Data protection

Austrian Airlines AG would like to explain to users of the austrian.com website which personal data is processed within it according to the following Privacy Policy.

In addition, the General Terms of Carriage for the operation of flights apply.

This Privacy Policy does not make a distinction between male and female persons for reasons of easier legibility. The relevant terms apply in all cases to both sexes in line with gender equality.

Austrian Airlines AG (Office Park 2, Postbox 100, 1300 Vienna Airport, Austria; also referred to below as “we” or “us”) informs you in the following about the processing of your personal data as part of your use of the austrian.com website.

When we refer to the Lufthansa Group below, we mean the airlines Lufthansa, SWISS International Airlines AG, Austrian Airlines AG and Eurowings GmbH, together with Miles & More GmbH and other companies of the ​Lufthansa Group.

If you have any further questions about data protection in connection with the austrian.com website, please contact our Data Protection Officer via the contact details provided under the section “Data subject rights”.

Data subjects to whom this Privacy Policy applies are natural persons who use the austrian.com website.

Security has the highest priority, according to the Austrian Airlines AG creed. This creed, of course, also applies to the handling of personal data in our company.

You entrust to us a great deal of your personal data, whether in the course of booking a flight, at check-in or when you subscribe to our newsletter. It is an important concern for us that we handle your personal data with the greatest care and protect your privacy. Data protection is taken into account in all our business processes at all times.

You agree to this Privacy Policy when you use the austrian.com website.

This Privacy Policy applies to the appearance of this website and all sub-websites of Austrian Airlines AG. The pages in this website may contain links to other providers outside Austrian Airlines AG where this Privacy Policy does not apply. Austrian Airlines AG does not accept any liability for the content of other websites and providers. Please note that different privacy policy provisions will apply when you leave this website.

We also use the services of selected commissioned data processors for the technical and organisational implementation of our website. They are contractually obliged to process the obtained personal data solely according to our instructions.

The austrian.com website is intended to make Austrian Airlines AG online services easier and more convenient to use. This includes:

• booking flights;
• using additional booking services such as seat reservations, online check-in, in-flight entertainment, etc.;
• rebookings or cancellations;
• the appreciation of offers from the ​Lufthansa Group and our ​partner companies (these are companies with which Austrian Airlines cooperates) so that we can provide you with further offers.

We process the following personal data when you book a flight ticket via the austrian.com website:

• title, first name and surname;
• date of birth;
• email address, contact address (street, town and postcode) and telephone number;
• frequent flyer programme;
• meal preferences (menu choice);
• your specific service requests (e.g. transport aids and accompanying assistance, etc.) and
• credit card data.

The following personal data may or must be given depending on the destination:

• date of birth
• nationality and passport details
• visa data

We only process your personal data to perform the contract of carriage, issue your requested flight ticket and send you a passenger receipt. Your passenger receipt will be sent unencrypted via electronic channels. In addition, we process your personal booking data solely on the basis of the statutory regulations or with your consent. If you provide us with any personal health information when booking your flights so that we can provide you with the relevant assistance in accordance with your medical needs, this data will only be processed and/or shared with third parties (e.g. airports and security checks, etc.) for the provision of such services.

If you use other services on our website relating to your flight (e.g. downloading e-Journals), we only process the personal data collected for the performance of the contract.

Please note that you must have the relevant power of representation if you purchase a flight ticket not only for yourself but also for people travelling with you.

Please also note that we will store your passenger data. The retention period is in principle three years, unless other statutory or legitimate interests prevent the deletion of such data.

We process the following personal data about you when you use our online check-in:

• name and booking code;
• contact details (email address and telephone number);
• your specific service requests (e.g. meal preferences, transport aids, accompanying assistance, etc.).

We only process your personal data for the performance of the contract of carriage. Please note that we store your passenger and check-in data. The retention period is in principle three years, unless other statutory or legitimate interests prevent the deletion of such data.

To use self-services, request general information or find out about future destinations, you can contact us by means of our chat service on our website or our defined messenger services. Depending on the requirements or complexity of your enquiry, it can also be answered by one of our service agents on a live chat.

We request the personal data required for the respective purpose (e.g. booking number) from you in order for you to use our services, e.g. rebooking or refunding your flight, or answering questions about products and services relating to your trip.

If you have registered with your Travel ID profile, we can also offer you a personalised service based on the information stored in your Travel ID profile, e.g. display a selection of your bookings. Further details on the processing of your data in the context of using Travel ID can be found in the ​Travel ID data protection information.

We have a contract data processing agreement with WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Ireland, for contacting us using WhatsApp. WhatsApp encrypts communication end-to-end. Information disclosed in the chat is therefore not visible to WhatsApp. Information about the processing of personal data when using WhatsApp can be found in the ​WhatsApp Privacy Policy.

Your personal data is generally processed within the EU.

When booking a flight or during online check-in, you can indicate a frequent flyer programme by providing your frequent flyer number for the purposes of earning mileage credit.

Please note the privacy policy for your frequent flyer programme.

You may register with operators of biometric identification services and for select flights at certain airports, benefit from the advantages of a biometric identification system (facial recognition), without a boarding pass or smartphone.

The responsible person within the context of GDPR for processing personal data that are required for registering a biometric profile and for biometric identification is the respective operator. You may use the biometric identification services of the following operators:

• Star Alliance

Processing within our responsibility

• If you have received your digital boarding pass within the scope of our online check-in, then we shall forward your digital boarding pass to the operator of the biometric identification service of your choice upon request, i.e. if you make the corresponding selection.
• We take a brief video sequence at access points/devices operated by us at the airport (e.g. boarding gate) that are equipped with corresponding cameras. A defined number of non-biometric photos are extracted from this and sent to the operator of the biometric identification service for the purpose of your identification.

Categories of recipients

• IT service providers with seat in the EU (Processor)
• Supplier of the biometric identification service (Controller)

Duration of data storage

As soon as the identification process has been completed and/or your data has been transmitted, the data is deleted from the access points/devices.

Legal basis for processing

Your data is processed on the basis of your consent according to Art. 6 (1)(a), as well as Art. (9)(a) GDPR, which your provided to the operator of the respective biometric identification services during registration. You can withdraw your consent to the use of biometric identification at any time with the respective operator. For details regarding processing your personal data, as well as withdrawing your permission, please read the data protection policy of the operator:

• Star Alliance

Our in-flight entertainment programme offers you a wide range of films, music, newspapers and much more to choose from. You can find tips and the current weather report for your destination, make purchases in the Lufthansa WorldShop and obtain information about services relating to your connecting flights using the free FlyNet portal. We only process personal data (internet protocol data) for this that is required for notifications and the functioning of the website. For an additional charge we also offer you internet access on our flights via the FlyNet programme. You can buy the right access package for you with our partner Deutsche Telekom directly on the FlyNet portal.

The legal basis for the processing of your personal data is the contract of carriage concluded with you.

You can also log in with your travel ID profile to customise our in-flight entertainment programme and FlyNet services to your own requirements.

You can receive information, offers, surveys about travel related preferences, customer satisfaction surveys, and newsletters on the topic of travel from us, companies of the Lufthansa Group, or partner companies, via communication channels chosen by you, such as email, SMS, messenger services, and telephone.

These messages and offers can be personalized through the use of technologies that allow us to determine whether the recipients have opened the message or otherwise interacted with electronic advertising communications. Please refer to our ​Cookie Policies for further details.

If we ask for your consent, for example, when you subscribe to a newsletter, our legal basis for this processing is your consent (Art. 6 Para. 1 lit. a) GDPR). You can revoke your consent to the processing for this purpose at any time with future effect by following the corresponding unsubscribe link in the respective communication.

If we process your personal data for information and marketing activities without asking for your consent, we have concluded in individual cases that our legitimate interest provides a sufficient legal basis for the corresponding processing (Art. 6 Para. 1 lit. f) GDPR).

The personal data you disclosed when successfully booking a flight will only be shared with third parties (e.g. operating airlines and airports, etc.) for the performance of contractual obligations.

Your personal data will only be transmitted to domestic and foreign courts, authorities or other state institutions in accordance with the statutory requirements.

If Government agencies or authorities ask us to collect or share personal data, we will only do so in accordance with the appropriate legal regulations.

Please note that any data provided by you in the context of a booking may be subject to transmission.

Airlines are under a legal or official obligation in various countries to transmit passenger data before the respective flight lands in the destination country if your destination or transfer airport is situated in one of the states concerned. Such legal regulations generally involve the transmission of data about the identity and travel documents (passport and visa) of the passenger boarding the flight.

We generally do not have access to this data so it must be collected before departure. This is increasingly carried out via the so-called “machine-readable zone” on more recent travel documents. The information is only collected for immediate transmission to the authorities of the destination country.

In accordance with the regulations of the Transportation Security Administration (TSA), you are obliged to provide your full name, date of birth and gender for the purposes of Watch List Screenings based on 49 U.S.C. Section 114 of the Intelligence Reform and Terrorism Prevention Act of 2004 and 49 C.F.R. Parts 1540 and 1560. You may also provide your redress number, where available. Failure to provide your full name, date of birth and gender may result in denial of carriage or denial of entitlement to enter the boarding area. The TSA may exchange the data provided by you with law enforcement agencies, intelligence services and other organisations under its published system of records.

You can find further information about the data protection regulations of the TSA, its record system and the data protection implications on the TSA website at

In accordance with EU Regulation No. 996/2010 (EU Regulation No. 996/2010 of the European Parliament and of the Council of 20 October 2010, for the Investigation and Prevention of Accidents and Incidents in Civil Aviation and Repeal of Directive 94/56/EC), on our website we give you the option of providing the name and telephone number or email address of a person to be contacted in the event of an aviation accident. These details will be used exclusively for this purpose and will be deleted after the last flight you have boarded.

Please note: These details are not linked with your booking and must be re-entered if you rebook.

In addition to the purposes stated above, when we process your data in our legitimate interest we do so for the following purposes:

• for the establishment, defence or enforcement of legal claims;
• for transparency and further development of business processes subject to the stated retention periods;
• to ensure IT security, the operation of IT systems and the operation of the airline.

Austrian Airlines AG reviews payment transactions in connection with flight bookings to prevent fraud and other improper use. Austrian Airlines AG uses both internal and external resources for this purpose. If specific circumstances are detected, Austrian Airlines AG reserves the right to share information, including personal data, with other companies of the ​Lufthansa Group.

We use Adobe Analytics of the Adobe Online Marketing Cloud to store web data and information (“data”) as a host. Adobe is an “ASP” (Application Service Provider) that offers a service called Adobe Analytics to track and analyse customer websites. This allows us to analyse visits to our website so we can understand our customers’ needs. We are constantly improving the website and mobile app based on this information. The data collected is not associated with a particular individual. It is only evaluated as part of web analysis using anonymous, aggregated data for statistical purposes.

Apply to us directly online via the Austrian Career Cockpit or receive interesting job offers via email. You create a profile with your personal details to do so. We handle your data in confidence and do not share it with third parties. You can delete both your profile and your online application at any time. Please contact us via email at: karriere@austrian.com to do so.

The mySelfie App has been programmed to record Austrian employees’ moments and quotes.

The participant grants Austrian Airlines a global, transferable and non-exclusive exploitation right and right of use until further notice in relation to the posts and content provided (e.g. text and photos). Austrian Airlines has an unlimited right to use the images for communication and advertising purposes. Austrian Airlines can reject content from participants at any time.

Every participant remains responsible for his/her own content. The participant warrants to Austrian Airlines that the/she will not place any posts or content if their provision, publication or use would violate existing laws or the rights of third parties. Placing posts that are racist, pornographic, inhuman, offensive or immoral is expressly prohibited. The participant warrants that the content provided does not violate the rights (especially copyrights) of third parties. The participant undertakes to indemnify and hold Austrian Airlines and its employees and partners harmless against any justifiable claim for damages or injury that may result from the publication of their post or content.

If you would like to withdraw your consent for the publication of your photos, please send your photo and withdrawal to public.relations@austrian.com.

Austrian Airlines AG implements technical and organisational data security measures to protect your personal data against accidental and deliberate manipulation, loss and destruction, or against access by unauthorised persons. Data security measures at Austrian Airlines AG are continuously evolving to ensure our technical security measures meet the latest standards in technology. Our staff at Austrian Airlines AG in the data security and data protection divisions also undergo training and are subject to organisational procedures to ensure secure data processing.

Austrian Airlines AG is committed to making our data processing procedures clear and transparent. It is therefore important that our customers are not only able to withdraw their consent, but also to exercise their following rights:

• right of access to information;
• right to rectify their personal data
• right to erasure
• right to restrict processing
• right to data portability
• Cookies

You must submit your data subject rights request in writing using the online form with proof of your identity (scan or copy of an official photo ID).

You can also send a request of this kind to us by post:

Austrian Airlines AG
Legal Office – Data Protection
Office Park 2
PO Box 100
1300 Vienna Airport

If you have any concerns about data protection law, please contact us by post at the above address or contact our company’s Data Protection Officer using our online form.

You also have the right to lodge a complaint with the data protection authority as the relevant regulatory body. The data protection authority with jurisdiction for Austrian Airlines AG is:

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria

Telephone: ​+43 52 152–0
Email: ​dsb@dsb.gv.at

There is a legal or official obligation for aviation companies in various countries to send passengers’ personal data from the booking system to the relevant authority. You can find these countries here and find out what data is shared with just one click

For information, complaints and data information, please contact us on ​+43 5 1766 1000 (at the local rate from anywhere in Austria, 08:00 a.m. - 08:00 p.m., Mon.-Sun. and bank holidays), or contact us via our contact forms.