- Voyager séreinement
- C. générales de transports
Privacy policy
Our commitments regarding the protection of personal data
Air Côte d’Ivoire attaches paramount importance to protecting the privacy and personal data of its customers when providing its services, whether accessible via its website, mobile applications, or any other communication channel.
In accordance with the European Union’s General Data Protection Regulation (GDPR), where applicable, as well as national data protection legislation in force, particularly in the Republic of Côte d’Ivoire, Air Côte d’Ivoire acts as data controller and undertakes to ensure that all processing of personal data it carries out complies with the fundamental principles of lawfulness, fairness, transparency, minimization, and security.
On this account, Air Côte d’Ivoire makes the following commitments:
- It ensures that all personal data is processed in strict compliance with the applicable regulatory framework, implementing technical and organizational measures designed to guarantee its security, privacy, and integrity, and to prevent any unauthorized access, alteration, loss, or disclosure.
- It undertakes to inform the people concerned, in a clear and intelligible manner, about the purposes of the processing carried out, the type of data collected, how long it will be stored, and their rights regarding data protection (access, rectification, deletion, opposition, limitation, portability).
- It ensures complete transparency regarding the conditions under which personal data is collected, processed, and, where applicable, transmitted to third parties. No data is transferred outside the organization without prior notification, except where required by law or necessary for the performance of a contract.
- It guarantees that data will not be transferred to third parties for a fee, unless the person concerned has given their explicit and informed consent.
- It offers users control over their personal data through simple and accessible mechanisms, enabling them to manage their communication preferences or withdraw their consent at any time.
- It undertakes to respond quickly and effectively in the event of a security incident, to take all appropriate measures to limit its consequences, and to inform both the competent authorities and the people concerned within the required time frame.
- It considers customer feedback and comments in the context of the process of continuous improvement of its data protection practices.
1. About Us
Air Côte d’Ivoire is a public limited company with a Board of Directors and majority public ownership.
As part of its activities, Air Côte d’Ivoire collects and processes personal data that identifies its stakeholders (customers, passengers, service providers, suppliers, technical and commercial partners, etc.). As an organization that processes personal data, Air Côte d’Ivoire recognizes the need to ensure that the collection, storage, and use of data comply with Law No. 2013-450 of June 19, 2013, on the protection of personal data in Côte d’Ivoire, and with the General Data Protection Regulation (GDPR).
To this end, a Data Protection Officer (DPO) has been appointed to ensure Air Côte d’Ivoire’s compliance with applicable regulations.
Through this personal data protection policy, Air Côte d’Ivoire undertakes to implement legal, technical, and organizational measures to ensure the fair, transparent, lawful, and adequate processing of personal data. This policy reflects all of Air Côte d’Ivoire’s commitments regarding the protection of personal data.
In this policy, the terms “we,” “our,” or “the company” refer to Air Côte d’Ivoire. The terms “you,” “your,” or “yours” refer to the individuals concerned by the processing carried out by Air Côte d’Ivoire.
2. Scope
This privacy policy (hereinafter the “Policy”) governs the processing of personal data by Air Côte d’Ivoire in the context of any interaction with customers, whether it be a reservation, ticket purchase, use of related services, browsing of its website, or use of its mobile applications.
It also applies to exchanges via any official Air Côte d’Ivoire communication channel.
It is strongly recommended that data subjects read this Policy, as well as any specific documents applicable to certain specific processing operations, such as the General Conditions of Carriage and the Cookie Management Policy, to have complete information on the use of their data and their rights.
This Policy is for informational purposes only. It does not constitute a contract or a contractual offer and does not create any legal obligation on the part of Air Côte d’Ivoire beyond the commitments provided for by applicable regulations.
3. Définitions
Data Protection Officer (DPO): Any natural or legal person assigned by the data controller to independently ensure compliance with the obligations laid down for the protection of Personal Data (PD), in accordance with the legislation in force. The DPO is the point of contact between their organization and the Data Protection Authority.
Personal data: Any information of any kind, regardless of its medium, including sound and images, relating to a natural person who is identified or identifiable, directly or indirectly, by reference to an identification number or to one or more factors specific to their physical, physiological, genetic, mental, cultural, social, or economic identity.
PNR (Passenger Name Record): This is information collected from air passengers at the time of commercial booking. It allows the identification of, among other things: the travel itinerary, the flights concerned, the passenger’s contact details on the ground (home and work telephone numbers, etc.), the fares granted, the status of payment made, the passenger’s credit card number, as well as services requested on board such as specific dietary preferences (vegetarian, Asian, kosher, etc.). etc.), the fares granted, the status of the payment made, the passenger’s credit card number, as well as services requested on board such as specific dietary preferences (vegetarian, Asian, kosher, etc.) or services related to the passenger’s state of health.
Data subject: any natural person who is the subject of personal data processing.
Data controller: Any natural or legal person, public or private, any other body or association which, alone or jointly with others, decides to collect and process personal data and determines the purposes for which it is processed.
For the processing operations covered by this policy, the data controller is Air Côte d’Ivoire. This is subject to the identification of one or more other entities as joint data controllers or sole data controllers for specific processing operations.
Processor: Any natural or legal person (company or public body) that processes data on behalf of another body (“the data controller”) as part of a service or provision.
Data processing: Operation, or set of operations, involving personal data, regardless of the process used (collection, recording, organization, storage, adaptation, modification, extraction, consultation, use, communication by transmission or dissemination or any other form of making available, reconciliation).
4. The Categories of Data We Process
The categories of personal data we collect, either directly from you or via third parties, vary depending on the context of the collection and the type of service requested or transaction carried out. These include:
- contact details (postal address, email address, telephone number);
- travel and booking details (itineraries, destinations, flight history, seat preferences, complaints, loyalty program membership number);
- financial and payment data (bank details, transaction history);
- in some cases, sensitive data, such as health information for assisting passengers with special needs or biometric data for access control.
- tracking and security data are processed, including video surveillance, access control, and customer service call recordings;
- professional data (profession, position, frequency of business travel)
- digital and marketing data (cookies, IP addresses, statistical data, website browsing, mobile app usage, interactions with advertising campaigns)
- legal and regulatory data (security checks, information provided to authorities).
These processing operations are carried out in compliance with the GDPR and Ivorian Law No. 2013-450 of June 19, 2013, relating to the protection of personal data in Côte d’Ivoire, with appropriate measures to ensure data security and confidentiality. If we are required to process other categories of personal data in addition to those listed above, we will inform you through our official communication channels.
5. Reservations Made by a Third Party
When someone else makes a reservation on your behalf, this implies that you have authorized that person to provide your personal data and to accept, on your behalf, the terms of this privacy policy. Therefore, please ensure that you have given your prior consent.
Similarly, if you make a reservation for another person, you declare that you have obtained their consent for the disclosure of their personal data.
Finally, if you book a ticket for a minor (under the age of 18), you must be at least 18 years old, have parental authority or the required legal authorization, and have obtained the necessary consent to disclose their personal data.
6. For what Purposes are Your Data Collected?
The purposes for which your personal data are processed are described and defined at the time of data collection. The purposes aimed at by the collection and processing of your data are as follows:
- Management of reservations and passenger transport
This purpose covers the collection and processing of data necessary for booking tickets, issuing tickets, planning flights, and managing boarding and disembarking, to ensure the efficient provision of air transport services. - Billing and payment management
This includes the processing of information necessary for invoicing, financial transaction management, refunds, and the prevention of fraudulent payments. - Loyalty program and marketing management
This includes managing loyalty program registrations, tracking accumulated points and benefits, and sending personalized communications about offers, products, and services based on customer profiles. - Complaint management and customer service
This purpose aims to ensure effective monitoring of requests, complaints, or disputes, to provide personalized assistance, and to guarantee continuous improvement in customer relations. - Management of partners, service providers, and suppliers
This involves managing the data necessary for the execution of contracts, monitoring the services provided, logistics, and coordinating operations between the various external stakeholders. - Access Control and surveillance of facilities
The purpose of this processing is to secure the company’s premises and technical facilities by providing physical or electronic access control and, if necessary, video surveillance. - Management and administration of information systems
This purpose covers the management of access to IT tools, the maintenance of digital infrastructure, the security of networks and databases, and the management of technical incidents. - Fraud and incident prevention
This involves putting in place measures to detect, prevent, and deal with cases of fraud, suspicious behavior, or operational incidents that could compromise the company’s security or interests. - Technical management and maintenance of aircraft
The data may be used to organize, monitor, and record aircraft maintenance operations, ensure their technical compliance, and guarantee flight safety. - Service improvement and performance analysis
This processing allows for the analysis of passenger feedback, consumption trends, and performance indicators to adjust services and optimize the customer experience.
The data collected may be used in aggregate form to better understand customer behavior, adapt commercial offerings, and design new services that meet market expectations. - Flight safety and regulatory compliance
This involves ensuring compliance with aviation safety standards imposed by the competent authorities, including the collection and analysis of data relating to passengers, flights, and security procedures. - Compliance with legal and regulatory obligations
Certain data must be collected or retained to meet the requirements of national or international authorities, particularly in relation to tax, customs, security, or counterterrorism. - Management of relations with airport authorities and organizations
This processing covers the communication of data necessary for the smooth running of airport operations and the coordination of security, control, and passenger reception services. - Communication with customers about promotions, offers, and other information
This purpose is to keep customers informed of new developments, special offers, loyalty campaigns, or any changes concerning their flights or related services.
Personal data is used exclusively for pre-determined purposes that correspond not only to legitimate activities, but also to the legal and regulatory obligations applicable to Air Côte d’Ivoire.
Air Côte d’Ivoire refrains from selling, renting, or transferring in any form whatsoever the personal data processed in this manner.
The company shall refrain from misusing the data for purposes other than those for which it was originally collected.
If we need to use the data for purposes other than those stated above, we will request your prior authorization and inform you accordingly.
7. Legal Basis for Processing (Article 6 of the GDPR and Article 14 of Law 2013-450)
The processing of personal data by Air Côte d’Ivoire is based on several legal bases defined by the General Data Protection Regulation (GDPR) and Ivorian Law No. 2013-450 on the protection of personal data.
- Performance of a Contract
Certain processing operations are necessary for the performance of a contract concluded with passengers, employees, or partners. This includes the management of reservations and boarding, the issuance of tickets, billing, the management of loyalty programs, and the provision of passenger assistance services.
This processing is necessary for the performance of the contract of carriage to which the passenger agrees by accepting the General Conditions of Carriage and the special conditions applicable to loyalty programs. - Legal Obligation
Air Côte d’Ivoire processes certain data to comply with its legal and regulatory obligations. This concerns the transmission of information to airport and customs authorities, compliance with tax and accounting regulations, as well as aviation security and personal data protection requirements. - Legitimate Interest
Certain processing operations are based on the company’s legitimate interest, to ensure the security of facilities and flights (video surveillance, access control), prevent fraud and unpaid bills, improve services, and analyze flight performance. These processing operations are carried out in accordance with the rights and freedoms of the individuals concerned based on the GDPR. - Consent
In certain cases, Air Côte d’Ivoire obtains the consent of the individuals concerned, for sending marketing communications, using cookies on its digital platforms, or collecting sensitive data, such as the specific needs of passengers requiring assistance. Individuals have the option to withdraw their consent at any time.
In addition, Air Côte d’Ivoire has developed specific tools for each type of processing, so that our stakeholders are informed and/or give their consent for the use of their personal data.
8. Who are We likely to Share Your Data with?
Air Côte d’Ivoire shares personal data in accordance with legal provisions and operational requirements with authorized recipients, namely:
- Internal Staff: Data processed by Air Côte d’Ivoire is accessible to authorized employees according to their duties. Reservation agents, customer service, and the information systems department (ISD) may access it as part of their duties.
- External Partners and Service Providers: Certain data may be shared with external parties to ensure continuity of service. This includes partner airlines, travel agencies and other travel and freight service providers, IT service providers, banks and electronic payment service providers, marketing service providers, and data analysis agencies.
When we share data with our partners and service providers, we undertake to contract only with entities that comply with and provide the strictest guarantees of security and privacy.
- Authorities and Regulatory Bodies: In accordance with legal obligations and operational requirements, the Company may be required to disclose data to authorities such as airport services, customs, immigration, and airport security.
In addition, we may be required to disclose personal data if we are legally obliged to do so:
- to law enforcement agencies and bodies responsible for enforcing the law;
- to public authorities or other government representatives in the exercise of their duties.
In addition, your personal data may be shared with other companies, in Côte d’Ivoire or abroad, in the context of a sale, merger, reorganization, or any other change related to our structure. This also includes partner companies, our subsidiaries, or other entities within the same group.
In all cases, we ensure that the individuals or organizations concerned (employees, service providers, partners, etc.) respect the confidentiality of your data and use it only in accordance with our data protection policy.
9. Data Transfer
The personal data processed by Air Côte d’Ivoire is mainly stored in Côte d’Ivoire. However, certain categories of data, in particular passenger name record (PNR) data, may be transferred abroad for processing by international computerized reservation and ticket distribution systems, known as Global Distribution Systems (GDS), such as Amadeus, Galileo, and Sabre.
In addition, we may share your personal data with our agencies, external service providers, and our technical and commercial partners, located both in Côte d’Ivoire and abroad. In the latter case, transfers are mainly made to international stopovers and destinations served by the company, as part of the performance of the air transport contract and related operational obligations.
These transfers are governed by specific contractual commitments and, where applicable, are subject to legal requirements regarding the transfer of personal data outside the national territory.
10. How do We Ensure the Security of Your Data?
To ensure the security of this data, we have implemented and maintained appropriate technical and organizational measures. These measures protect your personal data against destruction, loss, alteration, disclosure, or unauthorized, accidental, or illegal access. Only authorized personnel, public authorities, and service providers have access to personal data on a need-to-know basis. These employees and service providers are contractually bound to treat this information as confidential.
However, Air Côte d’Ivoire cannot guarantee the elimination of all risks of misuse of data. It is therefore important that you, as users of our services, maintain the confidentiality of your login details or travel documents to prevent the unlawful use of your information or identity theft.
11. How Long do We Keep Your Personal Data ?
We keep your Personal Data for no longer than is necessary for the purposes for which it was collected.
In the event of a dispute, the data will be kept until the dispute is finally settled.
We have a data retention policy and a physical and electronic archiving policy. You can request information from the Data Protection Officer (DPO) about how long Air Côte d’Ivoire keeps your data.
12. What are Your Rights regarding Your Personal Data?
In accordance with applicable regulations, in particular the provisions of the GDPR and the Ivorian law of June 19, 2013 on the protection of personal data, you may contact us (see section 12 below) to exercise your rights of access and information, rectification, deletion, limitation of data processing, data portability, opposition, as well as your rights to refuse profiling and withdraw consent.
- Right of Access and Information
You have the right to request confirmation that we are processing personal data concerning you and, if so, to receive a copy of it. When we respond to a request to exercise the right of access, we also provide you with additional information such as the purposes of the processing concerned, the categories of personal data, and any other information relating to such processing.
- Right to Correction
You have the right to request the correction of your personal data if you find that it is inaccurate. You may also, depending on the purpose of the processing concerned, request that it be completed, which may involve providing additional data.
- Right to Erasure
You have the right to request the erasure of your personal data. This right can only be exercised in certain cases, when one of the grounds provided for by the aforementioned Ivorian law and Article 17 of the GDPR applies.
This may include, for example, personal data that is no longer necessary for the purposes for which we collected it or that has been processed unlawfully. If you exercise this right and one of the grounds applies to your request, we will delete your personal data as soon as possible.
- Right to Portability
You have the right to request the provision of personal data that you have directly communicated to us in a structured, commonly used, and machine-readable format, if their processing is automated and based on the collection of your consent or the performance of a contract to which you have subscribed.
This right does not apply to other legal bases for processing. Where applicable and technically possible, you also have the option of requesting the transfer of this data directly to another data controller.
- Right to restriction
You have the right to obtain restrictions on the processing of your personal data. This means that we will mark this data if we store it, with a view to suspending its processing.
This right may be exercised on the grounds set out in Article 18 of the GDPR, when you contest the accuracy of your personal data. This right does not result in their erasure, and we are required to inform you before the restriction on processing is lifted.
- Right to Object
You have the right to object to the processing of your personal data. This means that you can ask us to stop processing your personal data.
For our business, this right only applies in cases where our legitimate interests (including the resulting profiling) constitute the legal basis for the processing (see section 6 “Legal basis” above).
For example, you may object at any time and free of charge to the processing of your personal data for direct marketing purposes, including profiling insofar as it is related to such direct marketing. If you exercise this right, we will no longer process your personal data for these purposes.
When you contact our customer service department, you can also object to the recording of your telephone call for the purposes of improving service quality, preventing disputes, and malicious calls by informing the advisor directly.
- Right to Object to Profiling.
In accordance with Ivorian law and the GDPR, no decision, whether administrative or private, may be based solely on automated data processing aimed at establishing a profile or assessing human behavior. As such, you have the right to object to decisions concerning you being made solely based on automated processing of your personal data, particularly when it comes to defining your profile, behavior, or preferences. Any decision concerning you must include human intervention, and you may submit your comments or contest the decision made.
- Right to Withdraw Consent
When required by law for certain processing purposes (e.g., electronic marketing), your data will only be used after obtaining your explicit consent. You may withdraw your consent at any time by following the specific instructions related to the processing in question.
You can withdraw your consent by clicking on the unsubscribe link in our emails (e.g., Air Côte d’Ivoire newsletter), by changing your communication preferences in your account if the option is available (e.g., by logging into your Air Côte d’Ivoire account), or by changing your smartphone settings for mobile push notifications and location data.
For more information on how you can withdraw your consent from cookies and other similar technologies that we use when you visit our websites or use our mobile applications, please see our cookie management policy.
Note: The rights described above do not apply in all situations. In accordance with applicable regulations, we may be justified in refusing certain requests. For each request, we carefully assess whether such an exception applies and inform you accordingly.
For example, we may reject your request for access if it is necessary to protect the rights and freedoms of other individuals or refuse to erase your personal data if the processing of such data is necessary to meet legal requirements.
The right to data portability does not apply, for example, if you did not provide the personal data or if we process the data on a basis other than your consent or the performance of a contract.
13. How to Exercise Your Rights?
If you wish to exercise your rights, simply send a request by mail, email, or phone call to Air Côte d’Ivoire’s Data Protection Department:
- Air Côte d’Ivoire
- Data Protection Officer
- Abidjan, Port-Bouet, Zone aéroportuaire – Immeuble – Carré Massina
- Phone : +2250720103898
- E-mail address: [email protected]
For more information about your rights or for any other questions, you can contact us by email to consult our procedure for managing the rights of data subjects about personal data protection.
14. Amendment and Application
We may modify this protection policy, in whole or in part, at any time. If we do so, we will publish the updates on our website.
Air Côte d’Ivoire’s Data Protection Officer (DPO) ensures the proper application of this protection policy and strict compliance with the regulations applicable to this matter.
Terms and conditions of carriage
Learn about our Terms and Conditions for a Trip Without Surprises
