Privacy policy

TIRRENAIR PRIVACY POLICY

This document aims to give you all the available information on the processing of personal data that TIRRENAIR may implement in the context of its activity as an air carrier.

Privacy policy for the processing of personal data.
AIR FIRE. Release 1.0.0. Posted on 07/08/2024

Chapter 1 — General

1.1 — PURPOSE OF THIS DOCUMENT

This document aims to give you all the available information on the processing of personal data that TIRRENAIR can implement in the context of its activity as an air carrier. By personal data, we will mean here all personal data concerning TIRRENAIR customers, but also persons requesting information from us, but also persons requesting information from us or using one of our information tools (websites, mobile applications, social networks) .This processing may result from direct exchanges. With TIRRENAIR or exchanges with one of our partners (Travel Agents, etc.) .This document is intended to be as clear and explicit as possible. We remain at your disposal to provide you with any additional information that may be necessary. This document does not concern the processing of personal data relating to our exchanges with our suppliers, the various public and private organizations involved in the operation of our Company or even operations relating to the management of our staff.

1.2 — DEFINITIONS

1.2.1 Personal data

Personal data means any information relating to an identified or identifiable natural person, i.e. a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity (for example name, first name, online identifier, or to one or more elements specific to his physical, physiological, genetic, psychological, economic, cultural or social identity (for example name, first name, date of birth, sex, photography, address, email address, telephone number, IP address...).

1.2.2 RGPD

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, or RGPD). The text is available at the following address: https://www.cnil.fr/fr/reglement-europeen-protection-donnees

1.2.3 www.tirrenair.com

The Internet portal tirrenair.com is operated by SAS ALTOR, RCS 948 494 596 AJACCIO under the trademark TIRRENAIR, 13 rue Jean Jaures 20137, Porto Vecchio, 20137, Porto Vecchio. Standard phone: assignment in progress

1.2.4 Responsible for the processing of personal data

The person responsible for processing your personal data is TIRRENAIR, represented by its President of SAS ALTOR.

1.2.5 Data Protection Officer

The data protection officer, also called DPO (for Data Protection Officer or even sometimes Data Privacy Officer) is the person in charge of the protection of personal data within an organization.

1.2.6 Supervisory authority

In terms of the protection of personal data, the competent authority in France is the CNIL (Commission Nationale de l'Informatique et des Libertés, https://www.cnil.fr).

1.2.7 TIRRENAIR Information System

The TIRRENAIR information system includes all the computer resources used by our Company to carry out our activity as an air carrier.

1.3 — PURPOSES OF COLLECTING AND PROCESSING PERSONAL DATA

TIRRENAIR collects and processes personal data for the following reasons (purposes):

• Establish with its customers, directly or through its partners, commercial transport contracts, which comply with current regulations, in particular air transport regulations.
• Offer its customers and potential customers the best possible experience, especially when visiting our websites or using our mobile applications.
• Promote our company, by informing the population of Internet users.
• Develop our business, offering our services to potential customers thanks to the possibilities offered today by digital marketing tools.
• Participate in the national and European effort to fight crime and terrorism, by complying with our obligations in terms of collaboration with the police services. In particular, in accordance with article L.232-7 of the Internal Security Code, TIRRENAIR is required to transmit the reservation, check-in and boarding data of their passengers (PNR/API) to the French administration, according to the processing methods and for the purposes set out in Decree No. 2014-1095 of 26/09/2014, amended by Decree No. 2018-714 of 03/08/2018.
• Ensure the safety and security of flights by identifying and denying boarding to passengers who cannot be admitted, among other things for having already violated flight discipline rules or when these passengers are not allowed to leave or enter a territory. The passenger is also informed that any incident that occurs during the execution of the transport contract is likely to affect the safety or security of a flight may be the subject of a computer record.

The GDPR clearly identifies the purposes that can justify and legitimize the collection and processing of personal data. These points will be specified later in this document.

Chapter 2 — Processing of personal data linked to the Company's websites

2.1 — PERSONAL DATA COLLECTED AND PROCESSED BY US

Initially, we can distinguish between two main types of personal data processed:

• personal data collected and recorded automatically by our websites, and in particular www.tirrenair.com
• the personal data entered by you via the various forms on our websites, and www.tirrenair.com

‍

2.1.1 Personal data collected and stored automatically

During your visit to tirrenair.com we collect and record non-personal data about you. We will explain to you in the rest of the document the treatments applied to this data.

2.1.2 Personal data collected and recorded via forms

During your tirrenair.com we collect and record data entered by you by filling out a form.We can distinguish between data entered as part of a contract (most often the purchase of a plane ticket) and data entered in a non-contractual framework (subscription to our newsletter for example). At the date of writing this document, the tirrenair.com site offers you to enter data in the following cases:

• Creation of an internet account (non-contractual framework)
• Newsletter subscription (non-contractual framework)
• Membership in the loyalty program (contractual framework)
• Subscription to the subscription program (contractual framework)
• Purchase of airline tickets (contractual framework)
• Car rental (contractual framework)
• Online registration (contractual framework)
• Manage my reservation (contractual framework)
• Disputes and complaints (contractual framework)
• Assistance to people with reduced mobility (non-contractual framework)
• Internet assistance (non-contractual framework)
• Request for information (non-contractual framework)
• These points will be detailed later in the document (paragraph 2.3)

‍

2.2 — OBTAINING YOUR CONSENT FOR THE RECORDING OF PERSONAL DATA

For the recording of data in a contractual framework (sale of airline tickets and associated products), we collect your consent when you accept the general conditions of sale or the general conditions of use. These consents remain valid at least until the end of the contract in question, except when we are subject to a regulatory obligation to keep this data (fiscal and accounting obligations, obligations related to the safety of persons and property, see in more detail in the following paragraphs) .For the recording of data in a non-contractual framework, we collect your consent explicitly (by offering you to check a box most of the time), in accordance with the rules defined by the RGPD. These consents remain valid until a pre-determined and clearly indicated date (generally 13 months), unless you wish to withdraw these consents. This procedure for withdrawing consent will be clearly indicated to you in the rest of the document.

2.3 — DATA PROCESSING

2.3.1 Processing of personal data collected and stored automatically

In order to constantly improve our customer relationship tools, and in particular our Company's website, we process the data mentioned in paragraph 3.1 of this document in order to obtain the following information:

• The start date and time of your visit to www.tirrenair.com
• The address of the refferer website (the one you visited just before arriving at www.tirrenair.com)
• The page (s) visited on www.tirrenair.com.
• The IP address of your device
• The characteristics of the device you use to visit our site (type of device, operating system, browser, device identifiers)
• The services on our site that you used during your visit
• The research you did during your visit

The analysis of this information allows us to determine precisely whether our website tirrenair.com meets your expectations, which parts we need to improve or highlight more or what are the next evolutions to be planned.To analyze this data we use the Google Analytics solution (https://www.google.fr/analytics/terms/fr.html). The privacy policy for this service is available at the following address: http://google.com/intl/fr/analytics/learn/privacy.htmlThis tracking solution requires us to place a text file (cookie) on your machine (computer, tablet or smartphone) on your machine (computer, tablet or smartphone) allowing us to recognize and follow you during your visit to our website. This deposit of cookies is of course subject to your agreement (message informing you of the use of cookies and request for explicit consent). Information concerning your use of our website is recorded by Google. In order to further strengthen our measures to protect your privacy, we use a specific feature to anonymize your IP address. You can of course refuse the deposit of cookies on your device (change your browser settings to do this), but in this case you may not be able to benefit from all the functionalities of our website. For users who wish not to transmit any data to Google Analytics, it is possible to install on your browser a software extension provided free of charge by Google itself (https://tools.google.com/dlpage/gaoptout?hl=fr). With regard to the collection and processing of navigation data, the legal framework for the collection of personal data is explicit consent (Article 6 of the RGPD). You will be able to manage this consent in a very short time by going to your personal space.

2.3.2 Processing of personal data collected and recorded via forms

2.3.2.1 Creating an Internet account

In order to facilitate the use of our website tirrenair.com, we suggest that you create an internet account. The creation of this account then allows you not to have to re-enter your contact details each time you book a ticket. When creating the internet account you are invited to enter the following information:

• Civility
• Name,
• First name,
• Email address
• Address, postal code, city, country
• Phone
• Preferred departure airport
• Travel frequency
• Reason (s) of travel
• Creating the password
• Newsletter subscription request

This data is stored securely by us on our own servers. They are then used to automatically complete other forms on the site without re-entering on your part. When creating your account, we suggest that you subscribe to our Newsletter. Subscribing to the Newsletter is detailed in paragraph 2.3.2.2 of this document. With regard to the creation of an internet account, the legal framework for the collection of personal data is explicit consent (Article 6 of the RGPD). You will be able to manage this consent in a very short time by going to your personal space.

2.3.2.2 Subscription to the TIRRENAIR Newsletter

In order to inform you regularly about our commercial offers and more generally about the news of our Company, we suggest that you subscribe to our newsletter program. After registering you will then receive our newsletter by electronic message (email). When registering for our Newsletter you are invited to enter the following information:

• Email address
• Postal code
• Preferred departure airport
• Travel frequency
• Reason (s) of travel

This data is stored securely by us on our own servers.

2.3.2.3 Subscription to the subscription program

Subscription program currently dormant.

2.3.2.6 Buying an airline ticket

When booking one or more airline tickets and associated services, we collect the following data:

• Civility
• Name
• Firstname
• Email
• Phone
• Date of birth for babies, children, young people and seniors.

This data is recorded in our reservation system operated by our partner. https://ttinteractive.com/

‍This data is stored and used until the end of your trip and is also used for ground operations such as check-in and boarding.

• This data is stored during this period on TTI servers, located in the TTI data hosting center, (ZENITH data) located in Roubaix FR (OVH), Beauharnois, CA (OVH), Singapore, SG (OVH), Singapore, SG (OVH), and Sydney, AU (OVH), Singapore, SG (OVH), Singapore, SG (OVH), Singapore, SG (OVH), Singapore, SG (OVH) and Sydney, AU (OVH).

TTI services are in full compliance with personal data protection regulations and in particular the RGPD. We regularly carry out control operations in order to measure the effectiveness of the measures taken by TTI in this area. -TIRRENAIR also keeps some of this data in its accounts (invoice number, payment) in accordance with the obligations in force in France on the day this document is written. TIRRENAIR also keeps this data as part of regulatory obligations related to national security. This data is stored in a dedicated computer tool, with restricted access, and intended in particular to respond to any requests from the police services. In accordance with the provisions of article L34.5 of the Postal and Electronic Communications Code, TIRRENAIR may send you by electronic message commercial offers relating to services similar to those that were the subject of a purchase by you from our Company. You can opt out of receiving these offers at any time by following the unsubscribe link in each message sent. With respect to the purchase of airline tickets and associated services, the legal frameworks for collecting personal data are:

• The establishment of a contract by which TIRRENAIR undertakes to transport you on its lines according to the general conditions of sale accepted by you when booking on our website,
• The various legal obligations to which TIRRENAIR is subject

2.3.2.7 Car rental

On some of our flights, we offer you the opportunity to benefit from advantageous conditions with our partners to have a rental vehicle as soon as you arrive at the airport.For this purpose, we transmit to our partner some of the data entered by you when booking your plane ticket.This data is used to draw up the rental contract that you will be asked to complete and sign when collecting the vehicle.The basic rental rate is paid to TIRRENAIR when you book your plane tickets (purchase grouped, single payment, invoice issued by TIRRENAIR Voyages. Any additional services are paid directly to our partners when the vehicle is made available or returned. Our partners undertake to apply, when processing your personal data, all the measures defined by TIRRENAIR so that your rights in terms of personal data are fully respected. The privacy policy is available at https://www.tirrenair.com/politiques-de-confidentialite

2.3.2.8 Online registration

We offer you the possibility to check in online from 36 hours and up to 30 minutes before the flight. To do so, you will be asked to enter your last name and your reservation identifiers. The processing carried out by us is completely integrated into the global Amadeus process (reservation, check-in, boarding). The provisions for the protection of personal data are therefore identical to those described in paragraph 2.3.2.5.

2.3.2.9 Manage my reservation

We offer you the possibility to check the status of your reservation at any time and to change it under certain conditions. To do this, you will be asked to enter your last name and your reservation identifiers. The processing carried out by us is completely integrated into the TTI process (reservation, check-in, boarding).

2.3.2.10 Disputes and complaints

We offer you the possibility of filing a claim following a difficulty encountered during a TIRRENAIR flight. For more information: contact@tirrenair.com Your complaint file is prepared at the following internet address: contact@tirrenair.com You will be asked to complete a form containing the following data:

• Civility
• Name
• Firstname
• Phone
• Email
• Full address
• TIRRENAIR subscription program member (Yes/No)

This personal data is used to create your complaint file. This data is stored securely by us on our own servers.Filing a complaint implies acceptance of the general conditions of use of the service available at the following internet address: contact@tirrenair.comSi your complaint should lead to compensation on our part, you will then be invited in a second time to enter your bank details for payment.The personal data processed in this context is not used for other purposes.With regard to the filing of a complaint, the framework legal basis for the collection of personal data is the establishment of a contract by which TIRRENAIR undertakes to examine and possibly respond to your request relating to the performance of an air transport service.

2.3.2.11 Email Sending Forms

We provide you with forms that facilitate the sending of messages to our various departments. These forms, once completed by you, automatically generate electronic messages (emails) sent to our services. These messages are archived in our messaging system. The personal data they contain is not used for purposes other than responding to your requests. With regard to forms for sending electronic messages, the legal framework for the collection of personal data is explicit consent.

Chapter 3 — Processing of personal data related to ticket reservations (other than processing linked to the website)

3.1 — GENERAL PRINCIPLES

Using our website is not the only way to book a ticket on one of our flights. To do this, you can go to a travel agency, use a specialized site partner of our Company or one of our mobile applications. In all cases, we apply the same principles in order to guarantee the compliance of the treatments carried out on your personal data. Thus, we ensure that all of our marketing channels are in total compliance with the regulations in force in this field. This is reflected in a strong demand on our part when establishing distribution agreements with our partners.

3.2 — TREATMENTS CARRIED OUT ON OUR RESERVATION SYSTEM

Regardless of the method used to buy a ticket on one of our flights, finally your reservation is recorded in our system.

3.2.1 Buying a ticket from our Company

When booking one or more airline tickets and associated services directly with our services, we collect the following data:

• Civility
• Name
• Firstname
• Email
• Phone
• Date of birth for babies, children, young people and seniors.

This data is recorded in our reservation system operated by our partner TTI.TTI (Travel Technology Interactive) located at 24 rue Neuve Sainte Catherine, 13007 Marseille (Siren 751 750 480) is a company created in 2004.This data is kept and used until the end of your trip and is also used for ground operations such as registration and boarding control.This data is stored during this period on TTI servers (Zenith data), located in the following data hosting centers: Roubaix, FR (OVH) , Beauharnois, CA (OVH), Singapore, SG (OVH), and Sydney, AU (OVH). TTI's services are in full compliance with personal data protection regulations and in particular the RGPD. We regularly carry out control operations in order to measure the effectiveness of the measures taken by TTI in this area. Tirrenair also keeps some of this data in its accounts (invoice number, payment) in accordance with the obligations in force in France at the time of writing this document.Tirrenair also keeps this data as part of regulatory obligations related to national security. This data is stored in a dedicated computer tool, with restricted access, and intended in particular to respond to any requests from police services. With regard to the purchase of airline tickets and associated services, the legal frameworks for the collection of personal data are:

• The establishment of a contract by which TIRRENAIR undertakes to transport you on its lines according to the general conditions of sale accepted by you when booking on our website,
• The various legal obligations to which TIRRENAIR is subject

3.2.2 Buying a ticket from one of our partners

Like all airlines, we market our services through partners selected by us. Therefore, and unless otherwise indicated, it is with this entity that you contract your ticket purchase, whether as part of a “dry” flight or an organized trip (transport + accommodation package for example) .We therefore invite you to check the guarantees offered by this provider in terms of the processing of your personal data. Indeed, although we apply a demanding policy in this area, we cannot be held responsible in the event of a breach of legal obligations on the part of this same service provider.As a matter of priority, it is with this service provider that you will have to report any requests or complaints concerning the processing carried out by him on your personal data.However, we remain your final contact person for any exercise of your right of access to to personal data insofar as said partner does not would not have the capacity to respond to your request.

Chapter 4 — Organizational and technical measures relating to the protection of personal data

4.1 — ORGANIZATIONAL MEASURES

The protection of our customers' personal data is a constant concern of the Company and is therefore monitored at the highest level of our organization. Tirrenair has created a DPO function in order to have an internal resource dedicated to all of this problem. The DPO collaborates daily with the company's management and the various departments, whether to improve existing practices or when launching new projects involving a “personal data” component.The concept of confidentiality is now integrated at the outset of projects, as specified in the RGPD in article 25.The Company's staff who are required to process personal data are made aware of these new issues.Access to information is strictly organized and controlled.All the treatments of personal data are recorded in a processing register made available to the supervisory authority, in accordance with the provisions of the RGPD, Article 30.All service providers working on our behalf and being required to process personal data present all the necessary guarantees. Their services are subject to regular checks by us in this area.

4.2 — TECHNICAL MEASURES

The TIRRENAIR information system offers all the guarantees necessary to maintain confidentiality during the processing of personal data. The data processed by us is constantly duplicated and saved, in order to ensure the integrity, availability and resilience of these data, in accordance with the provisions of the RGPD, Article 32.Personal data that can be stored on third party infrastructures are stored under contracts that fully comply with the provisions of the RGPD. At the date of validity of this document, indicated at the end of the text, TIRRENAIR uses the services of the following providers: Webflow

Chapter 5 - General provisions

5.1 — DATA RETENTION PERIOD

We keep your personal data for no longer than is necessary for the purposes for which they are collected and processed.
Data recorded after completing a form by you will be kept for a maximum of 60 months, unless otherwise required by law.

1. Management of prospects (emailings, phone calls, SMS, etc.)

• Purposes of the treatment
  • Identify new potential customers
• Shelf life
  • Archives (active base) for a maximum of 3 years from the end of the commercial relationship or after data collection or the last contact with the prospect.
• Archives (intermediate base) for 13 months if the prospect gives explicit consent to continue to be solicited.
• Legal basis
  • Legitimate interest

2. Management of cookies and other trackers

• Purposes of the treatment
  • Generate website traffic statistics
  • Improve site navigation performance
  • Personalization and advertising targeting
• Shelf life
  • Data retention for 13 months (Simplified Standard No. 48 of the CNIL)
• Legal basis
  • Consent

3. Customer file management

• Purposes of the treatment
  • Know and retain customers
  • Adapting offers
  • Offer adapted (personalized) services
  • Customer relationship management (reservation modification, assistance...)
  • Legal and fiscal procedures
• Shelf life
  • Retention in an active database for the duration of the contractual relationship
  • Retention in an intermediate base for 5 years from the end of the commercial relationship.

However, the conservation in an intermediate database may be extended taking into account the limitation periods applicable with regard to legal and fiscal obligations. Indeed, legal provisions require the collection and sharing of identification data, reservation and travel information with public authorities or governmental organizations for the purposes of border control, immigration, entry into the territory of a State, security or the fight against terrorism.

• Legal basis
  • contract
  • Legal obligation

4. Management of subscriptions to the newsletter

• Purposes of the treatment
  • Subscription management;
  • Management of electronic shipments (offers)
  • Development of service-related statistics
• Shelf life
  • Retention until the person concerned unsubscribes (via the unsubscribe link integrated into the newsletters)
• Legal basis
  • Consent

5. Credit card payments

• Purposes of the treatment
  • One-time payment for a purchase or travel reservation
• Shelf life
  • Until the actual payment (deletion as soon as the transaction has been completed)
  • Intermediate archive for the purpose of proof in the event of a possible dispute of the transaction for a period of 13 months following the debit date or 15 months in the case of deferred debit payment cards.
• Legal bases
  • contract

6. Management of disputes and customer complaints

• Purposes of the treatment
  • Handling complaints (mediation procedure)
  • Recovery of amounts due
  • Improving the quality of service
  • Ensure the establishment, exercise or defense of one's rights in court
• Shelf life

• Commercial claims:
• The data necessary for the execution of a contract is kept for the duration of the contractual relationship.
• Retention in an intermediate base for 5 years from the end of the commercial relationship.

• Litigation files:
• Intermediate archives of litigation files: preservation for the time necessary for the management of the litigation (including appeal periods) after the discovery of a dispute, until the prescription of the action.
• Legal basis
  • contract
  • Legal obligation

7. Managing the subscription program

• Purposes of the treatment
  • Subscription management;
  • Management of electronic shipments (offers)
  • Development of service-related statistics
• Shelf life
  • Retention until the person concerned unsubscribes
• Legal basis
  • Consent

5.2 — YOUR RIGHTS

In accordance with the texts in force at the time of writing this document, you have the following rights concerning the personal data processed by us:

Right to information,
Right to rectification or deletion,
Right to the limitation of treatment,
Right to data transferability.

To exercise these rights or any question relating to the protection of your personal data, you can contact our DPO by email: rgpd@tirrenair.com

You also have the right to file a complaint with the Commission Nationale de l'Informatique et des Libertés (“CNIL”) concerning the processing of your personal data. In particular, you can send your complaint on the CNIL website, or by post by writing to: CNIL - Complaints Department - 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07. The procedures for filing a complaint with the CNIL are detailed on this link: https://www.cnil.fr/fr/adresser-une-plainte.

5.3 — DATA TRANSFER

If personal data is transmitted to third parties for the purpose of executing the transport contract and ancillary services, we first ensure that our partners comply with the applicable regulations and comply with the GDPR.

5.4 — PERSONAL DATA CONCERNING MINORS UNDER 15 YEARS OF AGE

TIRRENAIR does not collect or process Personal Data relating to children under 15 years without the prior consent of parents or persons with parental authority

If you use the TIRRENAIR website on behalf of your child and in your capacity as holder of parental authority, you are informed that personal data relating to your child under 15 years of age will be processed and used TIRRENAIR in accordance with this Privacy Policy.

In the event that your child is under 15 years of age, and that his consent is necessary for the processing of personal data in accordance with article 6 paragraph 1 a) of the RGPD, you will be invited, in your capacity as holder of parental authority, to consent to the processing of your child's data by TIRRENAIR.

In accordance with the recommendations of the CNIL, in any situation in which the age of the person concerned is collected and it is possible to determine that they are 15 years of age or under, the email address of a parent or legal guardian will be requested before collecting personal data from this child. The email addresses of holders of parental authority provided for the purpose of obtaining parental consent will be used for the purpose strictly defined in this Privacy Policy.

If you have learned that your minor child under the age of 15 has provided TIRRENAIR with personal information without your supervision, you can contact us on rgpd@tirrenair.com so that we can take appropriate action.