Privacy Statement

Last updated: March 2025

Security is the top priority for SWISS and this includes the protection of your personal data. In this Privacy Statement, we inform you of how and why we collect, process and use personal data. This information is intended in particular for:

• Users of our websites and apps
• Passengers
• People who use or may be interested in our services
• Contacts at our business customers and partners
• People who contact us
• Recipients of our newsletters, personalised offers and other marketing communications and activities
• Participants in research campaigns, customer panels and customer satisfaction and opinion surveys
• Participants in events
• Visitors to our company locations

Please note that there is additional information on specific data processing (such as our ​Cookie Policy, the ​Travel ID Privacy Statement, the ​SWISS World Cargo Privacy Statement, etc.). We also often provide you with the relevant information at the place where we collect your personal data. Please also note the contractual conditions for individual services for passengers, in particular our ​General Conditions on Carriage.

We have based this Privacy Statement on both the Swiss Data Protection Act and the European Union General Data Protection Regulation (GDPR). Whether these and/or other data protection laws apply depends on the individual case. 

If you provide us with data about other people (e.g. family members or friends for joint bookings), we assume that you are authorised to do so, and that the data is correct. Please ensure that the people concerned have been informed about this Privacy Statement.

1. ​Data Controller
2. ​Contact
3. ​Sources of personal data
4. ​Main purposes and legal bases for processing
5. ​Specific cases, their purposes, legal bases and further details
6. ​​Legal bases according to the GDPR
7. ​Data disclosures
8. ​​​Transfer of personal data to countries outside Switzerland and the European Economic Area
9. ​Retention of personal data
10. ​Profiling, artificial intelligence and automated decision-making with legal effect
11. Data security
12. ​Your rights regarding your personal data
13. ​​Changes to our Privacy Statement

Unless indicated otherwise, the controller of the data processing described in this Privacy Statement is:

Swiss International Air Lines AG
Malzgasse 15
CH-4052 Basel
Switzerland

Website: ​www.swiss.com

(referred to below as “SWISS”, “we” or “us”)

Our EU Representative under Art. 27 GDPR is:

Swiss International Air Lines AG Niederlassung Frankfurt
Cargo City Süd 558 c
D-60549 Frankfurt am Main
Germany

Please use our contact form for data subject rights to exercise your data protection rights described in Section 12.

If you have general questions or concerns regarding this Privacy Statement, you can contact our Data Protection Officer and team at the following address:

Swiss International Air Lines AG
Data Protection Officer
ZRHS/CJ
PO Box
8058 Zurich Airport
Switzerland

dataprotection@swiss.com

Enquiries not related to data protection, such as requests or feedback on individual bookings or services, will not be answered or forwarded by our Data Protection team. Please visit our Service Centre and use the appropriate contact form, or contact your SWISS contact if you are representing a business partner.

You often disclose personal data to us yourself, for example, when you send us data or communicate with us. The provision of personal data is voluntary in most cases, which means that you are not generally obliged to disclose your personal data to us. However, we have to collect and process the personal data that is required for processing contractual relationships and fulfilling associated obligations or personal data prescribed by law, since we would otherwise be unable to conclude or continue the contract in question. For example, you must provide us with information that we are obliged to transfer to local or foreign authorities so that we can carry you to your flight destination (see also Section ​4.4).

We may also collect personal data about you ourselves or automatically, such as when you book a flight or claim other offers. This may be technical data about your device, the transaction or your behaviour. For example, we can analyse the data collected during the booking process and make assumptions about your personal interests, preferences, affinities and habits on this basis. This enables us, for example, to customise our offers and information to your individual needs and interests (see also Section ​10).

We may also receive personal data from other Lufthansa Group companies. See Section ​4.7 for more information. We may also receive information about you from third parties, for example, from companies with which we cooperate, people who communicate with us or from public sources.

For example, we may receive information about you from the following third parties:

• Cooperation partners, e.g. partners in a frequent flyer programme such as Miles & More or PartnerPlusBenefit
• People who act on your behalf (family members, legal representatives)
• Travel service providers you use
• Banks, insurance companies, distribution partners and other contractual partners for payments
• Providers of online services, e.g. providers of Internet analysis services
• Information services for compliance with statutory requirements such as export restrictions
• Authorities, parties and other third parties in connection with official and judicial proceedings
• Public registers such as the debt collection or commercial register, from public offices, from the media or from the Internet

In summary, we process personal data for the following purposes:

• Processing contracts, for example, the processing essential for the operation of your flight and providing other services (Section ​4.1)
• Information and marketing (Section ​4.2)
• Market research and product development (Section ​4.3)
• Compliance with legal requirements (Section ​4.4)
• Security (Section ​4.5)
• Protection of rights (Section ​4.6)
• Administration and support within the Lufthansa Group (Section ​4.7)
• Specific cases (as described in Section ​5)

We process personal data in connection with the initiation, administration and processing of contractual relationships. Contract processing also includes any agreed personalisation of services.

A contract exists for example when:

• you book a flight or other services
• you use our apps or other online services
• you use Travel ID
• you book Swiss WorldCargo services for the company you work for, or
• you or the company you work for have concluded another contract with us.

If you are a passenger, we process the data you provide to us when you book a flight and other services to perform the contract of carriage and the relevant service contracts. The essential and voluntary information is indicated in the booking process (such as name, frequent flyer number, e-mail address, phone number, payment information, travel documents, etc.) and is only stored if you complete the booking. Additional services may be offered by us or our partners and include advance seat reservation, additional baggage, pre-order of meals, upgrade options (including bid upgrade services), baggage collection and check-in service, travel insurance, accommodation, car rental, package deals and other services.

The purpose of contract processing generally comprises everything that is necessary or appropriate for concluding, performing and, where applicable, enforcing a contract.

For example this includes processing to:

• communicate with you
• provide customer service
• manage frequent flyer programmes (e.g. Miles & More, PartnerPlusBenefit), for example to apply or credit miles
• administer and manage our IT and other resources
• process payments and generally manage accounting
• store data in compliance with retention obligations
• establish, notify and, where applicable, announce winners of competitions or similar campaigns
• assert legal claims from contracts (collection proceedings, legal proceedings, etc.)
• terminate and end contracts
• prepare and conclude corporate transactions such as corporate acquisitions, sales and mergers.

Our basis for this processing is for the performance of a contract to which you are a party or for pre-contractual measures (Article 6(1)(b) GDPR).

You can receive information, offers, surveys about your main areas of interest, customer satisfaction surveys and newsletters on the subject of travel from us, companies of the Lufthansa Group or partner companies via the communication channels chosen by you, e.g. by e-mail, text, messenger services and telephone.

These messages and offers can be personalised by means of technologies that allow us to determine whether the recipient has opened the message or otherwise interacted with electronic advertising communications. You can find further details in our ​Cookie Policy.

When you subscribe to a newsletter, our legal basis for this processing is your consent (Art. 6(1)(a) GDPR). You can withdraw your consent to processing for this purpose with future effect at any time by following the relevant unsubscribe link in the communication concerned.

If we process your personal data for information and marketing activities without having obtained your consent, that is because we have concluded in the individual case that our legitimate interest forms a sufficient legal basis for the processing concerned (Art. 6(1)(f) GDPR).

We process personal data to improve our services, for example when we analyse data on the usage of our services. The basis for this processing is our legitimate interest (Art. 6(1)(f) GDPR).

You may register for our customer panel to let us know your opinion on specific subjects relating to our products and services. Members of the customer panel are invited by e-mail at regular intervals to take part in market research projects, such as brief online surveys, focus groups, product tests and in-depth interviews. The information provided by a member, such as their address, age, gender, nationality, professional background and travel behaviour and habits, is used to identify suitable surveys for the member. The information received in the course of a market research project is analysed in anonymised form. More information is available on the ​Lufthansa Group BetaLab website.

Our basis for the processing relating to the customer panel and other surveys is your consent (Art. 6(1)(a) GDPR).

We process personal data to comply with legal obligations and to prevent and detect violations. Our obligations may derive from Swiss law and intergovernmental agreements or from the laws and regulations of other countries worldwide, as well as self-regulations, industry and other standards, our own corporate governance or official directives.

For the carriage of passengers specifically, we may be legally required to collect and disclose defined personal data to authorities in the countries on the itinerary. This may include the following personal data:

• Advanced Passenger Information (API data): Basic information about passengers required by specific government authorities for entry to and departure from the country. This includes passengers’ name, date of birth, sex, nationality, travel document data and e-mail address. API data also includes other data, such as flight information (e.g. flight number and arrival and departure times).
• Passenger Name Record (PNR data): Information and data required for carriage (e.g. booking code, name, e-mail address, flight information, payment information and details of travelling companions), plus any additional data in connection with carriage, in particular information sent by you (e.g. frequent flyer information or special requests) or third parties (e.g. travel agencies).
• Health data, such as a specific immunisation status
• Travel permit for children, if a child is travelling alone or with one parent only

This information is required for legal, security, regulatory and administrative reasons, which may include the following purposes:

• Border control
• Entry formalities
• Combating organised and international crime, terrorism and other serious crimes
• Public health purposes, e.g. orders by an authority for combating an epidemic or pandemic
• Other lawful purposes subject to applicable law

This data is generally required by the authorities of the country of departure and/or arrival and therefore must be disclosed to the Swiss and foreign authorities involved, such as criminal prosecution, judicial, health or other administrative authorities. For example, the United States border authorities (US Customs and Border Protection) receive API and certain PNR data when you book a flight between Switzerland and the United States. The United States has given Switzerland the same guarantees with regard to the use of data as it has to the European Union; it will only use the information for combating terrorism and other serious, cross-border criminal offences.

SWISS is also obliged to disclose your personal data to Swiss and, under certain circumstances, foreign criminal prosecution, judicial or administrative authorities if they require disclosure to prevent or prosecute crimes, misdemeanours or administrative misconduct, or if they need it to perform their administrative duties.

Data transfers to authorities are based on our legitimate interest in complying with Swiss and foreign law and in supporting the purposes described above (Art. 6(1)(c) and (f) GDPR). If the processing relates to special categories of personal data (such as health data), the legal basis is Art. 9(2)(a), (g) or (i) and Art. 10 GDPR.

We process personal data for security purposes – for your and our security. Examples of processing for this purpose include:

• Measures for IT security
• Physical access control
• Video surveillance and the evaluation of recordings at specific premises for the detection and prosecution of criminal acts
• Measures for the prevention of theft, fraud and misuse
• Analyses to detect suspicious behaviour patterns and fraudulent activities
• Imposition of flight bans for “unruly passengers”. “Unruly passengers” are passengers who display improper, aggressive or violent behaviour towards other passengers or the crew, or who damage the aircraft.
• Exchanging data within the Lufthansa Group and with other airlines to document, analyse and prevent cases of fraud and instances of “unruly passengers”
• Disclosing data in connection with harm, injury and criminal acts to authorities and insurance companies

This data processing is based on our legitimate interest in security (Art. 6(1)(f) GDPR).

We want to be able to establish and enforce our claims and defend ourselves against the claims of others. Our claims may include claims of employees, companies affiliated with us and our business partners. We process personal data for the protection of rights, for example to enforce claims judicially, before or out of court and before authorities worldwide, or to defend ourselves against claims.

The legal basis for this data processing is our legitimate interest in protecting our rights (Art. 6(1)(f) GDPR).

The Lufthansa Group maintains and builds processes that serve all or several Lufthansa Group companies to improve efficiency and stay competitive. SWISS and other Lufthansa Group companies may therefore share personal data to support each other in the processing of data in accordance with this Privacy Statement (see Section ​7.1).

Examples of joint administration and support are:

• ​Travel ID
• Administration of IT, including systems used by multiple Lufthansa Group companies
• Central storage and management of data used by multiple Lufthansa Group companies
• Training and education
• Reviewing or execution of corporate transactions, such as corporate acquisitions, sales and mergers
• Forwarding enquiries that concern other Lufthansa Group companies
• Joint anti-fraud measures (see Section ​5.4)
• Data sharing on “unruly passengers” (see Section ​4.5)
• Reviewing and improving Lufthansa Group-internal processes in general

The legal basis for this data processing is our legitimate interest in efficient administration and support within the Lufthansa Group (Article 6(1)(f) GDPR).

We collect information that your browser transmits to us automatically when you visit our websites. This may include the following data:

• Internet Protocol address (IP address) of the user’s device
• Internet service providers
• Operating system, browser type and browser version used
• Date and time of the server request
• Website accessed
• Referrer URL (the website previously visited)

The data automatically collected as described above is processed for the purposes of proper functioning of our websites, e.g. to establish a connection, to ensure stability and uninterrupted system security, to improve our services and for statistical purposes.

The legal basis for the data processing is our legitimate interest in these purposes (Art. 6(1)(f) GDPR).

We also process personal data on our websites using so-called cookies and similar technologies for additional purposes, such as analytics and marketing. See our ​Cookie Policy for more information.

When you visit the SWISS Magazine website (URL: https://www.swiss.com/magazine and subpages), we process the data mentioned above in ​5.1 also for the correct display of non-personalised ads of third parties, to measure their performance, ensure security, prevent fraud and correct errors.

We currently use the service provider Goldbach neXT AG, Seestrasse 23, 8700 Küsnacht ZH, Switzerland, which is IAB Europe TCF 2-certified for this processing (see Section ​​7.2 regarding our service providers).

The data is deleted as soon as it is no longer required to achieve the purposes mentioned, but no later than after 30 days. 

The legal basis for the data processing is our legitimate interest in the purposes mentioned (Art. 6(1)(f) GDPR). Personalisation of ads requires your consent (see our ​Cookie Policy).

Credit checks help us to prevent problems in payment transactions. They ensure the protection of our company against financial risks, which may also affect prices in the medium to long term. A credit check may be necessary if we provide our services without receiving the relevant payment at the same time, e.g. in the case of a payment on account. Other payment options are available without credit checks.

In order to use the “purchase on account” payment option, we may process your personal data (e.g. first name and surname, address, date of birth, e-mail address and mobile telephone number, as well as information on the outstanding amount, the currency used and the booking data) and the usage data of your SWISS website visits (e.g. information about the start, end and scope of the websites you visited, your IP address and click paths). If there is any suspicion of fraud, we will verify the assessment and the underlying evidence. You will be informed if your application to conclude a contract is declined.

The purpose of the processing is the provision of this payment option, the identity and creditworthiness check (this may also include obtaining references from other third parties, such as credit agencies) and risk management (including fraud and abuse prevention, also with the involvement of additional third-party companies).

We currently give you the option of using the “purchase on account” service through a third-party company according to its terms and conditions (e.g. ​​Powerpay by MF Group AG). Please note that if you use this service, the service provider processes your personal data as an independent controller according to its own privacy statement.

The processing by us or third parties required to perform a contract with you (e.g. the terms and conditions you accepted) is based on Art. 6(1)(b) GDPR. Any other processing for the purposes mentioned above is based on our legitimate interests (Art. 6(1)(f) GDPR).

We may verify payment transactions to prevent fraud and other improper usage. To this end, we use both internal and external sources of information. For this purpose, we also check distinct, identifiable technical features. If fraudulent activity is suspected and/or detected, we may share the relevant information (including personal data) with other Lufthansa Group companies, which may also verify the data for their own purposes (see Sections ​4.7 and ​7.1).

The basis for this data processing is our legitimate interest in anti-fraud measures (Art. 6(1)(f) GDPR).

You may register with operators of biometric identification services and for selected flights at certain airports to benefit from the advantages of a biometric identification system (facial recognition), without a boarding pass or smartphone.

The data controller as defined in the GDPR for processing personal data required for registering a biometric profile, as well as for biometric identification, is the operator concerned. You may use biometric identification services from the following operators:

• Star Alliance

Processing within our responsibility

• If you have received your digital boarding pass as part of our online check-in, we forward your digital boarding pass to the operator of the biometric identification service of your choice on request, i.e. when you make the relevant selection.
• We record a brief video sequence of you at the access points/devices operated by us at the airport (e.g. the boarding gate) that are equipped with the relevant cameras. A specific number of non-biometric photos are extracted from this and sent to the operator of the biometric identification service for the purpose of identifying you.

Categories of recipients

• IT service providers located within the EU (commissioned processors)
• Suppliers of biometric identification services (data controllers)

Duration of data storage

Your data is deleted at the access points/devices as soon as the identification process has been completed, or your data has been transferred.

Legal basis for processing

Your data is processed on the basis of your consent as defined in Art. 6 (1)(a) and Art. 9 (a) GDPR, which you have provided to the operator of the respective biometric identification services at registration. You can withdraw your consent to the use of biometric data from the respective operator at any time. Please refer to the operator’s Privacy Policy for details about the processing of your personal data and withdrawing your consent:

• Star Alliance

You can contact us by means of our chat service on our website or our defined messenger services to use our self-services, request general information or find out about future destinations. Depending on the requirements or complexity of your enquiry, it may also be answered by one of our service agents on a live chat.

We request the personal data from you required for the purpose concerned (e.g. the booking number) so you can use our services, e.g. to rebook or obtain a refund for your flight, or to obtain answers to questions about products and services relating to your trip.

If you have registered with your Travel ID profile, we can also offer you a personalised service based on the information stored in your Travel ID profile, e.g. show you a selection of your bookings. You will find further details about the processing of your data in connection with your use of Travel ID in the ​Travel ID Privacy Policy.

We have a commissioned data processing agreement with WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Ireland, for contact with us via WhatsApp. WhatsApp uses end-to-end encryption for communication. Information disclosed in the chat is therefore not visible to WhatsApp. You will find information about the processing of personal data when you use WhatsApp in the ​WhatsApp Privacy Notice.

Your personal data is in principle processed within the EU.

Passenger counting after boarding or before doors are closed confirms the correct number of passengers in the aircraft. This promotes flight safety and assists us in correct baggage handling, which also aids safety. Counting is carried out manually by the cabin crew up to that point. Counting errors lead to flight delays and can affect safety if not discovered (e.g. in terms of take-off calculations). SWISS wishes to minimise errors by automating counting to increase safety and improve the boarding process.

SWISS uses an artificial intelligence (AI) model for this purpose from its service provider VION AI GmbH (Germany). It is trained to differentiate passengers boarding the aircraft from members of the cabin crew without identifying the individual. This allows passengers and their hand baggage to be counted reliably and automatically.

You will be informed via a notice near the aircraft door if passenger counting with artificial intelligence is used on your flight. Video recordings of passengers boarding made for the purpose of counting are deleted or anonymised shortly after the count is successfully completed. If the video recordings are used to train the model (this happens on selected flights), video recordings are deleted or anonymised immediately after training and no later than 6 weeks after the recording was made.

In summary, automated counting of passengers and their hand baggage helps to:

• increase safety
• improve the boarding process through automation, and
• train the AI model for these purposes.

If we go beyond our statutory obligation to flight safety in this process, our legal basis is in our legitimate interest in increasing flight safety and improving the boarding process (Art. 6(1)(f) GDPR).

Depending on the applicable law, data processing is only permitted if the applicable law specifically allows it. This does not apply under the Swiss Data Protection Act, but it does under the GDPR. Unless it is indicated for the purpose stated above, the processing of your personal data is based on one of the following legal bases:

• Your consent if we have asked you for this, for example for newsletters, so we can send you the “Best Price Alert” newsletter with personalised offers from SWISS and marketing cookies etc. (Art. 6(1)(a) GDPR)
• Performance of a contract with you or for pre-contractual measures, for example in course of a booking with us or one of our partners (Art. 6(1)(b) GDPR)
• Compliance with a legal obligation, for example our obligation as an air carrier to communicate API data to the competent authorities based on EU Directive 2004/82/EC and Art. 104 et seq. of the Swiss Federal Act on Foreign Nationals and Integration (Art. 6(1)(c) GDPR)
• Legitimate interests, including our own interests and third-party interests, for example in enhancing customer satisfaction; in carrying out advertising and marketing activities; in safeguarding and organising business operations, including developing websites, apps and other systems; in protecting passengers, customers, employees and other individuals, as well as data, secrets and assets of the Lufthansa Group; in managing risks; in selling and purchasing companies, parts of companies or other assets; in enforcing or defending legal rights and claims and in complying with Swiss and foreign law as well as internal rules and regulations (Art. 6(1)(f) GDPR)

SWISS is part of the Lufthansa Group. More information and reports by the Lufthansa Group and its companies are available in the ​Lufthansa Group company profile. SWISS may disclose personal data within the Lufthansa Group to perform its contractual obligations towards you, reply to your booking requests or provide customer service. Disclosure may serve to facilitate intra-Group administration or support for the group companies concerned and their own processing purposes (see Section ​4.7).

We often work with other Lufthansa Group companies as joint controllers under data protection law (for example when you use ​Travel ID). We also often engage other Lufthansa Group companies as service providers (see Section ​7.2 below).

We may disclose your personal data to other companies if we make use of their services. These service providers generally process personal data on our behalf as so-called “commissioned processors”. Our commissioned processors are obliged only to process personal data in accordance with our instructions and to take suitable measures to ensure data security. Certain service providers are also joint controllers (e.g. Meta as described in Section ​5.6) or independent controllers (e.g. service providers for “payment on account” as described in Section ​​5.3). 

Examples include services in the following areas:

• Travel technology
• Advertising and marketing services, for example to deliver messages and information
• Corporate management services, for example accounting or asset management
• Payment services
• IT services, for example in the areas of data storage (hosting), cloud services, the delivery of e-mail newsletters and data analysis and refinement
• Advisory services, for example services from tax advisors, lawyers and management consultants.

In individual cases, we may disclose personal data to other third parties for their own purposes, for example if you have granted your consent or we are legally obliged or authorised to share such information. In such cases, the data recipient is an independent data controller under data protection law and usually provides its own privacy statement.

Examples of such cases include the following:

• The disclosure of personal data to courts and authorities within Switzerland and abroad (see examples in Section ​​4.4)
• The processing of personal data to comply with a court or administrative order or to enforce or defend legal rights or claims, or if we consider such processing to be necessary on any other legal grounds. We may also disclose your personal data to other parties involved in any proceedings.
• The transfer of claims to other companies, such as collection agencies
• The review or execution of corporate transactions, such as corporate acquisitions, sales and mergers

Please note our ​Cookie Policy concerning independent data collection by third-party providers whose tools we have integrated into our websites and apps.

As an airline operating worldwide, we transfer your personal data to countries worldwide in accordance with this Privacy Statement depending on the specific case. The countries in question may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.

One means of ensuring adequate data protection, for example, is to conclude data transfer agreements with recipients of your personal data in third countries that ensure the required level of data protection. This includes agreements that have been approved, issued or recognised by the European Commission and the Swiss Federal Data Protection and Information Commissioner, known as standard contractual clauses. An example of the data transfer agreements generally used by us is available on the ​website of the European Commission. Please note that such contractual arrangements can partially compensate for weaker or missing statutory protection but cannot rule out all risks completely (e.g. government access abroad). In exceptional cases, transfers to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the execution of a contract.

We retain your personal data:

• for as long as it is required for the purpose of processing and compatible purposes; in the case of contracts, normally for at least the duration of the contractual relationship
• for as long as it is subject to a statutory retention requirement. For example, a ten-year retention period applies to certain data
• for as long as we have a legitimate interest in storing it. This may be the case, in particular, if we need personal data to enforce or defend claims, for archiving purposes, or to ensure IT security.
• by anonymising the personal data and then using it for training purposes for applications using artificial intelligence, e.g. chatbots

Specific examples for retention periods based on our legitimate interest are the following:

• We generally retain contractual data for ten years after the end of the contract, as claims may arise during this time (statute of limitation).
  
• Shorter retention periods typically apply to other data, for example recordings from video surveillance or recordings of certain online processes (log data).
• At specific airports, we typically retain copies of your travel document for 14 days because we regularly need to produce proof to authorities that we have checked the travel documents of passengers travelling from these airports
• Other retention periods mentioned in Section ​​5 and in other privacy statements

“Profiling” refers to the automated processing of personal data to analyse personal aspects or make predictions, e.g. analyse personal interests, preferences, affinities and habits, or predict likely behaviour. Profiling is a common procedure across many industries. Profiling supports us in the specific purposes mentioned in Sections ​​4 and ​5 and is based on the mentioned legal bases. For example, profiling helps us:

• continuously to improve our offers and better tailor them to individual needs (Section ​4.3)
• to present our contents and offers to you in accordance with your needs (Section​4.2)
• to show you advertising and offers that are likely to be relevant for you (Section ​​4.2)
• to support you better with our customer service (Sections ​4.1 and ​5.6)
• to conduct credit assessments (Sections ​5.3 and ​5.4)

There is not yet an internationally recognised definition for “Artificial Intelligence” (AI). As with all new technologies, SWISS is committed to using such technologies in a responsible way. For example, we have tested AI to distinguish passengers boarding the aircraft from crew members and ground staff, and to eliminate miscounts without facial recognition More information is available if you are part of such a passenger count.

We do not make any decision about you that is based solely on automated processing and that has legal consequences for you or significantly affects you in a similar way, unless we inform you about it separately. You would then have the option of having the decision reviewed by a human being.

We take appropriate technical and organisational security measures to safeguard your personal data, protect you against unauthorised or unlawful processing activities and to counteract the risk of loss, unintentional changes, inadvertent disclosure or unauthorised access. However, like all companies, we cannot completely rule out data security infringements; certain residual risks are unavoidable.

Security measures of a technical nature include the encryption and pseudonymisation of data, record keeping, access restrictions and the storage of data backups. Security measures of an organisational nature include training of our employees, confidentiality agreements and audits. We also require our processors to take appropriate technical and organisational security measures (see Section ​7.2).

You have the right to object to data processing in particular if we process your personal data based on a legitimate interest and the other applicable requirements are met. You can also object to data processing at any time in connection with direct advertising (e.g. advertising e-mails). This also applies to profiling where this relates to direct advertising.

You also have the following rights providing the applicable conditions are met and there are no statutory exceptions:

• the right to request information about your personal data stored by us
• the right to have inaccurate or incomplete personal data corrected
• the right to request the deletion or anonymisation of your personal data
• the right to request the restriction of the processing of your personal data
• the right to receive certain personal data in a structured, commonly used and machine-readable format
• the right to withdraw consent with future effect if the processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other people, safeguard interests worthy of protection or comply with legal obligations. If exercising certain rights will incur costs for you, we will notify you of this in advance.

In general, exercising these rights requires that you prove your identity (with a copy of your passport or ID when your identity is not evident otherwise or cannot be verified in another way).

You can exercise these rights:

• by visiting the user account or app your request is related to. For example, in your ​Travel ID profile you can check the current status of most of your master data yourself at any time, withdraw any consent and delete your ​Travel ID profile.
• by unsubscribing from newsletters and other advertising e-mails, typically at the end of the e-mail
• via our ​​contact form for data subject rights. Please note that it may take up to 30 days until you receive our first response.

We are grateful for the opportunity to address any concerns you may have in connection with our data processing. However, you are free to lodge a complaint with a competent supervisory authority.

Enquiries not related to data protection, such as requests or feedback on individual bookings or services, will not be answered or forwarded by our Data Protection team. Please visit our ​Service Centre and use the appropriate contact form, or refer to your SWISS contact if you are representing a business partner.

This Privacy Statement may be changed from time to time and without notice. The current version published on our website will apply.