As a national carrier and member of SkyTeam International Aviation Alliance, Aeroflot PJSC takes all the necessary measures to protect confidential information in compliance with the laws of the Russian Federation. In accordance with GDPR requirements, the Policy is stated in a separate document.
The regulatory and organisational documents developed by Aeroflot PJSC to protect confidential information cover all types of confidential data provided by Aeroflot PJSC clients.
The personal data provided by clients on a voluntary basis may be changed (updated, added, corrected, blocked or deleted) as they wish.
Aeroflot PJSC shall process the personal data provided by the client in accordance with this Policy.
Aeroflot PJSC processes the personal data of the following categories of personal data subjects:
- passengers/clients of Aeroflot PJSC;
- employees of Aeroflot PJSC;
- family members of employees and retired employees of Aeroflot PJSC;
- potential employees;
- individuals who entered into agreements or have other legally binding relationships with Aeroflot PJSC etc.;
- representatives of corporate entities;
- newsletter subscribers, people who agreed to participate in market research;
- other persons who provided their personal data to Aeroflot PJSC, or whose personal data were provided to Aeroflot PJSC by a third party for processing (e.g., Aeroflot PJSC's subsidiary airlines).
The personal data of Aeroflot PJSC's passengers (clients) may be processed for the following purposes:
- performance of air carriage agreements1 to which the personal data subject (passenger, client) is a party, and provision of additional services during air carriage (including meals, hotel accommodation etc);
- implementation of Aeroflot Bonus and other loyalty programmes of other SkyTeam airlines;
- ensuring aviation safety and flight safety, including upon obtaining biometric information (e.g., face recognition) during security screening before and after flights, and upon voice identification during calls to the Contact Centre;
- provision of consulting services related to booking seats in the aircraft, changing the booking, checking in, booking special and additional services, special carriage and other issues related to the execution and performance of the air carriage agreement;
- performance of requests of government control bodies and law enforcement agencies.
Aeroflot does not process special categories of personal data, which, according to federal laws, include information on health, race, ethnicity, political opinions, religious or other beliefs, membership in trade unions or private life details, except for in the following cases:
- the personal data subject gave its written consent to personal data processing;
- the personal data were made public by the personal data subject;
- personal data are processed in accordance with the laws on public welfare, labour laws and pension laws of the Russian Federation;
- personal data are processed for medical and prevention purposes, to make a diagnosis, to provide medical¬ and social services, provided that the personal data are processed by a medical professional obliged to keep medical confidentiality in accordance with the laws of the Russian Federation;
- personal data are processed in accordance with the laws on compulsory insurance and other insurance laws;
- processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject, or the life, health or other vital interests of other people, if the personal data subject's consent cannot be obtained.
Aeroflot PJSC may perform the following actions (operations) with the client's (passenger's) personal data: collection, recording, classification, structuring, accumulation, storage, correction (updating, amendment, reprocessing), search, sampling, extraction, use, expert assessment, disclosure by transmission (distribution, submission, sending or other provision of access), grouping or combination, selection, depersonalisation, blocking, removal, deletion or destruction, - and perform any other actions provided for by the applicable laws, using digital equipment, including in information and telecommunications networks, or without using such equipment. Personal data processing without digital equipment shall allow to perform the same actions (operations) that can be performed using digital equipment, i.e. to use an algorithm to search for personal data recorded in hard copy and stored in filing cabinets or other systematised collections of personal data, and/or to access said personal data.
Personal data subjects in accordance with the federal laws shall have the right to request information from Aeroflot PJSC about the processing of their personal data, correction of their personal data, restriction of personal data processing, their blocking or destruction (if the personal data are incomplete, obsolete, incorrect, were obtained illegally or are irrelevant to the stated purposes of processing). The request shall contain the number, date of issue and issuing authority of the personal data subject's or his/her representative's main ID document, information confirming the personal data subject's relations with the operator (agreement number, agreement execution date, conventional code and (or) other information), or information which otherwise confirm the performance of personal data processing by the operator, the signature of the personal data subject or his/her representative. The written request may be sent to the address 10 Arbat St., 119002, Moscow, or by email to email@example.com as an electronic document and signed with an electronic signature in accordance with the laws of the Russian Federation. In response to the received request, Aeroflot PJSC will take the corresponding actions and send a reply within the term established by federal laws.
The personal data subject may also correct his/her personal data by editing them in the personal account on Aeroflot PJSC's website, using the feedback form, in Aeroflot PJSC's sales offices, branches and representative offices, after submitting his/her ID document and being identified and authenticated by an Aeroflot PJSC employee.
Aeroflot PJSC never discloses to third parties the confidential information received from clients in the course of its activity, including personal data, bank details etc, without the personal data subject's written consent, except for cases provided for by the laws of the Russian Federation.
These data may be disclosed to Aeroflot PJSC's partners for issuing tickets, additional services (flight insurance, transfer to/from the airport, hotel reservation, car rental), payment with bank payment cards exclusively in the cases and according to the procedure established by law.
More detailed information on third parties involved in personal data processing (names, addresses and purpose of personal data disclosure) may be provided to the personal data subject upon his/her request.
Certain information may be disclosed to law enforcement and other government agencies exclusively in accordance with the laws of the Russian Federation and with the procedure established by Aeroflot PJSC.
Personal data shall be stored in a form which allows to identify the personal data subject for no longer than required by the purposes of personal data processing, unless another term for personal data storage is established by the federal laws or the agreement to which the personal data subject is a party, beneficiary or surety.
The processed personal data shall be destroyed or depersonalised after the purpose of said processing has been fulfilled, if it is no longer necessary to fulfill said purpose, or if the consent to personal data processing was withdrawn, unless otherwise provided for by federal laws.
Protection of information is one of Aeroflot PJSC's priorities, together with flight safety. To prevent unauthorised access, unauthorised disclosure of personal data to third parties or misuse of clients' personal data, Aeroflot PJSC continuously develops and updates the means of protecting the information obtained. The processes of data collection, storage and processing are regularly verified; special protection mechanisms and technologies are used.
Aeroflot PJSC takes the necessary and sufficient organisational and technical measures for the protection of clients' personal information from unauthorised or casual access, editing, copying, blocking, distribution, destruction and other illegal actions of third parties.
1 Article 103 of the Aviation Code of the Russian Federation.