MIAT Mongolian Airlines is committed to respecting your privacy and will protect your personal information and the following are guidelines for protecting your information.
SUMMARY
We collect, process and store your personal information:
- if you visit our website or use our app;
- if you submit your Personal information on our website or our app;
- if you book a flight or service with us through a third party;
- if you participate our loyalty program;
- in connection with a flight or service you have purchased from us; or
- if you call, email or write to us.
Some of the flights and services that we offer are provided by third parties and, if you purchase those flights or services, that third party will process personal information about you.
We share your personal information with third party service providers and another airline operator that act on our behalf to provide flights and/or services to us. Examples are companies that provide ground handling services at airports, IT services companies that manage reservations and boarding on our behalf and payment processing organisations.
We use cookies, which are text files containing small amounts of information that are downloaded to your computer or mobile device. To find out more click here: Cookie Policy.
This Privacy Policy explains what Personal information we process, why we process it, how it is legal and your rights.
Contents
- 1. INTRODUCTION
We are MIAT Mongolian Airlines (also known as MIAT), a Mongolian airline whose Head office at MIAT building, Buyant-Ukhaa 45, Khan-Uul district in Ulaanbaatar, Mongolia.
We are a Data controller and take your privacy seriously. Please read this Privacy Policy very carefully because it contains important information about how we process your Personal information and your rights.
- 2. WHAT IS THE PURPOSE OF THE PRIVACY POLICY?
This Privacy Policy sets out the basis on which any personal information we collect from you, or that is provided to us by a third party, will be processed by us.
- 3. OUR DATA PROTECTION OFFICER
We have appointed a Data Protection Officer who is responsible for overseeing any questions you may have in relation to this Privacy Policy.
If you have any questions about this Privacy Policy or Personal information that we hold about you, including any requests to exercise your rights, please contact our Data Protection Officer using the details set out below:
|
Controller |
MIAT Mongolian Airlines |
|
Address |
MIAT building, Buyant-Ukhaa 45, Khan-Uul district in Ulaanbaatar 17120, Mongolia |
|
Address in EU |
MIAT branch office Shaussee Strasse 84, Berlin 10115, Germany |
|
Data Protection Officers |
B. Burenjargal N. Bulgan |
|
|
|
|
Telephone Numbers |
+976 70049967 +49 30 284 981 42 |
- 4. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy may be updated from time to time. If the change impacts you or your personal information, we will inform you of changes made to this Privacy Policy.
- 5. THE PERSONAL INFORMATION WE COLLECT ABOUT YOU
We collect or store personal information (and special categories of personal information) about you at different points in our relationship with you:
- when you browse or visit our website or use our app;
- if you create an account with us;
- if you subscribe to any of our publications;
- if you participate our loyalty program;
- if you book a flight or buy a service from or through us; and
- if you e-mail, write or call us.
If you book a flight with or purchase a service offered by us through a third party (for example an online travel agent or holiday company), then that third party will send us personal information about you that we will use to provide the flight or service.
5.1 PERSONAL INFORMATION
We collect the following personal information:
|
Type of personal information |
Personal information includes: |
|
Advanced Passenger Information |
- full name - nationality - date of birth - gender (where required) - number and type of travel document (e.g. passport or ID), its expiry date and country of issue |
|
Contact Data |
- billing address - email address - telephone number |
|
Financial Data |
- bank account - payment card details |
|
Identity Data |
- first name - maiden name - last name - username or similar identifier - marital status - title - date of birth - gender - passenger name record (or PNR) |
|
Marketing and Communications Data |
- your preferences in receiving marketing from us and our third parties - your communication preferences |
|
Profile Data |
- username and password - purchases or orders made by you - interests - preferences - feedback - survey responses |
|
Technical Data |
- internet protocol (IP) address - login data - browser type and version - time zone setting and location - browser plug-in types and versions - operating system and platform - other technology on the devices you use to access our website or our app |
|
Transaction Data |
- details about payments to and from you - details of flights and services you have purchased from us |
|
Usage Data |
- information about how you use our website, app, flights and services |
5.2 SPECIAL CATEGORIES OF PERSONAL INFORMATION
In addition to the above Personal information, we also process the following types of special categories of Personal information:
- health and disability information, which you provide to us when requesting any form passenger assistance and records of illnesses or treatments received during a flight with us; and
- racial or ethnic origin (i.e. nationality), which you provide to us when completing your booking or providing the Advanced Passenger Information.
5.3 OUR PROCESSORS
As part of your booking, we may provide Personal information about you to the third parties, who will process your Personal information as our processors.
From time to time, it may be necessary for us to contract with another airline operator to provide the flight for you. In this case, we will provide your Personal information to such other airline operator solely for the purpose of providing the flight to you.
- 6. HOW WE USE YOUR PERSONAL DATA
We are required to tell you what we use your Personal information for and the lawful basis on which we can process your Personal information:
|
Purpose |
Type of Personal information |
Lawful basis for processing |
Details |
|
To monitor browsing on our website or use our app |
- Technical Data |
- Legitimate interest - Consent |
To improve the functionality and content of our website or our app.
For more information please see our Cookie Policy. |
|
To create an account with us |
- Identity Data - Contact Data |
- Legitimate interest |
To collect information about our potential customers. We will not send you any electronic marketing unless you have expressly consented to receive it.
To improve the speed at which you can purchase flights and services from us. |
|
To process and complete your booking (boarding passes and coupons) |
- Identity Data - Contact Data - Financial Data - Transaction Data - Marketing and Communications Data |
- Performance of our contract with you - Legitimate interest |
To collect payments from you and deliver boarding passes and/or coupons to you.
If we have a claim against you (for example, if you have broken your contract with us) it is in our legitimate interest to pursue that claim. |
|
To process your request for any form of passenger assistance |
- Special Category of Personal information |
- Performance of our contract with you - Consent |
To enable us to meet your specific requirements for passenger assistance, both in departing and arriving airport. |
|
To enable you to participate in a prize draw or competition |
- Identity Data - Contact Data - Profile Data - Usage Data |
- Performance of the prize draw or competition terms and conditions - Legitimate interests - Consent |
To promote our business through prize draws and competitions to you. We will not send you any electronic marketing unless you have expressly consented to receive it. |
|
To enable you to complete a survey |
- Identity Data - Contact Data - Profile Data - Usage Data |
- Legitimate interests |
To obtain feedback from you on our flights and services so that we can make improvements to them. |
|
To manage and protect our business and our website or app (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) |
- Identity Data - Contact Data - Technical Data |
- Legitimate interests - Necessary to comply with a legal obligation |
To manage our business and ensure the effective provision of administration and IT services, network security.
To prevent fraud. |
|
To process information about other passengers in your booking and the age range of any children traveling with you |
- Identity Data - Contact Data |
- Performance of a contract with you |
To process and complete the booking for you and each member of your party |
|
To collect and process Advance Passenger Information |
- Identity Data - Contact Data |
- Legal obligation - Performance of a contract with you |
To provide the authorities in the destinations that we fly to with the relevant passport and travel information. |
|
To use data analytics to improve our website or app, flights and services, marketing (including advertisements), customer relationships and experiences |
- Technical Data - Usage Data |
- Legitimate interests |
To define types of customers for our flights and services.
To keep our website or app updated and relevant.
To develop our business and inform our marketing strategy. |
|
To send marketing and promotional materials to you |
- Identity Data - Contract Data |
- Consent |
To promote our flights and services to you. |
Where we need to collect Personal information under the terms of a contract we have with you and you fail to provide that Personal information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with flights or services or issue tickets). In this case, we may have to cancel your ticket or not provide the service to you, but we will notify you if this is the case at the time.
- 7. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH?
7.1 OTHER AUTHORITES
In addition to the Advanced Passenger Information, we may disclose Personal information to customs and immigration authorities, border control agencies and law enforcement bodies when this is necessary to get you to your destination or is required by law. For example, for specific travel routes we are required to provide border control agencies with information that relates to your travel and itinerary.
7.2 OUR SERVICE PROVIDERS
We will share your Personal information with companies that provide services to us and act as our Processors.
We require all our Processors to respect the security of your Personal information.
We do not allow our Processors to use your Personal information for their own purposes and only permit them to process your Personal information for specified purposes and in accordance with our instructions.
7.3 CODE SHARE AIRLINES AND THIRD PARTY
If you booked a flight with us and the flight is provided by one or more airlines (for example, a Code Share Airline or another airline operator), then those other airlines will also be Controllers and you should review their privacy information on their websites.
If you book a flight with or purchase a service offered by us through a third party, then the relevant third party (for example an online travel agent or holiday company) will be a Controller for the purposes of EU Data Protection Regulation. You can access the privacy policies of those third party service providers from them directly.
- 8. MARKETING
We provide you with choices about marketing and advertising that you receive from us.
If you do not wish to receive marketing information from us you can opt-out by sending an email to unsubscribe@miat.com.
- 9. PROFILING
We may use the Personal information (including Technical Data) that we collect about you to create a profile about you in order to suggest flights, services and offers that may interest you.
We will only send this to you by electronic means if you have explicitly consented to receive such information in our Marketing section.
- 10. INTERNATIONAL TRANSFERS
The Personal Data collected through our Services will be transferred to the Mongolia. Also, some of the third-parties to whom we disclose Personal Data may be located in the Mongolia and other countries outside of the European Union, including in countries to which you fly and that may not provide the same level of data protection as your home country. We take appropriate steps to ensure that recipients of your Personal Data are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred Personal Data, remains protected and secure. A copy of these clauses can be requested by emailing dpo@miat.com.
Our Code Share Partners or another airline operator are based outside the European Economic Area (EEA).
Where this is the case, your Personal information will be processed in accordance with the applicable carrier’s privacy policy and, if your booking is made via a reservation system provider (Global Distribution System (GDS)), with its privacy policy. These are available at http://www.iatatravelcenter.com/privacy or from the applicable carrier or GDS provider directly. You should read this documentation, which applies to your booking and specifies, for example, how your Personal information is collected, stored, used, disclosed and transferred.
- 11. DATA SECURITY
We use technical and organisational measures to safeguard your Personal information, for example, we process all payment card transactions in accordance with the Payment Card Industry Data Security Standard and use secure connections on our website and our app to ensure that your Personal information is encrypted. In terms of the latter, this means that we convert your Personal information into a computer code, which will make it harder for hackers to access your Personal information on our website or our app. If you want to know how we are keeping your data secure, please contact our Data Protection Officer who can provide more details.
While we will use all reasonable efforts to safeguard your Personal information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Personal information that are transferred from you or to you via the internet. If you have any particular concerns about your Personal information, please contact our Data Protection Officer using the contact details provided above.
- 12. DATA RETENTION
We will only retain your Personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal information, we consider the amount, nature, and sensitivity of the Personal information, the potential risk of harm from unauthorised use or disclosure of your Personal information, the purposes for which we process your Personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your Personal information are available from us on request to our Data Protection Officer. We shall keep your Personal information relating to Advanced Passenger Information for a period 10 years from the date when you first provided us with a copy of such Personal information.
- 13. YOUR RIGHTS
You have rights under our policy in relation to your Personal information. You have the right to:
(a) Request access to your Personal information
(b) Request correction of your Personal information
(c) Request erasure of your Personal information
(d) Object to processing of your Personal information
(e) Request restriction of processing your Personal information
(f) Request transfer of your Personal information
(g) Right to withdraw consent
These rights are explained in more detail below. If you wish to exercise any of the rights set out above, please contact our Data Protection Officer using the contact details provided above. We will respond to any rights that you want to exercise within a month of receiving your request, unless your request is complex, in which case we will respond within 3 months.
|
Your right |
Description |
|
Request access to your Personal information |
This enables you to receive a copy of the Personal information we hold about you and to check that we are lawfully processing it. |
|
Request correction of the Personal information that we hold about you |
You can require us to correct any mistakes in your information which we hold free of charge.
If you would like to do this, please let us have enough information to identify you (e.g. account number, user name, registration details) and let us know the information that is incorrect and what it should be replaced with. |
|
Request erasure of your Personal information |
This enables you to ask us to delete or remove Personal information where there is no good reason for us continuing to process it.
You can ask us to erase your Personal information where:
- you do not believe that we need your Personal information in order to process it for the purposes set out in this Privacy Policy;
- if you had given us consent to process your Personal information, you withdraw that consent and we cannot otherwise legally process your Personal information;
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your Personal information; or
- your Personal information has been processed unlawfully or have not been erased when it should have been. |
|
Object to processing of your Personal information |
Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your Personal information for direct marketing purposes.
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. |
|
Request restriction of processing of your Personal information. |
This enables you to ask us to suspend the processing of your Personal information in the following scenarios:
- if you want us to establish the Personal information’s accuracy;
- where our use of the Personal information is unlawful but you do not want us to erase it;
- where you need us to hold the Personal information even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your Personal information but we need to verify whether we have overriding legitimate grounds to use it. |
|
Request the transfer of your Personal information to you or to a third party. |
We will provide to you, or a third party you have chosen, your Personal information in a structured, commonly used, machine-readable format.
This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. |
|
Withdraw consent at any time where we are relying on consent to process your Personal information. |
This will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you withdraw your consent, we may not be able to provide certain flights or services to you. We will advise you if this is the case at the time you withdraw your consent. |
GLOSSARY
|
Term |
Definition |
|
Advance Passenger Information |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Code Share Airline |
means aviation business arrangement with two or more airlines share the same flight. Each airline publishes and markets the flight under its own airline designator and flight number as part of its published timetable or schedule. A seat can be purchased on each airline's designator and flight number, but is operated by only one of these cooperating airlines, commonly called the "operating carrier" or more precisely (and in line with definitions in IATA Standard Schedules Information Manual): "administrating carrier"; |
|
Contact Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Controller |
means the Controller described as such in Section 1 and 7.3 of the Privacy Policy; |
|
Data Protection Officer |
means the person whose details are set out in Section 3 of the Privacy Policy, |
|
Financial Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Global Distribution System or GDS |
means a computerised network system owned or operated by a company that enables transactions between travel industry service providers, mainly airlines and travel agencies. A mirror image of the passenger name record (PNR) in the airline reservations system is maintained in the GDS system. If you book an itinerary containing air segments of multiple airlines through a travel agency, the your passenger name record in the GDS system would hold information on their entire itinerary, each airline you fly with would only have a portion of the itinerary that is relevant to them; |
|
Ground Handler |
means a third party ground handler that we work with at an airport to deal with aircraft for our flights between the time it arrives at a terminal gate and the time it departs on its next flight, |
|
Third party |
- Code share airline or airline operator - Travel agent & holiday company - Hotel booking & Car rental company - Ground handling company |
|
Identity Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Marketing and Communications Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Personal information |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Processor |
means the Processor described as such in Section 5.3 of the Privacy Policy; |
|
Profile Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Special Categories of Personal information |
means the Special Categories of Personal information described as such in Section 5.2 of the Privacy Policy; |
|
Technical Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Transaction Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
Usage Data |
means the Personal information described as such in Section 5.1 of the Privacy Policy; |
|
we, us and our |
means MIAT Mongolian Airlines; and |
|
you, your |
means the person browsing our website, creating an account with us, booking a flight or purchasing a service from us. |
