Privacy Policy

Thank you for visiting our website - www.bangkokairline.org. We respect and are committed to protecting the privacy of our website visitors, as set out in this privacy policy. By using our website and/or purchasing the services offered on our website, you agree that you have read & accepted the following conditions of our privacy statement.

Article 1. Our commitment regarding the protection of personal data

This Privacy Policy published on our website and our mobile applications explains why and how we collect, record, organize, structure, store, adapt or alter, retrieve, consult, use, disclose, align or combine, restrict, erase or destroy your personal data provided when you travel with us, purchase or use our services, visit our website, use our mobile applications or interact with us. This Privacy Policy also instructs you how to exercise your rights relating to your personal data.

We undertakes in particular to respect the following principles:

- Your personal data are processed lawfully, fairly, and transparently, in accordance with the applicable laws;

- Your personal data are collected for specific, explicit and legitimate purposes and are not further processed in way incompatible with these purposes, in accordance with the applicable laws;

- Your personal data are stored in an appropriate and relevant manner and are limited to what is necessary to the purposes for which they are processed, in accordance with the applicable laws;

- Your personal data are accurate, kept up to date and all reasonable steps are taken to ensure that inaccurate data, having regard to the purposes for which they are processed, are erased or rectified without delay, in accordance with the applicable laws;

In accordance with the applicable laws, we implement appropriate technical and organizational measures to ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.

Furthermore, we contractually impose the same level of personal data protection on its subcontractors (service providers, suppliers, etc.).

Our company undertakes to comply with all other principles required under the applicable regulations on the protection of personal data, and more specifically concerning the rights conferred on data subjects and the obligations relating to cross-border transfers of personal data.

Article 2. Items of personal data which may be collected and processed by us

When using our services and in particular the services accessible on our website or our mobile applications, we may collect and process the following categories of personal information:

- Name, passport number and other identifying information: name, gender, date of birth, passport or other personally identifiable number (date of issuance, place of issuance), nationality.

- Your contact details and personal account or registration details: contact information, such as telephone number, mailing address, email address, fax number; home address, mobile number, private email address, hobbies, preferences and information related to Customer’s special needs;

- Your payment information: payment information of credit or debit card such as name of cardholder, card number, expiry date, verification code;

Information about your reservations, bookings and purchases: reservation and booking information such as your flight, prices and the date of your reservation or booking;

- Our communication with you: communication, communication preferences (unsubcribing from newsletters, choosing to receive your booking related communication, …), registration of your questions, survey, research, complaints or phone calls;

- Information in relation to social media: Depending on your social network settings, we may receive information from your social network providers. For example, when you sign in for our services by using a social network account, we may receive your social network profile including your contact details, interests and friend list and may send the searched flight information to your social network account.

When you use our website, We may collect information via cookies and similar technologies. 

Article 3.  Methods of personal data collection

We may collect the personal information through our website, mobile applications when you book a flight, when you subscribe to our newsletter or when you register for electronic newletters, register to participate in . 

Article 4. Purposes of personal data collection and processing

Personal information or data provided to us is primarily used to serve your interests and privileges when you enjoy traveling with us, purchasing or using our services. For this reason, the main purposes for which we collect and process your personal data are as follows:

In order to handle and perform the contract of carriage and/or travel arrangement, we will process the information including your name and surname, passport number and other identifying information for issuance of your ticket such as your contact details in order to inform you properly about changes of your flight status according to Article 2 of this Privacy Policy.

We offer you the possibility to indicate some sensitive information such as information about your specified medical needs or special meals provided on board. Collection and processing of these sensitive personal data will be subject to your express consent and will be exclusively used by us in order to perform the contract of carriage and provide you with an appropriate level of customer care services.

Your personal data are used by us to provide you with customer care services enabling us namely to receive information, comments, suggestions, claims of Members to improve the service quality of our company,  to contact and communicate with customers regarding their enquiries,  perform statistical analysis in order to develop and improve our services and offerings on the basis of personal information and customer’s requests and  to provide more quickly responsive support to customers and improve the content and designs of our website and mobile applications,  to realize surveys regarding the satisfaction of customers and for better understanding of customers’ needs , and (vi) handle potential complaints or claims of passengers.

We use your contact details to communicate with you with a view to answer your questions or to handle your complaints. 

We may use your personal information for purposes of direct marketing such as  to send you latest promotions and offers in connection with our products and services, to send you e-newsletters, magazines, promotions or other marketing communications, to analyze which information is relevantly suitable to you, (to communicate with you for marketing campaign and strategy to serve Members' best interests and preferences, ( to send you personalized ads and special offers for aviation related products and related ancillary services through our booking comfirmation emails,  send you latest offers from us and our partners relating to our services and products.

We only send you direct marketing notifications as described in the first paragraph subject to your prior consent (opt-in). 

You can always object to the use of your personal data for such direct marketing purposes, by clicking the unsubscribe link in the email or contacting us.

Article 5. Legal basis of the processing of your personal data

We process your personal data  on the basis of your explicit consent, to perform the contract of carriage or take steps at the request of the data subjects prior to entering into a contract,  to exercise and comply with legal obligations according to applicable laws or to perform our’ legitimate rights and interests.

Your consent may be always withdrawn at any time. In such case, be aware that the withdrawal of your consent shall not affect the lawfulness of  based on your consent before the withdrawal. Furthermore, if you refuse to provide us with some of personal data or if you provide us with incomplete or inaccurate information required for the performance of the contract or for compliance with legal obligations, be aware that we may not be able to provide or deliver you all or parts of the services, which you may have requested from us in full quality.

Article 6. Period for Personal data retention

We will retain your personal data collected on our internal system in the period of services provision or up to fulfilling the purposes for which it was collected or in so far as such data is necessary to the compliance with statutory obligations and to solve any dispute or until the information provided are required to be deleted by you.

Article 7. Potential recipient of your personal data

We may disclose the personal data to third parties, units and subsidiaries of the airlines company, business partners (our travel agents,  car rental companies, hotels, credit card companies...), service providers or travel-related businesses pursuant to the purpose of performing our services (bookings and travel arrangements, support services and customer care services, loyalty programs, statistical analysis,…), exercising our legal obligations (security and safety on board, PNR information,…), our legitimate interests (direct marketing purposes of our company or our partners,…) and for the purpose of providing the best services to you.

We will use best endeavours to ensure that our employees, officers, agents, consultants or such other third parties mentioned above who are involved in the collection, processing and disclosure of personal information will observe and adhere this Privacy Policy.

The disclosure personal data to sub-contractor will be conducted on a contractual basis where requires and ensures the protection of your personal data in accordance with this Privacy Policy and the applicable laws.

You are informed that we may transfer your personal data to third parties located outside Vietnam. After such processing ends, your personal data will be stored in Vietnam.

In such context, we, by issuing and implementing Bindings Corporate Rules (BCRs), undertakes to protect your personal data in accordance with the applicable laws.

Article 8. Your rights to the personal data collected

1. Subject to the applicable laws, you, as the personal data subjects, have the following rights:

You have the right to ask our company, at any moment, for confirmation that certain of your personal data are processed by us, as well as to provide you with certain information such as the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipient of those data.

-You have the right to obtain from our company the rectification of inaccurate or incomplete personal data concerning you.

-You have the right to obtain the erasure of your personal data stored by our company in accordance , such as in situations where your personal data are no longer necessary to the initial purposes for which they were processed as well as situations where these data were processed unlawfully.

-You have the right to obtain from us a limitation of the processing of your personal data without deleting the concerned personal data in the conditions in accordance .

-You have the right to recover some of your data for your own use or to transmit them to another company/enterprise in the conditions in accordance .

-You have the right to object at any time to the processing of your personal data for prospecting and direct marketing purposes.

When the processing of your personal data is subject to your prior consent, you have the right to withdraw your consent at any time. You shall be aware that the withdrawal of consent shall not affect the lawfulness  based on your consent before the withdrawal.

In case of such withdrawal, it may mean we will not be able to provide or deliver you all or parts of the services, which you may have requested from us in full quality, 

You have the right to lodge a complaint to the competent authorities in the event of violation by our company regarding the protection of personal data.

2. You can exercise your rights listed above by sending a postal mail or an email to the following address:

Fly Asia Company Limited

Mr. Alex Dang, Data Protection Officer

Email: support@bangkokairline.org

In this context, please include in your request the elements necessary to your identification (name, first name, e-mail) as well as any other information necessary to the confirmation of your identity.

Article 9. Personal information of children

We collect, share and use personal information of a child under fourteen (14) years who hold a Korean nationality, only when obtaining consent of the child’s parents, legal representative and/or guardian, who may request to view, edit their child’s personal information or to alter or withdraw the consent at our sales offices or via sending a postal mail or an email to the address provided in Article 9 above.

For a child who is in a Member State of European Union and below the minimum age permitted to giving consent in accordance with Member State's regulations (13 for Denmark, Spain and the United Kingdom, 14 for Austria and Italy, 15 for Czech Republic and France, 16 for Germany and The Netherlands), we may collect information of the child requiring consent after obtaining the consent or authorization from his or her parents or guardian.

For a child who hold another nationality, we may collect information of the child after obtaining consent or authorization from his or her parents or guardian in accordance with the applicable laws on data protection.

Article 10. Technical measures for protecting personal information

To secure the safety of personal information from a loss, theft, leak, falsification, or damage, our employees may take the following technical, managerial, physical measures as:

1. The important personal information is stored and managed in password protected mode within the limited access.

2. Given the risk of hacking, likelihood and severity of damage to the rights and freedoms of natural persons, we undertakes:

- To prevent customers’ personal information from leakage or damage by hacking or computer virus.

- To control the access suspension system, unauthorized accesses from outside.

- To take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymization and encryption of personal data.

- To ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

- To restore the availability and right to access to personal data in a timely manner in the event of a physical or technical incident;

- To ensure a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures with a view to ensuring the security of the data processing

- To operate an exclusive organization for protecting personal information.

Article 11. Communication with you and notification to the local authority in case of a breach of your personal data

1. We will notify immediately, after we are aware of that your personal data are breached, to you and to the local authority in accordance with the applicable laws. This notification about your personal data breach will describe in clear with plain language the nature of the personal data breach and contain at least the following information and measures:

- Name and contact details of the data protection officer or other contact point where more information can be obtained;

- Description of the likely consequences of the personal data breach.

- Description of the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

2. The notification to you as referred to in paragraph 12.1 of this Article shall not be required if any of the following conditions are met:

- We have taken appropriate technical and organizational protection measures, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption.

- We has taken subsequent measures which ensure that the high risk to your rights and freedoms referred to in paragraph 1 is no longer likely to materialize.

It would involve disproportionate effort for our company. In such a case, there shall instead be a public communication or similar measure whereby you are informed in an equally effective manner.

Article 12. The effectiveness of this Privacy Policy

This Privacy Policy shall take effective as of 25 May 2021 and supersedes our previous Privacy Policy.

We guarantee that the protection for personal information is implemented comprehensively and our Data protection officers comply with this Privacy Policy.

We reserve the right to amend this Privacy Policy from time to time if necessary. Any amendments, supplements of this Privacy Policy shall be registered at the competent authorities and shall be posted on our website and mobile applications right after getting approvals of the competent authorities. This Privacy Policy shall be effective after 03 days of publication.

This Privacy Policy is last updated as of August 2021.