PenAir’s Privacy Policy

 

Last updated: January 24, 2019

1. Your privacy is important to us

This Privacy Policy explains how Corvus Airlines, Inc. d/b/a Ravn Alaska (“Ravn Alaska”) and Hageland Aviation Services, Inc. d/b/a Ravn Connect (“Ravn Connect”) collect information from or about you in the course of our providing air transportation products and services (the “Services”), and how we use, share and protect that information. Throughout this Privacy Policy, references to “we,” “us,” “our,” and “Ravn” include both Ravn Alaska and Ravn Connect.

2. Scope

This Privacy Policy applies regardless of the type of device or other means you use to access our Services, and covers information we collect from or about you (i) when you visit flyravn.com (the “Website”) or use any mobile application(s) we may have that link(s) to this Privacy Policy, when you interact with us in-person or through our offline sales channels, such as through a Ravn telephone reservations representative or airport agent, and (ii) when you arrange to use our Services through third-party channels, such as through a travel agency, whether online or offline.

Ravn reserves the right to change this Privacy Policy at any time by posting the updated Privacy Policy on this web page along with the date on which the Privacy Policy was changed. This Privacy Policy is not a contract and does not create any contractual rights or obligations.

3. Information we collect

The information we collect from or about you, either in-person, through our online or offline sales channels, or through a third-party travel agency, may include the following:

  • name;
  • postal address;
  • telephone and fax numbers;
  • email addresses;
  • date of birth and gender;
  • emergency contact information;
  • details of government-issued identification documents (e.g., driver’s license or passport), nationality and country of residence;
  • Known Traveler number and/or redress number;
  • FlyAway Rewards account number;
  • payment information, including but not limited to charge/credit/debit card numbers, billing address and expiration dates;
  • information about your travel as required to facilitate our provision of special requests, including travel companion names and medical information;
  • seating preferences;
  • corporate contract, employer and/or other corporate affiliation;
  • details of your prior travel with Ravn, including previous flights and travel-related issues; and
  • information you provide in response to surveys to enhance and improve our Services.

In some cases, you may have the option to decline providing the information set forth above, however, if you do so, we may not be able to provide all or any of the Services requested.

Additionally, when you visit the Website, we automatically collect technical data, which may include information regarding your Internet browser type, IP address, operating system and geolocation, the average time you spend on the Website, the identity of your Internet service provider, mobile advertising identifier as well as pages you visit and information searched for on the Website. Moreover, our Website uses cookies, tags and other similar technologies (collectively referred to as “cookies”), which allows us to recognize your reference information, keep track of your purchases, and remember your FlyAway Rewards account number. The information we collect via cookies is intended to enhance your visit to the Website and furnish information about our Services to you, tailored to your needs. Most Internet browsers have options that allow visitors to control whether the browser will accept cookies, reject cookies or notify the visitor each time a cookie is sent, but setting a browser to reject cookies may limit the range of features available to you on the Website, and rejecting or disabling cookies will not necessarily limit all forms of tracking capabilities.

Some of the content, advertising, and functionality on our Website also may be provided by third parties, and some of these third parties may collect or receive data about your use of the Website through the use of cookies, which may be combined with data collected from you on different websites and online services to provide interest-based advertisements from us and other companies to you across the Internet, i.e., both on our Website and on other websites and online services, and across different browsers and devices. Some of these third parties may participate in an industry organization that allow users to opt out of receiving interest-based advertising across browsers and devices, including the Digital Advertising Alliance (“DAA”) or Network Advertising Initiative (“NAI”). To opt out through the DAA, visit http://www.aboutads.info; to opt out through the NAI, visit http://www.networkadvertising.org/. Please keep in mind that your opt out choice may only extend to the browser or device you are using when you opt out, so you should opt out from each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising.

Finally, we may collect or receive sensitive personal information, where permitted by applicable law, such as in the following circumstances:

  • when you provide us with medical information when requesting specific assistance (such as the provision of wheelchair service) from us and/or an airport vendor;
  • when you seek to travel with us and have a medical condition or device that necessitates prior clearance; or
  • when you otherwise choose to provide such information to us or the information has been provided to us by a third party through which your booking was made.

By providing personal information that is or could be considered sensitive personal information, you consent to our collection and storage of such information solely for the purposes for which it was provided, and subject to this Privacy Policy.

4. How we use the information we collect

We use the information identified in Section 3, above, for the following purposes:

  • complete transactions and fulfill requests for our Services, including but not limited to the creation of reservations;
  • process payments and refunds;
  • send you updates in the event of changes to your flight itinerary;
  • confirm your identity and prevent fraud;
  • provide assistance during an emergency, including communicating with your designated emergency contact;
  • facilitate your re-booking on another airline in the event of certain flight irregularities;
  • manage and administer our Services, including record-keeping and auditing requirements;
  • ensure the operational reliability of our Website and passenger service systems;
  • improve the performance and delivery of our Services through analysis and research;
  • comply with regulatory requirements or other applicable law, or to establish, exercise or defend against a legal claim, or to protect the rights or safety of third parties, as further described in Section 5, below;
  • send you marketing communications, offers and invitations in connection with our Services; and
  • share your information with our promotional partners for their marketing of their products and services to you.

5. How long we retain your information

We generally retain personal information for so long as reasonably necessary to achieve the purposes set forth in Section 4, above.

6. Third parties with which we share your information

We do not sell your name or other personal information to third parties, and do not intend to do so in the future. We may, however, disclose information about you that we collect or receive to:

  • third parties that process your information on our behalf or assist us in furnishing the Services you have requested (in which case we take appropriate steps to ensure that personal information remains protected and secure); for example, when you purchase a ticket through the Website or offline through a Ravn reservations representative or airport agent, personal information you provide to us may be processed by our reservations system operator, Sabre, Inc.;
  • individuals acting on your behalf, in which case we may obtain your consent in writing for the purpose of allowing someone else to act on your behalf;
  • other airlines for the purpose of serving your travel or flight reservation, or re-booking your travel in the case of certain flight irregularities;
  • our affiliates, which may use your information for various purposes, including marketing their products and services to you;
  • third-party travel suppliers providing accommodations that you have requested we arrange on your behalf, such as hotel or car rental companies;
  • our promotional partners for the purposes described in this Privacy Policy;
  • banks, payment processors and other financial entities for purposes of processing payments and making refunds;
  • persons providing professional services to Ravn, including professional advisors such as attorneys, auditors and technical consultants;
  • passengers traveling under the same reservation as you;
  • government agencies which are required by law to have access to booking or travel itinerary information to administer aviation security, immigration or customs requirements;
  • government agencies, law enforcement officials, courts and other third parties if we determine that such disclosure is required (i) by applicable law, regulation or legal process (such as pursuant to a subpoena or court order), or (ii) to protect and defend our rights, or the rights or safety of third parties, including to establish, exercise or defend against legal claims; or
  • third parties in the event of a sale, merger, public offering, bankruptcy or change in control of Ravn.

7. Protecting your information

Information security is important to Ravn. We maintain physical, electronic and procedural safeguards intended to protect your information. For example, when you book travel or access your FlyAway Rewards account on our Website, we use secure servers to protect your personal information, which is intended to encrypt the personal information that is transmitted between you and our Website. Additionally, the safeguards we employ are regularly reviewed to protect against unauthorized access, disclosure, and improper use of your information, and to maintain the accuracy and integrity of the data. Nevertheless, although we take reasonable steps to safeguard your personal information, Ravn is not responsible for the acts of those who gain unauthorized access to your information and Ravn makes no warranty, express, implied, or otherwise, that we will prevent unauthorized access to your personal information.

8. Minors

Other than information required to complete a booking, Ravn does not knowingly collect personal information from children under the age of 13. If a child under the age of 13 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us by email at reservations@flyravn.com, and we will remove the information and unsubscribe the child from any of our electronic marketing lists.

9. How you can opt out of marketing communications from us

If you do not wish to receive marketing communications about our special offers, you can opt out by emailing us at consumer@flyravn.com.

10. Promotional partners

We want you to be aware of special offers made available to Ravn customers by our promotional partners. You may from time to time receive emails or direct mails from or on behalf of such promotional partners. If you do not wish to receive marketing communications from our promotional partners, you can opt out by emailing us at consumer@flyravn.com.

11. Links

Our Website contains links to third-party sites. We are not responsible for the content or privacy practices of those sites, and this Privacy Policy does not apply to your information collected on such third-party sites.

12. Users from the European Union and Switzerland

This section of the Privacy Policy applies only if you use our Website or otherwise access our Services from a country that is a Member State of the European Union or Switzerland. This section supplements the other information in this Privacy Policy.

To the extent that we are subject to the laws of the European Union or Switzerland when processing personal data (“Personal Data”), Ravn Alaska shall be the “data controller” under such laws. However, when you book a reservation for travel on Ravn but one or more or your flight segments is to be provided by another airline, that other airline will be considered a separate “data controller,” in which case your Personal Data also will be processed in accordance with that airline’s privacy policy and, if your booking is made through a global distribution system (“GDS”), also will be processed in accordance with the GDS operator’s privacy policy. These other privacy policies are available at http://www.iatatravelcentre.com/privacy or from the airline or GDS operator directly. You should read this documentation, which applies to your booking and specifics (for example, how your personal data is collected, stored, used, disclosed and transferred).

We process Personal Data for the purposes set out in this Privacy Policy, as described above. Our legal basis to process Personal Data includes:

  • processing for which you have given your consent for one or more specific purposes;
  • processing that is necessary for the performance of a contract to which you are a party (for example, your travel pursuant to Ravn’s conditions of carriage) or in order to take steps prior to entering into such a contract;
  • processing that is necessary for us to comply with a legal obligation;
  • processing that is necessary to protect the vital interests of you or another person;
  • processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; or
  • processing that is necessary for legitimate interests pursued by us or a third party (for example, to manage our relationship with you and to improve the Website and our Services), provided such interests are not outweighed by your interests or fundamental rights and freedoms under applicable law which require the protection of Personal Data.

Where our processing of Personal Data is based on your consent, and we have no other legal basis to process Personal Data, you have the right to withdraw your consent at any time by emailing us at consumer@flyravn.com provided that such withdrawal shall not affect the lawfulness of our processing based on consent before your withdrawal.

The nature of Ravn’s business means that the Personal Data will be transferred to the United States, such as to Ravn’s servers located in the United States. Also, some of the third parties to whom we disclose Personal Data (as set out above) may be located in the United States and other countries outside of the European Union or Switzerland, including countries that may not provide the same level of data protection as your home country. We take appropriate steps to ensure that recipients of your Personal Data are covered by contractual confidentiality terms and standard data protection contractual clauses to ensure that transferred Personal Data remains protected and secure.

You have certain rights related to your Personal Data, and may be entitled to exercise one or more of the following rights:

  • the right to obtain confirmation from us as to whether your Personal Data are being processed and a copy of such Personal Data;
  • the right to require rectification of your Personal Data without undue delay and the right to have incomplete Personal Data corrected, including by means of providing a supplemental statement;
  • the right to obtain from us the erasure of your Personal Data (i.e., the “right to be forgotten”) without undue delay, if: (a) such data are no longer necessary in relation to the purpose for which they were collected or obtained; (b) you withdraw your consent and we have no other valid legal basis for processing the Personal Data; (c) you object to our processing and either there are no overriding legitimate grounds for the processing or the Personal Data are processed for direct marketing purposes; (d) that Personal Data have been processed for unlawful purposes; (e) the Personal Data have to be erased for compliance with European Union or Member State law to which we are subject; or (f) the Personal Data have been collected in relation to an offer for a service in exchange for remuneration, directly to a child, for the remote processing and storage of data; provided however that clauses (a) through (f) shall not apply to the extent processing is necessary: (i) for exercising freedom of expression and information; (ii) for compliance with a legal obligation under European Union or Member State law to which we are subject or the performance of a task carried out in the public interest or in the exercise of official authority vested in us; (iii) for reasons of public interest in the area of public health; (iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if erasure of the Personal Data is likely to render impossible or seriously impair the achievement of the objectives of such processing; or (v) to establish, exercise or defend against a legal claim;
  • the right to obtain from us restriction on processing your Personal Data, under one or more of the following circumstances: (a) you contest the accuracy of the Personal Data, for a period allowing us to verify the accuracy of the Personal Data; (b) processing is unlawful and, instead of requesting erasure, you request restriction on the Personal Data usage; (c) we no longer need the Personal Data for the purposes of the processing, but you require the Personal Data to establish, exercise or defend against a legal claim; or (d) you object to our processing of Personal Data for purposes we believe are necessary for either the performance of a task carried out in the public interest, our exercise of official authority vested in us, or legitimate interests pursued by us or by a third party, pending verification of whether our legitimate grounds outweigh your interests, rights and freedoms;
  • the right to receive, in a structured, commonly used and machine-readable format, Personal Data you have provided to us, as well as the right to have us transmit such Personal Data to another data controller without our hindrance and where technically feasible, provided: (a) the processing is based on consent you have provided to us or is necessary for the performance of a contract to which you are a party (for example, your travel pursuant to Ravn’s conditions of carriage) or in order to take steps prior to entering into such a contract; and (b) the processing is carried out by automated means; provided furthermore, your exercise of this right does not adversely affect the rights and freedoms of others;
  • the right to object at any time to the processing of your Personal Data: (a) for purposes we believe are necessary for either the performance of a task carried out in the public interest, our exercise of official authority vested in us, or legitimate interests pursued by us or by a third party, in which case we shall no longer process the Personal Data unless we demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or for the establishment or exercise of, or defense against, a legal claim; or (b) for direct marketing purposes which includes profiling to the extent it is related to such direct marketing, in which case we shall not longer process the Personal Data for such purposes;
  • in the context of remote processing and storage of your Personal Data for remuneration, the right to object, by automated means using technical specifications, to such processing and storage;
  • the right to object to the processing of your Personal Data, where processed for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest; and
  • the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where the decision: (a) is necessary for entering into, or performing, a contract between you and us (such as travel on Ravn pursuant to our conditions of carriage); (b) is authorized by European Union or Member State law to which we are subject and which establish suitable measures to safeguard your rights and freedoms and legitimate interests; or (c) is based on your explicit consent.

To exercise these rights, please email us at consumer@flyravn.com. When we receive a request to exercise one of these rights, we will indicate what Personal Data we require from you to validate your identity. Once your identity has been validated, we will respond to your request within 30 days. We also will provide information on the action we intend to take on the request in accordance with applicable law.

If you consider that our processing of your Personal Data infringes applicable law, you may submit a complaint with a supervisory authority.

13. Contact us

If you have questions, comments or concerns about our privacy practices, or if you wish to issue a request to exercise your rights where applicable by law, please contact us at consumer@flyravn.com. Please provide your name and contact information along with the request. Alternatively, inquiries may be mailed to the following address:

Ravn Alaska
Attn: Data Privacy
4700 Old International Airport Road
Anchorage, AK 99502