1.1. This policy explains when and why we collect personal information about our customers, how we use it and how we keep it secure and your rights in relation to it.
1.3. All Personal Information that RB collects, uses and discloses are for the purpose to provide our customers with a safe, smooth, efficient and customized experience with RB. This may include information that you provide to us directly or through companies or agents we work with, as well as information which we collect when you use our services.
2. Legal Basis for Personal Data Processing
2.1. Royal Brunei will only process your personal information where we have a legal basis to do so. Such legal basis are as follows:
- to process your booking, fulfil your travel arrangements and otherwise perform the contract we have with you.
- to use your personal information to operate and improve our business as an airline and travel provider.
- to comply with a legal obligation.
- To protect the vital interests of you or another person.
- Because you have consented for Royal Brunei to process your personal data for such particular purposes in line with the contract we have with you.
3. Information Collected and Purpose
3.1. Personal Information RB Collects:
- Flight booking information e.g., your name, date of birth, gender, passport or other personal identification numbers;
- Contact details e.g., address, email address, phone number, fax numbers;
- Royal Skies loyalty programme details
- Travel arrangements e.g., flight information, meal preferences and seating or other service preferences;
- Health information e.g., medical records or requests;
- Information necessary to facilitate travel or other services, including travel companion(s) names, emergency contacts, medical needs
3.2. Certain categories of personal information, such as that about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection under European Union and UK data protection law and are referred to here as “sensitive personal data”. There are circumstances where we may be obligated to collect and process your ’sensitive personal data’. Examples of such circumstances are as follows:-
- you may have requested services (such as a meal) which may imply or suggest your religion, health or other information.
- You have requested specific medical assistance from us and/or an airport operator, such as the provision of wheelchair assistance or oxygen.
- You have sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant.
3.3. Purposes for Collection, Use and Disclose of Personal Information:
RB may use information we collect to provide the services you request, to keep you informed and to manage our site and records as well as to help us improve these services to you. The main purposes are:
- To process an airline ticket for you.
- To provide services tailored to your requirements.
- We may also send you communications about the services you have previously used, for example, where you experienced some form of issue or problem and we wish to contact you about it proactively in order to resolve it.
- To be able to contact you, if we need more information or to keep you informed of any changes to our flights.
- So that we can retrieve your booking for you and to check you in online.
- To provide in-flight services that best meet your preferences and needs
- To provide you with a more effective and personalized customer experience across all of our website and to serve you with advertisements and other information appropriate to you and your interests.
- We may also use or disclose your information (including to third party companies) to perform charge verifications, report or collect debts owed, fight fraud, or protect the rights or property of RB, our customers or our third-party service providers.
3.4. Where another person makes reservations on your behalf, you undertake and will ensure that you have authorized the disclosure of your Personal Data and consent to the terms and conditions of this Privacy Statement. Where you are booking on behalf of another person, you represent and warrant that you have the consent of those persons to provide their Personal Data.
3.5. In addition where you are booking on behalf of children (those below 18 of age), please ensure that you are over 18, has appropriate authority and consent of their consent whose Personal Data is submitted to the Data User.
4. Data Retention
4.1. RB shall retain customer Personal Information for as long as it is necessary to fulfill the purpose for which it was collected, the legal or business purposes of RB, or as required by relevant laws.
4.2. When destroying customer Personal Information, we will take commercially reasonable and technically possible measures to make the Personal Information irrecoverable or irreproducible in accordance with the applicable laws except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
5. Data Security
5.1. To prevent unauthorized access, we maintain reasonable physical, electronic and organizational procedures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, or unauthorized disclosure or access.
5.2. We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
5.3. For any payments which we take from you online we will use a recognised online secure payment system.
5.4. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
6. Data Transfer
6.1. We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes.
7. Your Rights
7.1. How You Can Access or Change Your Personally Identifiable Information
- If you wish to update any Personal Data you have previously provided, or to exercise any right of access, correction, rectification, deletion, or opposition to the processing of your Personal Data that you may have under applicable law, please contact us via our Customer Support page.
- To protect your privacy and security, we will verify your identity before granting access or making changes to your Personal Data. Any request to access your Personal Data will be answered within a reasonable timeframe. You may also object to the processing of your Personal Data for purposes of advertising and market and opinion research. We reserve the right to charge a reasonable fee for such access in accordance with applicable laws.
7.2. Withdrawing Consent
- Please note that it is obligatory for the Company to process your Personal Data for the Core Purpose as stated above, without which we will not be able to make travel arrangements for you. If we do not have your consent to process your Personal Data for the any of our promotional activities, we will not be able to keep you updated about our future, new and/or enhanced services and products.
- Nevertheless, you may opt to withdraw your consent by unsubscribing from the mailing list, editing the relevant account settings to unsubscribe; or sending a request to [email protected].
8. Personal Data Access Request form
If you wish to gain access to the personal data that we hold about you as an individual, please complete the Personal Data Access Request Form and email to Customer Relation Inquiry at [email protected]
We will endeavour to respond promptly and in any event within one month of the latest of their receipt of your written request or upon receipt of any further information RB may ask you to provide to enable us to comply with your request.
You must also provide copies of at least two documents to prove your identity. These could include your passport, driving license or any other official document showing your name and address. If you are applying on behalf of someone else, you must send us written letter of authority and a copy of the documents for you and the data subject.
When we have received your request form and the correct documents, our data protection officer will consider your request and ask all departments concerned to gather any data they have about you. At this point we will acknowledge your request and advise you the latest date by which we aim to provide this information. When we have collated the data, we will send you a copy of your details by email or post. Please note that all correspondence must be made by written letter or e-mail. Data collected on the form is required to enable your data access request to be processed, and will only be used in connection with such request.
What are cookies?
Cookies are small pieces of text sent by your web browser by a website you visit. A cookie file is stored in your web browser and allows the Service or a third-party to recognize you and make your next visit easier and the Service more useful to you.
Cookies can be “persistent” or “session” cookies.
When you visit our websites, our system automatically collects information about your visit, such as your browser type, your IP address, and the referring website.
Such information is typically collected using web cookies, web or email pixels (also known as beacons), embedded hyperlinks, and similar tools. Popular browsers can generally be set to disable or delete individual cookies. See below for the types of cookies we use and their respective purposes.
- Required Cookies: enable the navigation and basic functionality of the websites, e.g., access to protected areas of the websites.
- Functional Cookies: allow us to analyze your website usage and your selections on the website (e.g. your login name, language, or region), so we can save these settings and offer you a more personalized experience.
- Advertising Cookies: allow us to better assess the effectiveness of our content marketing and advertising efforts. These cookies are provided by our third-party partners to analyze and track site visit and signups stemming from advertising. We do not share your personal information (such as name or email) to third-party providers outside of site visit data collected directly by such Advertising Cookies, though your site visit data may be linked with other personal information collected elsewhere by such third-party providers. Such external data processing is governed by the privacy policies of these third-party providers.
- Third-party cookies: In addition to our own cookies, we may also use various third-parties cookies to report usage statistics of the Service, deliver advertisements on and through the Service.
What are your choices regarding cookies?
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.