personal data through the Comments/Complaints form on delta.com;
- we have a legitimate business interest in ensuring that our technical systems operate properly;
- we must comply with certain regulatory requirements regarding emergencies and otherwise in relation to operating passenger flights. We also have a legitimate business interest in complying with legal and regulatory requirements applicable in Peru;
- we and third party airlines have a legitimate business interest in making and operating connections between multiple flights and expediting baggage clearance across international borders;
- we and our SkyMiles Partners, Promotional Partners and other businesses that are providing services that you request have a legitimate business interest in using the information to provide their services;
- we have a legitimate business interest in protecting against risks to customers and aircraft;
- we have a legitimate business interest in streamlining customs clearance processes for our customers.
4. What if You Do Not Provide Information?
In some cases, we are legally required to collect certain information from you so we can provide the services you have requested, such as Secure Flight Passenger Data or Advance Passenger Information when you make a reservation to fly within, into, or out of the United States, or for point-to-point international travel. Failure to provide this information will mean we cannot provide the service.
In some circumstances we need your information to perform our contract with you or to provide products and services, such as payment details. If you do not provide this information, we may not be able to enter into or perform the contract or provide the products and services.
Any processing of personal data that we perform is in accordance with the provisions of the current data protection legislation of Peru, and this data may only be used for limited purposes such as those mentioned in this section.
5. Sensitive Information
We may collect or receive sensitive or special categories of personal information, such as that relating to health, disabilities, race, ethnicity, political opinions, biometrics, or religion, where permitted by applicable law. For example, we may collect and receive sensitive personal information from you when you:
- provide such information to us, a travel agent, or another third party involved in your travel arrangements at the time of or following your booking;
- disclose to us that you have a specific medical condition, will have an accompanying service animal, or request specific medical care or assistance, such as the provision of an accompanying nurse or wheelchair assistance, from us, an airport, or a third party involved in your travel arrangements; or
- make a request that implies or suggests something about you which could be interpreted as sensitive personal information, such as a request for a specific type of meal that may suggest that you have a certain medical condition or hold a particular religious belief.
We will collect, store, use, and transfer your sensitive personal information for the purposes for which it was provided and otherwise in accordance with the terms of this Privacy Policy if you provide your express consent at the time of collection
6. Data Retention
We store your information for as long as legally required and for so long as necessary to support business purposes described in the generally applicable section 3 of this Privacy Policy and consistent with our record retention policies.
7. With Whom Does Delta Share Your Information?
We may disclose your personal information we collect or receive:
- to third parties to process your information on our behalf, or to assist us in providing our services and/or products, such as our customer care center operators and providers of technical services such as data centers and online tools; however, Delta requires that third parties comply with Delta’s Privacy Policy when processing your information;
- to the party providing the service or product when you request or purchase services or products through Delta that are to be provided by another party (for example, Iron Mountain Peru S.A., CORPAC S.A., catering, VIP lounges, such as SUMAQ and HANAQ), hotels, transport companies, accounted outsourcing, Lima Airport Partners S.R.L., Talma Servicios Aeroportuarios S.A., and security companies);
- to other Delta Group Companies, including Delta Air Lines, Inc., a Delaware corporation with registration number 2387598 domiciled in the United States of America, for the purposes described in and in accordance with this Privacy Policy. Information regarding the Delta Group Companies is available in the generally applicable section 7.1 of this Privacy Policy and Delta’s filings with the Securities and Exchange Commissions, including SEC Form 10-K.
- to government agencies and authorities, law enforcement officials, law courts, or to third parties: (a) if we believe disclosure is required by applicable law, regulation or legal process (such as pursuant to a subpoena or judicial order); or (b) to protect and defend our rights, or the rights or safety of third parties, including to establish, make, or defend against legal claims.
8. Your Rights
This section applies only to the personal information of individuals in Peru which grants the rights described here.
- Right to access your personal information
To the extent you are legally entitled, you can request confirmation of whether or not we process your personal information, and details of the information that we hold about you and how we use it.
You also have a right to access your personal information and to be provided with a copy.
- Right to rectification of personal data
If you believe that the personal data we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete. We will make reasonable efforts to revise any information that is incorrect, or update or change your information as we are required to do by applicable law.
- Right to restrict the processing of personal data
You have the right to request that we restrict processing of your personal information where one of the following applies:
o You claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.
o The processing is unlawful, but you do not want us to erase the personal data.
o We no longer require the personal data for the purposes of processing, but you still need it in connection with a legal claim.
o You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.
- Right to request deletion of personal data
You may request the erasure of your personal information in certain circumstances. For example, you may request erasure if:
o The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
o You have withdrawn your consent and we have no other legal basis for processing the personal information.
o You have exercised your right to object to processing the personal information, and we have no overriding legitimate grounds to continue processing it.
Under certain circumstances, we may refuse a request for erasure, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims.
If you exercise your right to erasure, this will potentially remove records which we hold for your benefit, such as your SkyMiles account information (including miles that may be in your SkyMiles account) and your presence on a marketing suppression list.
- Right to object to processing of personal data for specific purposes
You have a right, at any stage, to object to our using your personal information to send you marketing information.
You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.
- Right to withdraw your consent
Where you have provided your consent to us for processing your information, you can withdraw this at any time by opting out in your SkyMiles Profile, or by contacting us at https://www.delta.com/contactus/commentComplaint.
You may also contact us by using the Email Us page or by calling our Customer Care Offices at +1-800-455-2720. Assistance for those with disabilities is available at +1-404- 209-3434.
9. Exercising These Rights
In order to exercise the rights described in this section, you must submit a request in accordance with the provisions of the Regulation of Law No. 29733. Any request you make must be in writing and include your name and address and any other information that may identify you, such as where your request relates to a travel booking, please provide your booking reference (e.g., confirmation number or record locator number), SkyMiles Account number if you have one, the dates on which the travel took place, and any other relevant information that will assist us to identify your booking. You must also provide a photocopy of your passport or driver’s license so we can verify your identity. Please send your written requests to our Data Protection Officer by emailing us at [email protected].
10. Security
Information Security is important to Delta. We have established appropriate physical, electronic, and managerial safeguards to protect the information we collect in accordance with this Privacy Policy and to protect against unauthorized access, disclosure, loss, misuse, alteration, and improper use of your information, and to maintain the accuracy and integrity of that data.
11. Complaints to Regulator
You have a right to file a complaint with the National Authority of Personal Data Protection by addressing the front desk of the Ministry of Justice and Human Rights (Calle Scipión Llona 350, Miraflores, Lima Peru) in connection with your rights under this Privacy Policy.