Privacy Policy

British Airways is committed to respecting your privacy and protecting your personal information

We’ve written this Privacy Policy to let you know how we use your personal information. In it, we explain the types of personal information we collect, how we collect it, what we use it for and who we may share your personal information with.

This Privacy Policy is divided into several sections; please click on the relevant section in the detailed policy below for further information or click on 'Show all' if you wish to see the whole policy. We have also created a high level summary of the Privacy Policy, setting out the most important points.

This Privacy Policy comes into effect from 5 May 2017 and replaces our previous Privacy Policy. This Privacy Policy applies to all information we process about you in connection with your relationship with us as a customer or potential customer, including where you have a British Airways Executive Club account with us.

Please contact us if you would like to find out more about any matters to do with this Privacy Policy.

High level policy

What this Privacy Policy covers

This Privacy Policy covers all personal information about you that we collect, use and otherwise process in connection with your relationship with British Airways as a customer or potential customer. By “Personal Information” we mean information about you where you are, or could be, identified, such as your name and contact details, your travel arrangements and purchase history and information about your access to our websites.

When do we collect personal information?

We collect personal information about you whenever you use our services (whether services provided directly by us or by other companies or agents acting on our behalf), when you travel with us, when you use our websites, or when you use our call centres or mobile applications.

What types of personal information do we collect?

We collect personal information about you, about your travel arrangements, about how you use our services and about how you use our websites, call centres and mobile applications. This may include information that you provide to us directly or through companies or agents we work with, as well as information which we collect when you use our services.

What do we use your personal information for?

  • To provide the travel and other services you have asked us to provide.
  • To personalise your travel experience.
  • To communicate with you about the travel and other services you have asked us to provide.
  • To provide you with marketing and offers from us (where we have your permission to do so).
  • To improve our services.
  • For security purposes.

Who do we share your personal information with?

Your personal information may be shared within the group of companies controlled by our parent company, International Consolidated Airlines Group SA (IAG), for the purposes described in this Privacy Policy which includes British Airways Plc, Iberia LAE SA Operadora Unipersonal, Compañía Operadora De Corto Y Medio Radio Iberia Express, S.A.U, Vueling Airlines SA, Aer Lingus Limited, OpenSkies, British Airways Holidays Limited, Avios Group (AGL) Limited and BA CityFlyer Limited (together the IAG Group). For more details about IAG and its subsidiaries please visit the website.

In order to facilitate your travel arrangements, we will often need to share your personal information with third parties including other airlines and airport operators, customs and immigration authorities, travel agents involved in making your travel arrangements and our customer loyalty partners, such as when you transfer between airlines or use a hotel to earn Avios. We also share your personal information with third parties who deliver services either to you or to us, such as companies that provide airport assistance or marketing agencies.

If you are a member of the British Airways Executive Club as set out in the Terms and Conditions of membership available, your personal information is provided to both British Airways Plc and Avios Group (AGL) Limited who operate British Airways Executive Club and issue and redeem Avios. Only British Airways Plc will send you marketing in relation to the British Airways Executive Club.

If your booking of a package of a flight and other services (such as hotels) is with British Airways Holidays (or they are providing parts of your package) as set out in the Terms and Conditions of membership available, your personal information is provided to both British Airways Plc and British Airways Holidays Limited.

We do not sell personal information to third parties, and we only allow third parties outside the British Airways Group, which consists of British Airways Plc and a number of subsidiary companies, including British Airways Holidays Limited and BA CityFlyer Limited, to send you marketing information where we have your permission to do so.

 

How we look after the policy

We will keep this Privacy Policy under review and notify you of any changes by posting the revised policy on ba.com, to take effect as soon as it is posted.

Detailed policy

Controller of Personal Information

Any personal information processed by British Airways in connection with this Privacy Policy is controlled by British Airways Plc, which is considered the “data controller” under the UK Data Protection Act 1998. Our address is Waterside, PO BOX 365, Harmondsworth, West Drayton UB7 0GB.

In addition, if you are a member of the British Airways Executive Club, Avios Group (AGL) Limited will also be a “data controller” of your personal information under the UK Data Protection Act 1998. Avios Group (AGL) Limited’s address is Astral Towers, Betts Way, Crawley RH10 9XY.

When does this policy apply?

This Privacy Policy applies to personal information about you that we collect, use and otherwise process in connection with your relationship with us as a customer or potential customer, including when you travel with us or use our other services, use our websites or mobile apps, service agents or call centres and book to use our services through third parties (such as travel agents and other airlines). However, BA is not responsible for third parties’ use of your information where such use is permitted for their own purposes and you should consult their privacy policies for further information.

How will we inform you of changes to this Privacy Policy?

If we change this Privacy Policy, we will let you know about the changes by publishing the updated version on our website, ba.com. We are committed to protecting and respecting your privacy and will continue to do so in any future changes we make to this Privacy Policy.

When do we collect personal information about you?

We collect personal information about you when you use our services (whether directly provided by us or by another company or agent), when you travel with us, and when you use our website, call centres or mobile applications, including, for example:

  • when you book or search for a flight or other products or services on our website
  • when you book or search for a flight or other products or services through our other sales channels, such as through a travel agent
  • if you join the BA Executive Club or other loyalty schemes or customer programmes
  • when you contact our call centres or service agents
  • when you travel with us and use airports where we operate
  • if you use our lounge facilities
  • if you use our in-flight entertainment and communication services
  • if you complete a customer survey or provide us with feedback
  • if you enter a competition or register for a promotion
  • if you choose to interact with us via social media, such as Facebook or Twitter

In addition, we may receive personal information about you from third parties, such as:

  • companies contracted by us to provide services to you
  • companies involved in your travel plans, including airlines involved in your prior or onward journey, relevant airport operators and customs and immigration authorities
  • companies (e.g. car hire providers and hotels) that participate in our loyalty schemes and other customer programmes

What types of personal information do we collect and process?

We may process the following categories of information:

  • Information about you, such as your name, address, email and other details, your account details, dietary requirements, photographs and other images (including biometric templates so we can recognise you).
  • Information about your travel arrangements, such as details of your bookings, travel itinerary, details of any additional assistance you require and other information related to your travel with us.
  • Information about the services we have provided to you in the past, including your previous travel arrangements, such as flights and other bookings, and related matters, such as upgrades, details of missing luggage, etc.
  • Information about your use of our websites, call centres and mobile applications, including information about which pages you view.
  • Information about interactions you have with us and our staff (e.g. we may note if you have posted about us on social media, or commented to one of our staff about the service you received on board one of our flights).

When, and why, do we collect ‘sensitive personal data’?

Certain categories of personal information, such as that about race, ethnicity, religion or health, are considered “sensitive personal data” under the UK Data Protection Act 1998. Generally, we try to limit the circumstances where we process sensitive personal data. However, this can occasionally occur because:

  • you have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen, or,
  • you have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant, or,
  • you have otherwise chosen to provide such information to us (or a third party such as the travel agent through which you made your booking)

In addition, you may have made other requests in connection with making your travel arrangements that may possibly imply or suggest something about you that could be as “sensitive personal data”. For example, if you request a particular type of special meal this may imply or suggest that you hold particular religious beliefs or have a particular medical condition.

By providing any personal information that is, or could be considered to be, “sensitive personal information” you explicitly agree that we may collect, use, share with third parties and transfer outside the European Economic Area this personal information, as described in this Privacy Policy.

If you withdraw your consent, it may mean we will not be able to provide all or parts of the services you have requested from us. Please be aware that in these circumstances you will not be able to cancel or obtain a refund of any fees you have paid.

 

How do we collect and use web usage data?

When you visit our websites, we may collect and process information about your website usage (e.g. your browsing history and information about your navigation through our website) using “cookies” and other similar technologies. For more details of the methods please see 'How we use cookies and other methods for the collection of website usage data'.

 

How do we collect and use geo-location information?

When you use our websites, mobile websites and applications we collect information about your location based on your IP address. An IP address (i.e. an Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other access device and can be used to indicate the country from which you are accessing the relevant website or application. Knowing the country you are likely to be in enables us to provide more relevant content and do so in an appropriate language. We also use this information to analyse how our website users interact with our websites.

If we have your permission to do so, we may also use the functionality on your mobile device (such as Bluetooth and GPS) and/or information based on Wi-Fi and/or mobile phone mast locations to determine your approximate location so that we may provide you with more relevant content and services. We only do this where you have provided your consent to the use of location data, which may typically be provided (or withdrawn) by adjusting the settings of your mobile device.

 

How can you amend personal information you’ve provided?

If you’re a British Airways Executive Club Member, you can change your personal details by amending your membership profile online, or by telephoning or writing to the Executive Club.

If you are a registered user of ba.com, you can change your personal details by amending your profile.

If you receive marketing communications from us (perhaps because you requested information or made a booking with us, or you entered a competition or registered for a promotion) you may change your marketing preferences by telephoning or writing to the Executive Club, with your full name, address and other contact details.

What do we use your personal information for?

The main purposes for which we use your personal information are:

  • to fulfil your travel arrangements and deliver the services you have asked for
  • to provide services tailored to your requirements and to treat you more personally.
  • to send you “service” communications, such as an email advising that check in is open.
  • to support other administrative purposes.
  • to provide you with relevant marketing communications.
  • to conduct customer surveys.

Please see further information on these below.

 

Travel arrangements

We will use your personal information to fulfil your travel arrangements and to deliver the services you have asked for. This may include processing information about travel arrangements that are not provided by British Airways but which nevertheless form part of your overall journey, such as details of your connecting flights, arrangements at airports and customs and immigration formalities.

When you are travelling with us and using airports at which we operate, we may have the ability to monitor where you are within the airport, for example, based on your having passed through security checks or having presented your boarding pass to gain access to one of our lounges. This information may be used to assist with flight connections and with the prompt and effective boarding of aircraft, as well as to provide a personalised service.

Please also be aware that in some airports where we operate, facial recognition and related biometric technology is used in order to facilitate passenger boarding.

 

Providing tailored services

We may use your personal information to provide services tailored to your requirements and treat you more personally, for example:

  • to deliver messages and information that we think is relevant and may be of interest to you, prior to, during, and after your travel with us
  • to personalise the services, content and offers on our websites and other sales and servicing channels
  • to personalise and tailor your travel experience

Examples of how we may use your personal information to provide a tailored, improved service may include our cabin crew and other staff being made aware that you are an Executive Club member (including what tier you are in (e.g. Silver or Gold), as well as other aspects of your travel history with us, such as airport disruption that you have previously experienced, lost luggage, upgrades received, etc.

 

Service communications

Even if you have opted-out of receiving marketing information from us, we may still send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from the services we provide and may also contain options and offers about the services you will be using (e.g. advance seating requests, additional baggage, pre-booked meals and upgrades).

We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it.

 

Customer surveys

We occasionally run customer surveys to understand more about the way people use our services and how we could improve them. Participation in any research is confidential and voluntary, and results are handled in such a way that they do not identify individual respondents, unless you advise us when completing the survey that you wish to be contacted by us. For the purpose of analysing survey data we may combine your answers with other data which we have, but we will do so in a way that does not affect the anonymity of the survey results.

However, in some cases it may help us improve your experience with us in the future if you permit us to record some of the preferences and other information you provide in the survey as part of your customer record. If you are happy for us to do so then please respond accordingly in your survey response (where you have the opportunity to do so).

 

Administrative purposes

We may use and retain your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks), immigration and customs control, safety, security, health, administrative and legal purposes and systems testing, maintenance and development.

 

Marketing

We may use and retain your personal information to provide you with more relevant marketing communications.

The information is used for the following marketing-related purposes:

  • tailoring our direct marketing communications (e.g. sending you marketing emails) to include offers and content relevant to you. These communications may be tailored to you based on the information that we hold, such as your prior travel history etc.
  • tailoring and tracking our Internet banner advertisements and links from our marketing partners' websites to our website
  • the operation of loyalty and other customer programmes
  • statistical and marketing analysis
  • sales and marketing research
  • page tracking usage and paths visitors use through our site
  • tailoring the site content

We may also combine your web usage data with other information we have about you. By way of some examples, this may include whether you have arrived at our site through a marketing email sent to you, your booking and passenger name data you have entered, your Registered Customer Number or Executive Club Membership (if relevant), or previous web usage data stored by a cookie.

 

When will we send you marketing communications?

You may receive marketing communications from us if you have you requested information from us or made a booking with us, or if you provided us with your details when you entered a competition or registered for a promotion (and have not expressed a preference not to receive such communications).

You can agree to be sent offers and promotions by registering on this website or becoming a member of the Executive Club, or in the course of making any booking or requesting information. We try to make sure that you do not receive duplicate communications even if you have agreed to receive marketing communications in more than one of those ways.

You will not receive direct marketing communications from companies outside the British Airways Group as a result of giving your details to us, but we do use third parties to send marketing communications on our behalf. If we do ever want to allow a third party to send you direct marketing not related to the British Airways Group, we will seek your permission before sharing your details with them. However, please be aware that we do sometimes send marketing communications that promote a third party’s products and services (for example, those of our business partners) as well as our own.

Please see section on "Phishing" and our Phishing FAQ for information about scam emails claiming to be from British Airways.

 

How can you change what marketing communications you receive and how you receive them?

If you change your mind about the marketing communications you want to receive from the British Airways Group, you can change your marketing preferences at any time by logging into your account via ba.com or contacting us via email or telephone using the details below.

In addition, each marketing communication we send by email will also have an “unsubscribe” option which will allow you to stop you receiving further marketing emails.

Please note that if you tell us that you do not wish to receive further marketing communications, you will still receive “service” communications (as described above) confirming and servicing any bookings you may have with us. If you are an Executive Club Member, we will continue to keep you informed about your membership benefits and other important information relating to the Executive Club.

If you are an Executive Club Member you can change your marketing preferences at any time by amending your membership profile online, or by telephoning or writing to the Executive Club.

If you are a registered user of ba.com, you can change your marketing preferences at any time by amending your profile online or use the unsubscribe option in marketing emails.

In addition to using the ‘unsubscribe’ link in emails, if you receive marketing communications from us because we obtained your details when you made a booking or requested information or when you entered a competition or registered for a promotion, you can tell us at any time by telephoning or writing to the Executive Club, that you do not wish to receive these marketing communications.

Who do we share your personal information with?

Your personal information may be shared within the IAG Group and British Airways Group. We share information with these parties so they can assist us in providing services to you.

We may also disclose your personal information to the following third parties for the purpose described in this Privacy Policy:

  • airlines and other companies needed to deliver the services you have asked for
  • our oneworld partner airlines and franchisees
  • travel agents and other third parties who you book travel through
  • our partners in the Executive Club and other loyalty schemes and customer programmes that you have joined
  • credit and charge card companies, credit reference agencies and anti-fraud screening service providers
  • government and law enforcement agencies such as customs and immigration authorities (for more details see below)
  • third parties running customer surveys on our behalf (futher details above)
  • third party service providers we are using to provide services that involve data processing
  • third parties, such as law firms and law courts, in order to enforce or apply any contract with you
  • third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets
  • if necessary to comply with a legal or regulatory obligation in any jurisdiction, including where that obligation arises as a result of a voluntary act or decision by us (e.g. Our decision to operate to a country or a related decision)

Customs and Immigration Authorities

British Airways and other airlines are required by laws in the USA and other countries to give border control agencies access to booking and travel information. Therefore, any information we hold about you and your travel arrangements may be disclosed to the customs and immigration authorities of any country in your itinerary.

Further information about Government access to British Airways booking records.

In addition, laws in several countries require British Airways and other airlines to collect passport and associated information for all passengers prior to travel to or from those countries. When required, British Airways will provide this information to the relevant customs and immigration authorities.

Further information about Passports, visas and API.

 

What countries will your personal information be sent to?

Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located and in particular outside the European Economic Area. This occurs in the course of providing your travel arrangements and because our business and the third parties identified in “Who has access to your personal information?” have operations in countries across the world. This may involve sending your data to countries where under their local laws you may have fewer legal rights. However, wherever we store your information we will treat it in accordance with this Privacy Policy.

By continuing to use our services, the website and by providing any personal information, you consent to such transfers, storing and processing of your personal information outside the country in which you are located and outside the European Economic Area, including to countries where under their local laws you may have fewer legal rights.

 

Legal statement for flights operated by OpenSkies

In accordance with Article L232-6 of French Internal Security Code, please be informed that air carriers may transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N°2014-1095 dated 26/09/2014.

How can you keep your personal information secure?

We understand how important it is that your information is kept secure. Please visit our security policy to see what steps we take to keep the information you give us secure.

 

Keep your booking reference confidential

When you make a booking you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation or ticket of each person in your booking. You should keep your booking reference confidential at all times.

Giving your booking reference to others may allow them to access your booking details through our system. If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer to have each person make separate bookings, to be paid for individually.

 

Keep your Executive Club number/Registered Customer log-in details confidential

To make sure your access to our websites, other online services, and mobile applications is secure, you should not share your log in details with anyone else. When you finish using the website, online services or mobile application you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.

 

Be aware of and protect yourself against Internet fraud and “Phishing”

There is an Internet fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.

For your protection please be aware of the following guidance:

  • You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking. Our Customer Relations team might ask for your bank details if they are going to credit your account directly, after you have raised a claim with us.
  • You will only be asked for your card payment details if you wish to change or refund your booking on ba.com. We require this information specifically to debit or credit your card in relation to your booking.
  • Legitimate emails from British Airways will contain your booking reference and the email will not have been sent from a web-based mail server such as gmail, hotmail or yahoo.
  • British Airways will never request money payments through a third party, such as Western Union.

If you have reason to suspect an email claiming to be from British Airways is fraudulent, please forward it to BA phishing. We will investigate its authenticity and take appropriate action. Please note that we cannot enter into correspondence over emails sent to this address, and therefore you will not receive a reply.

Please see our Phishing FAQ for information about scam emails claiming to be from British Airways.

Requesting a copy of your personal information

Under the UK Data Protection Act 1998, you may request a copy of any personal data about you held by British Airways Plc. There is no fee for this request.

The request must be in writing and must contain the following:

  • Your name and postal address

Any details which may help us locate the information you are requesting, for example:

  • Booking reference or flight numbers and dates
  • Executive Club number
  • Telephone recording details (identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)).

 You must also provide:

  • a photocopy of your passport or driving licence, so that we can verify your identity
  • your signature and the date of the request
  • signed authority from the individual whose data is required if you are applying on their behalf

Please send your request to:

Data Protection Manager
British Airways Plc
Waterside (HCB3)
PO Box 365
Harmondsworth
UB7 0GB
England

Last updated: October 2017
© British Airways Plc