Privacy Document of “Azerbaijan Airlines” Closed Joint Stock Company
1. General provisions
"Azerbaijan Airlines" Closed Joint Stock Company (AZAL), as a personal data operator in accordance with the requirements of the legislation attaches particular importance to the collection, processing and protection of personal data of its Customers (data owners).
AZAL’s Privacy Document (the Document) has been developed in accordance with the requirements of the Law of the Republic of Azerbaijan "On Personal Data" (Law) and sets out the guidelines for collecting, processing and protecting personal data of Customers.
The collection, processing and protection of personal data are implemented in accordance with the principles of legality, confidentiality, voluntariness, accuracy and responsibility subject to the fundamental rights and freedoms of individuals and citizens established by the Constitution of the Republic of Azerbaijan.
Collected personal data is protected, destroyed or archived in accordance with the legislation of the Republic of Azerbaijan.
2. Forms of data collection
The Document encompasses personal data collected through the following means:
• call centers, sales offices, services provided during flights, suggestions and complaints, surveys and questionnaires, data obtained via AZAL’s official social media and messaging platforms;
• data obtained via AZAL’s official websites of the loyalty program and mobile applications;
• data obtained through agents authorized to sell air tickets, various sales channels, business partners.
• data obtained during the purchase (order) of tickets and related services through AZAL's official website and mobile application.
3. Legislative basis for the collection and processing of personal data
In accordance with Article 9.6 of the law, the collection and processing of personal data may occur under the following conditions:
• if Customer gives consent to the collection and processing of his/her personal data or if such information is publicly available;
• if personal data is processed on the basis of legislation that defines the purposes and methods for their collection and processing;
• if processing of personal data is conducted for the purposes of scientific and statistical research with mandatory anonymization;
• if collection and processing of personal data is required to protect the life and health of the data subject.
By purchasing or reserving AZAL services, the Customer declares that he/she has read this Document and agrees to the following:
• in accordance with this document, AZAL collects and processes its own personal data in accordance with the list specified in the section “Categories of collected and processed personal data” below;
• cross-border transfer of personal data to other jurisdictions that ensure adequate protection of personal data, only for the purposes of collecting and processing personal data specified in this Document, in accordance with the list provided below in the section “Categories of collected and processed personal data”.
Such consent will remain valid until revoked by the Customer in writing.
AZAL is entitled to involve third parties in the processing the personal data of Customers in order to improve the quality of services, expand the range of services, facilitate the use of services and ensure the protection of the personal data of Customers. The involvement of third parties can only be conducted on the basis of contractual relations between AZAL and third parties.
4. Categories of collected and processed personal data
AZAL collects and processes the data as follows:
Identity documents data — name, surname, nationality (citizenship), date of birth, gender, type and number of travel documents, their validity and expiration date, country of issue of the document and other data contained in the identity documents provided by the AZAL’s customer/user;
Contact information — telephone number, mobile phone number, email address, social media accounts, actual residential or registered address and other contact information provided by the AZAL customer/user;
Flight (ticket) information — data on the flight route, flight date and time, channels used to purchase tickets and the ticket purchase location (purchase address, including IP addresses);
Customer requests data — CDR (call detail records), call center information, payment card information, cash orders and other details on customer/user requests in AZAL;
Account Protection Related Data — personal account data (username and password) created when using products or services offered via digital channels;
Risk Management Data — results and records of various inquiries submitted by government agencies on Customers, records of security inquiries related to flights ban, accounts registration system records, records of IP address monitoring and other similar data;
Financial data – data collected from payments made by a person when purchasing AZAL products and services (credit/debit card data, bank account data, IBAN data, balance data and other financial data);
Special categories of personal data — information on health, allergies, dietary preferences, disabilities (health restrictions) and other data affecting the flight and essential for the provision of special services.
Marketing data — reports and assessments used for marketing purposes, reflecting user habits, cookie data, data collected for database expansion, results of satisfaction surveys, data collection campaigns and evaluation of direct marketing activities, as well as other data of this category.
5. Purposes of personal data collection and processing
Personal data is collected for the following purposes:
• improving the services (products) provided;
• offering miles;
• managing travel bookings and providing access to other services provided by AZAL;
• maintaining communication with Customers and managing Customer relationships;
• ensuring communication on operations;
• personalizing and improving the quality of Customer service;
• providing information on our products or services;
• measuring Customer satisfaction with regard to the services;
• assessing service quality via questionnaires, surveys and feedback;
• sending personalized offers to Customers;
• performing accident and incident management operations;
• complying with legal requirements;
• conducting financial or accounting transactions;
• creation of information technology infrastructure, as well as implementation and control of information security processes and operations;
• prevention of fraud and other illegal actions.
6. Personal data transfer
The personal data of the Customer, as defined in Articles 13 and 14 of the Law, may be transferred to third parties in accordance with the requirements of the law. The Customer’s personal data can be transferred to the third parties as follows:
• AZAL’s structural divisions and subordinate entities;
• Suppliers and business partners;
• Financial entities;
• Foreign countries in which transportations are performed, authorized international organizations;
• Government agencies.
7. Sending electronic notifications
AZAL can send written (digital) notifications to the Customer's communication means in order to provide information on its services, send personalized offers to the Customers, promote its products and services and inform Customers on campaigns. The Customer will be able to unsubscribe from such notifications.
8. Customer (data owner) rights
The Customer has the rights as follows:
• receive an information on the availability of his/her personal data in the information system, their owner or operator;
• request a legal justification for the collection, processing and transfer of his/her personal data in the information system to third parties, receive information on what legal consequences the collection, processing and transfer of such data to third parties will entail for the Customer;
• get acquainted with the content of his/her personal data collected in the information system;
• be aware of the purposes of collecting and processing his/her personal data in the information system, the period, methods of processing, on persons who have a permission to get acquainted with their personal data, including the scope of information systems in which an information exchange is provided for;
• demand clarification and destruction of his/her personal data collected and processed in the information system, except for cases provided by law, as well as demand archiving of such data in the prescribed manner;
• demand a ban on the collection and processing of his/her personal data;
• receive information on the sources of his/her personal data collected and processed in the information system, demand confirmation of the legality of such data;
• demand protection of his/her personal data, collected and processed in the information system;
• receive information on availability of a certificate of conformity and state examination of information systems containing collected and processed personal data;
• exercise other rights determined by law and other regulatory legal acts of the Republic of Azerbaijan.
The User can contact AZAL using the following contact information to exercise the above-mentioned rights and send his/her requests to AZAL. Depending on the nature of the request, a response will be given within the timeframes established by the Law of the Republic of Azerbaijan “On Citizens' Appeals”.
” Azerbaijan Airlines " Closed Joint-Stock Company AZ1044, Baku, Azerbaijan Tel: +994 12 497 26 00 Fax: +994 12 598 52 37 Email: airline@azal.az
9. Data protection
AZAL implements comprehensive technical and regulatory measures to protect the personal data of Customers and mitigate the risks related with unauthorized access to personal data, accidental loss of data, intentional deletion or damage. From this point of view AZAL will:
• ensure data protection by implementing the measures specified in the “Requirements for the Protection of Personal Data” approved by Resolution No. 161 of the Cabinet of Ministers of the Republic of Azerbaijan dated September 6, 2010;
• access to personal data within AZAL is managed through a controlled process based on the nature of the data and within the framework of the “need to access personal data”;
• take stricter measures to access special categories of personal data;
• ensure the legality of data processing activities through internal documents, procedures and regular audits;
• if outsourcing services require external access to personal data, AZAL require the third party to comply with the provisions of the Law;
• take necessary steps to inform all employees, especially those who have access to personal information, of their duties and responsibilities under the Law.
10. Changes to the Privacy Document
AZAL reserves the right to make changes to this Document at any time. Changes shall be deemed effective from the date of their posting on the official AZAL website (mobile application).
The Customer is personally responsible for getting familiarized with the updated Document.