Notification of personal data processing
- Who we are
TAROM – Romanian Air Transport Company is an air carrier in Romania operating over 50 destinations and destinations served by code share partners.
- Personal data we process
TAROM is a personal data controller. We process the following personal data categories:
- Name, surname
- Email address
- Phone
- Physical address
- Age group
- Flight itinerary
- Booking number
- Names of other passengers included in your booking
- Flying Blue membership number
- Transaction ID
- Products and services purchased
- Booking price
- Nationality
- Date of birth
- Gender
- Type and series/number of identity document
- Expiry date of identity document
- Country issuing the identity document
- Travel documents required by States of stopovers or by the State of the traveller’s final destination
- Flight details
- Seat number
- Baggage details
- MEDA form – where applicable.
- Unaccompanied “Minor child – Request for transport – Accompanying Notice» form – where applicable.
- Accommodation details
- Requests for refunds/compensation
- Details of lost luggage
- Bank account details
- Records of telephone calls with the Customer Relations department
- Navigation history
- Why do we need this
We need your personal fata for the following processing:
On the legal basis of the execution of contractual clauses in the flight booking process:
- Name and first name – we need this data to be able to create your booking.
- E-mail – the e-mail address we use to send you booking confirmations.
- Telephone – the telephone number we use to contact you with details or changes to your bookings, if necessary.
- Age group – so that we can offer the relevant fare for the age group of the passengers you enter.
- Flight itinerary – to be able to create reservations in the system.
- Booking number – this number is used to identify your booking in the system.
- Electronic ticket number – this unique number is generated to identify your flight in the system.
- Names of other passengers included in your booking – if you are creating a booking for more than one passenger, we need this data. In this case, you become the personal data controller for the passengers you enter in your booking.
- Flying Blue membership number – we use this information to award you Flying Blue frequent flyer miles.
- Transaction ID – in case of online paying, a unique transaction identifier is generated and sent to our partner NETOPIA who manages the electronic payment of your booking.
- Products and services purchased – we use this information to generate the invoice for your booking.
- Booking price – we use this information to generate the invoice for your booking.
On the legal basis of compliance with TAROM’s juridical obligations under the Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data:
- Name, surname – this information is transmitted to the authorities in accordance with the law.
- Nationality – this information is transmitted to the authorities in accordance with the law.
- Date of birth – this information is transmitted to the authorities in accordance with the law.
- Gender – this information is transmitted to the authorities in accordance with the law.
- Type and series/number of identity document – this information is transmitted to the authorities in accordance with the law.
- Expiry date of identity document – this information is transmitted to the authorities in accordance with the law.
- Country of issue of the identity document – this information is transmitted to the authorities in accordance with the law.
In compliance with TAROM’s legal obligations to verify the identity of passengers and to communicate details of passengers to border protection and customs authorities:
- Name, surname – this information is transmitted to the authorities in accordance with the law.
- Email – this information is transmitted to the authorities in accordance with the law.
- Telephone – this information is transmitted to the authorities in accordance with the law.
- Nationality – this information is transmitted to the authorities in accordance with the law.
- Date of birth – this information is transmitted to the authorities in accordance with the law.
- Gender – this information is transmitted to the authorities in accordance with the law.
- Type and series/number of identity document – this information is transmitted to the authorities in accordance with the law.
- Expiry date of identity document – this information is transmitted to the authorities in accordance with the law.
- Country of issue of the identity document – this information is transmitted to the authorities in accordance with the law.
- Flight details – this information is transmitted to the authorities in accordance with the law.
- Place number – this information is transmitted to the authorities in accordance with the law.
- Baggage details – this information is transmitted to the authorities in accordance with the law.
On the legal basis of complying with TAROM’s legal obligations to verify the identity of passengers and to allow only eligible passengers to board the correct flights:
- Name, first name – we use this information to identify you.
- Type and series/number of identity document – we use this information to identify you.
- Expiry date of ID document – we use this information to allow you to board the flight.
- Country of issue of identity document – we use this information to identify you.
- Travel documents required by the country of stopover or final destination – we use this information to allow you to board the flight.
- Flight details – we use this information to allow you to board your flight.
- Seat number – we use this information to allow you to board your flight.
- Baggage details – we use this information to allow you to board your flight.
With your consent, we also process the following personal data for the following purposes:
Travel of unaccompanied children
- Form «Unaccompanied Minor – Request for Transport – Accompanying Notice» – form containing data about the unaccompanied minor, name/surname and contact details of the person handing over the minor on departure and the person who will pick up the minor at the final destination.
Medical clearance for a person with special needs
- MEDA form – form containing medical data about a person with special needs. An information notice and information on the processing of special data is delivered together with this form
On the legal basis of compliance with TAROM’s legal obligations to assist passengers with delayed or cancelled flights
- Under TAROM’s legitimate interest in providing customer service and protecting its rights in court:
- With your consent, we also process the following personal data for the following purposes:
TAROM Newsletter
- Email address – we use this information to send you a newsletter.
Online behaviour
- Browsing history – we share this information with our partners described in the cookies policy in order to deliver personalised offers to you.
- What we are doing with them
Your personal data are processed within the company CNTAR TAROM SA located in Romania. The hosting and storage of your data takes place in Romania on TAROM servers.
Your personal data are also processed by MEDIATEL DATA SRL, a company acting as a proxy for CNTAR TAROM SA providing the electronic management service for call centre operations.
Your personal data are also processed by the airports where your stopovers take place and by the airports of destination of your flights, by the various government authorities responsible for border protection and customs control in the countries of transit and destination, by the institutions in charge of protection against terrorism and crime in the countries of transit and destination and by the institutions responsible for maintaining PIU (Passenger Information Unit) registers. All these entities act as personal data operators.
Your personal data are also processed by Amadeus IT Group, S.A. of Spain acting as processor for TAROM providing Departure Control System services (boarding and check-in).
Your personal data are also processed by SkyTeam Airline Alliance Management Coöperatie U.A. acting as a proxy for TAROM providing services such as mileage credit for Flying Blue members, seamless check-in, seamless seats, Elite Customer Recognition, access to SkyTeam lounges, baggage tracking.
Your personal data are also processed by other airlines operating flights that are part of your itinerary. These airlines are personal data controllers.
Your personal data are also processed by handling companies at the various airports where TAROM flies, acting as processors for TAROM providing baggage and passenger handling services (at boarding, passenger assistance).
Your personal data are also processed by Accelya Solutions India Limited acting as TAROM’s processor providing support services and hosting specialised financial management software for flight operations. The compliance of the international transfer to India is ensured by the Standard Contractual Clauses signed between CNTAR TAROM SA and Accelya Solutions India Limited.
Your personal data is also processed by WorldPay, IATA and Netopia who act as data controllers ensuring the payment management of TAROM ticket reservations. TAROM does not have access to your card payment details.
Your personal data is also processed by Creatory, a marketing agency in Romania acting as TAROM’s processor providing newsletter management services.
Your personal data is also processed by Mediatel Data, a company in Romania acting as TAROM’s personal data processor, providing call management services.
Your personal browsing history data is passed on to our partners as described in the cookie policy. Please refer to the description of these partners on this page.
- How long we keep your personal data
Personal data that are contained in the financial-accounting documents or in documents that are attached to the financial-accounting documents (all data from your bookings are included), will be kept for 10 years according to the provisions of art. 38 of Annex 1 to Order no. 2634/2015 on financial-accounting documents, issued by the Ministry of Public Finance and will not be accessed for any purpose other than the legal purpose for which they are archived. After 10 years these data will be destroyed.
Personal data required for your boarding is kept six months after it is handed over to the authorities.
Your online activity data will be kept for the lifetime of the cookies or until you decide to delete the cookies.
Personal data from the call recordings will be kept for one year based on our legitimate interest to demonstrate that we provided all correct answers to your requests
- Which are your rights?
If you have reason to believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request to see this information, to rectify it or request that it be deleted, to request restriction of processing or to object to processing, and you also have the right to data portability. To exercise these rights please contact us at [email protected]
You have the right to withdraw your consent for the MEDA form and for the «Unaccompanied Minor – Request for Transport – Accompanying Notice» form. To do so, please contact us at [email protected]
For the newsletter, you have the right to withdraw your consent at any time. For this please contact us at [email protected] or unsubscribe directly from the newsletter.
If you wish to submit a complaint about the way we have processed your personal data, please contact the Data Protection Officer at the following e-mail address [email protected] . The Data Protection Officer will contact you to resolve the issue raised.
You can also contact the National Supervisory Authority for Personal Data Processing at www.dataprotection.ro and submit a complaint with them.
Cookie Policy
A cookie is a text file that a site sends to your browser to store on your device. This is done in order to remember information about you: login information, language preferences, etc. These cookies are set by us and called first-party cookies. TAROM also uses third party cookies for marketing efforts.
Specifically, we use cookies and other tracking technologies for the following purposes:
- To help you navigate on our website;
- To assist you in case you need online support;
- To analyse how you explore our products and services;
- For assistance in our marketing efforts, including behavioural advertising;
Below is a detailed list of cookies that we use on our website. Our website is scanned using our cookie scanning tool regularly to keep a list as accurate as possible. We classify cookies in the following categories:
- Necessary Cookies
- Analytics Cookies
- Marketing Cookies
Necessary cookies
These cookies help you use our website, allowing basic functions such as page navigation and access to secure site areas. The website cannot function properly without these cookies
Cookie name | Description | Type | Expiration |
---|---|---|---|
has_js | Check if the browser allows JavaScript | HTTP | session |
consent_cookie-version | Check if the browser allows JavaScript | HTML | 100 days |
test_cookie | This cookie verifies that the browser supports cookies | HTTP | 15 minutes |
Analytical cookies – these are cookies that the site loads for traffic analysis purposes, such as analyzing the pages used or the time spent on the site, information used to improve the quality of the content and services offered. For this website, we use cookies from the Google Analytics system.
Denumire cookie | Descriere | Tip | Expirare |
---|---|---|---|
_ga | Records a unique ID that is used to generate statistical data about how the visitor uses the website. | HTTP | 2 years |
_gat | Used by Google Analytics to calibrate the rate of requests | HTTP | O zi |
_gid | Records a unique ID that is used to generate statistical data about how the visitor uses the website. | HTTP | O zi |
Marketing Cookies
Marketing cookies are used to track visitors to sites. The goal is to display relevant and immersive advertisements for individual users and therefore more valuable to third-party publishers and advertisers.
Cookie Name | Description | Type | Expiration time |
---|---|---|---|
_fbp | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. | HTTP | 3 months |
IDE | Used by Google DoubleClick to register and report the website user’s actions after viewing or clicking one of the advertiser’s ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user | HTTP | 1 year |
Notification of personal data processing for check-in/ boarding
- Who we are
TAROM – Romanian Air Transport Company is an air carrier in Romania operating over 50 destinations and destinations served by code share partners.
- Personal data we process
TAROM is a personal data controller. We process the following personal data categories:
- Name, surname
- Flight itinerary
- Booking number
- Nationality
- Date of birth
- Gender
- Type and series/number of identity document
- Expiry date of identity document
- Country issuing the identity document
- Travel documents required by countries of stopovers or by the country of the traveller’s final destination
- Flight details
- Seat number
- Baggage details
- MEDA form – where applicable.
- Why do we need this
We need your personal data for the following processing:
On the legal basis of compliance with TAROM’s legal obligations under the Council Directive 2004/82/EC of 29 April 2004 on the obligation of carriers to communicate passenger data:
- Name, surname – this information is transmitted to the authorities in accordance with the law.
- Nationality – this information is transmitted to the authorities in accordance with the law.
- Date of birth – this information is transmitted to the authorities in accordance with the law.
- Gender – this information is transmitted to the authorities in accordance with the law.
- Type and series/number of identity document – this information is transmitted to the authorities in accordance with the law.
- Expiry date of identity document – this information is transmitted to the authorities in accordance with the law.
- Country of issue of the identity document – this information is transmitted to the authorities in accordance with the law.
In compliance with TAROM’s legal obligations to verify the identity of passengers and to communicate details of passengers to border protection and customs authorities:
- Name, surname – this information is transmitted to the authorities in accordance with the law.
- Email – this information is transmitted to the authorities in accordance with the law.
- Telephone – this information is transmitted to the authorities in accordance with the law.
- Nationality – this information is transmitted to the authorities in accordance with the law.
- Date of birth – this information is transmitted to the authorities in accordance with the law.
- Gender – this information is transmitted to the authorities in accordance with the law.
- Type and series/number of identity document – this information is transmitted to the authorities in accordance with the law.
- Expiry date of identity document – this information is transmitted to the authorities in accordance with the law.
- Country of issue of the identity document – this information is transmitted to the authorities in accordance with the law.
- Flight details – this information is transmitted to the authorities in accordance with the law.
- Place number – this information is transmitted to the authorities in accordance with the law.
- Baggage details – this information is transmitted to the authorities in accordance with the law.
On the legal basis of complying with TAROM’s legal obligations to verify the identity of passengers and to allow only eligible passengers to board the correct flights:
- Name, first name – we use this information to identify you.
- Type and series/number of identity document – we use this information to identify you.
- Expiry date of ID document – we use this information to allow you to board the flight.
- Country of issue of identity document – we use this information to identify you.
- Travel documents required by the country of stopover or final destination – we use this information to allow you to board the flight.
- Booking number – this number is used to identify your booking in the system.
- Electronic ticket number – this unique number is used to identify your flight in the system.
- Flight details – we use this information to allow you to board your flight.
- Seat number – we use this information to allow you to board your flight.
- Baggage details – we use this information to allow you to board your flight.
With your consent, we also process the following personal data for the following purposes:
Travel of unaccompanied children
- Form «Unaccompanied Minor – Request for Transport – Accompanying Notice» – form containing data about the unaccompanied minor, name/surname and contact details of the person handing over the minor on departure and the person who will pick up the minor at the final destination.
Medical clearance for a person with special needs
- MEDA form – form containing medical data about a person with special needs. An information notice and information on the processing of special data is delivered together with this form
- What we are doing with them
Your personal data is processed within the company CNTAR TAROM SA located in Romania. The hosting and storage of your data takes place in Romania on TAROM servers.
Your personal data is also processed by the airports where your stopovers take place and by the airports of destination of your flights, by the various government authorities responsible for border protection and customs control in the countries of transit and destination, by the institutions in charge of protection against terrorism and crime in the countries of transit and destination and by the institutions responsible for maintaining PIU (Passenger Information Unit) registers. All these entities act as personal data controllers.
Your personal data is also processed by Amadeus IT Group, S.A. of Spain acting as processor for TAROM providing Departure Control System services (boarding and check-in).
Your personal data is also processed by SkyTeam Airline Alliance Management Coöperatie U.A. acting as a personal data processor for TAROM providing services such as mileage credit for Flying Blue members, seamless check-in, seamless seats, Elite Customer Recognition, access to SkyTeam lounges, baggage tracking.
Your personal data is also processed by other airlines operating flights that are part of your itinerary. These airlines are personal data controllers.
Your personal data are also processed by handling companies at the various airports where TAROM flies, acting as personal data processors for TAROM providing baggage and passenger handling services (at boarding, passenger assistance).
- How long we keep your personal data
Personal data that are contained in the financial-accounting documents or in documents that are attached to the financial-accounting documents (all data from your bookings are included), will be kept for 10 years according to the provisions of art. 38 of Annex 1 to Order no. 2634/2015 on financial-accounting documents, issued by the Romanian Ministry of Public Finance and will not be accessed for any purpose other than the legal purpose for which they are archived. After 10 years these data will be destroyed.
Personal data required for your boarding is kept six months after it is handed over to the authorities.
- Which are your rights?
If you have reason to believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request to see this information, to rectify it or request that it be deleted, to request restriction of processing or to object to processing, and you also have the right to data portability. To exercise these rights please contact us at [email protected]
You have the right to withdraw your consent for the MEDA form and for the «Unaccompanied Minor – Request for Transport – Accompanying Notice» form. To do so, please contact us at [email protected]
If you wish to submit a complaint about the way we have processed your personal data, please contact the Data Protection Officer at the following e-mail address [email protected] The Data Protection Officer will contact you to resolve the issue raised.
You can also contact the National Supervisory Authority for Personal Data Processing at www.dataprotection.ro and submit a complaint with them.