Privacy Statement SLM
The Surinaamse Luchtvaart Maatschappij NV (also known as “Surinam Airways” and hereinafter referred to as “SLM”) is convinced that the privacy of its passengers (“customers”), as well as that of potential customers and visitors to its website is essential. The personal data of its customers, potential customers and visitors to the website are therefore treated and secured with the greatest possible care. When processing personal data, SLM adheres to the effective and applicable privacy regulations, including the Algemene Verordening Gegevensbescherming [General Data Protection Regulation (hereinafter: “AVG” – Dutch abbreviation)] and the AVG Implementation Act. In this Privacy Statement, SLM informs about the way in which it deals with personal data. This Statement includes (among other things) which personal data is collected, for what purpose it is collected, on what basis this is done, what rights you have with regard to the processing operations and how these are secured. For questions or comments about what has been laid down in this Privacy Statement, please contact: email@example.com.
This Privacy Statement applies to all personal data that SLM processes when you travel with us, purchase or use our services, visit our website or mobile app, or contact us in any other manner.
1. Who is SLM
SLM has its headquarters (Surinam Airways LTD.) in Suriname, at the Mr. Jagernath Lachmonstraat 136 (P.O.Box: 2029) in Paramaribo. In addition, it has a head office in the Netherlands (Surinaamse Luchtvaart Maatschappij N.V.), with its registered office at the M. Hanenbergstraat 17 in Amsterdam. In the context of and for the purpose of performing its activities, SLM processes personal data. The controller for the personal data is Surinam Airways LTD. Whenever “we” or “us” is mentioned in this Privacy Statement, this at least relates to the aforementioned company as the controller with regard to the processing of personal data.
2. The types of personal data that we process
Being an airline company, SLM processes different types of personal data for various reasons, as shown below:
In the context of the implementation of the transport agreement:
In the context of the transport agreement that we conclude with you, we need your personal data, for example, to make a boarding pass for you. The personal data processed by SLM in these cases are:
In the context of providing information about your flight and flight schedule:
We use your e-mail address to send you flight-related information and promotional offers by e-mail, for example to remind you of the check-in, to offer you extra services for your flight (for example with regard to your seat chosen, luggage, meals, or more legroom).
Advance Passenger Information (API): Increasingly more countries of destination (including the United States and Canada, and in the future also Member States of the European Union) require SLM to pass on passenger data on arrival or departure, and in some cases even before flying over the relevant country. These countries request SLM to provide more insight into passenger data in order to prevent and combat possible terrorism. The relevant legal regulations generally include the transfer of data on the identity and travel documents (passport, visa) of the passengers and crew on board. Not all of such data is collected by us at the time of booking. In many cases the data is collected shortly before departure, possibly also via the “machine-readable code” of newer travel documents. We only process this data for transmission to the authorities of the relevant target country in accordance with our legal obligations. Surinam Airways would like to emphasize that the relevant authorities have assured us that your reservation details are only used for security purposes and are only accessible to authorized personnel (Customs and Security and Immigration employees).
Contact persons: If you wish, you can make known to SLM the contact details of a contact person who must be informed in case such is necessary. We link this information to your booking and it is automatically deleted 72 hours after the last flight of the booking.
Contact with SLM:
E-mail newsletter: You may subscribe to the e-mail newsletter via our website. In this context, we process your e-mail address and first and last name. Your data will only be used to offer the newsletter in the context of your permission given to us.
If you contact us yourself (digitally): If you contact SLM by e-mail, app or social media, we process your e-mail address and all data that you leave with us. Your personal data will not be passed on to third parties if you do not consent to this and we process your data in a careful manner.
If you contact us yourself by telephone: If you call SLM, our customer service will answer your questions or complaints and if necessary forward them to our claims department, which maintains a database of complaints handled.
Loyal Wings Program: If you wish, you may use the Loyal Wings Program to pass on extra baggage, ticket upgrades, etc. In this context, we must obtain your name and contact details.
The SLM-website and mobile app
The use of the SLM-website and mobile app:
When you visit our website or mobile app, via your web browser or your telephone, SLM processes various data from you. This includes: IP addresses, the operating system used, browser type and general visit data, such as the most requested pages. The purpose of this is to be able to adapt the layout of the SLM-website as much as possible to the needs of the visitors. This data can also be used to put more targeted information on the website. In this way SLM is able to further optimize its services to you. We process the technical information to enable you to access our website, to guarantee the functionality of our website and the security of our IT systems, and to optimize our website.
SLM also uses analytical cookies. These cookies analyze the use of the website and mobile app. This includes usage statistics such as the number of different visitors, the pages that are visited in particular and the average duration of a visit. We use Google Analytics for this purpose. We have adjusted Google Analytics in such manner that no personal data is stored or shared. We have set up the services so that no personal data is shared with us. For example, IP addresses are protected so that they can no longer be traced back to people. Because these cookies are completely anonymous, we may place them without permission.
SLM also uses tracking and marketing cookies to track visitors across multiple websites. View “The list“ of Cookies we use. With this, SLM collects information to display various advertisements and advertising networks via the website.
If you do not want SLM to place cookies on your device, you can refuse the use of these cookies through the settings you receive when you visit our website, or through your browser options.
In the context of the implementation of an agreement: If you enter into an agreement with SLM for the provision and / or delivery of services, SLM will process personal data in this context, including: your first and last name, place of residence, address, date of birth, place of birth, country of residence, telephone number(s) and passport number, invoice and payment details, etc.
Other legitimate interests: If necessary, we also process your data for purposes other than those mentioned above, also to protect our legitimate interests or the interests of third parties. Our legitimate interests include preventing and investigating fraud, asserting legal claims and setting up a defense in legal disputes. In such cases, it is possible that SLM requests you to identify yourself.
Special personal data
In certain cases, SLM processes so-called special categories of personal data, such as data relating to racial or ethnic origin or to health. SLM may be required to collect, use and share these special categories of personal data for the purposes as described in this Privacy Statement. For example, during your journey to provide you with assistance or facilities that meet your medical needs.
3. How does SLM obtain the personal data it processes
If you provide the information to us
When you book a flight directly via SLM, contact SLM or you subscribe to the e-mail newsletter or receive push notifications via the mobile app, you provide the data to us directly.
If SLM receives the data via a third party, for example a travel agency
SLM obtains your data both from its sales offices located in different countries and from third parties through whom you make your booking. For example, in the case that you book your flight through a travel agency, travel agents and other ticket providers. If you leave your personal data with these parties for the purpose of being sent to SLM to complete your booking, we will receive such personal data.
Via the website, app or social media channels
If you use our website, mobile app or social media channels and you leave your details with us in this way or through the cookie settings that you use in your browser.
4. The foundations on which SLM bases its data processing
SLM processes, uses and stores personal data in the context of the performance of an agreement to provide services, to comply with the legal obligations we have to adhere to, based on our legitimate interests or the interests of a third party or on the basis of the permission you have given.
Below are some examples of the legal foundations. These principles are in accordance with the AVG.
You may withdraw your consent at any time by following the specific instructions for the processing for which you have given your consent. For example, by unsubscribing from the newsletter. You may also contact us by e-mail or in writing to withdraw the permission given.
If you do not want to provide us with the personal data that SLM needs for the implementation of an agreement or compliance with a legal obligation, it may be possible that SLM cannot provide the services requested (in full). If you provide incomplete or incorrect information, the applicable laws force us not to allow you on a flight or you may not be able to enter the foreign territory.
If there are legitimate interests or the interests of a third party, then the interests have always been weighed. Where necessary, SLM has taken appropriate measures to limit the consequences and to protect you against legitimate damage. Where appropriate, safeguarding our safety and that of society will provide a legitimate interest. If you believe that your interests have been prejudiced, you may object to this on grounds of the reasons related to your situation.
5. With which (third) parties does SLM share personal data
Within SLM: Our privacy statement applies to all services that SLM offers. SLM processes your personal data within SLM and its affiliated companies (for an overview, see: https://www.flyslm.com/offices). The type of personal data and the position of the relevant SLM employee will decide who within SLM has access to your personal data.
With regard to certain personal data, or personal data provided for a specific purpose, only certain designated departments and / or persons have access to your personal data. In this respect you may think of IT, Accounting, System & Procedure, Internal Control and the Claims department within SLM.
With third parties: SLM can also pass on your personal data to third parties outside our company, to the extent so permitted by law. SLM has made agreements with these parties. You can think of IT-related companies, parties that run ticket systems and baggage handling. In addition, in certain cases, SLM may be forced to collect your personal data and share it with public authorities or government organizations to facilitate border control, immigration formalities, entry into the territory of any State, security and counter-terrorism. In these cases, SLM is obliged to transfer the personal data if government authorities require such at the point of departure or arrival. For traveling to certain countries, there is a requirement that passenger data is passed on (such as the aforementioned API systems and US Secure Flight Data). This may differ per destination. Even if we are not obliged to do so, we can help with this. In certain cases, personal data is shared with other government bodies if such is required by law.
Third party websites: If you are linked to third-party websites via the SLM website, you will leave our website. This Privacy Statement does not apply to third-party websites. The use of these websites is at your own risk.
6. The security and processing of personal data
SLM takes appropriate (technical) security measures at all times to protect your data against (un)intentional loss and against unauthorized access, use, alteration and disclosure of your personal data. Only authorized personnel have access to the data. If and insofar necessary partners of SLM assume (part of) the implementation, SLM has agreed with them that they will also optimally protect personal data.
7. Retention periods
SLM stores personal data for as long as such is necessary for the purposes described in this Privacy Statement and for compliance with laws and regulations. SLM stores personal data in the context of bookings, purchases or for the implementation of other agreements for as long as such is necessary to process your booking(s), including administration, feedback, complaints, damage, insurance, etc. After processing, we save complaint data, with the exception of passport copies, for a maximum of 10 years. At the end of that period, the data will be deleted, unless the data must be kept for a longer period of time pursuant to a legal obligation. The latter applies in any case to the payment data, which must be kept for 10 years in pursuance of the tax retention obligation.
We keep personal data that we receive because you contact us by e-mail, post, telephone or social media as long as such is necessary to process and follow up your request.
Personal data we receive in the context of job applications – if you are not hired – will be deleted at the latest 1 month after completing the application process, unless you have given permission to save your data for future vacancies.
After the retention periods, we delete your personal data. We may keep your data in anonymous form for analytical, historical or other business purposes.
8. The processing of personal data in third world countries outside the EU
SLM has its registered office in Paramaribo, Suriname. With regard to storing the (personal) data it receives, SLM makes use of servers from parties in (inter alia) the United States. SLM has made agreements with these parties and, in accordance with the established EU model, has concluded EU model contracts that lay down standard provisions.
It may happen that SLM passes on your personal data to countries other than the country in which you reside. This is done in the context of arranging your trip or because our group companies, partners or service providers carry out their work from other countries. The legislation in those countries does not always offer the same level of protection for your personal data. For the transfer of personal data to countries outside the European Economic Area, as a security measure, use may be made of model contract provisions approved by the European Commission.
9. Your rights
To invoke all rights that you have, including the right (1) to view your data, (2) to rectification of your personal data, (3) to delete your personal data, (4) to limit the processing of your data, (5) the right to data transferability and (6) the right to object to processing, please contact firstname.lastname@example.org. There may be a reason why one of the requests below is not met, for example because you would wrongly dispute the existence of a legitimate interest or because there is a legal obligation to process your personal data.
a. Right of inspection
You may request us to be allowed inspection of the personal data that we process about you. If you request this, we can also provide you with additional information, such as the purpose of the data processing, the categories of personal data being processed and any other information you may need to exercise this right properly.
b. Right to rectification
You have the right to rectify your data if it is incomplete and / or contains errors. On request we also correct incorrect personal data or complete incomplete personal data.
c. Right to have data deleted
You have the right to have your personal data deleted. This means that we delete your data and, where possible, that all controllers to whom we have previously disclosed your data also delete the same. If we are unable to comply with your request for removal, SLM will notify this to you.
d.Right to restrict the processing
You have the right to restrict the processing of your personal data. This means that we suspend the processing of your data for a certain period of time. Circumstances that give rise to this include situations where the accuracy of your personal data is disputed, but some time is needed to assess this (in)accuracy. This right does not prevent us from continuing to store your personal data.
e. Right to data transferability
You may request that your personal data – if technically possible – be obtained in a structured, customary and machine-readable form and be transferred to other controllers. Upon request and if technically possible, we transfer your personal data directly to the other controller.
f. Right to object
You have the right to object to the processing of your personal data. This means that you may ask us to stop processing your personal data. This only applies if ‘legitimate interests’ constitute the legal basis for processing.
10. Contact information
If you want to inspect your data, have it corrected, lodge an objection to the use of your data by SLM, or have other questions, comments or complaints about the protection of your personal data by SLM, you may address your response to:
SURINAM AIRWAYS LTD.
SLM reserves the right to adjust this Privacy Statement from time to time. Therefore, please regularly check the most recent version of the SLM Privacy Statement.