Privacy Policy

This policy explains why and how Korean Air processes your personal information.

  • What does “Personal Information” mean?

    Personal Information means any information that can be linked directly or indirectly to identified or identifiable individuals.

  • Who is the data controller?

    Korean Air Lines Co., Ltd, whose head office is located 260, Haneul-gil, Gangseo-gu, Seoul (Gonghang-dong), Korea, acts as the data controller of the processing activities relating to the Personal Information referred to in this Policy. This means that Korean Air determines the purposes and means of the processing referred to in this Policy.

    Note that your Personal Information may also be processed as part of processing activities whose purposes and means are determined by other companies – such as, for example, other airlines operating flights you have booked with us, reservation system providers (sometimes known as a Global Distribution System or GDS), hotels or car rentals. In such circumstances, these companies act as data controllers and have their own privacy policy/statement. When your Personal Information is processed by other airline companies than Korean Air, you will find such other airline companies’ privacy statements on the following webpage: https://www.iatatravelcentre.com/privacy.htm Open in new window 

  • What is the scope of this Privacy Policy?

    This Privacy Policy describes the processing and protection of Personal Information relating to Personal Information Subjects.

    • passengers
    • loyalty program (SKYPASS) members
    • users of Korean Air’s website ‘koreanair.com’, mobile site ‘m.koreanair.com’ or mobile application
    • users of Korean Air’s service center or branch offices
  • Why is Personal Information important for us?

    Your Personal Information and your trust in our ability to protect your Personal Information are both key to our business. Korean Air pledges to do its best to protect the privacy and Personal Information of Personal Information Subjects and to prevent any illegal disclosure of Personal Information.

  • What is the key information contained in this Privacy Policy?

    You will find below relevant information, notably, on the Personal Information we process about you, the purposes and legal bases for the processing and your rights. Indeed, Personal Information Subjects are entitled to a number of rights – including a right to access, modify or erase their Personal Information or to restrict the processing of their Personal Information.

    You can access directly the section(s) of this Policy that are of the most interest to you.

  • Where to address inquiries regarding Personal Information?

    Do not hesitate to contact our Data Protection Officer (DPO) if you have any questions on this Privacy Policy by sending an email to privacy@koreanair.com Open in new window  or writing to 9, Bd de la Madeleine 75001, Paris, France. This person has specially been designated to deal with your inquiries regarding Personal Information – in particular in respect of your rights. You will find further details on our DPO in Article 9 “Inquiries concerning Personal Information, and officers in charge of Personal Information protection”

    When you address inquiries or requests to exercise rights, please send us your personal information for us to identify you. The information you send will only be used as a verification of identity and we may ask you to send us your personal information via email if we cannot identify who you are.

    · Full name
    · Details of your request
    · If you are applying on behalf of another person, signed authority from the individual is required.
    · SKYPASS (Korean Air’s frequent flyer program) number, if you are a member

      In case, you cannot remember your SKYPASS number, following information would help us to identify your number:
      - Date of birth
      - Postal address
      - Telephone number
      - On-board details (flight number, date, route, etc.)

    We would also like to inform you that Korean Air will not be able to erase some personal data due to following reasons in accordance with the article 17 of the EU GDPR*.

    EU GDPR: EU General Data Protection Regulation

    · The processing of your personal data is necessary for compliance with a legal obligation.
    · The processing of your personal data is necessary for the establishment, exercise or defense of legal claims.