Summary

• Traveler

  Why SAS processes your data

  SAS processes your personal data to provide the travel services you have purchased, make sure your baggage arrives at your destination and  handle any issues connected with your trip. We also use this data to improve our products and services. The data is based on your booking reference and processed according to the IATA standard PNR (passenger name record). Once you’ve completed your trip, we delete your passport number but save the booking reference for further reference.

  Data processed by suppliers 

  SAS cooperates with a number of suppliers including airports, ground handling suppliers, travel agents, IT service suppliers, authorities and other service providers such as call centers, hotels and transport companies. Additionally, information about SAS’ available flights and seats can be accessed by travel agents all over the world through global distribution systems such as Amadeus, Abacus and Travelport. These systems are also subject to GDPR.

  Suppliers process your personal data according to a data protection agreement (DPA) or data exchange agreement (DEA). Your data may only be used in association with services you have purchased. 

  Where SAS stores personal data

  Personal data related to travelers is stored in Norway, Denmark, Sweden, Germany, Latvia, Poland, India and the US. 

• EuroBonus member

  Why SAS processes your data

  SAS processes your personal data so you can enjoy benefits and earn and spend EuroBonus points on rewards. We also use your data to send you personalized offers and identify you in the entire travel chain so we can offer you relevant benefits and information. We also cooperate with a number of partners that also process your personal data so you can earn and spend points outside of SAS.

  Data processed by SAS

  • Information you submit when you join EuroBonus and/or update your EuroBonus account
  • Travel history
  • Data collected by partners regarding purchases, flight transfers, hotel stays, car rentals 
  • Data on other purchases or activities entitling you to earn or spend EuroBonus points at partners’ physical/online stores
  • Demographic data obtained from partners
  • Publicly-available data from external sources
  • Data on online behavior (when you accept our Cookie Policy
  • Information on customer care and travel irregularities
  • Personal data created by SAS based on data analysis
  • Point balance, number of points earned annually, expiration dates, co-brand information

  Data processed by partners

  Name, address, phone number, email, membership level

  Where SAS stores personal data

  Personal data related to EuroBonus members is stored in Norway, Denmark, Sweden, Germany, Latvia, Poland, India and the US. 

• Profile account holders

  Why SAS processes your data

  SAS processes your personal data to make your travel easier, deliver the travel services you have purchased and provide you with personalized offers. Providing SAS with your personal data makes it easier for you to use SAS’ digital services (through pre-filled booking dialogs, travel history, etc.).

  You can opt in or out of receiving personalized offers at any time. If you choose to opt out, your personal data will no longer be processed for personalized offers.

  Data processed by SAS 

  • Name, email address
  • Flight details (booked and completed travel) 
  • Information about purchased travel extras 
  • If you choose to receive personalized offers, SAS also processes:
  • Data analyzed to determine buying behavior and preferences
  • Data and scoring models from third-parties (Mosaic, Google Analytics)
  • Personalized marketing based on information you have provided to SAS

  Where SAS stores personal data

  Personal data related to SAS account holders is stored in Norway, Denmark, Sweden, Germany, Latvia, Poland, India and the US. 

• SAS For Business

  For companies that are members of SAS’ Corporate Program, SAS processes personal data provided by the company to deliver travel services. SAS also shares information about travelers with the company. This includes information about who has traveled where and when and what services they have purchased.

  Data processed by SAS

  • Personal details: name, email, phone number
  • Travel information: flight details (booked and completed travel), purchased travel extras
  • SAS Travel Pass: product information, travel history, payment details

  Where SAS stores personal data

  Personal data related to corporate travel is stored in Norway, Denmark, Sweden, Latvia, India and the US. 

• Sensitive personal data

  Why SAS processes sensitive data

  Sensitive data is any data related to a person’s fundamental rights and freedoms that if processed could limit the person’s rights and freedoms. SAS processes sensitive data provided by travelers so that it can provide the same service to all travelers and deliver the services purchased. This means that SAS also shares sensitive information with third parties during travel. This data is called SSR (special service request) information and it follows an IATA standard used throughout the airline industry.

  Sensitive data processed by SAS

  • Need for wheelchair, stretcher or bed at airport and/or inflight 
  • Medical needs and fitness for travel
  • Disabilities (physical/intellectual) and need for special assistance and/or service animals
  • Special meals based on medical needs or religious beliefs
  • Passengers traveling incognito or in custody
  • Travelers that are deportees
• Cookies

  Why SAS uses cookies

  A cookie is a small text file containing information that is stored on your computer or device. SAS uses cookies to enhance your experience when you use SAS’ website.

  One type of cookie will save a file permanently on your computer. This cookie is used to customize the website based on your choices and history.

  Another common type of cookie is the session cookie that is sent between your computer and the server to collect information. Session cookies aren’t saved when you close your web browser. Read more about how cookies work at allaboutcookies.org. 

  We’re always working to improve our website by analyzing user behavior through tools such as Google Analytics and Adobe Analytics.

  The main cookies SAS uses 

  • Market selector (country and language) information to route you to the most recently-visited domain  
  • Default values for CEP (complex event processing) based on your most recent search or chosen market 
  • Logged in user session ID for single sign-on
  • Business data for continuing booking flow and redirections

  Online behavioral advertising

  Online behavioral advertising is a way of serving advertisements on the websites you visit and making them more relevant to you and your interests.

  You can manage your preferences in our Cookie Policy

• How SAS keeps your personal data safe

  Information & training

  SAS’ staff has received information and undergone training on GDPR. SAS’s suppliers have also been informed of the new GDPR regulation.

  GDPR compliance

  SAS has a designated Data Protection Officer and Data Protection Ambassadors throughout the organization to ensure that all personal data is processed according to the GDPR.

  Notification of personal data breaches

  SAS will inform you and the authorities if your data has been breached.

  Data protection agreements

  All SAS “processors” that handle personal data sign a Data Protection Agreement to ensure that they are GDPR compliant.

  Data exchange agreements

  All SAS partners acting as “controllers” sign a Data Exchange Agreement to ensure that they are GDPR compliant.

  Information security

  SAS works constantly to improve information security according to ISO 27001

• Right to access data

  Request a copy of your personal data 

  You have the right to request a copy of the personal data SAS has on you. You may order one copy free of charge. Further requests are subject to an administrative fee. SAS aims to send you a link to download your personal data no later than 30 days after we receive your request.

  How SAS identifies you 

  SAS does not store your passport number or social security number. If you are a EuroBonus member, SAS Travel Pass holder or SAS account holder, you need to log in to request a copy of your personal data. All other travelers are identified by name, email and phone number. Please note that we require all of this information to identify you.

  Travelers under 18

  SAS does not process any data about travelers under 18 for any other purpose than a specific trip.

  Data that you will receive if you’ve only traveled on SAS

  • Personal details: name, email, phone number, membership number (if applicable)
  • Travel information: flight details (booked and completed travel), purchased travel extras
  • Customer care: cases identified using your name, email address and phone number Data that you will receive as a EuroBonus member, SAS Travel Pass holder or SAS account holder
  • Personal details: name, email, phone number, membership number (if applicable)
  • Travel information: flight details (booked and completed travel), purchased travel extras
  • Campaign details: delivery and tracking logs
  • Customer care: cases identified by your profile
  • SAS Travel Pass: product information, travel history, payment details

  Order a copy of personal data from SAS

  To find out what data SAS has collected about you, you can log in and order a copy of your personal data
  Even if you don't have an account with SAS, you can still order a copy of your personal data

• Right to be forgotten

  Exercising your right to be forgotten

  You have the right to ask SAS to delete all of the information we have about you. Please note that it can take SAS up to 30 days to delete all of this information.

  If you exercise your right to be forgotten, your EuroBonus membership/SAS account will be terminated and all of your points will be deleted. You will also not be able to use the same digital services as before. If you are a SAS Travel Pass holder, only your company can exercise your right to be forgotten regarding data connected to your SAS Travel Pass.

  Please also note that SAS cannot delete all personal data. To protect you from fraud, PNR data is not deleted in accordance with Regulation EC 261/2004 of the European Parliament and the Council of the European Union. In addition, any activity carried out by a traveler that qualifies under ICAO Resolution “A33-4 Adoption of national legislation on certain offences committed on board civil aircraft (unruly/disruptive passengers)” will not be deleted.

  If you want to exercise your right to be forgotten, please go through the following checklist before making your request.

• SAS Data Protection Officer

  SAS has a designated Data Protection Officer to help travelers and ensure GDPR compliance. 

  If you have any questions or need assistance, just contact the SAS Data Protection Officer at dataprotectionofficer@sas.se