Privacy Policy

Korean Air processes the following types of Personal Information within the minimal scope of what is necessary in order to provide its services. If you do not wish to provide us with this information, we will not be able to supply our services.

In addition, Korean Air may collect and process additional information intended to provide better services; such additional information is not collected unless Personal Information Subjects have provided their consent. In this case, there will be no negative consequences on the services provided even if a Personal Information Subject has declined to give consent.

At the time of the collection or processing of your Personal Information, Korean Air will expressly indicate what types of Personal Information are mandatory and what types are not, as well as the potential effects on you if you do not wish to provide us with your Personal Information.

1. General and contact information;

   name, CI information (for Korean nationals), date of birth, gender, contact number, email address, mailing address, SKYPASS account number, work information and flight information

2. Travel-related information;

   nationality, passport number, booking reference (known as Passenger Name Record – PNR), itinerary, emergency contact, seating preference, medical needs, and dietary requests.

   Special categories of data or sensitive Personal Information:

   In certain circumstances, you may want to provide us with travel-related information qualifying as special categories of data or sensitive Personal Information. This is the case, in particular, for health and religion-related data (for instance, when you ask for a wheelchair or a religious meal). There might be some borderline cases where the information you provide suggests your health condition or religion. We try to limit the circumstances where we process such sensitive Personal Information. If you want us to process your sensitive Personal Information, Korean Air will be subject to additional requirements, such as relying on a specific legal ground – for example, Korean Air may seek your explicit consent in compliance with data protection law.

3. Payment-related information;

   credit/debit card number(s), expiration date, approval number, bank name and bank account number

4. Personal Information collected on our website;

   in addition to the information listed in the general and contact information—identification (ID), password, access log, cookies and IP address, Location(APP)

5. Information from the use of products or services such as online check-in and self-check-in;

   regulatory passport information, reservation number, e-ticket number, frequent traveler number, telephone number and e-mail address

6. Information from the use of products or services such as online check-in and self-check-in;

   passport information, green card information, KTN(Known Traveler Number)

7. Information from the use of products or services such as online check-in and self-check-in;

   credit card information, Billing Address

8. Personal Information collected on our chatbot;

   Chat conversation contents, SKYPASS account number, User Key

9. Information from the use of SNS login service;

   SNS login account key(de-identified information)

10. Information from the use of Kakao sync service;

    account key(de-identified information), name, CI information (for Korean nationals), date of birth, gender, contact number, email address

When processing Personal Information Subject’s information, Korean Air mainly relies on the following legal bases.

1. Consent of the Personal Information Subject

   This legal basis is relevant when the Personal Information Subject has given consent to the processing of his/her personal data for one or more specific purposes.

   1. Direct marketing

      Various items such as promotional items, mailing of various notifications such as newsletter, provision of customized services, etc. (see Article 6 on marketing activities below for further details).

   2. Special categories of Personal Information voluntarily provided by Personal Information Subject

      You may voluntarily provide us with special categories of Personal Information (see Article 1 above).

      When this is relevant, Korean Air will rely on a specific legal ground – for example, Korean Air may seek your explicit consent.

2. Performance of a contract

   This legal basis is relevant when the processing is necessary for the performance of a contract to which the Personal Information Subject is the party or in order to take steps at the request of the Personal Information Subject prior to entering into a contract:

   1. Service rendered and payment

      Reservation, approval of financial transactions and financial services, verification of bank transactions and banking services, purchases and payments, collection of fees, delivering of airline tickets, and transportation (check-in, boarding, handling of baggage, etc.).

   2. Membership administration

      Member verification for enrollment and membership service details, providing the benefits and services based on service contracts, protection from misuse by members and protection from unauthorized use.

3. Compliance with legal obligations

   This legal basis is relevant when the processing is necessary for compliance with a legal obligation to which Korean Air is subject, such as:

   1. Confirmation on the consent from a legal representative when collecting the information from minors under 14 years old
   2. Providing passenger information to border control and immigration

      When such legal obligations are not imposed by European Union law or an EU Members State law, a processing based on legal obligation will be carried out if it is necessary for the purpose of the legitimate interests pursued by Korean Air or by a third party – provided that the need for complying with such obligation is not overridden by the interests or fundamental rights and freedoms of the Personal Information Subject.

4. Legitimate interests of Korean Air

   This legal basis is relevant when the processing is necessary for the purpose of the legitimate interests pursued by Korean Air or by a third party, such as:

   1. Pre-litigation and litigation

      Record preservation for resolution of the future dispute, complaints and requested issue handling, delivering of notifications.

   2. General marketing and advertisement

      Development and specialization of new services, service offering and advertisements according to the attributes of demographic research, product information by Korean Air and third parties, delivering advertising information and providing the participation opportunity in the events, statistics regarding the use of service.

      For further details on this type of purposes, please refer to Article 6 on our marketing activities.

Korean Air may analyze your Personal Information to ensure that the information, notifications, promotions, and other services provided by Korean Air match your interests. Korean Air retains your boarding history and evaluates information on your recent visits to our website for analytics purposes to understand your interests and deliver personalized offers and other services.

1. Use of the web analysis tools

   Korean Air automatically collects website information (e.g. the number of visits, the number of pages visited, the activity on the website, error messages received) when you visit koreanair.com based on your cookie information. Korean Air also collects Personal Information (e.g. encrypted SKYPASS number, elite level status, gender) of the logged-in members using tags. Technologies such as cookies, tags, and scripts are used to analyze trends, administer the website, to track users’ movements around the website, and to gather demographic information.

2. Personalized information and services

   Korean Air may collect Personal Information (e.g. elite status, reservation, boarding history) and website behavior information (e.g. searched itinerary) for marketing purposes. Korean Air may use collected information to provide personalized offers about benefits and services tailored to your interests. By way of example, Korean Air may provide travel information such as weather, transportation, attractions, etc., based on the upcoming reservation details. When traveling with an infant, Korean Air may suggest relevant services such as special meal requests and inform baggage regulations related to an infant.

3. Korean Air marketing offers / Opt-out

   Korean Air may use your personal data in order to send personalized sales offers. When required by law, Personal Information will only be used for online prospection once your consent has been obtained.

   You may withdraw your consent at any time simply by changing your profile information on your SKYPASS account or by following the instructions on how to “unsubscribe” contained in all emails sent by Korean Air. When you opt in to one or more of Korean Air’s promotional offers, you provide Korean Air with your consent to be added to our email list that will be used to contact you occasionally with promotional emails.

4. Cookies

   In a continued effort to improve the services offered on its website and to meet customer expectations, Korean Air may use “cookies.” These are text files used to identify customers’ devices when accessing Korean Air services.

   By using the Korean Air website, mobile site or mobile application, customers acknowledge that they have read the information available concerning any operation that may electronically access information already stored in an electronic communication device (or mobile device) or store information in this device (cookie), as well as the means available to block these operations. Visitors acknowledge that their browser settings express consent to the transmission and use of cookies.

   For more information on how Korean Air uses cookies, please see our Cookie Management Policy (see Article 7).

Korean Air directly collects Personal Information whenever you use the services provided by Korean Air or by other companies or agents acting on behalf of Korean Air, including traveling, using the website, mobile site or mobile application, or interacting with Korean Air via email, service centers, or branch offices in person.

Korean Air also indirectly collects your Personal Information whenever another entity – such as travel agents, reservation system providers (sometimes known as a Global Distribution System or GDS) or another airline company in the context of an interline booking – provides Korean Air with your Personal Information for the performance of services you have requested to such other entity.

1. What are your rights under data protection law?

   Any Personal Information Subject (and, in the case of children under 14, his/her legal representative) is entitled to (subject to specific local law provisions):

   1. object to a processing on grounds relating to his/her particular situation;
   2. access, modify, rectify or erase his/her Personal Information, or to restrict (in certain circumstances) the processing of such information, and/or to withdraw their consent at any time;
   3. request the portability of his/her data to another controller;
   4. lodge a complaint with a data protection authority (in particular in the EU Member State of his/her habitual residence, his/her place of work or of an alleged infringement of data protection law);

   5. establish instructions in respect of the preservation, the deletion and the transmission of Personal Information after his/her death in accordance with the French data protection legislation (to the extent French data protection law is applicable to you).

      Personal Information Subjects can exercise their rights through the internet website koreanair.com, or via paper form or telephone service. Korean Air will take any necessary measures after confirming identification of the requester.

2. How to modify or withdraw consent at any time?
   1. If you are a registered user of Korean Air website, mobile site or mobile application, you may make changes or retraction of consent (cancellation of membership) by clicking ‘My Dashboard’ > ‘My Profile’ > ‘Edit Profile’ or ‘My Dashboard’ > “My Profile” > Withdrawal” after logging in.
   2. If you are not a registered user of Korean Air website, mobile site or mobile application, you may contact Korean Air service centers or send a letter or visit our branch offices in person. You may find the contact details of service centers or branch offices here.   Open in new window
3. How to file an inquiry or a complaint concerning your Personal Information?
   • For Korean nationals: Who is the person in charge of protecting Personal Information within Korean Air?

     Kenneth Chang, Executive Vice President and CMO, Korean Air.

   • You may exercise your rights by contacting us through the following means:
     • Service Center   Open in new window
     • ‘Voice of Customer’   Open in new window on Korean Air website
     • Korean Air’s Data Protection Officer (DPO):

       Email address: privacy@koreanair.com / Postal address: 3 Place de l'Opéra 75002 Paris, France

   You may contact following services if you have something to report or if you need a consultation regarding the infringement of Personal Information

   • Center for the infringement of Personal Information (http://privacy.kisa.or.kr   Open in new window)
   • High-tech and Financial Crimes Investigation Division, Supreme Prosecutors’ Office (http://www.spo.go.kr   Open in new window)
   • Electronic Cybercrime Report & Management system (https://ecrm.cyber.go.kr   Open in new window)

   When you address inquiries or requests to exercise rights, please send us your personal information for us to identify you. The information you send will only be used as a verification of identity and we may ask you to send us your personal information via email if we cannot identify who you are.

   • Full name
   • Details of your request
   • If you are applying on behalf of another person, signed authority from the individual is required.
   • SKYPASS (Korean Air’s frequent flyer program) number, if you are a member
     * In case, you cannot remember your SKYPASS number, following information would help us to identify your number:

     • Date of birth
     • Postal address
     • Telephone number
     • On-board details (flight number, date, route, etc.)

   We would also like to inform you that Korean Air will not be able to erase some personal data due to following reasons in accordance with the article 17 of the EU GDPR*.

   * EU GDPR: EU General Data Protection Regulation

   • The processing of your personal data is necessary for compliance with a legal obligation.
   • The processing of your personal data is necessary for the establishment, exercise or defense of legal claims.
4. How to keep your Personal Information up-to-date?

   Korean Air recommends keeping Personal Information as up-to-date as possible.

   1. If you are a registered user of Korean Air website, mobile site or mobile application, you may update your Personal Information by clicking ‘My Dashboard’ > ‘My Profile’ > ‘Edit Profile’ after logging in.
   2. If you are not a registered user of Korean Air website, mobile site or mobile application, you may contact Korean Air service centers or send a letter or visit our branch offices in person to update your Personal Information. You may find the contact details of service centers or branch offices here.   Open in new window

To secure the safety of Personal Information from a loss, theft, leak, falsification, or damage, Korean Air employs the following technical, managerial, physical devises according to the Article 30 of the Korean Personal Information Protection Act and Article 32 of the GDPR:

1. Password protected mode for personal data

   Personal Information is stored and managed in password protected mode.

2. Measures against hacking

   Korean Air does its best to prevent customers' Personal Information from leakage or damage by hacking or computer virus. Also, using the access suspension system, unauthorized accesses from outside are controlled.

3. Minimization of number of employees for managing Personal Information and training for them

   Korean Air limits the number of employees working on the Personal Information to the person in charge, and assigns separate passwords for these, which are renewed regularly. Also, through frequent training, Korean Air reinforces the person in charge of protecting Personal Information to comply with this Privacy Policy.

4. Operation of an organization exclusively for protecting Personal Information

   Through an internal organization exclusively for Personal Information protection, Korean Air makes sure that the protection for Personal Information is implemented and the person in charge of it complies with the required policy. In the event that any issues are found, Korean Air takes care of them right away.

5. Children’s Personal Information

   Korean Air collects and uses Personal Information for children under 14 after receiving consents from the legal representative (guardian) of the child. The legal representative may retract from the consent he/she gave through the same manner, and request to access the Personal Information or make corrections. Upon the requests for the retraction of consent or correction of data, Korean Air will make necessary measures immediately after the requester’s identification is verified.