If you have made a flight booking with us but one or more flights are to be provided by other airline(s) then that other airline will also separately be considered a “data controller” under European Union and UK data protection law. You can access the privacy policies of the other airlines via their own websites.
Any provider of services such as a hotel or car rental company will also separately be a “data controller”. You can access the privacy policies of those providers from them directly.
If you have made a booking for non-flights services (hotel, car, transfers or experiences) or booked a “package” then the package booking Terms and Conditions identify if your contract is with British Airways Holidays Limited, British Airways is the “data controller”.
If you are a member of the British Airways Executive Club, Avios Group (AGL) Limited will also separately be a “data controller” of your personal information. Avios Group (AGL) Limited’s address is Astral Towers, Betts Way, Crawley RH10 9XX. Avios Data Protection Officer can be contacted by email addressed to email@example.com.
Personal information means details which identify you or could be used to identify you, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications.
Where we reference that others are data controllers in the sections ’Controller of Personal Information’ and ’Who do we share your personal information with?’ you should consult their privacy policies for further information.
Additional Terms and Conditions or policies may apply if you elect to take additional services from us such as making a Highlife purchase on board, using our on-board Wi-Fi or entering a competition linked to British Airways and other third parties.
We take great care to protect the personal information you provide to us. You can read more about how we do this in our Website Security Policy. Here are some things you can do to keep your information secure.
When you make a booking, you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation or ticket of each person in your booking. You should always keep your booking reference confidential.
Giving your booking reference to others may allow them to access your booking details through our systems.
If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.
To make sure your access to our websites, other online services, and mobile applications is secure, you should not share your log in details with anyone else. When you finish using the website, online services or mobile app you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.
There is an Internet fraud practice known as ‘phishing’ which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm bank or password details into a 'cloned' or illegal copy website.
Please see our phishing FAQ (English only) for information about scam emails claiming to be from British Airways.
We collect personal information about you whenever you use our services (whether these services are provided by us or by other companies or agents acting on our behalf), including when you travel with us, when you use our website or mobile applications, or interact with us via email or use our contact centres.
For additional details see ’What types of personal information do we collect and retain?’ below.
In addition, we may receive personal information about you from third parties, such as:
When you use our services, you will need to provide us with your personal details or the details of those individual(s) who will be travelling.
We collect the following categories of personal information:
Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and UK data protection law and is referred to here as “sensitive personal data”. Generally, we try to limit the circumstances where we collect and process sensitive personal data. Examples of where we may collect and process ’sensitive personal data’ includes the following:
In addition, you may have requested services (such as a meal) which is not ’sensitive data’ but may imply or suggest your religion, health or other information.
The main purposes for which we use your personal information are:
When we have your permission we will send you marketing communications from British Airways. As British Airways we do sometimes send marketing communications that include a business partners’ products and services related to the travel you are undertaking, as well as our own.
We will only allow third parties or other members of our group to send marketing communications to you when we have agreed marketing from third parties.
We will respect your choice as to what communications you wish to receive and how these are sent.
If you decide you would no longer like to be sent marketing communications, you can change your mind at any time. The ways to stop being sent marketing communications are described below:
If you are an Executive Club Member you can change your marketing preferences at any time in your account area or by telephoning the Executive Club on 0344 493 0747 (calls charged at local rate), or writing to us at British Airways Executive Club, PO Box 1125, Uxbridge, UB8 9XR. If you’re based in another country, please see the Executive Club contacts for your local service centre.
In addition, each marketing communication we send by email will also have an unsubscribe option which will allow you to stop receiving further marketing emails. You may also stop any further text messages by replying with the word “STOP”. Alternatively you can unsubscribe an email address using our Permissions Centre, which will stop us sending all marketing communications to the address provided. You will need to do this for each email address you have used with us in the past.
We aim to action requests to stop being sent marketing communications within 10 working days of receiving those requests, but it is possible you will receive some marketing in the period prior to that change being made.
Please note that if you tell us that you do not wish to be sent further marketing communications, you will still receive service communications (as described above) which are necessary, for example, to confirm your booking or to provide you with an update on its status. If you are an Executive Club Member, we will continue to keep you informed about your membership and other important service information relating to the Executive Club. If you ask us to stop sending marketing communications, please note we will retain your personal information for the purposes of indicating that you do not want to receive marketing communications.
If you wish to change how we use your personal information, including exercising your right to be forgotten, please see section “What are your legal rights in relation to the personal information we hold about you?“ and “How can you exercise your legal rights and change how we use your data?“
British Airways will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons British Airways collected and needs to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:
More information on each legal basis is provided below.
If processing of your data is subject to any other laws, then the basis of processing your data may be different to that set out above and may in those circumstances be based on your consent in all cases.
We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you book a flight with us we will keep the information related to your booking, so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the booking. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any loyalty rewards which are due to you.
We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. If you stop interacting with us as a customer, we will remove or anonymise your information after 7 years.
It will be necessary for British Airways to use your personal information to complete a booking you have made with us. For example, we will need to use information such as your contact details and payment information to provide you with the flight, holiday and/or car hire you have requested and paid for.
As a commercial airline and travel provider British Airways has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business. Show example
There are situations where British Airways is subject to a legal obligation and needs to use your personal information to comply with those obligations. Show example
There are situations where we may need to use your personal information to protect the vital interests of you or another person. Show example
Alternatively, we may collect and use your personal information where you have given your specific consent to us doing so. Show example
If the basis of our processing your data is consent to marketing, you can withdraw your consent to such processing at any time, including by amending your account online or by telephoning or writing to the Executive Club on 0344 493 0747 (calls charged at local rate), or writing to us at British Airways Executive Club, PO Box 1125, Uxbridge, UB8 9XR. If you’re based in another country, please see the Executive Club contacts for your local service centre.
However, if you withdraw your full consent, in some circumstances, it may mean we will not be able to provide all or parts of the services you have requested from us and you will not be able to cancel your booking or obtain a refund of any charges you have paid.
Your personal information may be shared with the companies within our group, which includes International Consolidated Airlines Group S.A (IAG), British Airways, Iberia, Iberia Express, Vueling, Aer Lingus, OpenSkies, British Airways Holidays, Avios, British Airways CityFlyer, IAG Connect and IAG GBS. For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the other airlines in the IAG Group we may use this information to understand more about the sorts of travel services you are likely to be interested in.
You will only be sent marketing emails from other companies within our group where you have provided your consent to those companies.
We may also disclose your personal information to the following third parties for the purpose described here:
If your booking of a package of a flight and other services (such as hotels) is with British Airways Holidays (or they are providing parts of your package) as set out in British Airways Holidays Terms and Conditions, your personal information is provided to both British Airways Plc and British Airways Holidays Limited.
We do not sell personal information to third parties, and we only allow third parties to send you marketing information where we have your consent to do so.
Your personal information may be sent to and stored by us and third parties in countries outside the country in which you are located and outside the European Economic Area and the UK.
The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK to fulfil your travel arrangements. This occurs because our business and the third parties identified in ’Who do we share your personal information with?’ have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, your personal information will be transferred to border control and immigration outside of these territories.
In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to us.
This may involve sending your data to countries where under their local laws you may have fewer legal rights.
If you would like more information on these safeguards, please contact the Data Protection Officer, British Airways Plc, Waterside (HCB3), PO Box 365, Harmondsworth, UB7 0GB, England.
In accordance with Article L232-6 of French Internal Security Code, please be informed that air carriers may transmit reservation/checking and boarding data collected from their passengers (PNR/API) to the French national public services and competent authorities for the purposes and under conditions as defined in the Decret N°2014-1095 dated 26 September 2014.
Under the UK Data Protection Act 2018, you may request a copy of any personal data about you held by British Airways Plc. There is no fee for this request.
The request must be in writing and must contain the following:
You must also provide:
Please send your request to:
Data Protection Officer
British Airways Plc
PO Box 365
Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to three months, but we will let you know if this is the case.
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.
Details of how to exercise your rights are set out in the section below “How can you exercise your legal rights and change how we use your data?
Your rights include the following:
To do this we will remove the information that identifies you from the data we hold in our active systems (“anonymise”). However, a separate and restricted copy of the identifying information will be kept for 7 years to meet the obligations we have to law enforcement, national authorities and legal proceedings.
If you wish to change how we use your personal information, please use our Permissions Centre.
We will ask for some information to identify you, which will only be used to process your request. We will verify your identify via email before processing your request.
Alternatively you can make a request by writing to us, ensuring you mark the letter for Customer Permissions.
Data Protection Office
British Airways plc
PO Box 365
If you wish to review the personal identifiable information we hold on you and your flight history, please use our Permissions Centre.
If you wish to receive a copy of any other information we hold on you, please make your request in writing and include the following information with your request:
Any details which may help us locate the information which is the subject of your request, for example:
If you wish the information to be provided to you in a machine-readable copy, please indicate that at the time of making your request.
Please send your request to: DPO@ba.com
Or alternatively you can make a request by writing to:
Data Protection Officer
British Airways Plc
PO Box 365
If you have any questions about this policy, please contact the Data Protection Officer.
The Data Protection Officer for British Airways can be contacted at DPO@ba.com. Please note that British Airways’ Data Protection Officer is also the Data Protection Officer for OpenSkies, British Airways Holidays and BA City Flyer.
We work hard to handle your information responsibly. If you are unhappy about the way we do this, please contact British Airways’ Data Protection Officer who will address your concerns.
We hope that we will be able to resolve any concerns you may have.
However, you have a right to complain to the UK’s Supervisory Authority for data protection, the Information Commissioner at:
Information Commissioner's Office
Last updated: December 2018
© British Airways Plc