1.1

This is the Privacy Notice of Airlink (Pty) Ltd and its subsidiary companies (Airlink, us, or our), available at www.flyairlink.co.za (Website), which applies to the personal information of Airlink's customers and passengers, suppliers, business partners, prospective employees, and visitors (you).

1.2

Airlink respects privacy rights and complies with all laws in respect of the handling of personal information, including collection, use, storage, sharing and disposal.

1.3

This Privacy Notice helps you understand how Airlink handles personal information when you use the Website or interact with us in other ways such as at our offices or over the telephone or email.

1.4

This Privacy Notice does not apply to any third-party websites which may be accessible through links on the Website. Airlink makes no representations or warranties about the privacy practices of any third party and does not accept any responsibility for the privacy practices of, or content displayed on, third party websites. Third party website providers are responsible for informing you about their own privacy practices.

2.1

Airlink may change or update this Privacy Notice from time to time. Any updated versions of this Privacy Notice will be posted on the Website and will be effective from the date of posting. Where practical, and at Airlink's discretion, notice of the change will be displayed on the Website.

3.1

When used in this Notice, the term “personal information” has the meaning given to it in the Protection of Personal Information Act, 2013 (POPIA). Personal information is any information that can be used to personally identify a natural or juristic person. Special personal information is any information that is considered by law to be particularly sensitive information. This includes information related to your health, sex life, race, ethnic origin, religious or philosophical beliefs, trade union membership, political persuasion and criminal behaviour and biometric information. More restrictions apply to the handling of special personal information and the information of children because they are particularly sensitive.

3.2

We may collect, use, store and otherwise handle by any means (also known as “processing”) the following personal information, whether that information is provided by you or by a third party:

• Your biographical information - including your name, gender, date of birth, language, nationality;
• Your contact information - including your telephone number(s), address, email address, country of residence, your contact information if you are a passenger's emergency contact person or next of kin;
• Your identification information - including your national identity details, passport information, company registration number, loyalty programme membership information, Passenger Name Record (PNR) number, booking reference, death, marriage or birth certificate;
• Your preferencesincluding your preferred seat, drink or meal on flights, marketing preferences;
• Financial, legal and qualification information - including your bank account information and Value Added Tax number where you are a supplier to Airlink, credit card information and bank statements (in the case of queries or refunds), power of attorney relating to you, financial and qualification background checks conducted when you apply to us for employment;
• Supplier onboarding information - including black economic empowerment certificate, tender information, references
• Communications - including correspondence with you;
• Website informationincluding information collected through cookies when you use our website to which our cookies policy applies, or other information you provide to us when using our website;
• Special Personal Information including:
  • Health/medical information (for example allergies, disabilities, dietary requirements, records of accidents and illnesses), so that we can provide you with assistance and support should you require it before and after you travel including embarking on, during the flight and upon disembarkation from an aircraft; 
  • Biometric information such as fingerprint or iris scans, so that we can implement security and access control measures at our premises and voice recordings of telephone conversations for record and evidentiary purposes; 
  • Religious beliefs such as information about religious dietary requirements; 
  • Criminal behaviour and offences namely details of criminal behaviour and offences committed aboard one of our aircraft or in any other facility for which we bear responsibility or criminal background checks conducted when you apply to us for employment; and 
  • Photographs and CCTV footage
• Personal information of children - including their biographical information and birth certificates and health/medical information including where you book flights on behalf of children and where children fly as unaccompanied minors.
• In addition, we may collect any other information relating to you which we lawfully receive, and which may be relevant to your dealings with Airlink. If the information that Airlink collects personally identifies you, or you are reasonably identifiable from it, Airlink will treat it as personal information.

4.1

You should not disclose the personal information of third parties to Airlink unless:

• There is a reason why Airlink needs to have that information; you are permitted by the third party to disclose their personal information to Airlink or you must be their parent or guardian; and
• you have brought this privacy policy to the attention of the third party.

4.2

An example of when you may disclose a third' party's personal information to us is when you are booking a flight on the third party's behalf with their consent or when you are booking a flight for a child, including an unaccompanied minor;

4.3

When you give us the personal information of a third party, please provide a copy of this Privacy Notice to that person so that they can also be made aware of the conditions under which their personal information is handled by us.

4.4

If you provide health related special personal information to us in respect of a third party by completing a Special Medical Needs Request Form and giving us an accompanying doctor’s report, specific requirements apply to that. These are stated in the Special Medical Needs Request Form.

4.5

Airlink has no way of checking that you have complied with the requirements relating to the disclosure of third party's personal information and therefore must assume that you have done so.

5.1

Airlink collects your personal information directly from you in the following ways, namely when you:

• access to and use of the Website or any of our mobile platforms or applications;
• visit Airlink's offices or other premises;
• register an account with us;
• purchase airline tickets and other services from Airlink;
• fly with Airlink or use any of our other services;
• make a special meal request to Airlink for religious or dietary reasons;
• complete a Special Medical Needs Request Form;
• complete a form in respect of the flying of an unaccompanied minor or you are an unaccompanied minor flying with us;
• address a query to us;
• interact with us on social media; or through direct messaging systems
• enter a promotional competition run by us;
• apply to Airlink for employment;
• communicate with Airlink in any way; and
• have a business relationship with Airlink.

5.2

Airlink also collects your personal information from third parties when they book flights or other services on your behalf or where a doctor, caregiver, parent or guardian or referee provides information about you to us and any public information sources.

6.1

If you do not provide Airlink with your personal information where Airlink requires it, you may not be able to fly or use Airlink's other services, book an airline ticket or other Airlink services, do business with Airlink, apply to Airlink for employment, enter Airlink's premises or access certain portions of the Website or Airlink's mobile platform and applications and this may restrict your dealings with Airlink.

7.1

The law permits us to handle personal information where there is a lawful purpose and justification for doing so. Justifications include where we have your consent, where it is necessary to perform or conclude a contract with you, where it is in our or your legitimate interests or where the law requires us to do so. The purposes for which we handle personal information are set out below

7.2

We are only permitted to handle your special personal information and the personal information of children under limited circumstances. We will only do so with consent or where we are otherwise permitted by the law.

7.3

We will only handle your personal information for the purposes for which we have obtained it and on a ground of justification stated in POPIA. The purposes include:

• To manage our relationship with you - to ensure compliance with laws and to be able conduct our business with you, engage with you or market and provide our services to you, authenticate your identity, to enable us to communicate with you and provide information to you and keep our records updated. Justification: (i) To comply with the law including the following laws and their regulations: Air Services Licensing Act, 1990, Civil Aviation Act 2009, International Air Services Act 6 1993; Broad Based Black Economic Empowerment Act, 2003; Occupational Health and Safety Act, 1993; Value Added Tax Act, 1991; Consumer Protection Act, 2008; Electronic Communications and Transactions Act, 2002; (ii) To conclude or perform in terms of a contract with you; (iii) Your consent where we ask for it and no other ground of justification applies.
• To manage loyalty membership programmes - including administering loyalty benefits. Justification: To conclude or perform in terms of a contract with you
• To manage recruitment - including eligibility for work, processing job applications, vetting, hires, managing visa and immigration requirements. Justification: Your consent
• To comply with policies including monitoring - including in relation to claims, or legal processes or requirements and conducting investigations and incident response. We may conduct limited monitoring in accordance with the Regulation of Interception of Communications and Provision of Communication-related Information Act, 2002 or our IT policy, or your consent. Justification: (i) Our legitimate interest; (ii) Your consent where we ask for it and no other ground of justification applies.
• For security purposes - for providing IT support, security and your authentication (e.g. to check for unauthorised use of those systems and to comply with record keeping and other legal obligations) and to enable you to access our premises. Justification: Our and your legitimate interest, compliance with laws governing cross border travel.
• To maintain a safe working environment - we may collect and use personal information to provide a safe and healthy working environment for our suppliers whilst on our premises. Where appropriate, we may share this information with governmental and law enforcement agencies.
  
  This may include special personal information such as:
  • Health information, to make provision for disabilities, allergies, illnesses and injuries, including the provision of such information to third parties such as insurers or medical professionals where appropriate; or
  • Details of criminal offences, so that we can prevent and detect crime. Justification: (i) Our legitimate interest; (ii) To comply with the law including the occupational Health and Safety Act, 1993; (iii) To conclude or perform in terms of a contract with you
• To comply with our legal obligations and to change our business structure - we collect personal information to comply with the following laws and their regulations that govern the aviation sector: Air Services Licensing Act, 1990, Civil Aviation Act 2009, International Air Services Act 6 1993. We also collect personal information to deal with claims for compensation. We may disclose your personal information in connection with proceedings or investigations anywhere in the world to third parties, such as public authorities, law enforcement agencies, regulators and third-party litigants (these third parties will handle your personal information for their own purposes and not on our instructions). We may also provide your personal information to any potential acquirer of or investor in Airlink for the purpose of that acquisition or investment. Justification: (i) To enable us to comply with legal obligations; (ii) Our legitimate interest.
• To monitor equal opportunities for prospective employees and our suppliers - managing race, gender, and disability information as part of our equal opportunities monitoring processes. Justification: (i) To comply with the Broad Based Black Economic Empowerment Act, 2003; (ii) Our legitimate interest.

7.4

Where we cannot rely on an alternative legal justification for our handling of your personal information above, we will rely on your consent. Where we do so, you are free to withdraw your consent at any time by contacting us. However, where you withdraw your consent, the consequences in section 6 may apply.

7.5

Generally, where you are our supplier, we handle your personal information on the basis that it is necessary to do so in connection with our contract with you. We may also handle your personal information to further our legitimate interests, such as to optimise the working environment, and our other business interests or in terms of the law. In all instances we will have a lawful justification to handle your personal information.

8.1

Airlink may disclose your personal information to:

• Our employees, affiliates, contractors or third-party service providers;
• Our business partners including airlines with which we code share, which provide services to you or with which you may interact as part of your dealings with us;
• Financial institutions in the case of refunds;
• Persons to which we transfer our rights and obligations under our contracts with you;
• Our insurers and our professional advisors, including our accountants, lawyers, business advisors and consultants;
• Employment agencies, past employers or companies that contracted you to us, credit bureaux, anti-fraud agencies, sanctions and politically exposed person screening lists;
• Our suppliers
• Law enforcement or regulatory bodies; and
• Customs and immigration departments or other regulatory authorities in your country of departure and/or destination to comply with the law of those countries;
• Any other juristic or natural person for any authorised purpose with your consent.

8.2

We may disclose the personal information of other persons where necessary (for example, another person on whose behalf you have booked a flight) to our service providers and business partners.

8.3

We will never sell personal information.

9.1

Your personal information may be transferred to, or stored in, a country other than South Africa. This may include your personal information being transferred to, and stored with, Airlink’s third party suppliers and service providers, such as when you fly to or from a location outside South Africa and hosting or information technology service providers located outside of South Africa, for some of the purposes listed above.

9.2

Where the personal information is transferred outside of South Africa, it will be transferred to a country with suitable protections on personal information or will be transferred subject to an agreement or rules that protect the personal information.

10.1

If you are a customer of Airlink we may send you marketing communications from time to time that may be of interest to you. Each time you receive such a communication from us, there will be a simple and convenient method of opting out of receiving future marketing communications from us.

10.2

If you are not a customer of Airlink we may request your permission to send you marketing communications from time to time that may be of interest to you. If you decline the request, Airlink will not send you marketing communications.

11.1

We may hold personal information in either electronic or hard copy form. In both cases we will take reasonable and appropriate steps to ensure that the personal information is protected from misuse and loss and from unauthorised access, modification, or disclosure.

11.2

We keep personal information for as long as we need to achieve the purpose for which it was collected and any other permitted linked purpose (for example your personal information which is relevant to a transaction may be retained until the time limit for claims in respect of the transaction has expired or to comply with regulatory requirements regarding the retention of such information). If personal information is handled for 2 purposes, we will retain it until the purpose with the latest period expires but we will stop using it for the purpose with a shorter period once that period expires.

11.3

Personal information is destroyed or irreversibly anonymised when no longer needed or when we are no longer required by law to retain it (whichever is the later).

11.4

We restrict access to the personal information to those authorised persons who need to use it for the relevant purpose(s).

12.1

You have the right to contact us at any time requesting:

• Confirmation that we have your personal information;
• Access to the records containing your personal information or a description of the personal information that we hold about you; and
• The identity or categories of third parties who have had, or currently have, access to your personal information.

12.2

You also have the right to object to our handling of your personal information on reasonable grounds where our justification for doing so is our or your legitimate interests.

12.3

When making a request we require adequate proof of identity which will include providing a certified copy of your identity or registration document/s.

12.4

We will try to provide you with suitable means of accessing information, where you are entitled to it, by for example, posting or emailing it to you.

12.5

There may be instances where we cannot grant you access to your personal information. For example, if your access would interfere with the privacy of others or would result in a breach of confidentiality, we may need to refuse access. If we refuse access, we will give written reasons for our refusal.

12.6

If you believe that any personal information that we hold about you is inaccurate, irrelevant, outdated, incomplete or misleading, you may request us to correct it. If you believe that any personal information that we hold about you is excessive or has been unlawfully obtained or that we are no longer authorised to retain the information, you may request that we destroy or delete it. We will consider if the information requires correction, deletion or destruction and if we do not agree that there are grounds for action, you may request that we add a note to the personal information stating that you disagree with it.

12.7

We may charge a reasonable fee to cover our administrative and other reasonable costs in providing the information to you. We will not charge you for simply making the request or for us making any corrections to the personal information.

You also have the right to complain to the Information Regulator where you believe that we are not handling your personal information in accordance with the law. Complaints may be sent to the following email address: complaints.ir@justice.gov.za

13.1

If you believe that your personal information has been unlawfully accessed or acquired, you may contact Airlink's Information Officer using the contact information below and provide details of the incident so that Airlink can investigate it.

We are required to take steps to ensure that the personal information we hold is accurate, complete, relevant, not misleading and up to date. Should your personal information (or the personal information you provide) change, you must inform us and provide us with all changes as soon as reasonably possible to enable us to update the personal information.

Airlink is located in South Africa and third parties to which we provide access to your personal information are located worldwide. The personal information you provide to us, may therefore be transferred outside of the European Economic Area, including to countries which may not offer an equivalent level of protection to that in the European Union. Article 49 of the European Union’s General Data Protection Regulation allows for transfer of personal data from the European Union to a third country if the individual has explicitly consented to the transfer of personal information, regardless of the third country's level of protection. By providing us with personal information, you consent to the transfer of all such information to South Africa and other countries which may not offer an equivalent level of protection to that in the European Union and to the handling of that information in terms of this Privacy Notice.

If you have any questions about this Privacy Policy, or you wish to update your personal information or exercise any of your data subject rights you may complete the following forms:

• Objection to the processing of personal information
• Correction or deletion of personal information
• Direct Marketing Personal Information Use Consent

Found under this link https://www.flyairlink.com/legal-and-privacy/popi-act