Privacy Policy Virgin Australia Group

• About our activities

  We’re Virgin Australia Group, a group of companies that operates:

  • domestic and international airlines and associated products and services
  • loyalty and VIP programs, including the Velocity Frequent Flyer loyalty program for individuals, and the Velocity Frequent Flyer loyalty program provided as part of the Virgin Australia Business Flyer program.

  
  We offer leisure and business products and services to guests, Organisations, and members of our loyalty programs.

• Our group of companies

  Our companies have different names, so let's look at how everything fits together. 

  When you see the words:

  Virgin Australia Group Group we our us

  We mean:

  Virgin Australia Airlines Pty Ltd Virgin Australia International Airlines Pty Ltd Virgin Australia Airlines (SE Asia) Pty Ltd Virgin Australia Regional Airlines Pty Ltd Virgin Australia Cargo Pty Ltd Velocity Frequent Flyer Pty Ltd Velocity Rewards Pty Ltd

• Third parties who aren't our Service Providers

  Sometimes, you may buy goods or services from another business (a third party) with whom we've connected you. But third party businesses aren't part of the Virgin Australia Group. It means their privacy policies will apply to their activities.

  For example, we recommend that you review a third party’s privacy policy if:

  • you earn or redeem points with a Velocity Partner
  • you fly with an Airline Partner
  • you use a travel agent or third party website to make and manage a travel booking for you
  • you buy products or services from our Travel Partners such as hire cars or hotels.  

• Our team members

  If you’re our current or former employee, this Privacy Policy doesn't apply to your personal information we collected in connection with your employment. It will only apply to you if you interact with us outside of your work duties.

  For example, if you travel with us or use our loyalty programs in your personal capacity.

Personal information

• General information

  General information may include your:

  • name
  • title
  • gender
  • date of birth.

• Contact information

  Contact information may include your:

  • phone number
  • email address
  • postal address.

• Location information

  Location information may include your:

  • home or work address
  • nearest airport, including the airport you nominate when you subscribe to V-mail, your nearest airport identified when you join Velocity Frequent Flyer, or your nearest airport identified when you use the VA or Velocity mobile app (see below)
  • device location when using the VA or Velocity mobile app. While your nearest airport is shared with us from your device, your device location is otherwise only stored on your device and only if you have given your permission for the app to identify your location
  • your origin airport, country and State or Territory when using our websites.

• Payment details

  Payment details may include your billing address and payment methods, such as your:

  • credit, debit, or gift cards
  • Velocity member details
  • Travel Bank details.

• Flight information

  Flight information includes flight details for our flights or Airline Partner flights, such as:

  • fare or seat choice
  • baggage or cargo
  • upgrades or downgrades
  • flight number, time, origin, and destination
  • ticket number
  • Booking Reference (also called a PNR)
  • any lounge access
  • any points claimed or earned for a flight
  • any purchase or use of our in-flight services (where available)
  • any specific assistance or other service requests
  • any interactions with our team members while travelling, including for safety or other incidents. 

• Other travel booking information

  Other travel booking information may include travel products or services that you have bought through our Travel Partners or us, for example:

  • insurance
  • hotels
  • experiences
  • car hire.

  It may also include booking and other information for cargo services provided by us or Service Providers. 

• Communication details

  Communication details include:

  • your calls to or from our contact centres (including recording calls unless you request at the start of the call that we don't record you)
  • any notes by us on your booking or account
  • any recorded interactions we have with you (for example, through email, live chat, or social media)
  • any information you give us when you contact us, provide feedback, make a claim, request access or correction to personal information, or make a complaint. This includes any written information, as well as photos or videos you share with us
  • any information you give us when you take part in a competition, surveys, make an enquiry or provide us with feedback. 

• Work details

  Work details include:

  • your job title or role
  • where you work
  • a link between your booking and an Organisation
  • a link between your loyalty account or activity and an Organisation.

• Entry requirement information

  Entry requirement information may include documents, document numbers or declarations required for entry to an Australian or international destination, such as your:

  • visa
  • passport
  • vaccination status. 

• Identification information

  Identification information may include details of government-issued identification documents, such as your:

  • driver’s licence
  • passport
  • marriage certificate.

  
  Please note that we may request the document number or a copy of the original document. We will only ask for this information where we need to confirm your identity or a change in your circumstances, or this information is needed to facilitate your travel or a change to your loyalty program membership.

• Loyalty membership information

  Loyalty membership information includes information related to your membership of, or interaction with, our consumer and business loyalty programs or other loyalty programs, including:

  • the name of the loyalty program
  • your membership number, tier, status, and points balance
  • points or other benefits transferred, earned, and redeemed
  • family pooling arrangements you set-up or are part of
  • any transactions you make with a Velocity Partner through your membership
  • your interactions with us through your membership, including any offers you activate
  • incentives or competitions you take part in through your membership or using your membership number.

• Lounge membership information

  Lounge membership information includes personal information we collect when you buy a Lounge membership or pass or when we administer your membership. It also includes details provided when you enter and use a Virgin Australia Lounge (as a member or guest), including:

  • loyalty program information
  • name
  • contact details
  • how you use the Lounge, including your use of the Lounge Wi-Fi. 

• Preferences and circumstances

  Depending on your relationship with us, including if you take part in one of our loyalty programs or subscriptions, we may collect other personal information about you that tells us more about your preferences and circumstances, including:

  • travel preferences
  • lifestyle interests
  • communication preferences
  • preferences and requests from members in our VIP program
  • work or business
  • household make-up and family members (for example, if you use family pooling as part of your Velocity membership)
  • personal information and insights from data broking, data analytics, data washing and data matching activities.

  
  We may collect this personal information from you or from a third party. Please read section 5 of this Policy for more details about how we collect personal information.

• Security cameras

  We collect security camera footage for the safety of our team members and visitors to our locations. 

• Login and verification details

  Login and verification details include the usernames, passwords, and security questions you use to log into your accounts with us. 

• Usage and device data

  We may collect usage and device data from your device, and we may link it with personal information we hold about you. For example, this can happen when you use or have previously used your device or IP address to log into a membership or account with us or visit our website from a communication we sent you.

  Examples of usage and device data we collect are:

  • technical details, such as your:
    • operating system
    • device ID
    • internet protocol (IP) address and city associated with the IP address
    • web browser
    • internet service provider (ISP)
  • how your device or IP address uses websites and apps, such as when you visited and what you viewed
  • how your device or IP address interacts with advertising and marketing communications.

  
  The information we collect may depend on your privacy and device settings.

  See sections 5 and 6 of this Policy for more information about how we use and link:

  • usage and device data
  • content viewed on a website or app
  • actions taken on a website or app.

  
  See our Cookie Policy for more information about how we use cookies.

Sensitive information

• How we collect sensitive information

  Sensitive information is a special type of personal information under privacy laws.

  There are some situations where we need to collect your sensitive information, such as if you need a medical clearance to fly. In these situations, we usually collect your sensitive information with your consent. However, some laws require or allow us to collect it without your consent, for example, in an emergency, or if another exception under the Privacy Act applies. 

  Sometimes, even if we don’t ask for your sensitive information, you may still choose to provide it to us when you interact with us, such as when you make an enquiry or complaint. We ask that you only share sensitive information if it’s relevant. If you do, we’ll collect and handle this sensitive information for the purposes you’ve shared it with us (unless you tell us not to) or otherwise in accordance with our legal obligations.  

  We won’t use your sensitive information for direct marketing without your consent. For example, we may collect and use your sensitive information if you tell us you’re a nervous flyer and want to receive communications to help with this.

• The type of sensitive information we may collect

  We may collect your sensitive information in different situations, for example, when you:

  • ask for specific assistance when using our services, an Airline Partner’s services, or a Travel Partner’s services
  • tell us about dietary requirements that indicate religious beliefs, ethnic background, or a medical condition
  • take part in our nervous flyer program
  • seek medical clearance to fly
  • provide information for a public health or safety requirement
  • are involved in a safety investigation, accident, complaint, claim or health-related matter.

We collect personal information in many ways from various sources

• From you

  We collect personal information from you in many different situations, for example, when you:

  • make or manage a travel booking (including a flight or cargo booking) on our websites or apps, or through our contact centres
  • apply for a membership with us
  • subscribe to our communications
  • use our products or services
  • earn or redeem points with our loyalty programs
  • visit our locations
  • visit our websites or apps
  • contact us
  • take part in our surveys, incentives, or competitions.

• From someone else on your behalf

  We may collect your personal information from someone you have a relationship with, for example:

  • a friend or family member
  • your travel agent
  • an Organisation
  • another airline
  • a travel booking website.

  Usually, this type of collection happens when someone enquires, makes, pays for, or manages a booking, product, service, or account for you. It can also occur when someone transfers loyalty points or benefits to you. 

• From third parties

  We may collect your personal information from third parties who work with us, for example: 

  • Service Providers
  • Airline Partners
  • Marketing Partners
  • Travel Partners
  • Velocity Partners.

  
  We may also collect your personal information from government, law enforcement and regulatory agencies and authorities. They may include police, immigration, customs, and border security.  

  We do this to carry out the activities outlined in section 6.

• From your online activities

  We use cookies and similar technologies to collect usage and device data.
   

  Digital channels we collect usage and device data from include our websites and mobile apps, social media platforms, our direct marketing communications sent to you by email or shown on social media, and advertising on third party websites and applications.

  Please read section 6 of this Policy for more information. You can also read more about this in our Cookie Policy.

Personal information

• For travel bookings

  We may handle your personal information in connection with travel bookings made with us, our Airline Partners, or our Travel Partners, where you have made the booking or someone else had made the booking on your behalf (such as a family member or friend, or an Organisation), including:

  • flight bookings
  • other travel bookings, such as:
    • cargo bookings
    • insurance
    • hotel stays
    • experiences
    • car hire
  • flight and other travel bookings made by an Organisation.
     

  We handle your personal information so we can:

  • make and manage your booking
  • communicate with you (or persons acting on your behalf, including an Organisation or anyone else you have given your Itinerary or Booking Reference to) about your booking
  • communicate with our Airline Partners, Travel Partners, and Service Providers about your booking (if relevant)
  • carry out operational, government and regulatory requirements
  • provide you with products and services related to your booking, such as:
    • flights
    • food and drinks
    • wi-fi and entertainment
    • lounge access
    • specific assistance in connection with your flight, such as where you require wheelchair access.
    • flight disruption support (if you’re eligible)
    • lost or mishandled baggage support
  • process loyalty points transactions or benefits for you or an Organisation
  • investigate and respond to safety investigations, incidents, feedback, complaints, or claims
  • ensure the safety of our team members and guests.

• For memberships and accounts

  We may handle your personal information to manage your memberships and accounts with us, for example, to:

  • create, access, and manage your personal memberships and accounts which you may use in a personal or business context, such as:
    • Velocity Frequent Flyer memberships
    • VIP memberships
    • lounge memberships
    • Travel Bank accounts
    • V-mail subscriptions
  • create, access, and manage Organisation memberships and accounts and user logins, including for Virgin Australia Business Flyer and our charter arrangements
  • allow you to use your login details to access other products or services, such as a Velocity Partner or Travel Partner app or portal
  • provide you or an Organisation with member benefits associated with a loyalty program (depending on the program and your eligibility), including:
    • Velocity Points transactions, including earn, redemption and transfers (including retro claims)
    • status credits
    • tier recognition
    • extra baggage allowance
    • priority boarding
    • appointing a travel coordinator
    • family pooling
    • lounge access
    • benefits with Airline Partners, Velocity Partners, and Travel Partners
  • link you with a Velocity Partner in your personal capacity or where you’re connected with an Organisation
  • communicate with you about your memberships and accounts, or an Organisation’s account you are connected with, for example:
    • responding to enquiries and feedback
    • contacting you with reminders, requests, offers, and updates  
  • carry out administrative and office functions, such as:
    • providing member benefits (as outlined above) in accordance with relevant membership terms and conditions
    • checking that you meet membership requirements in accordance with relevant membership terms and conditions.
    • administering accounts.

• To improve products and services

  We may handle your personal information to:

  • understand how you interact with our:
    • products and services
    • partners
    • offers, marketing and ads
    • websites and apps
  • measure, test, analyse and improve our:
    • products and services
    • partners
    • offers, marketing and ads
    • websites and apps
  • conduct research and surveys, for example, sending you feedback surveys after you fly with us
  • identify trends in customer behaviour and expectations
  • remember your preferences
  • offer useful features, such as:
    • sign-in across our online services using one set of credentials
    • remembering you when you move between our online services
    • remembering you when you return to our online services using the same device
  • improve and protect the security of our online interactions and services, locations, and assets
  • make business decisions
  • carry out quality assurance.

• To make some automated decisions about you

  We may make completely automated decisions on certain matters. For example, the Virgin Australia Group and our Service Providers, Velocity Partners, Airline Partners, Travel Partners, and Marketing Partners may assess existing or potential customers' interest in us and our and related products and services based on your usage and device data.

  The outcome of these activities helps us and our Partners to market products and services to you. See further details on this in the next section. 

• To market products and services provided by us and our Partners

  We may handle your personal information to market, personalise and promote our or third party products and services, for example, to:

  • identify where you have more than one membership or account with us so we can better understand you and make your experience more seamless
  • work out what products, services, partners and offers might interest you and personalise your experience with us
  • send you direct marketing communications unless you have opted out.
  • allow our Airline Partners, Marketing Partners, Travel Partners, or Velocity Partners to:
    • work out what might interest you based on your interactions with us
    • Personalise your experience with them
    • send you direct marketing communications, based on your communication preferences with them.

  
  Depending on your marketing preferences (see more on this below), we may personalise your experience on our digital channels or send you direct marketing communications (which may include reminders to complete a booking) in any of the following ways:

  • email  
  • SMS text message
  • app push notifications
  • postal mail (including membership card packs)
  • phone
  • targeted online ads.

  We may also use personal information to exclude you from seeing or receiving personalised content and direct marketing communications if we think it’s not relevant for you. 

• How you can opt-out of marketing

  We do our best to send or show you relevant and useful content and offers.

  Of course, we understand that you may want to change what marketing you’re receiving from us and how you’re receiving it. You can control the direct marketing you’re getting from us by:

  • using the unsubscribe facility in emails or SMS text messages
  • logging into your membership or account with us to update your communication preferences. If you are a Velocity member or V-mail subscriber, this includes being able to opt-out of seeing targeted online advertising
  • unsubscribing from receiving marketing communications in relation to your flights on our website
  • changing the push notification setting on your mobile device or in the ‘Settings’ section of our mobile apps to opt-out of our mobile app notifications on your mobile device. You’ll continue to receive in-app messaging and personalised offers, unless you log out of the mobile app
  • calling or emailing to ask to opt out of direct marketing 
  • opting out of some types of cookies. See our Cookie Policy for more information.
     

  Please keep in mind that:

  • we may market to you through different channels depending on our relationship. It means that if you opt out of one type of marketing, you may still receive other marketing from us. For example, you may opt out of all Velocity marketing but then book a flight with us. So, you may receive a marketing email relating to your flight booking, such as a Travel Partner car or hotel offer, or a post-flight survey.
  • even if you opt out of all direct marketing communications, we'll still contact you about important things, such as:
    • changes to our terms and policies
    • password reset requests
    • booking confirmations
    • flight updates
    • membership status changes
  • even if you opt out of all direct marketing communications, you may still see our general marketing and advertising campaigns. 

• For our business operations

  We will handle your personal information as part of our business operations, for example, to:

  • confirm your identity or authority so we can give you access to a booking or account, a secured area or information
  • make sure people and locations are safe
  • respond to a possible or actual emergency or crisis, including threats to health, safety, or security
  • investigate, review, and respond to enquiries, feedback, complaints, and claims
  • block, suspend or cancel an account, membership or booking according to applicable terms and conditions
  • detect, prevent, investigate, and respond to possible suspicious, unlawful, misleading, malicious, or dishonest activities
  • give you a new account, membership or booking according to applicable terms and conditions
  • carry out reporting, planning, administration, and operations, for example:
    • business planning and corporate governance
    • record-keeping and archiving
    • systems development and testing
    • team member coaching and training.
  • to facilitate corporate transactions. 

• To meet legal requirements

  We may handle your personal information to meet or enforce legal requirements or take appropriate action, for example:

  • to detect, prevent, investigate, and respond to possible:
    • suspicious, unlawful, misleading, malicious, or dishonest activities
    • security, health, or safety incidents, including possible data breaches or cyber-attacks
    • a breach of our terms, contracts, or policies
  • to comply with any relevant laws, regulations, legal process, government, or authority request, for example:
    • to help find a missing person
    • to respond to a possible or actual unlawful activity or serious misconduct
    • to respond to a request for information made under a relevant law or a court or tribunal order
    • to respond to an emergency event or a threat to health, life, or safety
    • to comply with the Aviation Transport Security Regulations 2005, Customs Act 1901, Migration Act 1958, Civil Aviation Act 1988, and Civil Aviation Regulations 1988
  • to evaluate our compliance and manage risk
  • protect and enforce our legal rights, our interests, or the interests of others. 

Sensitive information

• For travel bookings

  We may handle your sensitive information for personal or Organisation travel bookings made with us, our Airline Partners, or our Travel Partners, including:

  • flights
  • other travel bookings, such as:
    • cargo bookings
    • insurance
    • hotel stays
    • experiences
    • car hire

  
  We may handle your sensitive information so we can:

  • assist with specific assistance requests such as accessibility, mobility, or meal requirements. 
  • help you fly with us, for example, where you need medical clearance. Please refer to our Medical Clearance Guidelines for further information.

• For membership and accounts

  We may handle your sensitive information to manage your memberships and accounts with us, including your Velocity membership. Examples include:

  • pausing your membership
  • processing a request to appoint an authorised representative to manage your account.

• For medical help

  We may handle your sensitive information to give you medical help at the airport, on a flight, or at any of our locations. 

• To respond or investigate

  We may handle your sensitive information to respond to and investigate incidents or claims, including health or safety issues.

• To meet legal requirements

  We may handle your sensitive information to meet or enforce legal requirements or take appropriate action. We may do this for the same reasons that we collect personal information to meet legal requirements. Those reasons are outlined in the section above.

• In the Virgin Australia Group

  We may share personal information between our Virgin Australia Group companies. This information is collected during each company's operations. We collect, use, and disclose personal information between Virgin Australia Group companies to:

  • carry out Virgin Australia Group's functions and activities
  • carry out the functions and activities of individual companies in the Group.

• With third parties

  The third parties we may share  personal information with include: 

  • third parties acting on your behalf
  • Service Providers
  • Airline Partners
  • Travel Partners
  • Velocity Partners
  • Marketing Partners
  • government, law enforcement, regulatory and industry bodies. 
     

  We may also share de-identified insights and analytics between Virgin Australia Group companies and with third parties.

  Service Providers	We may: receive personal information from Service Providers who help us provide our products and services and run our business. share personal information with Service Providers who help us provide our products and services and run our business.     We may do this to: provide you with products and services you have purchased from us, including flight or other travel bookings, as well as products or services connected with those bookings such as catering, in-flight entertainment, and Wi-Fi in our lounges or on our aircraft help you to participate in our loyalty programs and access and manage your accounts help us respond to your feedback, complaints, and enquiries, including through our call centres help you to enter competitions and provide you with prizes provide and support our technology and operations systems understand you better and improve, personalise, and promote products and services help our Velocity Partners, Airline Partners and Travel Partners understand you better and improve, personalise, and promote products and services. detect, prevent, investigate, and respond to possible suspicious, unlawful, misleading, malicious, or dishonest activities.
  Airline and Travel Partners	We may: receive personal information from our Airline Partners and Travel Partners share personal information with our Airline Partners and Travel Partners. We may do this to: plan, manage and operate our travel-related services and benefits. For example, when you book a codeshare or loyalty redemption flight with us allow our Airline Partners and Travel Partners to plan, manage and operate travel-related services and benefits. For example, when you book a codeshare or loyalty redemption flight with one of our Airline Partners or make a booking with a Travel Partner using Velocity Points understand you better and improve, personalise, and promote products and services help our Airline Partners and Travel Partners understand you better and improve, personalise, and promote products and services.
  Velocity Partners	We may: receive personal information from our Velocity Partners share personal information with our Velocity Partners. We may do this to: link your Velocity membership account with a Velocity Partner account and share details between us and them, such as your points balance or status help you to earn and redeem points and benefits with Velocity Partners provide services to our Velocity members or individuals connected with an Organisation understand you better and improve, personalise, and promote products and services help our Velocity Partners understand you better and improve, personalise, and promote their products and services.
  Marketing Partners	We may: receive personal information from our Marketing Partners share personal information with our Marketing Partners. We may do this to: understand you better improve, personalise, and promote the products and services help our Airline Partners, Travel Partners, Velocity Partners, and Marketing Partners understand you better help our Airline Partners, Travel Partners, Velocity Partners, and Marketing Partners improve, personalise, and promote their products and services send and show you direct marketing materials.
  With government, law enforcement, regulatory and industry bodies	We may: receive personal information from government and regulatory bodies for work and public health and safety, security, legal and compliance reasons share personal information with government and regulatory bodies for work and public health and safety, security, legal and compliance reasons.   These government and regulatory bodies may include: Australian Federal and State and international government departments and agencies, and regulatory bodies, and their respective service providers Australian Federal and State, and international, law enforcement agencies and their service providers Australian and international law enforcement bodies and their service providers industry bodies such as IATA and AANZ, if required or permitted by industry codes and standards embassies, consulates, support organisations and families in the event of an emergency or other serious incidents.
  With third parties if there is a sale or merger	As we change and grow, we may: sell, transfer or merge parts of our business or assets with others bring other businesses or assets into the Group. If this happens, we may need to share or transfer your personal information to other Virgin Australia Group members, our advisors or other parties involved in the transaction. For more information, see section 5.

   

• With third parties acting on your behalf

  We may:

  • receive personal information from third parties who act on your behalf.
  • share personal information with third parties who act on your behalf.
     

  Third parties may include anyone who: 

  • makes, pays for or manages a booking or other product or service on your behalf
  • is included in your booking or other product or service you bought from us
  • is travelling with you as a support person
  • can provide your Booking Reference (found at the top of your Itinerary) and confirm the first and last names of one or more passengers included in the booking
  • is the account holder or cardholder of the payment method used to pay for a booking or product or service bought from us, or can provide details of the account or payment card used   
  • works for an Organisation or manages or administers an Organisation’s account with us if your booking, membership, or account is linked to that Organisation. Your booking, membership or account may be linked to an Organisation if your booking includes an ABN, is made through a business’ corporate travel agreement or through a government travel agreement or is linked to a Virgin Australia Business Flyer account. For example, we may share your personal information with a travel agent or an employee of the Organisation. We may share personal information, including your:
    • Itinerary
    • check-in and boarding status, including ‘no-show’ status 
    • incident reports
    • feedback
  • you authorise to manage your Velocity membership
  • tells us they are legally allowed to act for you, such as your:
    • parent or guardian (if you're under 18 years old)
    • attorney, acting under a power of attorney
    • guardian, acting under a guardianship order.

  Where you authorise us to do so, we will also share your personal information with personal digital assistants that use voice or other technology. 
  

We may collect, handle, and share your personal information in specific ways if you're a job applicant

• Job applicant information we collect and how

  If you apply for a job with us, we'll need to collect some personal information, and sometimes also sensitive information, including:

  • your name, identity and contact details
  • information about your education and qualifications
  • information about your past and current work roles, including, with your consent, from:
    • previous employers
    • nominated referees
  • if it's relevant to the role you're applying for and you consent to share it, information about your:
    • health and medical history, including any accessibility or vaccination requirements
    • criminal history
  • public information that is employment-related, including:
    • social media information, such as your Instagram handle or Facebook page
    • professional networking information, such as your LinkedIn profile
  • information for our Diversity and Inclusion Strategy, such as gender, age, and ethnicity, if you consent to share it
  • any other information we request from you during the recruitment process.
  • any other information you include in your application or provided to us or Service Providers helping us with the recruitment process
  • other information from third parties described below.

• How we handle job applicant information

  When we collect personal information for your job application, we may handle it to:

  • receive, consider, verify, and progress your application.
  • get in touch about your application and the job:
    • by email, phone, or in person
    • to request further information or to let you know the outcome of your application
    • to give you feedback about your application
    • to induct you into the role
  • contact you about future opportunities unless you ask us not to
  • analyse and improve our recruitment process, including as part of our Diversity and Inclusion Strategy
  • meet our legal obligations.

• How we share job applicant information with third parties

  We may:

  • collect your personal information from third parties
  • share your personal information with third parties.
     

  We may do this for the reasons above in How we handle job applicant information. We may also do this for other reasons that we will tell you about, if relevant.

  Third parties may include:

  • other companies in the Virgin Australia Group
  • people or companies acting on your behalf, such as recruiters
  • previous employers and your referees (with your consent)
  • other third parties who help us carry out our recruitment activities, such as:
    • recruitment agencies
    • Service Providers that conduct interviews and recruitment-related testing and checks
  • law enforcement or credit reporting agencies to carry out identity, police, and background checks (if it's relevant to the role you're applying for, and you consent)
  • any others required or permitted by law, such as in response to a warrant, subpoena, or court order.

How we secure personal information

• What we do

  We mostly hold personal information electronically in our IT systems and databases. We also hold personal information in telephone recordings and in hard copy paper files. We use third party Service Providers to store some personal information.
   

  We take reasonable steps to protect the information that we hold about you from misuse, interference, and loss, and from unauthorised access, modification, or disclosure.

  To do this, we use a range of physical, electronic, and network security controls.

  These controls are supported by internal policies and processes, as well as training for our team members. 

• What you can do to help secure your personal information

  There are some simple things you can do to help us keep your information secure, such as:

  • choosing a strong and unique password
  • keeping your Itinerary and login details safe
  • telling us immediately if you see any unusual activity on your booking or account
  • sharing your Velocity PIN or Booking Reference (found on your Itinerary) only with those you trust. Don’t share your Booking Reference or Velocity PIN with any other person unless you are happy for them to receive information from us about your booking and travel arrangements and to make changes to your booking
  • only adding an ABN to your booking or providing your booking details to a business or Organisation if you are happy for that business or Organisation to receive information from us about your booking and travel arrangements and to make changes to your booking.
     

  It's important to consider what happens once you share your Velocity PIN or Booking Reference with someone, or if you add an ABN to your booking or provide your booking details to a business or Organisation. The other person, business or Organisation may be able to:

  • receive information from us about your membership and bookings
  • receive benefit in relation to your booking, such a loyalty points
  • access and make changes to your membership or bookings.
     

  For more information about how to protect your personal information online, visit the Australian Cyber Security Centre. 

If you're based in the EEA or the UK, this section may also apply to you

• How we process personal data

  In this Privacy Policy, we talk about how we process personal information. However, the EEA and UK use the term personal data. While the two terms are similar, we have chosen to use the term personal data in this section.
  
  

  We usually process personal data in the ways explained in the rest of this Policy, but it depends on the nature of the personal data and the circumstances. We recommend that you review this section as well as the rest of this Policy for more details about how and why we may process personal data.

  We rely on the following lawful bases as set out in EU/UK data protection legislation to process your personal data:

  • to perform a contract with you:
    • if we need to process your personal data to provide you with a product or service. Examples include providing you with a flight, access to our lounges or membership benefits. 
  • We rely on this lawful basis for the purposes set out under the following headings in section 6:
    • for travel bookings
      
    • for memberships and accounts
    • for our business operations
  • with your consent:
    • if you consent to our processing of your personal data for a specific reason. We’ll tell you about the specific reason at the time that we ask for your consent, for example, collecting and using your sensitive personal data or sending marketing materials. You can withdraw your consent at any time by getting in touch and letting us know.
  • for legitimate interests:
    • if we need to process your personal data because we have a legitimate interest or one of our partners has a legitimate interest. However, we will only process your personal data based on legitimate interests where our interests are not overridden by your own your interests, rights, and freedoms You can object by getting in touch.
    • examples of our legitimate interests include:
      • understanding you, personalising your experience and marketing to you
      • communicating with you about a product or service, including asking for feedback. For example, when we send you a feedback survey after you fly with us
      • sharing, collecting, and using transaction details in connection with our partners. For example, Airline Partner benefits
      • analysing and improving our products and services
      • protecting our customers and business.
  • We rely on this lawful basis for the purposes set out under the following headings in section 6:
    • to market out products and services
    • for our business operations
    • to meet our legal obligations
  • We rely on this lawful basis for the purposes set out under the following headings in section 6:
    • to meet legal requirements
    • to respond or investigate
  • where there’s a vital interest:
    • processing personal data to protect you or someone else, for example, an emergency requiring our quick response.
  • We rely on this lawful basis for the purposes set out under the following headings in section 6:
    • for medical help
  • Where there’s a public interest. 

• Protecting your data before it’s transferred

  If we transfer your personal data to a third party in a country that the European Commission has not declared to have equivalent protections to EEA data protection laws, we use a range of controls to safeguard your personal data. 

  This usually means we have an agreement with the third party that includes appropriate safeguards, and this may include so-called standard contractual clauses issued by relevant data protection authorities. We may also use procedures, standards, and other controls. 

• How long do we keep your personal data

  When we identify retention periods for the personal data we hold, we consider our legal obligations and business needs. This includes the purposes for which we collected the information, as well as any other purposes we’re permitted to use it for.  Sometimes, we're legally required or permitted to keep personal data for a specific time, even if you've ended your relationship with us.

• Other rights for EEA and UK citizens and residents

  As we outlined in Section 12, you have rights to access and correct your personal data. However, if you’re an EEA or UK citizen or resident, you may have additional rights, including asking us to:

  • give you details about how we process your personal data
  • delete your personal data
  • restrict our processing of your personal data
  • stop processing your personal data for direct marketing, legitimate or public interests
  • transfer your personal data to a third party in a portable format.

  
  Sometimes, we may have a legal reason for refusing your request. If this happens, we’ll explain why in writing.

• If you’re unhappy, you can make a complaint

   

  If you’re unhappy with how we’ve handled your personal data, please get in touch. We take privacy complaints seriously, so we'll investigate, respond, and deal with your complaint fairly. We aim to respond within one month.

  However, if you're still unhappy, you can complain to your local UK or EU member state data protection authority (as listed in the "EU data protection authority" link below). 

  UK data protection authority

  EU data protection authority