Privacy Policy

Chapter 1. General Provisions

Article 1. What Privacy Policy Means for Our Users

This policy explains why and how Korean Air processes your personal information. Indeed, Personal Information Subjects are entitled to a number of rights – including a right to access, modify or erase their Personal Information or to restrict the processing of their Personal Information. You will find below relevant information, notably, on the Personal Information we process about you, the purposes and legal bases for the processing and your rights. You can access directly the section(s) of this Policy that are of the most interest to you.

Your Personal Information and your trust in our ability to protect your Personal Information are both key to our business. Korean Air pledges to do its best to protect the privacy and Personal Information of Personal Information Subjects and to prevent any illegal disclosure of Personal Information. Korean Air strictly complies with all domestic laws and regulations, including the Personal Information Protection Act.

Article 2. Definitions of terms

  1. What does “Personal Information” mean?

    Personal Information means any information that can be linked directly or indirectly to identified or identifiable individuals.

  2. Who is the data controller?

    Korean Air Lines Co., Ltd   Open in new window whose head office is located 260, Haneul-gil, Gangseo-gu, Seoul (Gonghang-dong), Korea, acts as the data controller of the processing activities relating to the Personal Information referred to in this Policy. This means that Korean Air determines the purposes and means of the processing referred to in this Policy. Note that your Personal Information may also be processed as part of processing activities whose purposes and means are determined by other companies – such as, for example, other airlines operating flights you have booked with us, reservation system providers (sometimes known as a Global Distribution System or GDS), hotels or car rentals. In such circumstances, these companies act as data controllers and have their own privacy policy/statement. When your Personal Information is processed by other airline companies than Korean Air, you will find such other airline companies’ privacy statements on the following webpage:   Open in new window

  3. What is the scope of this Privacy Policy?

    This Privacy Policy describes the processing and protection of Personal Information relating to Personal Information Subjects.

    • passengers
    • loyalty program (SKYPASS) members
    • users of Korean Air’s website ‘’, mobile site ‘’ or mobile application
    • users of Korean Air’s service center or branch offices.

Article 3. The rights of the subject of Personal Information

Do not hesitate to contact our Data Protection Officer (DPO) if you have any questions on this Privacy Policy by sending an email to or writing to 3 Place de l'Opéra 75002 Paris, France. This person has specially been designated to deal with your inquiries regarding Personal Information – in particular in respect of your rights. You will find further details on our DPO in Chapeter2 - Article 9

When you address inquiries or requests to exercise rights, please send us your personal information for us to identify you. The information you send will only be used as a verification of identity and we may ask you to send us your personal information via email if we cannot identify who you are.

  • Full name
  • Details of your request
  • If you are applying on behalf of another person, signed authority from the individual is required.
  • SKYPASS (Korean Air’s frequent flyer program) number, if you are a member
    In case, you cannot remember your SKYPASS number, following information would help us to identify your number:
    • Date of birth
    • Postal address
    • Telephone number
    • On-board details (flight number, date, route, etc.)

We would also like to inform you that Korean Air will not be able to erase some personal data due to following reasons in accordance with the article 17 of the EU GDPR.

EU GDPR: EU General Data Protection Regulation

  • The processing of your personal data is necessary for compliance with a legal obligation.
  • The processing of your personal data is necessary for the establishment, exercise or defense of legal claims.

Chapter 2. Collection and Use of Personal Information

Chapter3. Provision and Deletion of Personal Information

Supplementary Provision