Personal Data Privacy Policy

Our Privacy Commitment

At Flynas, we are fully committed to safeguarding your privacy and ensuring the protection of your personal information in accordance with the Kingdom of Saudi Arabia Personal Data Protection Law (KSA PDPL). The Personal Data Protection Law (issued pursuant to Royal Decree No. M/19 of 9/2/1443 H (corresponding to 16 September 2021), as amended by Royal Decree No. M/148 dated 5/9/1444H (corresponding to 27 March 2023). Our privacy practices are built on transparency, security, and respect for your data protection rights, ensuring that your personal data is handled responsibly and in compliance with the KSA PDPL.

What you can expect from us:

  1. Transparency: We will clearly inform you about the personal information we collect, why we collect it, and how we use it. Whether it’s to deliver the services you request or to improve your experience with Flynas, we aim to be open and clear about our data practices.
  2. Purpose-Driven Use: The personal data you share with us will only be used for the specific purposes outlined in our Privacy Policy, such as processing your bookings, enhancing our services, and providing you with a more personalized experience when flying with Flynas.
  3. Marketing Communications: We may send you marketing messages to keep you informed about offers and services that are relevant to you. However, if you opt-out of receiving these messages, we will respect your choice. Essential communication related to your bookings, itineraries, or services you’ve purchased will still be sent to ensure you're fully informed about your travel plans.
  4. Data Protection and Security: Protecting your information is our priority. We will implement robust measures to keep your personal data secure from unauthorized access, ensuring it is safely stored and processed in line with industry standards.
  5. Respect for Your Rights: We recognize your rights under data protection laws. You will always have control over your information, with options to access, modify, or request the deletion of your data when necessary.

For more detailed information on how we collect, use, and share your personal information, we encourage you to read our full Privacy Policy. This document provides a comprehensive explanation of the types of data we collect, how it is handled, and the specific situations in which your information may be shared with third parties, such as regulatory authorities or service partners.

If you have any further questions or concerns, or if you wish to exercise your data protection rights, please contact our Data Protection Officer at Flynas.

You can access our full Privacy Policy below for a comprehensive understanding of how we handle your personal information. It provides detailed insights into the types of personal data we collect, the methods of collection, how we utilize this data, and with whom we may share it.

Note: Our Privacy Policy and the promises outlined above do not constitute a contract but reflect our strong commitment to respecting your privacy in accordance with applicable laws.

Controller of Personal Information

Flynas is responsible for the personal information it processes in relation to this Privacy Policy. As the “data controller” under the KSA Personal Data Protection Law (PDPL), Flynas determines how and why your personal data is collected, processed, and stored in compliance with the relevant legal requirements. For any questions regarding data protection, you may contact our Data Protection Officer.

In cases where your flight booking involves partner airlines or third-party service providers (such as hotels or car rental companies), those entities will also act as independent “data controllers” under the KSA PDPL. They manage your personal data based on their own privacy policies, which can be accessed directly through their websites or by contacting them.

For bookings that include non-flight services or packaged arrangements, Flynas remains the "data controller" for flight-related services. However, any third-party providers of non-flight services will be considered separate controllers of your data, and their privacy practices will apply. The Terms and Conditions for such bookings will provide further details regarding these responsibilities.

In the case of loyalty programs or partnerships associated with Flynas, any partner organizations that process personal data as part of their services will also function as separate "data controllers" under the KSA PDPL.

For additional information or questions about the control and processing of your personal data, please reach out to our Data Protection Officer at Flynas.

Definition of Personal Information

Personal information refers to any data that directly identifies you or can be used to identify you. This includes, but is not limited to, your name, contact details, travel arrangements, and purchase history. Additionally, it may encompass information regarding your interactions with our websites and mobile applications, such as your browsing behavior and preferences.

When Does This Privacy Policy Apply?

This Privacy Policy applies to the personal information we collect, use, and process in relation to your interactions with Flynas as a customer or potential customer, in accordance with the KSA Personal Data Protection Law (PDPL). This includes personal data processed when you travel with Flynas, use our services, visit our websites or mobile applications, contact our customer service or call centers, or book services through third parties such as travel agents or partner airlines

Additional terms, conditions, or privacy policies may apply when you choose to access certain services from Flynas, such as making purchases on board, using our in-flight Wi-Fi, or participating in promotional activities or competitions involving Flynas and third-party partners.

Protecting Your Personal Information

At Flynas, safeguarding your personal data is of paramount importance, in compliance with the Kingdom of Saudi Arabia’s Personal Data Protection Law (KSA PDPL). Below are key steps to help ensure the security of your personal information and minimize the risk of unauthorized access.

Maintain Confidentiality of Your Booking Reference When you complete a booking with Flynas, you receive a unique booking reference (also known as a Passenger Name Record or PNR), which is displayed in your email confirmation or ticket. This reference grants access to your booking details, and to prevent unauthorized access, it is crucial that you keep this reference confidential. Sharing your booking reference with others may allow them to view or modify your booking through our systems. For added privacy, if you are traveling with a group and wish to restrict access to your personal booking details, consider making individual bookings.

Safeguard Your Flynas Account Credentials To enhance security when accessing Flynas website, mobile application, or any related online services, always keep your login details private. Ensure that you log out from your Flynas account after each session, especially when using a shared or public computer. This practice prevents others from accessing your personal information and account details.

Protect Yourself from Phishing and Online Fraud Flynas is committed to protecting you from online fraud and phishing attempts, which involve deceptive tactics to obtain personal information, such as bank or password details. Scammers may send unsolicited emails or create fake websites mimicking trusted brands to trick users into revealing sensitive data. Always be cautious of suspicious emails and avoid providing personal information unless you are certain of the source's legitimacy. For more details on how to identify and report phishing attempts, please refer to our guide on phishing protection.

By following these best practices and adhering to Flynas security policies, you can significantly reduce the risk of unauthorized access to your personal information while ensuring a secure and seamless experience with us.

When Does Flynas Collect Your Personal Information?

In alignment with the Kingdom of Saudi Arabia Personal Data Protection Law (KSA PDPL), Flynas collects personal information from you at various stages to enhance your experience with us. This data collection occurs whenever you engage with our services, whether these services are delivered directly by Flynas or by authorized third parties acting on our behalf. Below are key scenarios where your personal information is gathered:

During Your Travel: Personal data is collected when you book and travel with Flynas. This includes information shared through interactions with our website, mobile applications, or via email communications, as well as when you contact our service centers.

Use of Our Digital Platforms: We collect your data when you use our digital platforms, such as our website or mobile applications, enabling us to offer personalized services and improve the overall user experience.

In addition to direct interactions, we may also receive your personal information from third-party sources such as:

Service Providers: Companies contracted by Flynas to provide services on our behalf, ensuring smooth operations and enhanced service delivery.

Partner Airlines and Travel Companies: Information is exchanged with airlines participating in your current or onward travel, airport operators, and customs and immigration authorities, to ensure seamless travel and regulatory compliance.

Loyalty Program Partners: Companies participating in Flynas loyalty programs, such as car rental agencies or hotel providers, may share information with us to facilitate loyalty rewards and other customer programs.

Other Third Parties: We may receive personal information in accordance with the privacy policies of third-party companies, where the data is shared with Flynas for specific purposes, including travel-related services or promotions.

Types of Personal Information Collected and Retained

At Flynas, we collect and retain various categories of personal information to deliver our services effectively and to enhance your travel experience. The information collected includes, but is not limited to, the following:

Booking and Service Information

  1. Personal Details: When making a booking or requesting a service, we collect your name, address, email, contact details, date of birth, gender, passport number, account details, and payment information.
  2. Billing Information: If you purchase tickets for others, we may collect your billing details but may communicate directly with the passenger regarding their flight.
  3. Sales Channel Information: We record whether you booked through our website, a travel agent, or our contact center

Travel Information

  1. Interactions: We collect data on your interactions with staff and cabin crew before and during your flight.
  2. Security and Biometric Data: During airport security, we may capture photographs and biometric data to facilitate recognition.

Travel Arrangements

  • Booking Details: Information about your booking, travel itinerary, additional assistance requirements, and dietary preferences.

Service History

  • Previous Services: Details of your past travel arrangements, including flights, baggage requirements, airport disruptions, lost luggage, and customer feedback.

Online Interactions

  1. Registrations and Competitions: Information from registrations, competition entries, promotions, and interactions on social media platforms like Facebook and Twitter.
  2. Loyalty Programs: Data from participation in loyalty programs such as the Flynas Frequent Flyer Program.

Website and App Usage

  1. Usage Data: We collect information about your online activity on our websites and mobile applications, including search queries, viewed content, and interaction with ads. This data helps personalize your experience and improve our services.
  2. Cookies and Tracking Technologies: We use cookies and similar technologies to analyze website usage and enhance user experience, including capturing your previous web browsing history to offer relevant information and services.

Device and Location Information

  1. Device Identification: Information such as IP address and unique device ID to identify and personalize your experience.
  2. Location Data: With your permission, we may access location features on your device (e.g., Bluetooth, Wi-Fi, GPS) to assist with flight connections and provide personalized services. You can manage these settings on your device.

Collection and Processing of Sensitive Personal Data

At Flynas, we are committed to safeguarding your personal data, including sensitive categories that require heightened protection under data protection regulations such as the KSA PDPL. Sensitive personal data encompasses information related to race, ethnicity, religion, health, sexuality, or biometric details. While we strive to minimize the collection and processing of such data, there are specific situations where it may be necessary.

These include

Medical Assistance Requests: If you request specific medical assistance, such as wheelchair support or oxygen, we may collect relevant health information to accommodate your needs.

Medical Clearance and Pregnancy: When seeking clearance to fly due to a medical condition or if you are more than 28 weeks pregnant, we may collect sensitive health information to ensure your safety and compliance with aviation regulations.

Voluntary Disclosure and Third-Party Information: Sensitive personal data may be collected if you voluntarily provide it or if it is shared with us by a third party, such as a travel agent, in connection with your booking.

Biometric Data: Biometric information, such as facial recognition, may be collected during the security clearance process before and after your flight to ensure secure and efficient travel.

Implied Information from Service Requests: While not classified as sensitive data, certain service requests (e.g., dietary preferences) may imply or suggest information related to religion, health, or other personal details.

We handle all sensitive personal data with the utmost care and only for the purposes necessary to provide our services and ensure your safety.

Purpose of Using Your Personal Information

At Flynas, we utilize your personal information for various essential purposes to deliver and enhance our services, ensuring a seamless travel experience. The main purposes for which we use your personal information include:

Travel Arrangements and Service Fulfillment

  • Processing and Managing Bookings: We use your personal details—such as name, address, email, contact information, date of birth, gender, passport number, account details, and payment information—to process bookings, manage travel arrangements, facilitate payments, and provide necessary information to relevant authorities (e.g., tax, customs, and immigration).

Boarding and Flight Connections

  • Boarding Management: To assist with the boarding process and facilitate flight connections, we may check your status and interactions with airport security if you have not arrived at the gate. This may include the use of facial recognition technology, where applicable.

Communication and Status Updates

  • Service Notifications: We send updates regarding check-in status, flight delays, and other service-related communications to keep you informed about your travel.

Airport Assistance and Personalization

  • Airport Monitoring: We may track your location within the airport to assist with flight connections and boarding, and to offer personalized services. This includes monitoring boarding pass usage in lounges.

Safety and Regulatory Compliance

  • Regulatory Obligations: To comply with legal and regulatory requirements, such as maintaining passenger records and providing necessary information to border and immigration authorities in countries like the UK and USA.

Personalized Services and Marketing

  1. Tailored Experience: For members of our loyalty programs, such as the Executive Club, we personalize your flight experience. We may also update and share information with media agencies to provide tailored advertising on our platforms.
  2. Marketing and Advertising: We conduct targeted marketing, including online advertising and promotional offers, based on your preferences and previous interactions. This may involve combining data with third-party services for more relevant content.

Analysis and Market Research

  • Service Improvement: We analyze usage patterns and customer feedback to enhance our services and optimize our product offerings.

Website Service Improvement

  • Website Enhancements: Monitoring website usage helps us identify areas for improvement, ensuring a better user experience.

Administrative and Management Purposes

  • Administrative Functions: Your personal information is used for various administrative purposes, including accounting, billing, auditing, fraud prevention, and system maintenance.

We handle your personal information with the utmost care and in compliance with KSA PDPL regulations, ensuring it is used solely for the purposes described above.

Marketing Communications

At Flynas, we will send you marketing communications only when we have obtained your explicit consent. These communications may include information about Flynas services, as well as relevant products and services from our business partners related to your travel.

We will ensure that any third parties or other entities within our group are authorized to send marketing communications only with your prior agreement.

We are committed to respecting your preferences regarding the types of communications you receive and the methods through which they are delivered. 

Managing Your Marketing Communications Preferences

You can adjust your preferences for receiving marketing communications, change how you receive them, or unsubscribe at any time. Here’s how you can do so:

For Flynas Loyalty Program Members

Update your marketing preferences by accessing your account area on our website or mobile application.

Alternatively, you can contact our customer service team via our support hotline or email for assistance in updating your preferences.

For Registered Users of the Flynas Website: Modify your marketing preferences through your account settings on our website.

Email Communications

Each marketing email will include an unsubscribe link, which you can use to opt out of future marketing emails.

To stop receiving text messages, reply with the word “STOP” to the message.

Permissions Centre

Use our Permissions Centre to unsubscribe from all marketing communications sent to a specific email address. You will need to complete this process for each email address used with Flynas.

We aim to process your request to stop receiving marketing communications within 30 working days. During this period, you may still receive marketing messages.

Please be aware that opting out of marketing communications does not affect service-related communications necessary for managing your bookings or memberships. If you are a member of our loyalty program, you will continue to receive important updates related to your membership.

For further details on exercising your legal rights regarding your personal information, including the right to be forgotten, please refer to the sections “Your Legal Rights Regarding Your Personal Information” and “How to Exercise Your Legal Rights and Modify How We Use Your Data.”

Legal Basis for Using Your Personal Information

Flynas will process your personal information only when we have a valid legal basis to do so, in compliance with the KSA Personal Data Protection Law (PDPL). The legal basis for processing your personal information depends on the purpose for which we collected and need to use it. These bases include:

Contractual Necessity: We process your personal information to process your booking, fulfill your travel arrangements, and perform the contract we have with you.

Legitimate Interests:

We use your personal information to operate and improve our services as an airline and travel provider, which aligns with our legitimate business interests.

Legal Obligation: We may need to use your personal information to comply with legal obligations and regulatory requirements applicable to our operations.

Vital Interests: We may process your personal information to protect your vital interests or those of another person.

Consent: We may use your personal information if you have provided explicit consent for a specific purpose.

Should the processing of your data be subject to other applicable laws, the legal basis for processing may differ and could be based on your consent where necessary.

Retention of Personal Information

At Flynas, we retain your personal information only for as long as necessary to fulfill the purpose for which it was collected. For instance, when you make a booking, we keep the relevant information to complete your travel arrangements and address any subsequent issues, such as complaints or queries related to your booking. We also retain information to enhance your experience with us and to manage loyalty rewards.

Our retention practices are as follows:

  1. Performance of a Contract: We retain personal information needed to complete and manage your booking, including contact and payment details, for the duration of the booking and for a period thereafter to handle any related issues.
  2. Legitimate Interests: We use personal information to support our legitimate business interests, such as conducting analytics to personalize your experience and manage legal claims.
  3. Compliance with Legal Obligations: We retain information to comply with legal requirements, including communication during flight or baggage issues and providing passenger information to border control authorities as required.
  4. Protection of Vital Interests: In emergencies where you cannot provide consent, we may retain medical information to protect your or another person’s vital interests.
  5. Consent: We may process your personal information based on your consent, such as for personalized services. You can withdraw consent for marketing at any time, but this may impact our ability to provide certain services.

We regularly review and securely delete or anonymize personal information when it is no longer needed for legal, business, or customer purposes. If you cease interacting with us, we may remove or anonymize your information after seven years.

Sharing of Personal Information

At Flynas, your personal information may be shared with the following parties to facilitate the services we provide:

Group Companies: Your information may be shared within our group of companies, including IATA and its affiliates, and others, to assist in delivering and improving our services. This includes understanding your travel preferences and personalizing your experience.

Service Providers: We may disclose your information to third-party airlines, service providers (such as car hire or hotel bookings), and travel agents necessary to complete your travel arrangements. This includes partners involved in your itinerary and loyalty programs.

Regulatory Authorities: We are required to share your information with customs and immigration authorities of the countries you travel to or from, including those you overfly, to comply with legal requirements.

Financial and Fraud Prevention Services: Your data may be shared with credit card companies, credit reference agencies, and anti-fraud screening services to process payments and detect fraudulent activities.

Legal and Safety Purposes: We may disclose your information to law enforcement, legal representatives, or regulatory authorities to enforce contracts, protect rights, and ensure the safety of our customers and staff.

Marketing and Analytics: We may share non-personal usage data with marketing agencies and analytics providers to deliver targeted advertising and improve our services. Your personal data is only shared for marketing purposes with your consent.

External Service Providers: We use third-party service providers for tasks such as customer surveys and marketing initiatives. You may opt out of these communications by contacting us through our Permissions Centre.

Your personal information may also be transferred to countries outside your location and the Kingdom of Saudi Arabia as part of our business operations and service delivery. When transferring data internationally, we implement safeguards to ensure your data remains protected in line with our privacy policy.

Your Data Protection Rights

Under the Kingdom of Saudi Arabia Personal Data Protection Law (KSA PDPL), you are entitled to specific rights concerning your personal data. These rights include:

  1. Access: You have the right to access your personal information.
  2. Objection: You may object to the processing of your data and request that its use be restricted or that it be deleted.
  3. Correction: You can request corrections to any inaccuracies in your information.
  4. Data Transfer: You have the right to request the transfer of your data to another entity.
  5. Withdrawal of Consent: You may withdraw your consent for the use of your data.
  6. Automated Decision-Making: You can request that we refrain from using automated decision-making processes that significantly affect you.

Please note that these rights may not apply in every situation. For example, we may not be able to delete your data if it is necessary to fulfill a contractual obligation or if retention is required by law. Additionally, we may not be able to provide certain information if doing so would infringe on the rights of others. We will make every effort to accommodate your requests and will provide explanations if we are unable to meet them.

Submitting Your Request

Erasure Requests & Opt-Outs: To request data deletion or opt-out of marketing communications, please visit the Permissions Centre.

Other Rights & Subject Access Requests: For other rights or to make a subject access request, please complete and submit the request form.

Please Note: The right to rectification does not cover changes to bookings or name changes. For information on how to make such changes, please follow the provided link.

Not all calls to our Engagement Centers are recorded, so we may not be able to provide recordings of such calls upon request.

How We Fulfil Your Request

To process your request, we require proof of your identity. Please do not send original copies of your identification documents. If you are making a request on behalf of a child or another individual, you must provide proof of your authority to act on their behalf.

Once we receive your request with all necessary supporting information, we will respond within one month. You can assist in meeting this timeframe by providing detailed information when submitting your request, though this is not mandatory. If your request is complex and requires additional time, we will inform you accordingly.

Notification of Changes to This Privacy Policy

In the event of any changes to this Privacy Policy, we will inform you by publishing the updated version on our official website. Our commitment to protecting and respecting your privacy remains steadfast, and we will continue to uphold these principles in any revisions made to this Privacy Policy.

For further inquiries regarding this Privacy Policy, please contact our Data Protection Officer.

Contacting Us and Further Information

If you have any questions regarding this Privacy Policy, wish to request information, or need to address a privacy-related complaint, please reach out to our Data Protection Officer. They will review your concerns and respond accordingly.

Email: [email protected]

Please include all relevant details to facilitate a thorough investigation and resolution of your inquiry or complaint.