British Airways Executive Club eStore Privacy Policy
British Airways Executive Club is committed to respecting your privacy and protecting your personal information
- We will be transparent about the information we are collecting and what we will do with it.
- We will use the information you give us for the purposes described in our Privacy Policy.
- We will also use the information to help us understand you better and so that we can give you relevant offers.
- We will put in place measures to protect your information and keep it secure.
- We will respect your data protection rights and aim to give you control over your own information.
You can access the full British Airways Privacy Policy here. This Privacy Policy is specific to your interaction with the British Airways Executive Club eStore (“eStore”).
If you have further questions please get in touch with us by writing to Data Protection Officer, Avios Group (AGL) Limited, Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY England or by email to data.protection@avios.com
Controller of Personal Information
AGL is the “Data Controller” of your personal information that is processed in connection with this Privacy Policy. Our address is Avios Group (AGL) Limited, Astral Towers, Betts Way, London Road, Crawley, West Sussex, RH10 9XY, England. AGL is part of the International Airline Group (“IAG”) and its role as a Data Controller in the Airline Partner Schemes relates primarily to the awarding and redemption of Avios. AGL receive, store and process Airline Partner Scheme Member Data to administer parts of the Schemes. AGL and the Airlines Partners are independent Data Controllers each with separate responsibilities for the processing of personal information of Scheme Members.
What do we mean by personal information?
Personal information means details which identify or could be used to identify you, such as your name and contact details or purchase history. It may also include information about how you use the eStore.
When does this policy apply?
This Privacy Policy applies to the personal information that is collected, used and otherwise processed when you use the eStore.
How can you keep your personal information secure?
We take great care to protect your personal information. You can read more about how we do this in our Security Policy. Here are some things you can do to keep your information secure. Keep your membership log-in details confidential
To make sure your access to our websites, other online services and mobile applications remains secure you should not share your log in details with anyone else. When you finish using the website, online services or mobile application you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.
Be aware of and protect yourself against Internet fraud and “Phishing”
There is a fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm their credentials into a 'cloned' or illegal copy website.
When do we collect personal information about you?
We collect personal information about you when you visit and use the eStore, interact with us by email or use the online contact forms. For more information, see “What types of Personal Information do we collect and retain?”
What types of personal information do we collect and retain?
When you use the eStore we collect the following categories of personal information:
- Your membership details and transactional details that enable the awarding of Avios to your account
- Use of our websites, contact centres and mobile applications
- Your location data when you have visited out websites or mobile applications. This is your IP address. (An IP address (Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device.)
You are in control of what information we collect about you. However, if you choose not to share your information some areas of the website may not be accessible or useable.
If you disable the cookies, the eStore will not be unable to track your online transaction through to the retailer's website and will not be able to award Avios for purchases of goods or products on an eStore affiliated retailer's website.
To collect ‘collect on card’ offers from participating merchants who will be displayed on the eStore, you will need to have registered valid payment card(s) on the eStore, to enable transaction monitoring to take place. Transaction Monitoring will determine whether you have qualified for an offer linked to your payment card(s).
Your card details will be kept secure. We will not be taking any payments from registered cards and the storage of your cards will fully conform to Payment Card Industry (PCI) data standards. You may opt-out of transaction monitoring on the payment card(s) you entered at any time by clicking “Remove” against each card registered.
What do we use your personal information for?
The main purposes for which we use your personal information are:
- Management and administrative purposes of your purchases through the eStore
- Providing services tailored to you.
- Analysis and market research
- Updates and service communications
- Transaction monitoring
If you register payment cards in connection with transaction monitoring, you authorise the eStore (via Fidel Ltd. to share your payment card information with Visa, MasterCard, Amex and other necessary payment service providers (Payment Service Providers) to confirm your enrolment.
You authorise the Payment Service Providers to monitor transactions on your registered card(s) to identify purchases in order to determine whether you have qualified for an offer linked to your payment card, and for the Payment Service Providers to share such transaction details with Sports Loyalty Card Limited (trading as Reward) and the eStore to enable your card-linked offer(s) and target offers that may be of interest to you.
By registering your payment card(s) with the eStore you agree that these details may be shared with
- Any successors to Fidel Ltd.
- Any other company that performs the same or similar role for the eStore.
You may opt-out of transaction monitoring on the payment card(s) you have registered by clicking “Remove” against the registered cards.
What is our legal basis for using your personal information?
AGL will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons AGL collected or needs to use your information. Under EU and UK data protection laws in almost all cases the legal basis will be:
- to process your transaction and otherwise perform that contract with you
- when it is in our legitimate interests to use your personal information to operate and improve our business
- to comply with a legal obligation
More information on each legal basis is provided below.
Performance of a contract with you
It is necessary for AGL to use your personal information when you make a purchase through the eStore to complete our obligations which include the awarding of Avios to your membership account.
Legitimate Interests
As a loyalty programme and travel provider AGL has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business.
Compliance with legal obligations
There are situations where AGL is subject to a legal obligation and needs to use your personal information to comply with those obligations.
How long do we keep personal information?
We will keep your information for as long as we need it for the purpose it is being processed for.
For example, where you make a purchase through the eStore we will keep the information related to your transaction, so we can carry out our obligations to you and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase.
The information may also be retained so that we can continue to improve your experience with us. We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.
Who do we share your personal information with?
Your personal information may be shared with the companies within our group, which includes International Consolidated Airlines Group S.A (IAG), British Airways, Iberia, Iberia Express, Vueling, Aer Lingus, OpenSkies, British Airways Holidays, BA CityFlyer, IAG Connect and IAG GBS.
For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you.
For example, if you have flown with one of the airlines in the IAG Group we may use this information to understand more about the sorts of travel services you are likely to be interested in. We may also disclose your personal information to the following third parties:
- One of our Airline Partners when you are a member of their Airline Partner Scheme, so that we can administer the benefits of the loyalty programme to you
- In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities
- Third party service providers we are using to provide services that involve data processing, for example,
- Third parties, such as law firms and law courts, to enforce or apply any contract with you
- Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
Which countries will your personal information be sent to?
The nature of the eStore means it is often necessary for us to send your personal information outside the European Economic Area or the UK to administer and fulfil your transactions. We ensure that when your personal information is shared outside of the European Economic Area the necessary safeguards are in place to protect your personal information at all times.
Your individual rights in relation to your personal information
Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information.
Responses will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated we may extend the deadline for responding to three months, but we will let you know if this is the case.
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request.
Further explanation of those rights and the exceptions to them are set out below. Details of how to exercise your rights are set out in the section below “How to exercise your individual rights”.
Your rights include the following:
- Marketing – AGL do not send marketing communications. If you no longer wish to receive marketing communications from our Airline Partners, then a request should be submitted to that Airline Partner directly.
- Access – You may request access to the personal information that we hold about you.
- Processing - You may request us to stop using your personal information where we are doing so under legitimate interests, see the section “What is our legal basis for using your personal information” for examples of when that applies, unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.
- Restriction – You may ask that we restrict the processing of your personal data to a specific purpose or purposes.
- Correction - You may ask us to correct your personal information, the 'right of rectification’, if that information is inaccurate.
- Erasure - You may ask for personal information which identifies you to be erased, or forgotten. If you are a member of one of our Airline Partner Schemes, we will liaise with that Airline Partner before replying to your request.
How to exercise your individual rights
If you wish to exercise any of your individual rights set out under the heading ‘Your individual rights in relation to your personal information’ please contact us at the address below.
When you are seeking access to your personal information please include the following information with your request:
- Your name and postal address
- How you would prefer to receive the response (email, post)
- Details of your request
- Any details which may help us locate the information which is the subject of your request,
We may ask you to provide:
- A photocopy of your passport or driving licence, so that we can verify your identity
- A signed authority from a third party if you are applying on their behalf
Please send your request to:
Email: data.protection@avios.com
Post: Data Protection Manager, Avios Group (AGL) Limited, Astral Towers, Betts Way London road Crawley West Sussex RH10 9XY England
Changes to this Privacy Policy
If we make any changes to this Privacy Policy, we will let you know by publishing the updated version on our website. This Privacy Policy came into effect on 19th July 2019.
Contact Us - Complaints, Queries and Feedback
If you wish to contact us in relation to this Privacy Policy or you have any concerns, please contact the Data Protection Officer at data.protection@avios.com.
You have a right to complain to your Data Protection Authority. In the UK that Authority is the Information Commissioner whose website and contact details can be viewed here.
You can contact the Information Commissioner’s Office by telephone on 0303 123 1113.