Skip to main content
Covid-19
Customer Service

Privacy Policy of Air Corsica

This document is intended to give you all the information available on the processing of commercial personal data that Air Corsica may implement in connection with its activity as an air carrier.

Privacy Policy on the processing of commercial personal data.
Air Corsica. Version 1.2 Temporary on Thursday, February 21, 2019. Published online on 15 March 2019.

Chapter 1 – General

1.1 – Purpose of this document

This document is intended to give you all the information available on the processing of commercial personal data that Air Corsica may implement in connection with its activity as an air carrier.

By commercial personal data, we refer to all personal data relating to Air Corsica customers, but also those requesting information from us or using one of our information tools (websites, mobile applications, social networks).

These operations may result from direct exchanges with Air Corsica or exchanges with one of our partners (Travel agents, Tours Operators, other airlines, etc.).

This document intends to be as clear and as self-explanatory as possible. We remain at your disposal, should you require any additional information as may be necessary.

This document does not relate to the processing of personal data relating to our exchanges with our suppliers, the various public and private organisations involved in the operation of our company and operations relating to the management of our staff.

1.2 – Definitions

1.2.1 Personal Data

By personal data, we refer to any type of information relating to a natural person: name, first name, date of birth, gender, photograph, address, email address, phone number, IP address…

1.2.2 GDPR

Regulation relating to the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing directive 95/46/EC (general regulation on data protection). The text is available at the following address: https://www.cnil.fr/fr/reglement-europeen-protection-donnees

1.2.3 www.aircorsica.com

 The internet portal www.aircorsica.com is operated by Air Corsica, Semi-Public Limited Company, with Board of Directors and a Supervisory Board, with share capital of Euros 15,015,520 - Napoleon Bonaparte Airport - P.O. Box 505 - 20186 Ajaccio Cedex. Tel. (switchboard): 0825 35 35 35 (€0.20/mn).

1.2.4 Controller of personal data

The controller of your personal data is Air Corsica, represented by its Chairman of the Executive Board.

1.2.5 Data protection officer

The data protection officer, also called DPO (for Data Protection Officer or sometimes even Data Privacy Officer) is the person in charge of protecting personal data within an organisation.

1.2.6 Supervisory authority

In terms of protection of personal data, the competent authority in France is the CNIL (National Commission on Computer Technology and Freedom, https://www.cnil.fr).

1.2.7 Air Corsica Information System

The IT system of Air Corsica includes all IT resources used by our company to carry out our air carrier activity.

1.3 – Purpose of the collection and processing of personal data

Air Corsica collects and processes personal data for the reasons (purposes) follows:

  • Establish commercial contracts with its customers, directly or through its partners, in accordance with current regulations, including air transport regulations
  • Offer its customers and potential customers the best possible experience, particularly during visits to our websites or use of our mobile applications.
  • Get our company known, by informing Internet users of it
  • Develop our business, by offering our services to potential customers thanks to the opportunities offered by digital marketing tools
  • Participate in the national and European efforts in the fight against crime and terrorism, by complying with all our obligations in terms of collaboration with police services.

The GDPR clearly identifies the purposes that may justify and legitimise the collection and processing of personal data. These points will be specified hereafter.

Chapter 2 - Processing of personal data related to the company’s websites

2.1 – Personal data that is collected and processed by us

Initially, there are two main types of personal data processed:

2.1.1 Personal Data automatically collected and saved

When you visit the www.aircorsica.com we collect and store non-nominative data concerning you.

We will explain to you hereafter the processing applied to this data.

2.1.2 Personal data collected and recorded via forms

When you visit www.aircorsica.com we collect and store data entered by you by completing a form.

A distinction may be made between data entered as part of a contract (most often the purchase of an airline ticket) and the data entered in a non-contractual framework (signing up for our newsletter, for example).

On the date of drafting this document, the site www.aircorsica.com offers you the opportunity to enter data in the following cases:

  • Creation of an internet account (non-contractual framework)
  • Signing up for the Newsletter (non-contractual framework)
  • Membership of a loyalty program (contractual framework)
  • Subscription to the membership programme (contractual framework)
  • Purchase of an air ticket (contractual framework)
  • Car rental (contractual framework)
  • Online registration (contractual framework)
  • Managing my reservation (contractual framework)
  • Litigation and claims (contractual framework)
  • Assistance to persons with reduced mobility (non-contractual framework)
  • Internet support (non-contractual framework)
  • Requests for information (non-contractual framework)

These points will be described in detail hereafter (paragraph 2.3)

2.2 – Collection of your consent to record personal data

For recording data on a contractual basis (sale of air tickets and related products), we collect your consent when you accept the terms and conditions of sale or the general terms and conditions of use. These consents remain valid at least until the end of the contract in question, except when we are subject to a regulatory obligation of retaining such data (tax and accounting obligations, obligations relating to the safety of persons and property, see in more detail in subsequent paragraphs).

For the recording of data in a non-contractual framework, we collect your consent explicitly (invite you to tick a box generally), in accordance with the rules defined in the GDPR. These consents remain valid up until a predetermined and clearly indicated date (generally 13 months), unless you want to withdraw these consents. This procedure of withdrawing your consent will be clearly indicated hereafter.

2.3 – Data Processing

2.3.1 Processing of personal data collected and recorded automatically

In order to continually improve our client relationship tools, and in particular the website of our company, we process the data referred to in paragraph 3.1 of this document to obtain the following information:

  • The start date and time of your visit to www.aircorsica.com
  • The address of the referrer’s website (that you visited just before going to www.aircorsica.com)
  • The pages visited on www.aircorsica.com.
  • The IP address of your device
  • The characteristics of the device you use to visit our site (type of device, operating system, browser, identifiers of the device)
  • The services of our site you used during your visit?
  • Searches that you carried out during your visit

Analysis of such information enables us to accurately determine whether our website www.aircorsica.com fits your needs, the parts that we need to improve or develop further and the forthcoming changes to be made.

To analyse such data we use Google Analytics (https://www.google.fr/analytics/terms/fr.html). The privacy policy relating to this service is available at the following address: : http://google.com/intl/fr/analytics/learn/privacy.html

This monitoring solution requires us to place a text file (cookie) on your machine (computer, smartphone or tablet), which allows us to recognise you and follow you during your visit to our website. Such cookie placement is, of course, subject to your agreement (message informing you of the use of a cookie and requesting explicit consent).

Information about your use of our website is recorded by Google. In order to further strengthen our measures for protecting your privacy, we use a specific feature for anonymising your IP address.

Feel free to refuse the placement of cookies on your device (change your browser settings for this), but in this case you may not be able to benefit from all the features of our website.

For users not wanting to send any data to Google Analytics, it is possible to install an add-on software on your browser provided free of charge by Google itself (https://tools.google.com/dlpage/gaoptout?hl=fr).

As regards the collection and processing of navigation data, the legal framework for the collection of personal data is the explicit consent (Article 6 of the GDPR). You can manage such consent, within a few minutes, by going to your personal space.

2.3.2 Processing of personal data collected and recorded via forms

2.3.2.1 Creation of an Internet account

In order to facilitate the use of our website www.aircorsica.com, we propose creating an internet account. The creation of this account subsequently means that you do not have to re-enter your contact information during each ticket reservation.

When creating the internet account, you are prompted to enter the following information:

  • Title
  • Last name,
  • First name,
  • Email address
  • Address, postal code, city, country
  • Telephone:
  • Favourite departure airport
  • Travel frequency
  • Corporate travel(s)
  • Password creation
  • Request for newsletter

Such data is stored by us securely on our own servers. They are then reused to automatically complete other forms on the website without having to re-enter the data.

When creating your account, we invite you to sign up to our Newsletter. Details of subscription to the Newsletter can be found in section 2.3.2.2 of this document.

As regards the creation of an internet account, the legal framework for the collection of personal data is the explicit consent (Article 6 of the GDPR). You can manage such consent, within a few minutes, by going to your personal space.

2.3.2.2 Subscription to the Air Corsica Newsletter

In order to keep you regularly informed of our commercial offers and, more generally, to keep you updated with company news, we recommend that you sign up to our newsletter. Once you sign up, you will receive our newsletter by email.

When signing up to our Newsletter, you are prompted to enter the following information:

  • Email address
  • Postal code
  • Favourite departure airport
  • Travel frequency
  • Corporate travel(s)

Such data is stored by us securely on our own servers.

On the basis of such data, the entire process of sending the Air Corsica Newsletter is carried out by NSP,1 Traverse des Brucs 06560 Valbonne, France, support@smartp.com. We regularly carry out audit operations to measure the effectiveness of the actions taken by NSP in terms of confidentiality relating to the processing of personal data. NSP’s privacy policy is available at: https://www.smartp.com/politiqueconfidentialite or may be requested by email at support@smartp.com

As regards subscription to the Air Corsica Newsletter, the legal framework for the collection of personal data is the explicit consent (Article 6 of the GDPR). You can manage such consent by going to your personal space at the following address: https://www.aircorsica.com/flights/newsletter/manage/auth

2.3.2.3 Membership of the loyalty programme

To reward the loyalty of our customers, we offer a specific programme accessible using the website “ https://www.jegagne1billet.com/ ”.

The programme rewards our most loyal customers providing a free ticket for 12 round trips made on our routes during a 12-month period (see the website for more details). Anyone wishing to register is invited to complete a form containing the following information:

  • Title
  • First name
  • Last name
  • Date of Birth
  • Complete address
  • Telephone
  • Email

The form invites you to create a password to access the dedicated space for entering supporting documentation for flights and the acceptance of the terms and conditions of membership (available for reading).

Such data is stored by us securely on our own servers. The data collected will be used by Air Corsica only within the framework of this loyalty program.

Furthermore, the form asks if you want to receive Air Corsica offers (equivalent to subscription to the newsletter) without any obligation.

As regards membership of Air Corsica’s loyalty programme, the legal framework for the collection of personal data is the establishment of a contract by which Air Corsica undertakes to provide you with benefits as a reward for your loyalty (Article 6 of the GDPR). You may terminate this agreement at any time. To do this, please go to your personal space at the following address: https://www.jegagne1billet.com/ to follow the steps in order to terminate your contract.

2.3.2.4 Subscription to the membership programme

We offer our regular customers a paid subscription card, which enables them to benefit from preferential tariffs. The details of the programme are available at the following internet address: “https://www.aircorsica.com/aircorsicaplus.html”

Subscription to this programme is made at the following internet address: “https://www.aircorsicaplus.com/”. Anyone wishing to subscribe to it is invited to complete a form containing the following information:

  • Title
  • First name
  • Last name
  • Date of Birth
  • Complete address
  • Telephone
  • Email

The form invites you to accept the terms and conditions of membership (available for reading).

 

 

Such data is stored by us securely on our own servers. The data collected will be used by Air Corsica only within the framework of this subscription programme.

Furthermore, the form asks if you wish to receive Air Corsica offers (equivalent to subscription to the newsletter) without any obligation.

Payment for the membership is made at a later stage (reminder by an Air Corsica business advisor).

As regards membership of the Air Corsica loyalty programme, the legal framework for the collection of personal data is the establishment of a contract by which Air Corsica undertakes to provide you with benefits as a reward for your subscription (Article 6 of the GDPR). You may terminate this contract at any time. To do this, please go to the following address https://www.aircorsicaplus.com/ to follow the steps to terminate your policy.

2.3.2.5 Purchase of air ticket

When booking one or more tickets and related services, we collect the following data:

  • Title
  • Last name
  • First name
  • Email
  • Telephone
  • Date of birth for babies, children, youth and seniors.

This data is recorded in our booking system operated by our partner Amadeus (http://www.amadeus.com/).

Amadeus is a company governed by Spanish law, created in 1987 by Four European airlines (Air France, Iberia, Lufthansa and SAS) in order to create a common structure for the computerised distribution of air segments and then combine the entire offer for the sale of air tickets for all companies (Source Wikipedia).

This data is stored and used until the end of your trip and also for ground operations such as check-in and boarding control.

During this period, this data is stored on the Amadeus servers, located in the data hosting centre of Amadeus, based in Erding (Germany).

Amadeus’ services comply fully with the regulations for the protection of personal data and particularly the GDPR. We carry out inspections regularly to measure the effectiveness of the actions taken by Amadeus in this area.

Online payment transactions are performed by SOGECOMMERCE for all our routes (except for London to Corsica) and MONETICO (for our London to Corsica route).

Furthermore, Air Corsica also retains a part of this data in its accounting records (Invoice No., payment) in accordance with the obligations in force in France on the day this document is drafted.

Furthermore, Air Corsica also retains this data within the framework of regulatory obligations related to national security. This data is stored in a dedicated computer tool, with limited access, and intended particularly to respond to requests from police services.

In accordance with the provisions of Article L34.5 of the Postal and Electronic Communications Code, Air Corsica may send you an email of commercial offers relating to services similar to those that were purchased from our company. You may refuse to receive these offers at any time by following the Unsubscribe link contained in every message sent.

As regards the purchase of air tickets and associated services, the legal frameworks for the collection of personal data are:

  • The establishment of a contract in which Air Corsica undertakes to transport you on its routes according to the terms and conditions accepted by you when making the reservation on our website,
  • The various legal obligations to which Air Corsica is subject

2.3.2.6 Car Rental

On some of our flights, we offer advantageous conditions with our partner Hertz for a rental car upon arrival at the airport.

To this end, we send a part of the data entered by you when booking your ticket to our partner.

This data is used for drawing up the rental agreement that you will be invited to complete and sign when collecting the vehicle from the relevant Hertz counter.

The basic rental tariff is paid to Air Corsica when booking air tickets (group purchase, single payment, invoice drawn up by Air Corsica Voyages, travel agency wholly-owned by Air Corsica). Any additional services are settled directly with Hertz upon provision or return of the vehicle.

When processing your personal data, Hertz undertakes to apply all measures defined by Air Corsica so that your rights relating to personal data are fully respected. Hertz’s privacy policy is available at the following website: https://www.hertz.fr/rentacar/navigation/templates/privacyPolicyView.jsp

As regards car rental in addition to the reservation of Air Corsica tickets, the legal framework for the collection of personal data is the establishment of a contract in which Air Corsica and Hertz undertake to provide you the benefits of their shared services (Article 6 of the GDPR).

2.3.2.7 Online check-in

We now offer the option of online check-in from 36 hours up to 30 minutes before the flight. For more information: https://www.aircorsica.com/billet-avion/enregistrement-vol.html

To do this, you will be prompted to enter your family name, as well as your reservation login details.

The processing performed by us is fully integrated into the overall Amadeus process (reservation, check-in, boarding). The provisions regarding personal data protection are therefore identical to those described in paragraph 2.3.2.5.

2.3.2.8 Manage my reservation

We offer the opportunity to verify the status of your reservation any time and change it under certain conditions. For more information: https://www.aircorsica.com/billet-avion/ma-reservation.html.

To do this, you will be prompted to enter your family name, as well as your reservation login details.

The processing performed by us is fully integrated into the overall Amadeus process (reservation, check-in, boarding). The provisions regarding personal data protection are therefore identical to those described in paragraph 2.3.2.5.

2.3.2.9 Litigation and Claims

We offer the option of making a claim following a problem encountered during an Air Corsica flight. We have a specific and dedicated website to collect your requests. For more information: https://www.aircorsica.com/litiges-reclamations.html

Your claim file may be completed at the following website: https://support.aircorsica.com/formulaire/identification/

You will be invited to complete a form including the following data:

  • Capacity (individual or tourism professional)
  • Title
  • Last name
  • First name
  • Telephone
  • Email
  • Full address
  • Air Corsica loyalty programme member (Yes/No)
  • Member of the Flying Blue programme (Yes/No)

This personal data is used to create your claim file. This data is stored securely by us on our own servers.

The filing of a claim leads to the acceptance of the general terms and conditions for the use of the service available at the following website: https://support.aircorsica.com/cgu/

If your complaint were to lead to compensation from us, you would then be invited to enter your bank information for payment.

Personal data processed in this context shall not be used for other purposes.

As regards filing a claim, the legal framework for the collection of personal data is the establishment of a contract in which Air Corsica undertakes to examine and if necessary proceed with your application relating to the execution of an air transport service (Article 6 of the GDPR).

2.3.2.10 Forms for sending electronic messages

We provide forms facilitating messages to be sent to our various departments. This includes the following forms:

  • Assistance to persons with reduced mobility
  • Online support
  • Request for information

These forms, once completed by you, automatically create electronic messages (emails) sent to our services.

These messages are archived in our messaging system.

The personal data they contain are not used for purposes other than answering your requests.

Chapter 3 – Processing of personal data relating to travel documents (other than processing related to the website).

3.1 – General principles

The use of our website is not the only means of booking a ticket on one of our flights.

You can do this easily by going to a travel agency, using the services of a tour operator, a partner site of our company or even one of our mobile applications. You can also contact our call centre or make a reservation at the counter in one of the airports that we service.

In all cases, we apply the same principles to ensure compliance of the processing carried out on your personal data.

We therefore ensure that all of our marketing channels fully comply with the regulations in force in this area. This translates into strict requirements by us when drawing up distribution agreements with our partners.

3.2 – Processing carried out on our booking system

Regardless of the means used to buy a ticket on one of our flights, your reservation is eventually recorded in our system.

3.2.1 Purchase of a ticket from our company

When booking one or more tickets and related services directly from our services, we collect the following data:

  • Title
  • Last name
  • First name
  • Email
  • Telephone
  • Date of birth for babies, children, youth and seniors.

This data is recorded in our booking system operated by our partner Amadeus (http://www.amadeus.com/).

Amadeus is a company governed by Spanish law, created in 1987 by four European airlines (Air France, Iberia, Lufthansa and SAS) to create a common structure for the computerised distribution of air segments, then combining the combined offer of all companies for the sale of tickets (Source Wikipedia).

This data is stored and used until the end of your trip and also for ground operations such as check-in and boarding control.

During this period, this data is stored on the Amadeus servers, located in the Amadeus data hosting centre, based in Erding (Germany).

The Amadeus services fully comply with the regulations for the protection of personal data, and in particular the GDPR. We carry out inspections regularly to measure the effectiveness of the actions taken by Amadeus in this area.

Air Corsica also retains a part of this data in its accounting records (Invoice no., payment) in accordance with the obligations in force in France on the day of drafting this document.

Furthermore, Air Corsica maintains this data within the framework of regulatory obligations related to national security. This data is stored in a dedicated computer tool, with restricted access, and specifically intended to respond to potential requests from police services (Indicate the applicable texts here).

As regards the purchase of air tickets and related services, the legal frameworks for the collection of personal data are:

  • The establishment of a contract in which Air Corsica undertakes to transport you on its routes according to the general terms and conditions of sale accepted by you when booking on our website,
  • The various legal obligations that Air Corsica is subject to

3.2.2 Purchase of a ticket from one of our partners

Like all the airlines, we market our services through partners selected by us.

Therefore, and unless otherwise indicated, it is with this entity that you contract with when purchasing your ticket, whether as part of a flight alone or a package tour (transport + accommodation package, for example).

We would therefore invite you to check the guarantees offered by the service provider in respect of processing your personal data. Indeed, although we apply a strict policy in this area, we shall not be held responsible in the event of non-compliance with legal obligations on the part of the said service provider.

As a priority, it is with this service provider that you should discuss claims or complaints concerning any processing it carries out on your personal data.

However, we shall be your contact if you wish to exercise any of your rights to access personal data insofar as said partner would not be able to meet your request.

Chapter 4 – Organisational and technical measures relating to the protection of personal data.

4.1 - Organisational measures

The protection of the personal data of our clients is our company's constant concern and it is monitored at the highest levels of our organisation.

Air Corsica has created a position of DPO to have an internal resource dedicated to this whole issue. The DPO works daily with the company’s management and various departments, whether to improve existing practices or during the launch of any new projects comprising a personal data component.

The concept of confidentiality is now integrated upstream of projects, as specified in Article 25 of the GDPR.

The company staff required to process personal data are aware of these new challenges.

Access to information is strictly organised and supervised.

All processing of personal data is logged in a processing register made available to the supervisory authority, in accordance with the provisions of Article 30 of the GDPR.

All service providers acting on our behalf and required to process personal data have all the necessary guarantees. Their services are subject to regular checks by us in this area.

4.2 Technical measures

The information system of Air Corsica offers all the guarantees necessary for preserving confidentiality during the processing of personal data.

Air Corsica has its own infrastructure for hosting its information systems. This infrastructure is based on the use of two secure and redundant data centres.

Communication between our various sites is completely secured.

The data processed by us is constantly duplicated and saved, to ensure integrity, availability and resilience of this data, in accordance with the provisions of Article 32 of the GDPR.

Personal data that can be stored on third-party infrastructure are done so as part of contracts that fully comply with the provisions of the GDPR. On the date of validity of this document, indicated at the end of the text, Air Corsica uses the services of the following services providers:

  • Amazon Web Services (indicate the address specified on the AWS contract here)
  • AMADEUS IT GROUP, S.A., a company incorporated in Spain whose registered office is at c/. Salvador de Madariaga 1, 28027 Madrid, Spain (“Amadeus”);

For application and corrective maintenance purposes only Air Corsica uses the services of the following service providers :

  • MAUREVA LTD, 3rd Floor Orange Tower, 72201, Ebene Cybercity, Mauritius

 

Chapter 5 - General provisions

5.1 – Data storage period

The auto-saved data (paragraph 5.1 of this document) will be erased or made anonymous after 14 months.

The data recorded after you complete a form will be stored for a maximum of 60 months, unless required by law.

Data recorded as part of the subscription to our newsletter will be stored until you unsubscribe.

5.2 - Your rights

In accordance with the laws in force at the time of drafting this document, you have the following rights in respect of any personal data processed by us :

  • Right to information,
  • Right to rectification and erasure,
  • Right to restriction of processing,
  • Right to data portability.

You have the right to lodge a complaint with a data protection supervisory authority concerning the processing of your personal data.

For any question relating to the protection of your personal data, you may contact our DPO by email: dpo@aircorsica.com.

5.3 - Data transfer

If personal data are transmitted to third parties for the purpose of performing the contract of carriage and related services, we first ensure that our partners comply with the applicable regulations and comply with the GDPR.