(Last updated: 12 July 2023 – v1.1)
The purpose of this full Privacy Notice (“Privacy Notice”) is to describe the personal data processing we perform in connection with your use of our Chatbot (“Amelia”). In case you wish to know more about our data processing activities, please consult our Privacy Notice you may find on our website www.wizzair.com.
Please note that this Privacy Notice applies only if you are using our Chatbot on our website. In case you are using our Chatbot via Meta’s Messenger platform, please see our Privacy Notice for the Messenger Chatbot.
Joint Data Controllers and their arrangements
WIZZ Air Hungary Ltd. (seat: Laurus Offices, Kőér street 2/A, Building B, H-1103, Budapest, Hungary), Wizz Air UK Limited (Main Terminal Building, London Luton Airport, Luton, United Kingdom, LU2 9LY), Wizz Air Abu Dhabi LLC (Wizz Air Abu Dhabi, PO Box 145076 Abu Dhabi, UAE) and Wizz Air Malta Limited (171 Old Bakery Street, Valletta 1455 VLT, Malta) (hereinafter jointly referred to as “Wizz Air”, “we”, “our” or “us”) are joint controllers when processing your personal data regarding your use of our Chatbot.
Wizz Air entities have signed a joint controller arrangement, which sets out our related roles and responsibilities. Wizz Air Hungary Ltd (and the Wizz Air Group DPO) is responsible for replying to your privacy related questions, queries or complaints, however, you may exercise your data protection rights in respect of and against each of the joint data controllers. Wizz Air Hungary Ltd is also responsible for providing you with information in relation to this processing (as set out in this Privacy Notice) and notifying the relevant supervisory authority in the event of a data breach. If you need more details regarding the joint controller arrangement, please contact us at data.protection@wizzair.com.
What is the Purpose of Processing the Data?
We will use your data for the purposes below:
- Responding to your queries and requests: the purpose of processing your personal data is to respond to your queries and requests to us; for this purpose, we rely on our legitimate interest.
The provision of your personal data is voluntary. However, if you do not provide your data, you may not be able to use our services i.e., you will not be able to use the Chatbot.
What Personal Data We Process about you?
For the purpose outlined above we process the data categories indicated below:
- Customer Care data: including name, address, date of birth, e-mail address, telephone number, Wizz account number, government ID, flight history, content of your request, communication with you, payment and credit card data.
The legal basis for processing your personal data
To process your personal data, we may rely on the legal bases below:
- The processing of your personal data is possible based on our legitimate interest under the GDPR Article 6 (1) f) (“Legitimate Interest”).
Wizz Air has a legitimate interest in processing data to respond to your questions, inquiries because it is critical to engage with users if they have queries to maintain their confidence in Wizz Air. If users have contacted Wizz Air with a question (or complaint), it is reasonable for them to expect that their data will be processed to facilitate a response.
We may process your personal data for the purposes and legal bases indicated below:
Purpose of data processing | Categories of personal data processed | Legal Basis | Retention period |
Responding to your queries and requests | | Legitimate Interest | We may store your personal data collected while interacting with our Chatbot up to one year. |
Who may access to your data?
Within Wizz Air, employees with appropriate authorization may have access to your personal data on a “need-to-know” basis. We may engage other persons, third parties as data processors to provide services to us and courts, government bodies or other authorities may require us to disclose your data them.
- Service providers as data processors: we use externally provided IT systems or services provided by third party vendors as a support to internal processes.
Data processors | Seat | Activity |
Amazon Web Services | 38 Avenue John F. Kennedy, L- 1855 Luxembourg | Data storage |
DeepL | DeepL GmbH, Maarweg 165 50825 Köln, Germany | Translation Services |
Google Ireland Ltd. | Google Building, Gordon House, Barrow Street, Dublin 4, Ireland | Translation Services |
Laiye | 131, avenue Parmentier, 75011 Paris, France | Chatbot development and operation. |
salesforce.com EMEA Limited | Floor 26 Salesforce Tower, 110 Bishopsgate EC2N 4AY London, United Kingdom | CRM and LiveChat function |
- Wizz Air Group: your personal data may be shared within the Wizz Air Group if needed. For more information about Wizz Air Group, please click https://wizzair.com/en-gb/information-and-services/about-us/company-information.
- Government authorities and enforcement bodies: we may share your personal data with government authorities or enforcement bodies such as regulatory authorities, upon their request and only as required by the applicable law or to protect our rights or the safety of our customers, staff and assets.
Personal data may be provided to parties that are located outside the European Economic Area ("EEA"). In such cases, we will ensure that your personal data is transferred in line with applicable requirements set out by Chapter V of the GDPR.
When using our Chatbot, we may transfer your personal data to the United Kingdom, outside the EEA. The United Kingdom is acknowledged and under the EU Commission Implementing Regulation no. 2021/1772 on the adequate protection of personal data by the United Kingdom to provide an equivalent level of protection as provided by European Union law.
In case we transfer your personal data outside the EEA to a country not acknowledged to provide an equivalent level of protection, we shall ensure that recipients located outside the EEA will provide an adequate level of data protection for the personal data and that appropriate technical and organizational security measures are in place to protect personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. For this purpose, we signed the Standard Contractual Clauses under the EU Commission’s implementing decision no. 2021/914 with such recipients.
Your Rights
If we process your personal data based on your consent, then you can freely withdraw your consent any time. The withdrawal of your consent does not affect the lawfulness of prior processing.
You are entitled to exercise your rights indicated below:
(i) Right of access: You have a right to ask whether or not we process personal data about you and, if that is the case, request information about the personal data we process.
We may request additional information from you for identification or for further copies requested by you, or we may charge a reasonable fee based on administrative costs.
(ii) Right to rectification: We are required to rectify inaccurate personal data, or to complete personal data that is incomplete, on your request.
(iii) Right to erasure (right to be forgotten): We are in some circumstances required to erase personal data on your request.
(iv) Right to restriction of processing: We are in some circumstances required to restrict our use of personal data on your request. In such cases, we may only use the data for certain limited purposes set out by the law.
(v) Right to data portability: You may have the right to receive your personal data to which we have access, in a structured, commonly used and machine-readable format and may then have a right to transmit those data to another entity without hindrance from us.
(vi) Right to object:
You have the right to object to the processing of your personal data for any reason relating to your situation, and in this case, we may not be able to process your personal information. If you have the right to object and the exercise of this right is justified, your personal data in concern will not be further processed for the purposes of the objection. The exercise of this right does not entail any costs.
If you consider that your privacy and data protection rights have been infringed, you may contact the competent data protection authority located in the European Union’s relevant Member State where your habitual residence, place of work or place of the alleged infringement is or the Hungarian National Data Protection and Freedom of Information Agency (Nemzeti Adatvédelmi és Információszabadság Hatóság – NAIH; address: H-1055 Budapest, Falk Miksa u. 9-11.; website: www.naih.hu; phone: +36-1-391-1400; email address: ugyfelszolgalat@naih.hu; fax: +36 1 391 1410).
If you are a UK resident, you may lodge a complaint with the Information Commissioner’s Office (address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; telephone: 0303 123 1113; fax: 01625 524510; live chat: https://ico.org.uk/global/contact-us/live-chat/live-chat-individuals/).
Data Protection Officer
If you have any further questions about the Privacy Notice or how we process your personal data, please contact us by sending your query to us to our email address data.protection@wizzair.com or via letter to our Data Protection Officer at Wizz Air Hungary Ltd., Laurus Offices, Kőér street 2/A, Building B, II-V., H-1103 Budapest.