Privacy Policy
Our Privacy Promise
Avios Group (AGL) Limited is committed to respecting your privacy and protecting your personal information:
We will act transparently when we collect your personal data and tell you what we will do with it
We will only use your personal information for the purposes described in our Privacy Policy
We will use your personal information to provide you with services you have requested, to enhance your experience with AGL and the Avios Programmes we operate with IAG’s airlines, including British Airways Executive Club, Iberia Plus, AerClub, and Vueling Club.
We will use the information to help us understand you better and so that we can give you relevant offers.
We will look after your personal information and keep it secure
We will respect your information rights and help you to give you control over your own information
Our full Privacy Policy explains in more detail what personal information we collect, how we collect it, what we may use it for and who we may share it with.
You will find some specific examples (underlined) of why and how we use your personal information. If you have any questions please get in touch with us by writing to Data Protection Officer, Avios Group (AGL) Limited, Waterside, PO Box 365, Harmondsworth, UB7 0GB, England or by email to data.protection@avios.com.
Without prejudice to your rights under applicable laws, the above and full privacy policy are not contractual and do not form part of your contract with us.
Controller of Personal Information
AGL is the “Data Controller” of your personal information that is processed in connection with this Privacy Policy. Our address is Avios Group (AGL) Limited, Waterside, PO Box 365, Harmondsworth, UB7 0GB, England.
AGL is part of the International Airline Group (“IAG”) and its role as a Data Controller in the Avios Programme relates primarily to the awarding and redemption of Avios in the following Programmes: British Airways Executive Club, Iberia Plus, AerClub, and Vueling Club. AGL receive, store and process Avios Programme Member Data to administer parts of the Schemes. The Airlines Partners are another Data Controllers with separate responsibilities for the processing of personal information of the Avios Programme Members. Links to their Privacy Policies are provided below:
If you have made a booking, then the party fulfilling that booking is a Data Controller under European Union and UK data protection law.
What do we mean by personal information?
Personal information means details which identify or could be used to identify you, such as your name and contact details, your travel arrangements or purchase history. It may also include information about how you use our websites and mobile applications.
When does this policy apply?
This Privacy Policy applies to the personal information that we collect, use and otherwise process as a member of an Avios Programme, when you use our websites or mobile applications, when you contact our service agents or call centre or when you use our services through our Partners.
How can you keep your personal information secure?
We take great care to protect your personal information. Here are some things you can do to keep your information secure.
Keep your booking reference confidential
When you make a booking, you will be given a booking reference (also known as a PNR or Passenger Name Record). This will appear on the email confirmation or ticket of each person in your booking. You should keep your booking reference confidential always. Giving your booking reference to others allows them to access your booking details.
If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.
Keep your membership log-in details confidential
To make sure your access to our websites, other online services and mobile applications remains secure you should not share your log in details with anyone else. When you finish using the website, online services or mobile application you should log out if others may be able to access your computer or device. This is especially important if you are using a publicly accessible computer.
Be aware of and protect yourself against Internet fraud and “Phishing”
There is a fraud practice known as "Phishing" which is the illegal gathering of personal information by deception. Unsolicited emails are sent to individuals from lists illegally gathered by a third party, and recipients are asked to enter or reconfirm their credentials into a 'cloned' or illegal copy website.
When do we collect personal information about you?
We collect personal information about you when you use our services, become a member of one of the Avios Programmes, make a booking or purchase with us, use our websites or mobile applications, interact with us by email or use our contact centres.
For more information, see 'What types of Personal Information do we collect and retain'
In addition, we may receive personal information about you from third parties, such as:
Companies contracted by us to provide services to you.
Companies involved in your travel plans
Companies in partnership with us that participate in our Avios Programmes
Companies who provide us with your information if you have given prior authorisation.
What types of personal information do we collect and retain?
As a member of an Avios Programme you will need to provide us with your personal details or if you make a booking the details of those individual(s) who will be travelling.
We collect the following categories of personal information:
Online registration and other interactions
Examples include:
We will retain your information if you have registered through an Avios Programme, entered a competition or registered for a promotion.
Information about the services we have provided to you, including travel or Redemption Booking.
Examples include:
Your name, address, email, contact details, date of birth, gender, account details and payment information.
Details of your transactions such as products purchased.
If you make a booking for someone else, we may collect your billing information but may communicate with the other person about their flight or ancillary booked.
Use of our websites, contact centres and mobile applications
Examples include:
To help us to personalise and improve our website we collect information about your searches and the content you have viewed on our website using cookies and similar technologies, such as the website you come from, internet banner advertisements and links which appear on our marketing partner websites.
If you have provided customer feedback.
Card information
Examples include:
When you register valid payment card(s) on the eStore, to enable transaction monitoring to take place to collect ‘in-store’ offers, when available in our Avios Programme.
Your location data when you have visited out websites or mobile applications. This is your IP address. (An IP address (Internet Protocol address) is a numeric code that can act as a unique identifier for your computer or other device – this can be turned off from your device.)
Examples include:
Identifying the country that you are accessing our website or application from enables us to provide relevant content and use an appropriate language.
If we have your permission we may use the functionality on your device (Bluetooth, Wi-Fi and GPS) to determine your location to assist with collection opportunities as well as providing a personalised service (You can access or change this option by amending the location settings on your device).
When and why do we collect ‘sensitive personal data’?
Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and UK data protection law and is referred to here as “sensitive personal data”. Generally, we do not collect or process sensitive personal data unless you have otherwise chosen to provide such information to us.
What do we use your personal information for?
The main purposes for which we use your personal information are:
To deliver the services you have asked for
Examples include:
We will use the data you provide so we can process purchases and take payments
Transaction monitoring of your registered card to enable the awarding of Avios collected in store
Contacting you in relation to your claims of missing Avios
Management and administrative purposes of your Avios Programme
Examples include:
We use your personal information, including your purchase history, for administrative purposes, which may include for example, accounting and billing, auditing, credit or other payment card verification, anti-fraud screening (including the use of credit reference agency searches and payment card validation checks) and systems testing, maintenance and development.
Provide services tailored to you
Examples include:
As a member of one of the Avios Programmes, we provide information to the Airline Partner to personalise the experience you have when collecting or redeeming your Avios.
Analysis and market research
Examples include:
We analyse the way in which our services are used so that we can better understand our customers, improve the services we offer and encourage the use of the full range of our products and services.
Administer your bookings
Examples include:
We will need to use your name, address, email, contact details, date of birth, gender, passport number, account details and payment information so that we can process bookings, fulfil your travel arrangements, take payment, provide information to suppliers to pass onto relevant authorities (such as tax, customs and immigration authorities) and so that our suppliers know who is travelling on a flight.
Updates and service communications
Examples include:
We will send you communications about the services you have booked to use, such as your travel itinerary. These communications will help you get the most from these services and may also contain options and other details about the services you will be using (e.g. advance seating requests, additional baggage and pre-booked meals).
We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it successfully
What is our legal basis for using your personal information?
AGL will only process your personal information where we have a legal basis to do so. The legal basis will depend on the reason or reasons AGL collected or needs to use your information.
Under EU and UK data protection laws in almost all cases the legal basis will be:
to administer our contractual obligations to you as a member of an Avios Programme
when it is in our legitimate interests to use your personal information to operate and improve our business
to comply with a legal obligation
More information on each legal basis is provided below.
Performance of a contract with you
It is necessary for AGL to use your personal information when you join one of our Avios Programmes you agree that your personal data will be used in accordance with that Scheme’s terms and conditions.
It will be necessary for AGL to use your personal information to complete a service you have asked for. For example, we will need to use information such as your contact details and payment information to administer your booking or when you make a purchase through the eStore or in-store to complete our obligations which include the awarding of Avios to your membership account.
Legitimate Interests
As a loyalty programme provider AGL has a legitimate business interest to use the personal information we collect to offer an effective service and carry out our business, which include management and administrative purposes.
Compliance with legal obligations
There are situations where AGL is subject to a legal obligation and needs to use your personal information to comply with those obligations.
How long do we keep personal information?
We will keep your information for as long as we need it for the purpose it is being processed for. For example, where you make a purchase with us we will keep the information related to your transaction, so we can carry our obligations to you and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the purchase. The information may also be retained so that we can continue to improve your experience with us and to ensure that you receive any Avios points which are due to you.
We will actively review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained.
Who do we share your personal information with?
Your personal information may be shared with the companies within our group, which includes International Consolidated Airlines Group S.A (IAG), British Airways, Iberia, Iberia Express, Vueling, Aer Lingus, OpenSkies, British Airways Holidays, BA CityFlyer, IAG Connect and IAG GBS. For more details about our group please visit the website of our parent company, IAG. We share information with them, so they can assist us in providing services to you and to understand more about you. For example, if you have flown with one of the airlines in the IAG Group we may use this information to understand more about the sorts of services you are likely to be interested in.
We may also disclose your personal information to the following third parties:
Airlines and other service providers needed to deliver the services you have asked for.
One of our Airline Partners when you are a member of their Avios Programme, so that we can administer the benefits of the loyalty programme to you.
Our loyalty Partners for the purpose of administering offers and awarding of Avios, including transaction monitoring information when you make a purchase with them.
When registering your payment card(s) with the available eStores, your information will be shared as agreed by you with our transaction monitoring provider or any successors to them.
Credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening
In response to a valid, legal request from Government and law enforcement agencies such as customs and immigration authorities
Third party service providers we are using to provide services that involve data processing, for example, to carry out customer surveys on our behalf
Third parties, such as law firms and law courts, to enforce or apply any contract with you
Third parties, such as the police and regulatory authorities, to protect our rights, property, or the safety of our customers, staff and assets.
We do not sell personal information to third parties, and we only allow third parties to send you marketing information where you have agreed and consented to this.
What countries will your personal information be sent to?
The nature of our business means it is often necessary for us to send your personal information outside the European Economic Area or the UK to administer your travel arrangements. This occurs because our business and the third parties identified in 'Who do we share your personal information with?' have operations in countries across the world. For example, where you are flying outside of the European Economic Area or the UK, your personal information will be transferred to border control and immigration outside of these territories.
In addition, we may transfer your data to parties in countries outside the country in which you are located to provide services to us. This may involve sending your data to countries where under their local laws you may have fewer legal rights.
We ensure that when your personal information is shared outside of UK or the European Economic Area the necessary safeguards are in place to protect your personal information at all times.
Your individual rights in relation to your personal information
Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. Responses to exercise your rights will be provided within one month and generally there is no fee for making these requests. If your request is particularly complicated, we may extend the deadline for responding to three months, but we will let you know if this is the case.
We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. Further explanation of those rights and the exceptions to them are set out below.
Details of how to exercise your rights are set out in the section below 'How to exercise your individual rights'
Your rights include the following:
Marketing – AGL do not send marketing communications. If you no longer wish to receive marketing communications from our Airline Partners, then a request should be submitted to that Airline Partner directly.
Access – You may request access to the personal information that we hold about you.
Processing - You may request us to stop using your personal information where we are doing so under legitimate interests, see the section What is our legal basis for using your personal information' for examples of when that applies, unless it is needed for dealing with legal claims or we have other compelling legitimate reasons that override your rights.
Restriction – You may ask that we restrict the processing of your personal data to a specific purpose or purposes.
Correction - You may ask us to correct your personal information, the 'right of rectification’, if that information is inaccurate.
Erasure - You may ask for personal information which identifies you to be erased, or forgotten. If you are a member of one of our Avios Programmes, we will liaise with that Airline Partner before replying to your request. If you have registered payment cards in connection with transaction monitoring, you may opt-out and delete the payment card(s) you have registered by clicking “Remove” against the registered cards in your eStore profile.
How to exercise your individual rights
If you wish to exercise any of your individual rights set out under the heading 'Your individual rights in relation to your personal information' please contact us at the address below.
When you are seeking access to your personal information please include the following information with your request:
Your name and postal address
How you would prefer to receive the response (email, post)
Details of your request
Any details which may help us locate the information, which is the subject of your request, for example Frequent Flyer programme and membership identifier or telephone recording details (identifier number, the number you call from, the number and option you dialled, the date and time of your call(s)).
We may ask you to provide:
a photocopy of your passport or driving licence, so that we can verify your identity
signed authority from a third party if you are applying on their behalf
Please send your request to:
Email: data.protection@avios.com
Post: Data Protection Officer
Avios Group (AGL) Limited
Waterside
PO Box 365
Harmondsworth
UB7 0GB
Changes to this Privacy Policy
If we make any changes to this Privacy Policy, we will let you know by publishing the updated version on our website.
This Privacy Policy came into effect on 4th March 2024.
Contact Us - Complaints, queries and feedback
If you wish to contact us in relation to this Privacy Policy or you have any concerns, please contact the Data Protection Officer at data.protection@avios.com.
You have a right to complain to your Data Protection Authority. In the UK that Authority is the Information Commissioner whose website and contact details can be viewed here.
You can contact the Information Commissioner’s Office by telephone on +44 (0) 303 123 1113.