Introduction.
1.1 The entity responsible for your personal information is Jet Privilege Pvt. Limited.
1.2 Jet Privilege Pvt. Limited forms part of Etihad Aviation Group P.J.S.C. and is a Limited Liability Company incorporated in India Mumbai, Maharashtra, India.
1.3 At Jet Privilege Pvt. Limited, and our affiliates and branch offices (collectively referred to as "JPPL", "InterMiles", "we", "us"), we take our data protection and privacy responsibilities seriously. This statement describes how we collect, process, use, disclose and transfer your personal information as a data controller. It covers instances when you contact us, use our services or interact with our website, www.intermiles.com or its sub-domains (the "InterMiles Website").
1.4 This privacy statement contains provisions that are applicable specifically to members who are located in India, and other provisions that are applicable to members who are located outside of India. It also contains provisions that apply specfically to members who are located in the EU and whose data is protected by the General Data Protection Regulation (GDPR).
2. FOR MEMBERS IN INDIA
2.1 If you are based in India, we shall process your personal data on the basis of your consent. Therefore, by agreeing to this Privacy Policy and the InterMiles Programme Membership Terms and Conditions at the time of enrolment, you are providing us your affirmative consent that we will collect, store, process and transfer personal information in accordance with the details mentioned below.
2.2 By becoming a member of InterMiles or by otherwise giving us your information, you will be deemed to have the capacity to enter into a legally binding contract the Indian Contract Act, 1872, and consequently, you will be deemed to have read, understood and agreed to the practices and policies outlined in this Privacy Policy and agree to be bound by the same.
2.3 If you do not agree with this privacy policy at any time, in part or as a whole, do not become a member of InterMiles or provide us with any of your information for any reason.
2.4 Any changes to this Policy will also be applicable to data that has already been collected and stored.
2.5 InterMiles will endeavour to keep members informed of any significant change to this Privacy Policy. After a change in the Policy is notified to a member, if he / she continues with the membership, then consent and acceptance of the new policy is implied except in the case of changes which has a material impact on the processing of personal data collected basis previous consent. In the event of a change in the law applicable to data protection in India, you hereby expressly consent to our continued use, storage, collection and disclosure of your information including personal information to the fullest extent permitted under such applicable law. We may reach out to you for obtaining additional consents and approvals as required under the amended law and you will be required to comply with such requests. Should you choose to not provide us with such additional consents and approvals, we may have to discontinue provision of our services to you.
2.6 Third Party Websites
The InterMiles Website may link you to other websites or platforms (“Third Party Links” or “Third Party” or “third parties”) which may require members to disclose their information.You acknowledge and agree that we are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use. We will only collect, process and use other personal data from websites operated by third parties in accordance with applicable laws. You acknowledge and agree that, to the fullest extent possible under applicable law, we are not liable for any loss or damage which may be incurred by you or any member as a result of the collection and/or disclosure of information via Third Party Links, as a result of any reliance placed by them on the completeness, accuracy or existence of any advertising, products services, or other materials on, or available via such Third Party Links. This will include all transactions, and information transmitted therein, between you or any member and any such Third Party Links or applications or resources, such transactions are strictly bi-partite. We shall not be liable for any disputes arising from or in connection with such transactions between the members and the aforementioned third parties.
Such Third Party Links, and external applications or resources, accessible via the Third Party Links may have their own privacy policies governing the collection, storage, retention and disclosure of information that the members may be subject to. We recommend that you familiarise yourself with such policies and exercise reasonable diligence, as you would in traditional offline channels and practice judgment and common sense before committing to any transaction or exchange of information, including but not limited to reviewing the third party website or application’s privacy policy.
2.7 Sensitive Personal Data (SPDI)
During the membership in the InterMiles programme, a member can optionally share other kinds of data with the programme. For example: passport details, alternate contact number, meal preference or dietary requirement, other interests or preferences, preferred language for service centre interactions etc. Preference data can imply or suggest a member’s religion, health or other information which may include SPDI (as defined below). You agree and acknowledge that JPPL does not intentionally collect any SPDI and SPDI being discernible from such data will not amount to JPPL collecting SPDI
2.8 For the purposes of members who are based in India, Sensitive Personal Data or Information (“SPDI”) shall have the same meaning as been defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India
3. FOR MEMBERS LOCATED OUTSIDE OF INDIA
3.1 If you are not located in India, we shall process your personal data under one or more of the legal bases set out below (see ‘LEGAL BASIS FOR USING YOUR DATA’).
3.2 This Privacy Statement is not a contract and does not create any legal rights or obligations.
3.3 Terms of Use
Use of the InterMiles Website is subject to our terms of acceptable use, found in our Terms and Conditions. Any products and services supplied are subject to our Terms and Conditions.
3.4 Updates
We may amend this statement from time to time to keep it up to date with legal requirements and the way we operate our business. Please regularly check these pages for the latest version of this statement. If we make material changes to this privacy statement, we will seek to inform you by notice on our website or email ("Notice of Change").
3.5 Third Party Websites
The InterMiles Website may link you to other websites. We are not responsible for the way in which third party websites operate or the way in which they may process any personal information, which you provide to them. It is important that you understand this and check their respective privacy policies and terms of use.
4. WHAT PERSONAL INFORMATION WE COLLECT AND WHEN AND WHY WE USE IT
In this section you can find out more about:
• the types of personal information we collect
• when we collect personal information
• how we use personal information
4.1 We will collect the following personal data from you at various stages of your enrolment into InterMiles.
4.2 When you enrol into “InterMiles" you provide us the following information: name, address, email address, date of birth, telephone number, business details (Company name, job title, address and contact information). Such information is collected only if volunteered by you and not automatically.
4.3 When you enrol in "InterMiles" or if you are already a InterMiles member, you may provide information to us that enables us to create a traveller profile for you, which is optional. To create a traveller profile, you will be asked to provide any or all of the information such as your name, address, email address, date of birth, telephone number, InterMiles number (if you already have one), as well as information about your travel preferences, hobbies, business details (Company name, job title, address and contact information) and other preferences. You will also be asked to choose a password. Although becoming a InterMiles member and providing profile information makes purchasing tickets or making a reservation on the Site easier and allows us to provide you with special offers and promotions, you are not required to register with InterMiles and create a profile to use our Site to purchase certain products and services or make reservations.
4.4 If you visit our Site to just browse, read pages or download information, but do not enrol into InterMiles, we may gather and store information about you such as site browsing behaviour, social media behaviour, device related details, location details about your visit automatically. This information may or may not identify you personally. We have elaborated on the kind of information that we gather automatically below.
4.5 InterMiles may partner with third party data aggregators (digital and offline), to collect and store additional information like affinities and preferences about members and prospective members at a segment level
4.6 We use personally identifiable information that we collect about you to enrol you in InterMiles and to ensure that you receive applicable mileage credits for travel purchases, for participating flights and other InterMiles partner activities/benefits. We also use this personally identifiable information to communicate with you concerning your InterMiles account and to notify you of any special promotions for which you might be eligible
4.7 We also use InterMiles profile information to perform a number of functions including:
4.7.1 pre-filling certain data fields to eliminate the need for you to type the same information multiple times;
4.7.2 informing you about the programme and your benefits;
4.7.3 performing certain booking functions;
4.7.4 billing you for your reservation;
4.7.5 sending you offers that may be of value;
4.7.6 sending you your membership card;
4.7.7 notifying you of a flight change, reservation confirmation or a special price or fare offering;
4.7.8 to deliver programme and recognition benefits as well as various other services;
4.7.9 for dispute or complaints resolutions and / or for answering queries about service requests;
4.7.10 to comply with applicable law;
4.7.11 to help detect and prevent abuse or fraud or criminal activity or aid law enforcement agencies;
4.7.12 for any other purposes or activities that are notified on InterMiles websites from time to time, including this statement; and
4.7.13 aggregated data and / or segment level data is used in different analysis and market research that helps to refine the programme continuously and develop relevant and novel products / services / offers for members and prospective members.
4.8 We may communicate with you to invite you to join InterMiles if you have an existing or recent booking with Jet Airways and are not already a member. However, we will only do so where you have given your consent to Jet Airways for us to do so.
4.9 You may choose to not provide us with, or to withdraw any or all of your personal information, but in the event that you do so, we will be unable to provide you with our services and you will not be able to be a member of InterMiles.
5. LEGAL BASIS FOR USING YOUR DATA
5.1 We will only collect, use and share your personal information where we have an appropriate legal basis to do so. Appropriate legal bases include:
5.1.1 where we need to use your personal information to perform a contract or take steps to enter into a contract with you, for example to take payment for and manage the terms of any travel booking you have with us, or complete your travel arrangements, if you are a passenger on a flight booking or if you are a guest on a hotel booking;
5.1.2 our legitimate interests as a commercial organisation, for example we may record calls to our customer service centre so that we can review our call handling processes and ensure we provide a continuously high standard of customer service; we may use customer contact information to keep our customers informed about flight changes and other important service messages; we may also let you know about our new routes and special offers that may be of interest to you - in these cases we will respect your privacy rights and ensure you may object to processing as explained in the "Your Rights" section below;
5.1.3 where we need to use your personal information to comply with a relevant legal or regulatory obligation that we have, for example in some countries we are required to share Advance Passenger Details with law enforcement officials in destination airports before departure, as described; and
5.1.4 where we have your consent to using your personal information for a particular activity, for example to share with you special offers from ourselves and our partners that we consider may be of interest to you.
5.2 To help you understand the legal grounds on which we process your data, please see the table below that sets out the legal bases upon which we process your personal information in certain circumstances. There may be one or more legal bases applicable to the activities listed. These may be amended and updated from time to time.
Grid | What we use your information for | Further details | Legal basis for using personal information |
---|---|---|---|
1 |
To manage transactions and services that we may provide to you. |
To ensure that we can carry out any transactions and services you request, such as the purchase of tickets, additional miles, and to make reservations, we will process personal information about you such as your InterMiles number or username. |
To perform our contract with you |
2 |
To enrol you as an InterMiles member |
In order to enroll you into InterMiles, we will need to process personal information about you such as your name, date of birth, address, email, telephone, InterMiles username, InterMiles password (which is hashed), identifiers for professionals (e.g., medical license number / pilot license number), online website tracking (cookies, IP address captured), or mobile device level attributes and family accounts and details. |
Entry into a contract |
3 |
To create a traveller profile |
In order for us to create a traveler profile for you, we will need to process personal information about you such as your name, date of birth, address, email, telephone, InterMiles number, travel preferences, hobbies, business details (Company name, job title, address and contact information) and other preference. |
Our legitimate interests |
4 |
To provide you with customer support. |
In order to provide you with customer support including for inbound calls relating to bookings, to modify bookings, special services, cancellations and refunds, ancillary sales, and outbound calls for disruption related messages we will need to process personal information about you such as your name, date of birth, address, email, telephone, any frequent flyer number (if shared with us), InterMiles number, reservation reference (like PNR or Booking ID), ticket number, online website tracking (cookies, IP address of your referral site, country, language, browser type, domain name, access time and duration of your session) or mobile device level attributes. We may also need to process special categories of personal data health / medical information (e.g. wheelchair, oxygen tank, etc.). |
Our legitimate interests. |
5 |
To keep you informed about our products and services |
In order to keep you informed about our products and services, we will need to process personal information about you including your name, address, email address, and InterMiles membership number, online website tracking (cookies, IP address of your referral site, country, language, browser type, domain name, access time and duration of your session) or mobile device level attributes |
Our legitimate interests |
6 |
To communicate with you about new offers and services from affiliates and partners of InterMiles. |
In order to keep you informed about new offers and services from partners with respect to which you may earn or burn InterMiles, such as new routes, fare specials, member exclusive tariffs and deals and exclusive or special promotions for InterMiles members, we will need to process personal information about you such as your name, date of birth, address, email, telephone, online website tracking (cookies, IP address of your referral site, country, language, browser type, domain name, access time and duration of your session) or mobile device level attributes |
Our legitimate interests. |
7 |
To engage in surveys with you. |
In order to obtain feedback from you via surveys in relation to our services and other matters related to our business, we will need to process personal information such as your name, date of birth, address, email address, telephone number, reservation reference (like PNR or Booking ID) and ticket number. |
Our legitimate Interests. |
8 |
To offer opportunities to you to enter into competitions or prize draws. |
In order to enter you into the competitions or prize draws and award the prizes we will need to process personal information such as your name, date of birth, address, email address, telephone number, , passport, InterMiles membership number, booking reference (like PNR or Booking ID), and ticket number. |
Our legitimate Interests. |
9 |
To manage our frequent flyer programme. |
In order to manage our frequent flyer programme, such as sending marketing materials, service and/or transaction correspondence, account information and summaries, and point redemption, we will need to process personal information such as your name, date of birth, address, email, telephone, credit card number, credit card expiry date, InterMiles number, booking reference, and ticket number. |
To perform out contract with you |
10 |
To handle complaints made by you. |
In order to handle any complaints you make to us, we will need to process your personal information such as your name, date of birth, address, email, telephone, details about a payment instrument that you may used to make a purchase with us, photograph, passport, InterMiles membership number, username, password, booking reference (like PNR or Booking ID), ticket number |
Legitimate Interests. |
11 |
To comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon legitimate requests. |
In order to comply with a legal or regulatory obligation, including providing specific information to law enforcement or similar bodies upon request we will need to process your personal information such as your name, date of birth, address, email, telephone, , details about payment instrument used, passport, InterMiles membership number, booking reference (like PNR or Booking ID), ticket number |
Legal obligation |
12 |
To comply with a legitimate request from law enforcement or similar bodies to share information with them. |
In order for us to comply with a request by law enforcement or similar bodies to share information with them we may need to process your personal information such as your name, date of birth, address, email, telephone, details of payment instrument used, passport, InterMiles membership number, booking reference (like PNR or Booking ID), ticket number, identifiers for professionals. |
Our legitimate Interests |
13 |
In the event that you start a legal claim against us and we need to defend that legal claim. |
In order for us to defend any claim brought by you or a third party, we may need to process your personal information such as your name, date of birth, address, email, telephone, details of payment instrument used, photograph, passport, InterMiles membership number, booking reference (like PNR or Booking ID), ticket number. We may also need to process special categories of personal data such health medical information you may have given us. |
Our legitimate Interests |
14 |
In the event that we start a legal claim against you. |
In the event that we wish to commence a claim against you we may need to process your personal information such as your name, date of birth, address, email, telephone, details of payment instrument used, passport, InterMiles membership number, booking reference (like PNR or Booking ID), ticket number. We may also need to process special categories of personal data such as any medical information you may have given us. |
Our legitimate Interests |
6. HOW WE SHARE INFORMATION WITH OTHERS
6.1 We work closely with a number of trusted partners with whom we need to share information to help us provide our services:
6.1.1 our group or affiliate companies around the world, including other InterMiles brands;
6.1.2 partner airlines where you are travelling on a booking which involves a codeshare;
6.1.3 frequent flyer and other reward and partner programmes where required to enable you to earn or utilize frequent flyer miles by virtue of your enrolment as a InterMiles member;
6.1.4 banks and payment providers, to authorise and complete payments;
6.1.5 other third parties who help manage our business and deliver services. For example, these may include IT service providers who help manage our IT and back office systems, or third party booking agents. To protect the personal data, we enter into appropriate processing agreements with such entities that require them to comply with applicable privacy legislation; and
6.1.6 with customs and / or immigration departments or other regulatory authorities or government entities, to comply with legal obligations and ensure the safety of all our passengers and customers.
6.2 From time to time we may share information about you with government organizations and agencies, and international organisations, to comply with applicable laws, regulations and rules. We may also do so to comply with legitimate requests from law enforcement, regulatory and other governmental or international agencies, or when to do so is in our legitimate interests, even if we are not compelled to share that information by applicable law. Further information about when we do this can be found here and here.
6.3 If, in the future, we sell or transfer some or all of our business or assets to a third party, we may disclose or transfer information including your personal information to a potential or actual third party purchaser of our business or assets, whether such acquisition or investment is by way of a merger, consolidation or purchase of all or a substantial portion of our assets. Any third party to which we transfer or sell our assets, merge or consolidate with, or any investor, will have the right to continue to use your information including personal information provided to us, in accordance with this Privacy Policy and our other policies as specified herein
7. MORE ABOUT DIRECT MARKETING, PROFILING AND AUTOMATED DECISION MAKING
7.1 Direct marketing
7.1.1 We are committed to keeping you informed about our products and services in line with your personal preferences. We will always ask your permission before sending marketing material, whether about our services or those of our preferred partners.
7.1.2 We will usually send this by email but we may choose to contact you in other ways for example by phone, post, SMS, google chrome extension, web push notification, mobile app push notification, in-app notification, online membership account in a logged in state and/or other electronic means if that is more appropriate. You can ask us to stop sending you marketing material by any of the means mentioned in section 8.2.2
7.2 7.2 Managing your marketing preferences
7.2.1 Consent to receiving such Marketing Communication is granted by you, through an opt-in process.
7.2.1.1 When a new member agrees to the membership terms and conditions and additionally opts-in to receiving marketing communication, the affirmative consent is implied for all channels of communication and for all Partners.
To protect privacy rights and to ensure that you have control over how we manage marketing with you:
7.2.2.1 we will take steps to limit direct marketing to a reasonable and proportionate level and only send you communications which we believe may be of interest or relevance to you;
7.2.2.2 you can provide or revoke consent, wholly or partially, by logging into the online account at www.intermiles.com and then browsing to the ‘Update Profile’ section;
7.2.2.3 you can also click the "unsubscribe" link that you will find on any online newsletters which you receive;
7.2.2.4 you can change the way your browser or device manages cookies, which may be used to deliver online advertising, by following the settings on your browser as explained in our Cookie Policy page.
7.2.3 We participate in custom audience programme of social media & and mobile app platforms (like Linkedin, Instagram, Facebook and other such social media / digital platforms) to display personalised marketing messages by sharing one or more identifier with such service provider(s). For more information on custom audience targeting, please visit the relevant social media website or mobile app developer.
7.2.4 We also recommend you routinely review the privacy statements and preference settings that are available to you on any social media and / or mobile app platforms.
7.3 More about profiling and analytics
7.3.1 We may use some of the information you provide to us in order to perform profiling and analytics with the data. We will do this either with your consent or where it is in our legitimate interests.
7.3.2 One of the methods by which we do this is by installing and using Cookies on your browser or device. You can learn more about how to adjust settings relating to Cookies on your browser and device, and about our Cookie Policy in the section titled Cookies and Mobile, below.
7.3.3 Some of the legitimate purposes we profile and analyse data include:
7.3.4 to allow us to enhance our provision of services to you;
7.3.5 to provide you with tailored content online and optimise your experience of our websites;
7.3.6 to offer personalised products when you fly with us or use our other services;
7.3.7 to obtain a better understanding of our customers, what you would like to see from us, and how we can improve our services for you;
7.3.8 to share advertising material we believe may be of interest to you, including from our third party partners; and
7.3.9 to help us operate our services more efficiently, including to ensure that our most loyal customers obtain the best services.
7.3.10 If you are a Data Subject with rights under the GDPR then we will take steps to ensure that prior to profiling your information for a legitimate interest that our legitimate interest is not overridden by your own interests or fundamental rights and freedoms. If you are a Data Subject with rights under the GDPR you may have rights to object to us profiling your personal information. You can learn more about profiling and analytics under the GDPR here.
8. TRANSFERRING PERSONAL INFORMATION GLOBALLY
8.1 We operate our business on a global basis. The countries to which we commonly disclose your personal information include India, where we and Jet Airways (our principal programme partner) have our head offices, and the countries where you are flying to and from. Some of these countries, for example, the UAE and the USA, have laws which do not offer, in the opinion of the European Commission or other supervisory authorities, an adequate level of data protection.
8.2 We will always strive to adopt the highest standards of privacy protection, wherever your personal information is located and adopt appropriate measures (consistent with locally applicable laws) to secure an adequate level of privacy protection. We will take appropriate steps to ensure that transfers of personal information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. Transfers will be limited to countries which are recognized as providing an adequate level of legal protection or where we can be satisfied that alternative arrangements are in place to protect your privacy rights. To this end:
8.2.1 we ensure that transfers within our group of companies will be covered by an agreement entered into by its members (called an “intra-group agreement”). This agreement contractually obliges each member of the Etihad Aviation Group to ensure that personal information receives an adequate and consistent level of protection wherever it is transferred within the group;
8.2.2 where we transfer your personal information outside InterMiles or to third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information. Some of these assurances are well recognized certification schemes like the "EU - US Privacy Shield" for the protection of personal information transferred from within the European Union ("EU") to the USA; or
8.2.3 where we receive requests for information from government entities, international organisations or regulators, we carefully validate these requests to ensure that it is legally appropriate to share the requested personal information.
8.3 You have a right to contact us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of your personal information when this is transferred as mentioned above. See also the section titled "Your Rights", below.
9. HOW WE PROTECT AND STORE YOUR INFORMATION
9.1 How we protect your information
9.1.1 We invest an appropriate level of resources to protect the security and confidentiality of personal information.
9.1.1.1 We offer the use of secure communication transmission software (known as "secure sockets layer" or "SSL") that encrypts all information you input to our website before it is sent to us. SSL is an industry standard encryption protocol and this ensures that the information is reasonably protected against unauthorised interception;
9.1.1.2 We also follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access to that information; and
9.1.1.3 We take all reasonable and appropriate steps to protect your personal information but cannot guarantee the security of any data you disclose to us via email or online.
9.1.1.4 Where you disclose information to us using our mobile app, please ensure that your device remains safe. We cannot be held responsible for any data misuse arising from unauthorised access to your device.
9.1.1.5 No administrator of the JPPL will have knowledge of the member’s password. It is important for you to protect against unauthorized access to your password and their username. We do not undertake any liability for any unauthorised use of your account, username and password. If you suspect any unauthorized use of your account, you must immediately notify us by sending an email to memberservices@intermiles.com. You shall be liable to indemnify us due to any loss suffered by us due to such unauthorized use of your account or password.
9.1.1.6 Further, to the fullest extent possible under applicable laws, we shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond our reasonable control including but not limited to acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc.
9.2 Storing your personal information
9.2.1 We will store your personal information for as long as is reasonably necessary for the purposes for which it was collected, as explained in this statement. Where your information is no longer required, we will ensure it is disposed of in a safe manner. In some circumstances we may need to store your personal information for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, accounting requirements. Should you require information about how we retain particular information you can contact us.
9.2.2 In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.
9.3 Safeguarding minors online privacy
9.3.1 We do not knowingly collect personal information from minors (according to applicable laws). If such minor has provided us with personal information without parental or guardian consent, the parent or guardian may contact us, and we will remove the personal information and remove the concerned minor information from any promotional lists or databases.
10. AUTOMATIC COLLECTION, COOKIES AND MOBILE, MOBILE APP PERMISSIONS
10.1 Our policy on "cookies"
10.1.1 A cookie is an element of data that a website sends to your browser, which then stores it on your system. Cookies may collect personal information about you. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our website. Cookies also allow us to make the InterMiles Website more user-friendly so that we can give you a better experience when you return to our website.
10.1.2 Cookies will be deployed on your device when you visit the InterMiles Website unless you indicate that you do not wish this to happen or if you have turned this feature 'off' in your web browser or device settings.
10.1.3 For more information about how our cookies work and information about how to manage your cookie settings please visit our Cookie Policy.
10.2 Automatic Collection
10.2.1 When you use the InterMiles Website our servers may automatically collect information such as your internet protocol (IP) address, IP address of your referral site, country, language, browser type, domain name, access time and duration of your session.
10.2.2 When you use the mobile application of InterMiles (or any other app owned and managed by JPPL), we automatically collect & store information about your device identifier which uniquely identifies your mobile device. This information includes, but is not limited to, the following data: unique ID(s) of your device, device type, information on the hardware & operating system, mobile network related information (cellular or mobile internet, wi-fi etc.), version of the mobile app, language set, time-zone & other information. Such device level attributes deliver information to us or to a third party partner about how you browse and use our services, helps in measuring engagement or provide various reports or personalized communicaton
10.3 Permissions sought for using mobile applications
10.3.1 When you install and use the mobile application of InterMiles (or any other app owned and managed by JPPL), we collect, store and process the information sent to us by the access device (mobile phone or tablet or any other such device). However, at the time of installation or of first use, a list of permissions that the app is seeking, is shown to you. You have to explicitly provide permission so that the app can function properly. Once the permission is granted, only then the information is sent to us. The app is unlikely to function if some of the permissions are denied
10.3.2 For the app to function, it will ask for the following permissions:
• Location (applicable to devices with Android OS or iOS): When you give permission to the app (s) to access your location, it accesses the location services feature of your device. This is required to offer you location based functions like available partner stores / locations near you or to prepopulating departure city in a form or to display offers specific to the location. This permission can be turned off by accessing the ‘Settings’ section on your device
• Reading SMS (applicable to devices with Android OS): When you allow the app to read SMS content, it will read the SMS to prepopulate text messages like ‘one time passwords’ (OTP) while a transaction is being done through the app. This helps in saving time and makes the experience more pleasant as you don’t have to leave the app to read the OTP text
• Notifications (applicable to devices with Android OS or iOS): Once the app is given permission to send notifications, it is used to communicate, via your device screen, various relevant and personalised messages like booking and payment confirmation, any deals and offers that we legitimately think might be of interest to you. This permission can be turned off by accessing the ‘Notifications’ section on your device
10.3.3 To access certain features of the application, you may also be required from time to time, to grant additional permissions like accessing and using your camera, microphone, image gallery, to make phone calls or send messages, or to otherwise access, collect or modify personal information including biometric information, location information
11. YOUR RIGHTS - LEGAL RIGHTS AVAILABLE TO HELP MANAGE YOUR PRIVACY
11.1 You may have certain legal rights regarding your personal information depending upon the country you are in or how we interact with you. You can learn more about this in this section.
11.2 Subject to the terms of this Privacy Statement we guarantee that you have the following key rights wherever you are:
11.2.1 To access your personal information. We will tell you what personal information we hold about you. To view the personal information that is recorded with us, you can use your login credentials and access the membership account online at the InterMiles website (or at the InterMiles section of the Jet Airways website)
11.2.2 To seek rectification of that personal information. Where the personal information we hold about you is inaccurate we will rectify this, upon your request. Note that this right may be limited in terms of the scope of detail that we will or can rectify. This can be done by calling up the InterMiles service centre or by writing to us by email or by post;
11.2.3 To lodge a complaint to us. We will receive and handle your complaints in accordance with best practice and depending upon where you are and whether we are subject to it, any applicable law;
11.2.4 For some personal information like name, date of birth, mobile number etc, we will ask the member to provide additional proof before processing any modification request. This is done to ensure that risk of unauthorised access to the account is minimised;
11.2.5 We reserve the right to verify and authenticate the member’s identity and their personal information in order to ensure accurate delivery of services. Access to or correction, updating or deletion of a member’s personal information may be denied or limited by us if it would violate another person’s rights and/or is not otherwise permitted by applicable law;
11.2.6 Should a member choose to delete his/her personal information, or modify it in a way that is not verifiable by us, or leads to such personal information being incorrect, we will be unable to provide such member with our services, as described under the InterMiles Programme Membership Terms and Conditions, and such deletion or modification may be regarded as the member seeking to discontinue receipt of our services.
11.3 If you benefit from rights as a data subject under the EU General Data Protection Regulation ("GDPR"), you will have certain additional rights in relation to our handling of your personal information
11.3.1 To access your personal information
11.3.1.1 You have a right to request that we provide you with a copy of your personal information that we hold and you have the right to be informed of; (a) the source of your personal information; (b) the purposes, legal basis and methods of processing; (c) the data controller’s identity; and (d) the entities or categories of entities to whom your personal information may be transferred.
11.3.2 To seek rectification of that personal information
11.3.2.1 You have a right to request that we rectify inaccurate personal information. We may seek to verify the accuracy of the personal information before rectifying it.
11.3.2.2 We are not required to comply with your request to erase personal information if the processing of your personal information is necessary:
(a) for compliance with a legal obligation; or
(b) for the establishment, exercise or defence of legal claims.
11.3.3 To erase personal information;
(a) You can also request that we erase your personal information in limited circumstances where:
(b) it is no longer needed for the purposes for which it was collected; or
(c) you have withdrawn your consent (where the data processing was based on consent); or
(d) following a successful exercise of the right to object (see right to object); or
(e) it has been processed unlawfully; or
(f) to comply with a legal obligation to which InterMiles is subject.
11.3.4 To restrict the processing of your personal information;
11.3.4.1 You can ask us to restrict the processing of your personal information, but only where:
(a) its accuracy is contested, to allow us to verify its accuracy; or
(b) the processing is unlawful, but you do not want it erased; or
(c) it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
(d) you have exercised the right to object, and verification of overriding grounds is pending.
11.3.4.2 We can continue to use your personal information following a request for restriction, where:
(a) we have your consent; or
(b) to establish, exercise or defend legal claims; or
(c) to protect the rights of another natural or legal person.
11.3.5 To transfer your personal information;
11.3.5.1 You can ask us to provide your personal information to you in a structured, commonly used, machine-readable format, or you can ask to have it transferred directly to another data controller, but in each case only where:
(a) the processing is based on your consent or on the performance of a contract with you; and
(b) the processing is carried out by automated means.
11.3.6 To object to the processing of personal information;
11.3.6.1 You can ask us to stop processing your data where our legitimate interest is our legal basis for doing so unless we can show compelling legitimate grounds for continuing to process your data which override your own interests, or where we need to do so in order to defend legal claims against Etihad Group;
11.3.7 To obtain a copy of personal information safeguards used for transfers outside your jurisdiction;
11.3.7.1 You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union. We may redact data transfer agreements to protect commercial terms; and
11.3.8 To lodge a complaint with your local supervisory authority.
11.3.8.1 You have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are processing your personal information.
11.3.8.2 We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
11.4 A further explanation of these general key rights and the GDPR specific rights is outlined under each heading. Please click on these for further details.
11.5 You may have other rights depending upon the country you are in. You may therefore have rights to lodge a complaint to a local privacy authority; however whether you lodge a complaint, and who you lodge it with, is solely your responsibility.
11.6 If you wish to access any of these rights, we may ask you for additional information to confirm your identity and for security purposes, in particular before disclosing personal information to you. We reserve the right to refuse to provide this additional information if your request is manifestly unfounded or excessive.
11.7 You can exercise your rights by contacting us at ethicscompliance@etihad.ae. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request.
11.8 We may not always be able to address your request fully, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
12. CONTACT US
12.1.1 For members in India: In accordance with the Information Technology Act, 2000 and rules made there under, the name and contact details of the Grievance Redressal Officer are provided below. You may write to the Grievance Redressal Officer (Data Protection & Privacy) at the following addresses:
Email: dpo@intermiles.com
Post: Grievance Redressal Officer (Data Protection & Privacy), PO box no 8905, Saki Vihar, Andheri East, Mumbai PIN 400072, Maharashtra, India.
12.1.2 For members not in India: The primary point of contact for all issues arising from this privacy statement, is the Etihad Aviation Group Data Protection Officer. The Data Protection Officer can be contacted in the following ways:
Please email us at ethicscompliance@etihad.ae or write to the Data Protection Officer, Etihad Aviation Group, PO Box 35566, Abu Dhabi, United Arab Emirates
12.1.3 If you have any questions, concerns or complaints regarding our compliance with this statement and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us. We will investigate and attempt to resolve complaints and disputes and will make every reasonable effort to honour your wish to exercise your rights as quickly as possible and in any event, within the timescales provided by data protection laws.
12.2 To contact your data protection supervisory authority
12.2.1 In some countries, you may have a right to lodge a complaint with your local data protection supervisory authority. We ask that you please attempt to resolve any issues with us before your local supervisory authority.
13. OUR REPRESENTATIVE IN THE EU
13.1 Etihad Aviation Group P.J.S.C. is represented in the European Union by Etihad Airways P.J.S.C. through its European regional headquarters in London. The group Data Protection Officer can be contacted either directly by email or post using the details given in the previous section, or by writing to our London office:
For the Attention of the Etihad Aviation Group Data Protection Officer,
Etihad Airways,
200 Hammersmith Road