KLM Privacy Policy
- We are Koninklijke Luchtvaart Maatschappij NV (also known as KLM Royal Dutch Airlines or KLM), a Dutch airline with its office at Amsterdamseweg 55, 1182 GP in Amstelveen, the Netherlands.
KLM is part of the Air France-KLM Group. For more information, please see our website under “About KLM”. KLM is responsible for the collection and use of your personal data described in this privacy policy.
We offer our loyalty programmes Flying Blue and bluebiz in partnership with our group company, Air France. Air France (formally: Société Air France, S.A.) is an airline having its registered office at Rue de Paris 45, F-95747 in Roissy CDG Cedex, France. KLM and Air France are jointly responsible for processing your personal data concerning those programmes. We have an arrangement in place that sets out our respective responsibilities for complying with the applicable privacy legislation. In short, we have agreed that you can contact either the Privacy Office of KLM (please see 8 “Your rights” below) or the Privacy Office of Air France if you wish to exercise your rights, or if you have a complaint about the processing of your personal data. KLM and Air France assist one another where necessary, to ensure that you can exercise your rights, and we work together to ensure that your questions and complaints are addressed. We have also agreed that you will be informed about the processing of your personal data in connection with Flying Blue or bluebiz under both this KLM privacy policy and Air France’s privacy policy. You can find Air France’s Data Security and Privacy Policy on its website . 2.1. General
(C) Information about your reservations, bookings, and purchases
We may collect and process the following categories of personal data:
(A) Name, passport number and other identifying data
The data we collect may include your name, title, gender, date of birth, nationality, country of residence, and passport number.
(B) Your contact details and your personal account or registration details
Your contact details may include your address, telephone number, and e-mail address. If you register for a particular service or create a personal account, we may also record your log-in details and other information that you provide on the account or registration form. In the case of unaccompanied minors, we record not only the contact details of their parent(s) or legal representative, but also the contact details of the person who will drop off the child at the airport, and the person who will pick up the child upon arrival. In the case of business travellers, we also collect information about their organisations, such as the organisation’s name and its address.
When you make a reservation or book a flight with us, we process your reservation and booking details. Those details may include information about your flight, prices, and the date of your reservation or booking. In addition, we process information about additional services (such as extra baggage and upgrades) and products you purchase from us (for example in the KLM webshop).
(D) Information about your trip
When you travel with us, we process information about your trip, such as your itinerary, online or airport check-in, mobile or hardcopy boarding pass, and information about your travel companions. We may also record your specific medical needs or dietary requests and any additional assistance you require.
(E) Your membership of our loyalty programmes Flying Blue and bluebiz
When you become a member of our loyalty programmes, we process your membership number, Miles or credits balance, rewards and benefits, type and level of membership, and other information regarding your membership.
(F) Our communication with you
When you send us an e-mail or chat with us online or through social media, we register your messages. If you call us, our customer service will register your questions or complaints in our database. We may also record telephone calls for training purposes or to prevent or combat fraud. We register your communication preferences, for example when you subscribe to or unsubscribe to one of our newsletters or when you choose to receive your booking-related communication (such as your boarding pass and flight status updates) through channels other than e-mail (e.g. WhatsApp, Messenger, or WeChat).
(G) Information we collect when you use our websites, mobile apps, and other digital media
i. When you visit our websites or use one of our mobile apps, we may register your IP address, browser type, operating system, referring website, web-browsing behaviour, and app use. We use different methods to collect this information, including our own cookies and third-party cookies. For more information, please read our cookie policy.
ii. We keep records of whether you open our e-mails, as well as the links you click on in e-mails.
iii. With your consent, we may receive your location data.
iv. You can give us your consent to access certain data stored on your mobile phone, such as photographs and contacts.
(H) Information about social media
Depending on your social network settings, we may receive information from your social network provider. For example, if you sign in to our services using a social network account, we may collect your social network profile, including your contact details, interests, and contacts. We also receive visitor statistics from Facebook in connection with our Facebook fan page. Although KLM and Facebook are jointly responsible for those visitor statistics, Facebook Ireland Limited is your primary point of contact and handles requests to exercise your rights and any complaints you may have. Where necessary, we assist Facebook in responding to your requests or complaints. For more information on the personal data that we receive from social network providers and how to change your settings, please check the websites and privacy policies of the social network providers.
(I) Information you choose to share with us
We process information that you choose to share with us, for example when you share your interests and preferences on our website, leave a comment on our Facebook page, fill out a customer survey, submit an entry for a contest, or register for a campaign or event.
2.2. Special categories of personal data
Some categories of personal data, such as data revealing racial or ethnic origin or health-related data, are deemed to be “special categories of personal data” under the applicable privacy laws. We process this personal data, for example, to provide you with assistance or facilities appropriate to your medical needs during your trip. This privacy policy does not apply to services provided by KLM Health Services. For more information on how KLM Health Services processes your personal data, please read the privacy policy on KLM Health Services’ website .
2.3. Cookies and similar technologies
When you use our website or mobile apps, we collect information using cookies and similar technologies. For more information, please read our cookie policy.
2.4. Specific services, apps, events, contests or campaigns
For specific services, apps, events, contests or campaigns, we may collect other types of data than described in this privacy policy. We will inform you about this when you register for the service, event, contest, or campaign, or when you download the app.3.1. We collect the aforementioned categories of personal data in the following ways:
(A) We collect the personal data you provide to us
When you book a flight with us, create an online account, register for one of our loyalty programmes, leave a message for us on social media, contact our customer service, subscribe to receive our e-mails or mobile push notifications, or register for one of our events, contests or campaigns.
(B) We receive your personal data from your travel agent, our airline partners, and other companies involved in facilitating your trips
We receive your data from these parties to handle your reservations and bookings, and to arrange your trips and purchases. For example, when you book a flight through a travel agent or an online platform, we receive your identifying data, contact details, and booking details from those third parties.
(C) We receive personal data from partners that participate in our loyalty programmes
Our loyalty programmes Flying Blue and bluebiz are offered by KLM and Air France (please also see 1 “Who we are” above). In a number of countries, we offer the Flying Blue programme in partnership with our participating airlines. With our loyalty programmes, you can save and spend Miles and Credits with us, participating airlines and other loyalty partners (including hotels and car rental companies). To that end, we share your personal data with the participating airlines and our loyalty partners. If, for example, you purchase a service from one of our loyalty partners, they share the Miles you have earned with us, so that we can update your balance. You can find a list of the participating airlines and our loyalty partners on our Flying Blue andwebsites. The participating airlines and loyalty partners are independently responsible for processing your personal data. You can find more information on how they handle your personal data in their respective privacy policies.
(D) When you use our website or mobile apps, we collect information using cookies and similar technologies
KLM uses its own cookies and third-party cookies. For more information, please read our cookie policy.
(E) If you use social networks, we may also receive information from your social network provider
For more information, please see 2 “The types of personal data we process” above.
(F) We receive certain information from public authorities or government agencies
KLM receives the names of persons who have been put on a blacklist by the State of the Netherlands or government agencies. For example, the names of passengers who have disembarked at Amsterdam Airport Schiphol and who have been found by the Royal Netherlands Marechaussee to be carrying illegal drugs. For more information, please see 4 “For which purposes we use your data” below.4.1. The main purposes for which we use your personal data are:
(A) To provide our services to you
To handle your reservations and bookings and to arrange your trips and purchases, we must in many cases process the information described above at 2.1 (A) to (F). For example, we need your name, passport number, and other identifying information to issue your ticket. To inform you about changes in your flight status, we would need your contact details. In addition, we need to know your specific medical needs to ensure that you receive appropriate care.
(B) To facilitate our loyalty programmes
To have you or your company benefit from the discounts and rewards under our loyalty programmes, we process your name, contact details, membership information, booking information, purchases, and, where applicable, any communication between us (please see 2.1 (A) to (C), (E) and (F)).
(C) To provide our online services and mobile apps to you
i. For example, we use your name and flight details when you use our app to check in for your flight.
ii. Some of our online services and apps use your location, for example, to show you the nearest location of interest.
iii. To offer you an optimal experience, we analyse your use of digital media, so that we can tailor our communication towards the digital channel or device that you use most (please see 2.1 (G)).
(D) For statistical research
i. General: We research general trends in the use of our services, loyalty programmes, websites, mobile apps, and social media, as well as trends in the behaviour and preferences of our customers and users. We use our research results to develop better services and offers for our customers, improve our loyalty programmes, provide better customer service, and improve the designs and contents of our websites and mobile apps.
ii. Categories of data: To perform our research, we may use the categories of personal data described at 2.1 (A) to (I), including your booking data (such as departure date, arrival date, country of embarkation, destination, cabin class, number and age of passengers), additional services purchased (extra baggage, upgrades), your Flying Blue profile (XP, Miles, membership level) and your personal data (gender, postal code), data we receive from social network providers, and that data that we collect about the use of our digital media. We only use “aggregated data” for our research. This is data that cannot be traced back directly to you, as all directly identifiable elements (e.g. names and e-mail addresses) are removed or encoded and given a number. We take appropriate measures to ensure that only a limited group of employees have access to the analyses.
iii. Examples: If, for example, our research into booking details and data about additional services purchased (extra baggage, upgrades) shows that passengers travelling long distances are more inclined to purchase extra legroom, we may use that information to offer more seats with extra legroom on long-distance flights. We can also use that information to make more relevant offers, for example, by offering extra legroom more prominently for long-distance flights.
iv. Legal basis and right to object: We process your personal data for our legitimate interests described above (please see sub (i) “General”). You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data for statistical research (please see 8 “Your rights” below).
(E) To send you updates and special offers tailored to your interests
i. General: We send personal advertisements and offers to our customers and users who have subscribed to this. You can easily unsubscribe at any time (please see 4.1(E) (v) below).
ii. Types of communication:
– Booking-related e-mails: If you book a flight with us, you will receive multiple e-mails regarding your booking (e.g. your booking confirmation, information about checking in and boarding). Those e-mails contain advertisements and offers tailored to you and your flight.
– KLM e-mails containing updates and offers: You can opt to receive e-mails containing updates and offers tailored to your interests, such as our newsletter. These e-mails contain offers for our own services and services offered by our partners, such as package deals and flight bundles offered by our partners Airtrade and OptionTown. With your consent, we will also send you e-mails on specific occasions, such as a special offer on your birthday or personalised offers for your next trip within a few months after your return.
– Flying Blue and bluebiz e-mails: As a member of our Flying Blue loyalty programme, you have the option of subscribing to receive e-mails from KLM and Air France containing updates about the programme and personalised Flying Blue offers from KLM and Air France, participating airlines, or our Flying Blue partners. Members of our bluebiz loyalty programme will receive e-mails with updates about the programme and bluebiz offers from KLM and Air France or bluebiz partners. You can find a list of the participating airlines and our Flying Blue and bluebiz loyalty partners on the Flying Blue and bluebiz websites.
– Other communication channels: We may use other communication channels to send you personalised advertisements and special offers, such as postal mail, or, with your consent, mobile push notifications or social channels (e.g. Messenger, WhatsApp, or WeChat).
iii. Personalised offers: We aim to make advertisements and offers as relevant as possible for you. To that end, we may analyse the categories of personal data described at 2.1 (A) to (I), including your booking details (e.g. arrival and departure dates, country of embarkation, destination, number and age of the passengers listed in booking, cabin class), additional services purchased (extra baggage, upgrades), your Flying Blue profile (XP, Miles, membership level), your personal data (gender, postal code), the interests and preferences you share with us (such as bucket list, favourite manner of travel, and travel organisation), data that we receive from social network providers, and data regarding the use of our digital media. For example, with your consent, we may send you an e-mail after you return from a trip with offers based on your booking history, to offer you inspiration for your next trip.
iv. Legal basis and right to object: We process your personal data as described in this section for our legitimate interest and the interests of third parties, to send you relevant offers and updates. You have the right to object to the use of your personal data for direct marketing purposes at any time (please see 8 “Your rights” below).
v. Unsubscribe:
– E-mails: You may unsubscribe from our advertisements and offers in our booking and loyalty programme e-mails, and from e-mails to which you have subscribed at any time by clicking on the unsubscribe link in the e-mail. In many cases, you can also unsubscribe by changing your communication preferences in your account. If you unsubscribe, you will only receive e-mails that are necessary to be able to use our services (e.g. your booking confirmation and e-ticket) or to participate in our loyalty programme (e.g. welcome message sent to members).
– Postal mail: You may unsubscribe from receiving personalised advertisements and special offers by postal mail by contacting us (please see 8 “Your rights” below).
– Other communication channels: If you have opted to receive personalised advertisements and offers by means of mobile push notifications, you can unsubscribe by changing your smartphone settings (for mobile push notifications). Visit the website of your social network provider for more information on how to unsubscribe from receiving personalised advertisements and offers through social channels (e.g. Messenger, WhatsApp, and WeChat).
– Contact our Privacy Offices: You may contact us in all cases to unsubscribe from receiving messages containing advertisements and offers (please see 8 “Your rights” below).
(F) For other direct marketing purposes and personalised discounts and offersi. General: This paragraph gives specific examples of how we use your data for other direct marketing purposes and for personalised discounts and offers. We process your personal data with your consent or for the purposes of our legitimate interests or the interests of third parties described in this paragraph. You have the right to withdraw your consent at any time and to object to the use of your personal data for these purposes (please see 8 “Your rights” below).
ii. Linked website behaviour: If you log in to your KLM account or your Flying Blue account on our website, or if you visit our websites via a link in an e-mail, we will link your surf and click behaviour on our websites to your booking details on our data management platform. We use this data to exclude you from further advertising once you have booked a flight.
iii. Abandoned cart: If you break off your booking session on our website, we will send you an e-mail containing a link to your booking session, so you can continue where you left off. You will receive similar e-mails if you break off booking sessions on the websites of our partners Airtrade and OptionTown, which offer package deals and flight bundles. We will only send you such e-mails at your request or if you have agreed to receive updates and special offers from us by e-mail (see 4.1 (E) above). You can withdraw your consent for such e-mails at any time, by clicking on the unsubscribe link in the e-mail, by changing your communication preferences in your account (if available), or by contacting us (please see 8 “Your Rights” below).
iv. Custom audience targeting through social media platforms: You may opt to receive personalised advertisements and offers on the social media platforms you use.
For example, we may participate in the Facebook Custom Audience programme. Among other things, this programme enables us to display personalised advertisements and offers in your newsfeed on Facebook platforms, including Facebook Messenger and Instagram. We can also use this programme to exclude you from advertising campaigns on Facebook platforms, if, for example, you have already received similar advertisements or offers by e-mail.
To enable Facebook to determine whether you have a Facebook account, we share your pseudo-anonymised (hashed) e-mail address with Facebook. We do not share any other data with Facebook. Facebook, in turn, only provides us with aggregated data about the effectiveness of an advertising campaign. This is data that cannot be traced directly back to you. Facebook also does not inform us whether or not you have a Facebook account. This way, we try to make every effort to keep your personal data secure and confidential.
To determine our audience for a specific Facebook campaign, we may use your booking details or the data we collect when you use our websites, mobile apps, or other digital media. In addition, Facebook may use the personal data it collects about you to compile a similar audience. This allows us to reach a new audience through Facebook.
Learn more about how Facebook uses your data for its custom audience programme and how you can control how information about you is used by Facebook to personalise the ads you see. You can also check Facebook’s privacy policy .
We may participate in similar programmes offered by other social media networks, such as Google, Twitter, LinkedIn, Pinterest, Snapchat, WeChat, Kakaotalk, and LINE. Please check the privacy policies of the respective social media networks for more information.
If you no longer want us to include you in the social media custom audience targeting programmes we use, please send an e-mail to KLMPrivacyOffice@klm.com to withdraw your consent. When sending this e-mail, please use the e-mail address for which you would like to withdraw your consent.
You may have given consent for receiving personalised advertisements and offers on social media platforms by agreeing to our cookies policy. Please check our cookie policy to see how you can withdraw your consent.
v. For personalised discounts and offers: We use certain categories of data taken from the flight histories of our customers (e.g. whether you took a flight in your capacity as a private individual or for business purposes, your cabin class, and whether you are a member of our loyalty programmes) to select groups of customers who are eligible for discounts or offers. Based on this data, we may, for example, give a group of customers discount on additional services (e.g. extra baggage, upgrades).
(G) To communicate with you
We use your contact details to communicate with you about our services or loyalty programmes, to answer your questions, or to address your complaints.
(H) To ensure order and safety on board flights
i. Safety, public order or discipline: KLM keeps a list of the names of passengers who have interfered with the safety, public order, or discipline, either on board of its aircraft or on the ground, and in respect of whom KLM has decided that they will not be allowed passage on board KLM aircraft for a specific or unlimited period of time, or only under certain conditions. These persons are personally informed (in writing where possible) about the fact that their names have been placed on this list and how long these special security measures will apply to them. For more information on how to access or rectify this data, please see 8 “Your Rights” below.
ii. Illegal drugs: The names of passengers who have disembarked at Amsterdam Airport Schiphol and who have been found by the Royal Netherlands Marechaussee to be carrying illegal drugs, will be recorded by the State of the Netherlands on a blacklist. KLM receives the names of these persons from the State of the Netherlands. KLM may refuse to enter into any transport contract with these persons for a period of 3 years for direct flights from Amsterdam Airport Schiphol to Suriname, Aruba, Bonaire, St. Maarten, or Curaçao and for direct flights from these countries to Schiphol. You may request permission to access or rectify this data by submitting a written request to that effect to the Royal Netherlands Marechaussee at PO Box 90615, 2509 LP The Hague, the Netherlands. If you reside in Aruba, the Netherlands Antilles, Suriname, or Venezuela, you should enclose a copy of your passport with your written request.
(I)To conduct our business operations or to comply with statutory obligations
We collect, use, and retain your personal data to conduct our business operations, such as for record keeping purposes, to prevent or combat fraud, or to settle disputes. In the case of fraud, we may include your personal data in our internal control and warning systems. In addition, we process your personal data to comply with our legal and tax obligations.
4.2. Specific services, apps, events, contests, or campaigns
For specific services, apps, events, contests, or campaigns, we may use your personal data for purposes other than those described in this privacy policy. We will inform you about those purposes when you register for the service, event, contest, or campaign, or when you download the relevant app.
4.3. Legal basis
We may only process your personal data if we have a legal basis for doing so. In many cases, we need your personal data to process your booking, to arrange your flight or purchases, or to answer your questions (see 4.1 (A) to (C) and (G) above). In those cases, the legal basis for processing your data is “necessary for the performance of a contract”.
If you have consented to a processing (which consent you may withdraw at any time, please see 8 “Your rights” below), we process your data based on that consent.
In certain cases, we may use your personal data if we or third parties have a legitimate interest in doing so. We always weigh all interests carefully: your interests, the interests of others, and KLM’s interests. Based on the latter legal basis, we process your data for, for instance, security, statistical research, or direct marketing purposes, or to offer personalised discounts and offers (see 4.1 (D) to (F), (H) and (I) above for more information).
We may have a legal obligation to process your data, for example to satisfy immigration formalities.
If you refuse to provide the personal data that we need to perform the contract we have concluded with you or to comply with a legal obligation, we may not be able to provide all the services you have requested from us. Consequently, we may have to cancel your flight or we may not be able to provide you with the additional services you have requested. If you provide incomplete or inaccurate information, we may be forced to deny you boarding or entry into foreign territory.- 5.1. General
We may share your personal data with third parties in the following cases:
(A) To facilitate your bookings and trips
To handle your reservations and bookings and to arrange your trips and purchases, we must in many cases share your personal data with our partner airlines, airport operators, and other companies involved in facilitating your trip. Please see also 3.1 (B) under “How we collect your data” above.
(B) For our loyalty programmes and benefits
For more information, see “Who we are” and 3.1 (C) under “How we collect your data”.
(C) Corporate accounts
If you book a flight using your employer’s corporate account, your employer will have access to certain booking details, such as the ticket price, travel dates, and your destination. Your employer is independently responsible for the manner in which it processes your personal data.
(D) For support or additional services
To provide our services, we use support or additional services of third parties, such as IT suppliers, social media providers, marketing agencies, and screening service providers. All such third parties are required to adequately safeguard your personal data and only process them in accordance with our instructions.
Within the Air France-KLM group, our business operations are carried out using centralised databases and systems. Those central databases and systems may be hosted or managed by one group company for other group companies. In addition, for efficiency purposes, certain operational functions may be performed by one group company for other group companies. This means that our group companies may have access to your personal data for these purposes. Our group companies may only process your personal data as required for the relevant business function and in accordance with this privacy policy.
(E) Payment services
To process payments for your trips and purchases, we may work with third parties that offer payment services. In many cases, those payment service providers also conduct fraud checks. These payment service providers have their own privacy policies that apply to the way they use your personal data.
(F) Personalised marketing through social media platforms
For more information, see 4.1 (F) under “For which purposes we use your data”.
(G) To enable our partners to tailor their services to your trip
We may share your non-personalised information (destination, travel date, and duration of the trip) with partners that offer additional services (e.g. hotel accommodations, car rental services) so that they can provide you with offers tailored to your trip. Our partners have their own privacy policies that apply to the way they use your personal data.
5.2. Specific services, apps, events, contests, or campaigns
For specific services, apps, events, contests, or campaigns, we may share your data with third parties other than those described in this privacy policy, for example, when we organise a campaign or event in collaboration with a partner or when we integrate their services into our apps. We will inform you about this when you register for the service, event, contest, or campaign, or when you download the app.
5.3. Government agencies
We may be legally required to collect your identifying data (e.g. passport details) before you travel to another country. We may also be legally required to share your identifying data and your booking and travel information with government agencies in the countries on your itinerary for the purpose of border control, immigration formalities, entering the territory of a State, or combatting terrorism or other serious crime.
5.4. Third-party websites
Our websites and mobile apps contain links to third-party websites. If you follow those links, you will leave our websites or mobile apps. This privacy policy does not apply to the websites of third parties. For more information on how these third parties handle your personal data, please check their privacy and/or cookie policies (if available). - 6.1. KLM takes appropriate technical and organisational measures to protect your personal data against loss or unlawful use.
6.2. We do not retain your personal data any longer than is necessary. How long your personal data is retained, depends on the purposes for which your personal data are processed and the applicable statutory retention periods. - 7.1. KLM may transfer your personal data to countries other than your country of residence. This is done for the purposes of handling your booking or arranging your trip, or because our group companies, partners, or service providers provide their services from other countries. You can find the destinations we fly to on our website under Flight Route Map. The laws of the countries to which we transfer your personal data may not always offer the same level of protection of your personal data.
7.2. If you fly to a destination in a country other than your country of residence, the transfer of personal data to that country is often necessary to provide our services to you. If your personal data need not be transferred to provide our services to you, KLM will ensure that adequate safeguards are in place to comply with the requirements for the international transfer of personal data under the applicable privacy laws. For transfers of personal data to countries outside the European Economic Area, KLM may use European Commission approved Standard Contractual Clauses as safeguards.
7.3. We may be obliged to transfer your personal data to government agencies about your itinerary. Please see 5.3 under “Granting access or sharing data with third parties”. 8.1. You may contact our Privacy Office (please see 8.4 below) to exercise any of the rights you are granted under applicable data protection laws, which includes (A) the right to access your data, (B) to rectify them, (C) to erase them, (D) to restrict the processing of your data, (E) the right to data portability, and (F) the right to object to processing.
(A) Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy.
(B) Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
(C) Right to erasure
You have the right to have your personal data erased, which means the deletion of your data by us. Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed, as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
(D) Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
(E) Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format, and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your personal data directly to the other controller.
(F) Right to object
You have the right to object to the processing of your personal data, which means you may request us to no longer process your personal data. This only applies in case the “legitimate interests” ground (including profiling) constitutes the legal basis for processing (see 4.3 “Legal basis” above). At any time and free of charge you can object to direct marketing purposes in case your personal data are processed for such purposes, which includes profiling purposes to the extent that it is related to such direct marketing. In case you exercise this right, we will no longer process your personal data for such purposes.
8.2. You may withdraw your consent at any time
You may withdraw your consent at any time by following the specific instructions in relation to the processing for which you provided your consent. For example, you may withdraw consent by clicking the unsubscribe link in the e-mail, adjusting your communication preferences in your account (if available), or by changing your smart phone settings (for mobile push notifications and location data).
Next to that, you may contact the Privacy Office of KLM. In relation to Flying Blue or bluebiz e-mails, you may also contact the Privacy Office of Air France.
For more information on how you can withdraw your consent for cookies and similar technologies we use when you visit our websites or use our mobile apps, please check our cookie policy.
8.3. Denial or restriction of rights
There may be situations where we are entitled to deny or restrict your rights as described in 8.2 above. In any case, we will carefully assess whether such an exemption applies, and inform you accordingly. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals, or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply in case the personal data was not provided by you or if we process the data not on the basis of your consent or for the performance of a contract.
8.4. When you would like to exercise your rights, all you have to do is send your request to the Privacy Office of KLM:
KLM Royal Dutch Airlines
Privacy Office - AMSPI
PO Box 7700
1117 ZL Luchthaven Schiphol
The Netherlands
E-mail: KLMPrivacyOffice@klm.com
If you would like to exercise your rights in relation to the processing of your personal data in relation to Flying Blue or bluebiz, you may also contact the Privacy Office of Air France:
Air France
Délégué à la Protection des Données / Data Protection Officer - ST.AJ IL
45, rue de Paris 95747 Roissy CDG Cedex
France
E-mail: mail.data.protection@airfrance.fr.
8.5. You may contact us if you have any questions, comments or complaints about this privacy policy. In the event of unsolved problems, you have the right to file a complaint with the competent supervisory authority. In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague is responsible for monitoring compliance with privacy regulations.- 9.1. This privacy policy took effect on 20 September 2019 and replaced our previous privacy policy of 13 July 2018. This privacy policy is amended from time to time. We will notify you of any changes before they take effect.
