1.1 The entity responsible for your personal information is Jet Privilege Pvt. Limited.
1.2 Jet Privilege Pvt. Limited forms part of Etihad Aviation Group P.J.S.C. and is a Limited Liability Company incorporated in India Mumbai, Maharashtra, India.
1.3 At Jet Privilege Pvt. Limited, and our affiliates and branch offices (collectively referred to as "InterMiles", "we", "us"), we take our data protection and privacy responsibilities seriously. This statement describes how we collect, process, use, disclose and transfer your personal information as a data controller. It covers instances when you contact us, use our services or interact with our website, www.intermiles.com or its sub-domains (the "InterMiles Website").
1.4 This privacy statement contains provisions that are applicable specifically to members who are located in India, and other provisions that are applicable to members who are located outside of India. It also contains provisions that apply specifically to members who are located in the EU and whose data is protected by the General Data Protection Regulation (GDPR).
2. For Members in India.
2.4 Any changes to this Policy will also be applicable to data that has already been collected and stored.
2.7 Sensitive Personal Data (SPDI) During the membership in the InterMiles programme, a member can optionally share other kinds of data with the programme. For example: passport details, alternate contact number, meal preference or dietary requirement, other interests or preferences, preferred language for service centre interactions etc. Preference data can imply or suggest a member’s religion, health or other information which may include SPDI (as defined below). You agree and acknowledge that JPPL does not intentionally collect any SPDI and SPDI being discernible from such data will not amount to JPPL collecting SPDI.
2.8 For the purposes of members who are based in India, Sensitive Personal Data or Information (“SPDI”) shall have the same meaning as been defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.
3. For Members Located Outside of India:
3.1 If you are not located in India, we shall process your personal data under one or more of the legal bases set out below (see ‘LEGAL BASIS FOR USING YOUR DATA’).
3.2 This Privacy Statement is not a contract and does not create any legal rights or obligations.
3.4 Updates: We may amend this statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email ("Notice of Change").
4. What Personal Information We Collect and When and Why We Use It.
In this section you can find out more about:
• the types of personal information we collect
• when we collect personal information
• how we use personal information
4.1 We will collect the following personal data from you at various stages of your enrolment into InterMiles.
4.2 When you enroll into “InterMiles" you provide us the following information: name, address, email address, date of birth, telephone number, business details (Company name, job title, address and contact information). Such information is collected only if volunteered by you and not automatically.
4.3 When you enroll in "InterMiles" or if you are already an InterMiles member, you may provide information to us that enables us to create a traveler profile for you, which is optional. To create a traveler profile, you will be asked to provide any or all of the information such as your name, address, email address, date of birth, telephone number, InterMiles number (if you already have one), as well as information about your travel preferences, hobbies, business details (Company name, job title, address and contact information) and other preferences. You will also be asked to choose a password. Although becoming a InterMiles member and providing profile information makes purchasing tickets on the Site easier and allows us to provide you with special offers and promotions, you are not required to register with InterMiles and create a profile to use our Site to purchase tickets and make reservations.
4.4 If you visit our Site to just browse, read pages or download information, but do not enroll into InterMiles, we may gather and store information about you such as site browsing behavior, social media behavior, device related details, location details about your visit automatically. This information may or may not identify you personally. We have elaborated on the kind of information that we gather automatically below.
4.5 InterMiles may partner with third party data aggregators (digital and offline), to collect and store additional information like affinities and preferences about members and prospective members at a segment level.
4.6 We use personally identifiable information that we collect about you to enroll you in InterMiles and to ensure that you receive applicable mileage credits for travel purchases, for participating flights and other InterMiles partner activities/benefits. We also use this personally identifiable information to communicate with you concerning your InterMiles account and to notify you of any special promotions for which you might be eligible.
4.7 We also use InterMiles profile information to perform a number of functions including:
4.7.1 pre-filling certain data fields to eliminate the need for you to type the same information multiple times;
4.7.2 informing you about the programme and your benefits;
4.7.3 performing certain booking functions;
4.7.4 billing you for your reservation;
4.7.5 sending you offers that may be of value;
4.7.6 sending you your membership card;
4.7.7 notifying you of a flight change, reservation confirmation or a special fare offering;
4.7.8 to deliver programme and recognition benefits as well as various other services;
4.7.9 for dispute or complaints resolutions and / or for answering queries about service requests;
4.7.10 to comply with applicable law;
4.7.11 to help detect and prevent abuse or fraud or criminal activity or aid law enforcement agencies;
4.7.12 for any other purposes or activities that are notified on InterMiles websites from time to time, including this statement; and
4.7.13 aggregated data and / or segment level data is used in different analysis and market research that helps to refine the programme continuously and develop relevant and novel products / services / offers for members and prospective members.
4.8 We may communicate with you to invite you to join InterMiles if you have an existing or recent booking with InterMiles and are not already a member. However, we will only do so where you have given your consent to InterMiles for us to do so.
4.9 You may choose to not provide us with, or to withdraw any or all of your personal information, but in the event that you do so, we will be unable to provide you with our services and you will not be able to be a member of InterMiles.
5. Legal Basis for using your Data.
5.1 We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:
5.1.1 where we need to use your personal information to perform a contract or take steps to enter into a contract with you, for example to take payment for and manage the terms of any travel booking you have with us, or complete your travel arrangements, if you are a passenger on a flight booking;
5.1.2 our legitimate interests as a commercial organization, for example we may record calls to our customer service centre so that we can review our call handling processes and ensure we provide a continuously high standard of customer service; we may use customer contact information to keep our customers informed about flight changes and other important service messages; we may also let you know about our new routes and special offers that may be of interest to you - in these cases we will respect your privacy rights and ensure you may object to processing as explained in the "Your Rights" section below;
5.1.3 where we need to use your personal information to comply with a relevant legal or regulatory obligation that we have, for example in some countries we are required to share Advance Passenger Details with law enforcement officials in destination airports before departure, as described; and
5.1.4 where we have your consent to using your personal information for a particular activity, for example to share with you special offers from ourselves and our partners that we consider may be of interest to you.
5.2 To help you understand the legal grounds on which we process your data, please see the table that sets out the legal bases upon which we process your personal information in certain circumstances. There may be one or more legal bases applicable to the activities listed. These may be amended and updated from time to time.
6. How We Share Information with others.
6.1 We work closely with a number of trusted partners with whom we need to share information to help us provide our services:
6.1.1 our group or affiliate companies around the world, including other InterMiles brands;
6.1.2 partner airlines where you are travelling on a booking which involves a codeshare;
6.1.3 frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your enrolment as an InterMiles member;
6.1.4 banks and payment providers, to authorize and complete payments;
6.1.5 other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents. To protect the personal data, we enter into appropriate processing agreements with such entities that require them to comply with applicable privacy legislation; and
6.1.6 with customs and / or immigration departments or other regulatory authorities or government entities, to comply with legal obligations and ensure the safety of all our passengers and customers.
6.2 From time to time we may share information about you with government organizations and agencies, and international organizations, to comply with applicable laws, regulations and rules. We may also do so to comply with legitimate requests from law enforcement, regulatory and other governmental or international agencies, or when to do so is in our legitimate interests, even if we are not compelled to share that information by applicable law. Further information about when we do this can be found here and here.
7. More about Direct Marketing, Profiling and Automated Decision making.
7.1 Direct marketing
7.1.1 We are committed to keeping you informed about our products and services in line with your personal preferences. We will always ask your permission before sending marketing material, whether about our services or those of our preferred partners.
7.1.2 We will usually send this by email but we may choose to contact you in other ways for example by phone, post, SMS, google chrome extension, web push notification, online membership account in a logged in state and/or other electronic means if that is more appropriate. You can ask us to stop sending you marketing material by any of the means mentioned in section 8.2.2
7.2 Managing your marketing preferences.
7.2.1 Consent to receiving such Marketing Communication is granted by you, through an opt-in process.
22.214.171.124 When a new member agrees to the membership terms and conditions and additionally opts-in to receiving marketing communication, the affirmative consent is implied for all channels of communication and for all Partners.
7.2.2 To protect privacy rights and to ensure that you have control over how we manage marketing with you:
126.96.36.199 we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
188.8.131.52 you can provide or revoke consent, wholly or partially, by logging into the online account at www.intermiles.com and then browsing to the ‘Update Profile’ section;
184.108.40.206 you can also click the "unsubscribe" link that you will find on any online newsletters which you receive.
7.2.3 We participate in custom audience programme of social media & and mobile app platforms (like LinkedIn, Instagram, Facebook and other such social media / digital platforms) to display personalized marketing messages by sharing one or more identifier with such service provider(s). For more information on custom audience targeting, please visit the relevant social media website or mobile app developer.
7.2.4 We also recommend you routinely review the privacy statements and preference settings that are available to you on any social media and / or mobile app platforms.
7.3 More about profiling and analytics.
7.3.1 We may use some of the information you provide to us in order to perform profiling and analytics with the data. We will do this either with your consent or where it is in our legitimate interests.
7.3.3 Some of the legitimate purposes we profile and analyze data include:
7.3.4 to allow us to enhance our provision of services to you;
7.3.5 to provide you with tailored content online and optimize your experience of our websites;
7.3.6 to offer personalized products when you fly with us or use our other services;
7.3.7 to obtain a better understanding of our customers, what you would like to see from us, and how we can improve our services for you;
7.3.8 to share advertising material we believe may be of interest to you, including from our third party partners; and
7.3.9 to help us operate our services more efficiently, including to ensure that our most loyal customers obtain the best services.
7.3.10 If you are a Data Subject with rights under the GDPR then we will take steps to ensure that prior to profiling your information for a legitimate interest that our legitimate interest is not overridden by your own interests or fundamental rights and freedoms. If you are a Data Subject with rights under the GDPR you may have rights to object to us profiling your personal information. You can learn more about profiling and analytics under the GDPR here].
8. Transferring Personal Information Globally.
8.1 We operate our business on a global basis. The countries to which we commonly disclose your personal information include India, where we and InterMiles (our principal programme partner) have our head offices, and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.
8.2 We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
8.2.1 we ensure that transfers within our group of companies will be covered by an agreement entered into by its members (called an “intra-group agreement”). This agreement contractually obliges each member of the Etihad Aviation Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the group;
8.2.2 where we transfer your personal information outside InterMiles or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the "EU - US Privacy Shield" for the protection of personal information transferred from within the European Union ("EU") to the USA; or
8.2.3 where we receive requests for information from government entities, international organizations or regulators, we carefully validate these requests to ensure that it is legally appropriate to share the requested personal information.
8.3 You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.
9. How We Protect and Store your Information.
9.1 How we protect your information.
9.1.1 We invest an appropriate level of resources to protect the security and confidentiality of personal information.
220.127.116.11 We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorized interception;
18.104.22.168 We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorized access to that information; and
22.214.171.124 We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.
126.96.36.199 Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorized access to your device.
188.8.131.52 No administrator of the JPPL will have knowledge of the member’s username or password. It is important for you to protect against unauthorized access to your password and their username. We do not undertake any liability for any unauthorized use of your account, username and password. If you suspect any unauthorized use of your account, you must immediately notify us by sending an email to email@example.com. You shall be liable to indemnify us due to any loss suffered by us due to such unauthorized use of your account or password.
184.108.40.206 Further, to the fullest extent possible under applicable laws, we shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond our reasonable control including but not limited to acts of government, computer hacking, unauthorized access to computer data and storage device, computer crashes, breach of security and encryption, etc.
9.2 Storing your personal information.
9.2.1 We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Should you require information about how we retain particular information you can contact us.
9.2.2 In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
9.3 Safeguarding minor’s online privacy.
9.3.1 We do not knowingly collect personal information from minors (according to applicable laws). If such minor has provided us with personal information without parental or guardian consent, the parent or guardian may contact us, and we will remove the personal information and remove the concerned minor information from any promotional lists or databases.
10. Automatic Collection, Cookies and Mobile.
10.1 Our policy on "cookies"
10.1.1 A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make the InterMiles Website more user-friendly by, for example, allowing us to take you to the language site of last use, so that we can give you a better experience when you return to our website.
10.1.2 Cookies will be deployed on your device when you visit the InterMiles Website unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings.
10.2 Automatic Collection.
10.2.1 When you use the InterMiles Website our servers may automatically collect information such as your internet protocol (IP) address, IP address of your referral site, country, language, browser type, domain name, access time and duration of your session.
11. Your Rights - Legal Rights Available to help manage your Privacy.
11.1 You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.
11.2 Subject to the terms of this Privacy Statement we guarantee that you have the following key rights wherever you are:
11.2.1 To access your personal information. We will tell you what personal information we hold about you. To view the personal information that is recorded with us, you can use your login credentials and access the membership account online at the InterMiles website or at the InterMiles section of the InterMiles website.
11.2.2 To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify. This can be done by calling up the InterMiles service centre or by writing to us by email or by post;
11.2.3 To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law;
11.2.4 For some personal information like name, date of birth etc., we will ask the member to provide additional proof before processing any modification request. This is done to ensure that risk of unauthorized access to the account is minimized;
11.2.5 We reserve the right to verify and authenticate the member’s identity and their personal information in order to ensure accurate delivery of services. Access to or correction, updating or deletion of a member’s personal information may be denied or limited by us if it would violate another person’s rights and/or is not otherwise permitted by applicable law;
11.2.6 Should a member choose to delete his/her personal information, or modify it in a way that is not verifiable by us, or leads to such personal information being incorrect, we will be unable to provide such member with our services, as described under the InterMiles Programme Membership Terms and Conditions, and such deletion or modification may be regarded as the member seeking to discontinue receipt of our services.
11.3 If you benefit from rights as a data subject under the EU General Data Protection Regulation ("GDPR"), you will have certain additional rights in relation to our handling of your personal information.
11.3.1 To access your personal information.
220.127.116.11 You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
11.3.2 To seek rectification of that personal information.
18.104.22.168 You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
22.214.171.124 We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
(a) for compliance with a legal obligation; or
(b) for the establishment, exercise or defense of legal claims.
11.3.3 To erase personal information;
(a) You can also request that we erase your personal information in limited circumstances where:
(b) it is no longer needed for the purposes for which it was collected; or
(c) you have withdrawn your consent (where the data processing was based on consent); or
(d) following a successful exercise of the right to object (see right to object); or
(e) it has been processed unlawfully; or
(f) to comply with a legal obligation to which InterMiles is subject.
11.3.4 To restrict the processing of your personal information;
126.96.36.199 You can ask us to restrict the processing of your personal information, but only where:
(a) its accuracy is contested, to allow us to verify its accuracy; or
(b) the processing is unlawful, but you do not want it erased; or
(c) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
(d) you have exercised the right to object, and verification of overriding grounds is pending.
188.8.131.52 We can continue to use your personal information following a request for restriction, where:
(a) we have your consent; or
(b) to establish, exercise or defend legal claims; or
(c) to protect the rights of another natural or legal person.
11.3.5 To transfer your personal information;
184.108.40.206 You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
(a) the processing is based on your consent or on the performance of a contract with you; and
(b) the processing is carried out by automated means.
11.3.6 To object to the processing of personal information;
220.127.116.11 You can ask us to stop processing your data where our legitimate interest is our legal basis for doing so unless we can show compelling legitimate grounds for continuing to process your data which override your own interests, or where we need to do so in order to defend legal claims against Etihad Group;
11.3.7 To obtain a copy of personal information safeguards used for transfers outside your jurisdiction;
18.104.22.168 You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms; and
11.3.8 To lodge a complaint with your local supervisory authority.
22.214.171.124 You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
126.96.36.199 We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
11.4 A further explanation of these general key rights and the GDPR specific rights is outlined under each heading. Please click on these for further details.
11.5 You may have other rights depending upon the country you are in. You may therefore have rights to lodge a complaint to a local privacy authority; however, whether you lodge a complaint, and who you lodge it with, is solely your responsibility.
11.6 If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.
11.7 You can exercise your rights by contacting us at firstname.lastname@example.org. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfil your request.
11.8 We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
12. Contact Us.
12.1.1 For members in India: In accordance with the Information Technology Act, 2000 and rules made there under, the name and contact details of the Grievance Redressal Officer are provided below. You may write to the Grievance Redressal Officer (Data Protection & Privacy) at the following addresses:
Post: Grievance Redressal Officer (Data Protection & Privacy), PO box no 8905, Saki Vihar, Andheri East, Mumbai PIN 400072, Maharashtra, India.
12.1.2 For members not in India: The primary point of contact for all issues arising from this privacy statement, is the Etihad Aviation Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Please email us at email@example.com or write to the Data Protection Officer, Etihad Aviation Group, PO Box 35566, Abu Dhabi, United Arab Emirates.
12.1.3 If you have any questions, concerns or complaints regarding our compliance with this statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honor your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
12.2 To contact your data protection supervisory authority.
12.2.1 In some countries, you may have a right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
13. Our Representative in the EU.
13.1 Etihad Aviation Group P.J.S.C. is represented in the European Union by Etihad Airways P.J.S.C. through its European regional headquarters in London. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our London office:
For the Attention of the Etihad Aviation Group Data Protection Officer,
200 Hammersmith Road
London, W6 7DL