Privacy Policy

Delta has a Privacy Team, including a Data Protection Officer, that is dedicated to protecting your privacy. If you have any questions or comments regarding this Privacy Policy or any complaints about our adherence to it, please contact our Data Protection Officer, Renee Lopez-Pineda, at Privacy@delta.com or contact our Customer Care Center by telephone or mail. We adhere to applicable notification requirements and reporting obligations to supervising authorities and/or data subjects regarding violations of this Privacy Policy as required by law.  The substance and time frames applicable to these remedies are set forth in applicable laws.

Additional remedies available in the event of a perceived violation of your privacy rights are discussed in sections 9.7 and section 12 regarding information security safeguards and data breach notification procedures.

3.1 We collect information from you

We may collect and receive information from you, including when you:

• Use or access our Website or App, such as when you enter information during the course of a booking, even if you do not complete the booking;
• Register, create, or modify an online or in-app account with us, including your SkyMiles Partners account and Promotional Partners account, or any account to use our online corporate travel tool(s), communicate with us by email, including when you email us at Privacy@delta.com, telephone, in writing, through our customer services pages, or social media;
  
  
  • Our SkyMiles Partners are hotel, car rental, shopping, dining, vacation, and other businesses with whom you can earn, transfer, or redeem miles in the SkyMiles Program or otherwise qualify for discounts or benefits in connection with SkyMiles membership or Medallion Status. Our Promotional Partners are businesses with whom you may be offered a discount or benefit as a result of your transactions with Delta.
• Use any of our services, including when you travel with us, use airports where we operate, or use any facilities, such as Delta Sky Club lounge facilities, within those airports;
• Through cookies and other tracking technologies on our Website and App (see section 6 below); and
• Are associated to a company we do business with

3.2 Automatic access and data collection from our App

Our App may access certain device information and/or components automatically.

3.3 We collect information from other sources

We may receive your personal information from other airlines, and from travel agencies and your employer or company in connection with your travel booking.

We may also receive your personal information from SkyMiles Partners and Promotional Partners in connection with our SkyMiles Program.

Our suppliers and other businesses we deal with provide us personal information of their representatives.

This Privacy Policy applies to information we receive from those other sources, as well as to information we collect from you or generate about you. Delta is committed to limiting the information collected to what is necessary for the purposes for which the information is collected.

4.1 Information about you and how we use it

This section describes what personal information we collect about you, the purposes for which we use it, and the legal basis under applicable law pursuant to which we process it. Please also see section 4.2 regarding information collected through our App, and section 4.6 regarding our use of sensitive types of information.

4.1.a

4.1.b

4.1.c

4.1.d

4.1.e

4.1.f

4.1.g

4.1.h

4.1.i

4.1.j

We only base our use of personal data on our legitimate interests when we consider that our legitimate interest is not overridden by the individual's interests or rights in the data.

As used in this Privacy Policy, “consent” means any statement or clear affirmative action by which you agree to the processing of personal data for a specific purpose. Please note that where you have provided your consent to us for processing your information, you can withdraw this at any time as described in section 8.

4.2. Information collected through our App

Delta may collect and receive personal information from the App users through the Software Development Tools (SDKs) deployed on the Fly Delta App. Depending on the SDK, the type of personal information collected and received via the SDKs may include, without limitation, the App user’s name, email address, phone number, mailing address, SkyMiles number, credit card information (to the extent a credit card transaction is being made through the App), customer flight information, App usage metrics, and device information such as IP address. Delta may use such information to verify and authorize credit card transactions, to receive feedback about the App and services, and to track and analyze usage of the App. 

Please find below the current list of the Software Development Tools (SDKs) deployed on the Fly Delta App. Delta may update this list of SDKs from time to time if services provided by Delta change.

List of the SDKs deployed on the Fly Delta App as of April 1, 2022: 

• Adobe Marketing Cloud + branch.io plugin 
• Cardinal Commerce
• ForeSee
• American Express

We use push notification tokens in the App to send notifications to your mobile device with updates for flight times, gate changes, and flight cancellations. The App will activate your camera if you choose to take a picture for a parking reminder, and will store the photo for you to look at later. If you choose, the App can access your device calendar to save itinerary information in your personal schedule. It can also bring up your default e-mail program, so you can send notes and reminders while traveling.

At times, we may promote the App via internet advertising on external websites. If you click on these advertisements and navigate directly to a third party application or other platform, information such as your phone’s device identification number may be sent to the advertising network, so that they and we may track the effectiveness of our advertising. This information might also be used for capping the number of times a specific visitor to a website is shown a particular advertisement, estimating the number of unique users, debugging, or security and fraud detection.

4.3. Legal requirements and professional advice

We may also use your personal information where this is necessary to comply with a reasonable request by a law enforcement or regulatory authority, body, or agency, or in the defense of legal claims.

We may also use your personal information when obtaining legal and other professional advice including for audits. We consider this to be in our legitimate interest in the management of our business.

4.4. What if you do not provide information?

In some cases, we are legally required to collect certain information from you so we can provide the services you have requested, such as Secure Flight Passenger Data or Advance Passenger Information when you make a reservation to fly within, into, or out of the United States, or for point-to-point international travel. Failure to provide this information will mean we cannot provide the service.

In some circumstances we need your information to perform our contract with you or to provide products and services, such as payment details and, on occasion, credit checking information. If you do not provide this information, we may not be able to enter into or perform the contract or provide the products and services.

4.5. Authorization on behalf of another customer

When you provide information to us about your travel companions or other individuals (if, for example, you have arranged to make a booking on their behalf), you confirm to us that you have obtained their authorization to provide us their information and their consent to your use of their information in accordance with this Privacy Policy. If you cannot make these confirmations, you must not provide us with any personal information about these individuals.

4.6. Sensitive Information

We may process sensitive or special categories of personal information, such as that relating to health, disabilities, race, ethnicity, political opinions, biometrics, or religion, for the purpose(s) for which it was provided or for which you have provided express consent. For example, we may collect and receive sensitive personal information from you when you:

• provide such information to us, a travel agent, or another third party involved in your travel arrangements at the time of or following your booking;

• disclose to us that you have a specific medical condition, will have an accompanying service animal, or request specific medical care or assistance, such as the provision of an accompanying nurse or wheelchair assistance, from us, an airport, or a third party involved in your travel arrangements;

• make a request that implies or suggests something about you which could be interpreted as sensitive personal information, such as a request for a specific type of meal that may suggest that you have a certain medical condition or hold a particular religious belief;
  
  
• consent to the collection of your digital image to enable our supplier's facial recognition system for lounge access purposes; or

• provide information required by public health authorities or other government agencies as contemplated by 4.1.j.

We occasionally receive personal information from law enforcement agencies and other sources relating to criminal activity (or alleged criminal activity) and may use that information where necessary, and where permitted by applicable law, to detect or prevent unlawful activity occurring during air travel. We consider this to be in the substantial public interest.

We store your information for as long as legally required or for so long as necessary to support business purposes described in section 4 and consistent with our record retention policies. In general, this storage will be (i) at least for the duration of our relationship, (ii) for as long as you can bring a claim against us and for us to be able to defend ourselves, and (iii) for any period required by tax, aviation, and other applicable laws and regulations.

Our App will store user-provided data for as long as you use the related feature of the App, unless you choose to delete the App. Only information provided for travel clearance, purchases, and related activities will be stored in our operational systems as needed to provide your requested services.

6.1. Cookies

Delta uses cookies, tags, and other similar technologies. For simplicity, we refer to all these technologies as "cookies". These technologies allow us to recognize your preference information, keep track of your purchases, remember your SkyMiles number, and facilitate effective Website administration. We use the information we collect to enhance your visit to the Website and to provide you with information tailored to your needs.

Your Internet browser(s) will offer you the option to refuse cookies, but doing so may affect your use of some portions of Delta’s and our SkyMiles Partners' and Promotional Partners’ web services. Please refer to your browser options to learn more about cookie management.

Delta has engaged third party tracking and advertising providers to act on Delta's behalf to track and analyze your usage of our Website through the use of cookies, pixel tags / web beacons, and similar technologies. At our request, these third parties collect, and share with us, usage information about visits to our Website, measure and research the effectiveness of our advertisements, track page usage and paths followed during visits through our Website, help us target our Internet banner advertisements on our Website and on other sites, and track use of our Internet banner advertisements and other links from our marketing partners' sites to our Website. To learn about the available mechanisms for opting out of cookies and technologies related to interest-based advertising, see the descriptions and links in the table below.

Our Website and App are not configured to read or respond to “do not track” settings or signals in your browser headings or mobile device settings, which vary by provider. In lieu of a browser- or device-based opt-out solution, we have identified in the table below certain Digital Advertising Alliance and other approved methods for placement of “opt-out” cookies. Our Website and those of our third party advertisers or other vendors are configured to read and honor these opt-out cookies, so long as they are present on your computer or device. If you delete all cookies, you will need to reset your opt-out cookies. Please be aware that Delta does not control these opt-out processes.

6.2. Types of cookies and tags on our Website

We use these kinds of cookies and tags on our Website and App:

6.3. Website tracking preferences and opt out

To opt out of first party tracking (that is, tracking with cookies placed by Delta) on our Website, you may choose from these options:

• Click here to opt out of Adobe analytics and usage tracking on our Website
  
  
• Click here to opt out of content targeting on our Website
  
  

To opt out of third party tracking (that is, tracking with cookies placed by persons other than Delta):

• Click here to opt out of tracking by Network Advertising Initiative members
  
  
• Click here to opt out of tracking by Digital Advertising Alliance members if you are a US resident and here if you are an EU/UK resident
  
  
• Click here to opt out of the Google Ad Network (DoubleClick,  AdSense)
  
  
• Click here to opt out of Google Analytics
  
  
• Click here to opt out of Adobe Site Services

7.1. In general

We do not sell your name or other personal information to third parties, and do not intend to do so in the future.

We may disclose your information we collect or receive:

• To third parties to process your information on our behalf, or to assist us in providing our services and/or products, such as our customer care center operators and providers of technical services such as data centers, biometric verification services, and online tools.
  
  
• To the party providing the service or product when you request or purchase services or products through Delta that are to be provided by another party (for example, a travel segment on another carrier, hotel accommodations, or rental car).
  
  
• To you or those acting on your behalf. Where local regulations require, we may obtain your consent in writing for the purpose of allowing someone else to act on your behalf.
  
  
• To our SkyMiles Partners, Promotional Partners and other Delta Group Companies for the purposes described in and in accordance with this Privacy Policy. Further information regarding Delta Group Companies is available in Delta’s filings with the U.S. Securities and Exchange Commission, including SEC Form 10-K.
  
  
• To other airlines, including members of our SkyTeam alliance, for the purpose of servicing your travel, servicing your flight reservation, recognizing your loyalty program status, rebooking your flight in the event of an unexpected disruption in your travel, or protecting crewmembers, customers, and the overall safety and security of our flight operations and those of our alliance partners.
  
  
• where your SkyMiles Program account is associated with your employer’s or corporate business account, or when you use your employer’s corporate account, SkyBonus/SkyMiles for Business number or a corporate form of payment to book your travel, to that employer or company, to third party expenses administration providers, to suppliers of corporate travel assistance services, to travel agencies and corporate travel managers through which your travel was arranged, and to duty of care providers.
  
  
• To banks, financial firms and payment services for the purposes of processing payments and refunds.
  
  
• To government agencies and authorities, law enforcement officials, law courts, or to third parties: (a) if we believe disclosure is required by applicable law, regulation or legal process (such as pursuant to a subpoena or judicial order); or (b) to protect and defend our rights, or the rights or the rights, health, or safety of third parties, including to establish, make, or defend against legal claims; or (c) in the interest of public health and safety.
  
  
• To customs and immigrations authorities, which require by law access to booking and travel itinerary information including "Advance Passenger Information" (passport and associated personal information) for all customers prior to travel.
  
  
• To customers traveling under the same booking as you.
  
  
• To persons providing services to Delta, including its professional advisers (e.g. auditors, lawyers, and technical consultants).
  
  
• To persons with whom we are discussing selling any part of our business or to whom we sell any part of our business.

We may share with third parties anonymous, aggregated information about all our users.

If your ticket is purchased pursuant to a corporate incentive agreement, we may disclose information concerning your travel to your employer or corporate travel manager.

When you use the App, a unique ID (which varies by device manufacturer and operating system) is read from or associated with your device to be used as an anonymous identifier for analytics and performance purposes. This ID might be generated by or shared with third parties providing us with analytics services, such as Adobe.

If you have questions about third parties with whom Delta may disclose information, please email Privacy@delta.com

7.2. Social Media and Messaging Platforms

You may wish to share information regarding your travel or other activities with Delta on social media and messaging platforms provided by third parties. To utilize social media and message sharing features, you will be prompted to grant permissions within those third-party platforms, as you choose. For example, you will need to allow account login and publishing permissions. If you choose to contact or interact with us on a third-party social media or messaging platform, you understand that you are responsible for reviewing and understanding the terms and conditions, information security practices, and privacy policy applicable to the third-party platform, and that Delta is not responsible for how third-party social media and messaging platforms use, share, or protect your information. The activity on third-party social media and messaging platforms, and the data processed, stored, and provided on them, including data regarding interactions with Delta, is governed by the terms and conditions, information security practices, and privacy policy of those third-party platforms.

7.3. Disclosure of personal information to customers traveling under the same booking

When you make a booking, you will be provided with a booking reference such as a confirmation number or record locator number. Your booking reference should be kept confidential at all times. Disclosing your booking reference to other customers may allow them to access your booking details through our systems. If you are traveling with others under the same booking and would not like your individual booking details to be disclosed to them, you may prefer to have each person make and pay for separate bookings.

7.4. Optional biometrics services 

Delta offers eligible customers, including eligible customers flying on Aeromexico, Air France-KLM, or Virgin Atlantic, the ability to improve their airport experience using optional biometrics services, including facial comparison technology, at participating airports.

You may choose to use facial comparison technology for identity verification, including at flight check-in, bag drop, and boarding gates. If you choose to use facial comparison technology, your image is taken when you would otherwise present another form of identification. The image is encrypted and sent to U.S. Customs and Border Protection (CBP) for the purpose of verifying your identity. If CBP determines that the image matches images associated with your passport or images in CBP's database, CBP transmits a unique identifier back to Delta through an encrypted channel. Delta may associate the unique identifier with other information about you, such as your name and flight number, for the purpose of providing the relevant service. Delta does not receive any biometric information.  

For more information about CBP’s facial comparison technology, see the CBP Traveler Verification Service Privacy Impact Assessment. Please note that if you choose to use facial comparison technology at TSA check points or during CBP processing, TSA and CBP control the processing of your personal information, and this Privacy Policy does not apply.

7.5. Contact Tracing

To promote healthy travel and prevent the spread of COVID-19, all Delta customers entering the United States, including U.S. passport holders, are encouraged to provide contact tracing information. Participation in contact tracing is voluntary unless specified by a specific flight, country, city or region.  The Centers for Disease Control and Prevention (CDC) in collaboration with U.S. Customs and Border Protection (CBP) supports domestic COVID-19 control efforts by making contact information for customers traveling internationally available to state and local health departments to contact you and provide follow-up instructions for testing and/or potential quarantine.  Delta shares this information with the CDC via CBP utilizing established channels for the Advance Passenger Information System (APIS).   For more information, go to www.CDC.gov or www.CBP.gov, or see CBP’s Privacy Impact Assessment for the Advance Passenger Information System for details about how CBP uses APIS information.

7.6.   COVID Tested Flights

As part of the Delta CareStandard^SM  and with guidance from trusted medical partners, Delta flights labeled as “COVID-Tested” require customers to consent during purchase to COVID-19 testing and for select flights must also consent to submit contact tracing information as a condition of boarding the COVID-Tested flight.  For more information go to https://www.delta.com/us/en/travel-update-center/covid-tested-flights/italy-covid-tested-flights.  

COVID-19 testing: Information related to your COVID-19 test, including test results and related demographic information, such as your name, contact information and date of birth (“COVID-19 Test Information”), may be used for administration of Delta’s COVID-19 testing program, including, but not limited to, for purposes of monitoring, quality control, auditing, analysis, and reporting to a government authority, and you understand that your COVID-19 Test Information may be shared with Delta, any third party acting on Delta’s behalf in connection with COVID-19 Testing Program and any U.S. or non-U.S. local, state or national government agency or authority for public health reasons, or as otherwise required by applicable law.  Delta also collects contact tracing information for select Delta flights labeled as “COVID-Tested”; for more information, see section 7.5.

7.7.   Unaccompanied Minors

When children travel alone on our flights, we take every step to make sure the child is safe.  Delta may disclose information pertaining to an unaccompanied minor’s itinerary, for example, in ensuring the safety and security of the child traveling on Delta flights, complying with applicable law and regulations, and coordinating transportation and other services with the child’s parents or guardian.

If you believe that any information we hold about you is incorrect or incomplete, or if you want to change your marketing preferences, you have a number of options:

• You can log in and visit our SkyMiles Partners and Promotional Partners on our Website if you want to modify your subscription, email or contact preferences.
  
  
• You can withdraw consent you have given us to process your information at any time by opting out in your SkyMiles Profile, or by contacting us by using the Email Us page.
  
  
• You may contact us by using the Email Us page if you have questions about removing your name from our subscription lists.
  
  
• You may call our Customer Care Offices at +1-800-455-2720 if you have any questions about changing your contact preference or require assistance in removing your name from our subscription lists.
  
  
• Assistance in changing contact preferences for those with disabilities is available at +1-404-209-3434.

We will make reasonable efforts to revise any information that is incorrect, or update or change your information or preferences as we are required to do by applicable law.

Please see section 6 regarding consents to cookies and tracking.

This section 9 applies only to individuals in the European Union, UK and other countries which grant the rights described here. These rights will apply only in certain circumstances.

9.1. Requesting a copy of your information

To the extent you are legally entitled, you can request confirmation of whether or not we process your personal information, and details of the information that we hold about you and how we use it.

You also have a right to access your personal information and to be provided with a copy.

9.2. Right to rectification of personal data

If you believe that the personal data we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete.

9.3. Right to restrict processing of personal data

You have the right to request that we restrict processing of your personal information where one of the following applies:

• You claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.

• The processing is unlawful, but you do not want us to erase the personal data.

• We no longer require the personal data for the purposes of processing, but you still need it in connection with a legal claim.

• You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing

9.4. Right to request deletion of personal data ("right to be forgotten")

You may request the erasure, suspension of processing or anonymization of your personal information in certain circumstances. For example, you may request erasure, suspension of processing or anonymization if:

• The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
  
  
• You have withdrawn your consent and we have no other legal basis for processing the personal information.
  
  
•  You have exercised your right to object to processing the personal information, and we have no overriding legitimate grounds to continue processing it.
  
  
• The personal information is excessive for the purposes for which it was collected or otherwise processed. 

Under certain circumstances, we may refuse a request for erasure, suspension of processing or anonymization, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims.

If you exercise your right to erasure or anonymization, this will potentially remove records which we hold for your benefit, such as your SkyMiles account information (including miles that may be in your SkyMiles account) and your presence on a marketing suppression list.

9.5. Right to object to processing of personal data

You have a right, at any stage, to object to our using your personal information to send you marketing information.

You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.

9.6. Right to data portability

This right applies where:

• Our reason for using your personal information is either that you have given consent or that the processing is necessary for us to perform a contract with you; and

• We process the personal information by automated means.

This is a right to receive all the personal information which you have provided to us in a structured, commonly used, and machine-readable format and to transmit this to another controller directly, where this is technically feasible.

9.7. Complaints to regulator

You have a right to complain to a supervisory authority (i.e., a regulator which oversees data protection law compliance), for example, in the UK or the European Union country where you live or work or where you believe we have infringed your privacy rights.

9.8. Rights Applicable Only in Brazil

9.8.1. Right to request information concerning data transfer

You have the right to request information identifying the public and private entities with which your personal information has been shared.  

9.8.2. Information on Right to Deny Consent

You have the right to request information concerning the consequences of not giving your consent. 

9.9. Exercising these rights

We may charge you a small administration fee to respond to your request as allowed by applicable law. In general, we do not charge any fee where the right is based on European Union law, UK law, the Brazilian General Data Protection law, and other applicable laws. (We can charge an administrative fee for extra copies of your information and in certain exceptional circumstances.) 

Where we receive a request to exercise one of these rights, we will provide information on the action we take on the request without undue delay and in any event within one month of receipt of the request. This time may be extended by a further two months in certain circumstances, for example, where requests are complex or numerous.

Where we do not carry out your request, we will tell you without delay and in any event within one month of receipt of the request, and we will explain our reasons for not taking the action requested.

Any request you make must be in writing and include your name and address and any other information that may identify you, such as where your request relates to a travel booking, please provide your booking reference (e.g., confirmation number or record locator number), SkyMiles Account number if you have one, the dates on which the travel took place, and any other relevant information that will assist us to identify your booking. You must also provide a photocopy of your passport or driver’s license so we can verify your identity. Please send your written requests to:

Data Protection Officer
1030 Delta Blvd
Department 981
Atlanta, GA 30354, USA

Or, you can submit this request to our Data Protection Officer by emailing us at Privacy@delta.com.

9.10.  Representation

As regards Delta's personal data processing activities regulated by the UK GDPR, Delta has appointed its branch at Metro Building 1, Butterwick, London as its UK representative.

As regards Delta's personal data processing activities regulated by the GDPR, Delta has appointed its branch at Vertrekpassage 1 – 110, 1118 AP Schiphol, The Netherlands as its European Union representative.

As regards Delta’s personal data processing activities regulated by the China Personal Information Protection Act, Delta has appointed the following branches as its representatives:

Room 2105 and 2106, Yueyang Plaza, 1601 Nanjing West Road, Jing'an District, Shanghai

Room 1008, Beijing Kerry Centre South Tower,No.1 Guanghua Road, Chaoyang District, Beijing, PR China

Other than information required to complete a booking, Delta does not knowingly collect personal identifiable information from children under the age of 13. If a child under 13 has provided us with personal information without parental or guardian consent, the parent or guardian may contact us by emailing us at Privacy@delta.com. We will remove the information and unsubscribe the child from any of our electronic marketing lists. Where required by applicable law, we may ask children for consent from their parents or guardians before we book their flight or provide a product or service to them.

Our Website contains links to other sites. We are not responsible for the content or privacy practices of those sites, and Delta’s Privacy Policy does not apply to information collected from you by those sites. We encourage you to read the privacy statements of each site that collects information from you. When you are leaving our Website via a link to interact with a site that is not governed by this Privacy Policy, a new browser window will open.

Information Security is important to Delta. We have established appropriate physical, electronic, and managerial safeguards to protect the information we collect in accordance with this Privacy Policy. These safeguards are regularly reviewed to protect against unauthorized access, disclosure, and improper use of your information, and to maintain the accuracy and integrity of that data.  In the event of a data breach, we adhere to data breach notification requirements and incident reporting obligations to supervising authorities and/or data subjects, as required by applicable laws. The substance and time frames applicable to these remedies are set forth in applicable laws.  Please note that your information may be processed on third-party infrastructure that is not owned by Delta or its affiliates.

Delta is based in Atlanta, Georgia, USA and we may transfer personal information in compliance with applicable law to the US and other jurisdictions where Delta provides services.

Some of the countries where Delta operates or where third parties operate on behalf of Delta may not have the equivalent level of data protection laws as those in your location. If we need to transfer personal data from your location to such countries, we will take steps to make sure your personal data continues to be protected and safeguarded. In particular, we may require parties to whom we transfer your data to agree to abide by suitable contractual obligations, such as, in the case of transfers from the EU or UK,  the Model Clauses approved by the European Commission and permitted under Article 46 of the European Union General Data Protection Regulation ("GDPR") or the UK secretary of state or under other relevant body. If you would like to obtain the details of such safeguards, you can request them from the Data Protection Officer at Privacy@delta.com. In some limited circumstances, we may also transfer your information from your location to other countries where permitted by applicable law (for example under Article 49, GDPR in the case of transfers from the European Economic Area). This includes where it is necessary for the performance of a contract between us and you and where the transfer is necessary in connection with legal proceedings. To exercise your rights with respect to personal data transferred to third parties, you may submit your request directly to Delta in accordance with Section 9.

We want to give you more opportunities to earn miles in the Delta SkyMiles Program. One of the ways we do this is by sharing your information with Promotional Partners. Typically, these promotional offerings are limited in quantity and geographic reach and targeted to specific demographic audiences. If you fall within the audience a Promotional Partner is trying to reach, and (where required under applicable law) you have consented to receive information about their services, you may receive a promotional e-mail or direct mail. Although we select our partners with care, these partners have their own privacy policies that apply to the way they use your personal data.

If you do not want us to share your information with one of these partners, you can always opt out by contacting us by using the Email Us page or by calling the SkyMiles Service Center at +1-800-323-2323.

In addition to the Data Transfers explained in section 13, information you provide in connection with the SkyMiles Program (as summarized in the table at section 4.1.c.), may be transferred to Delta entities in other jurisdictions, including the Cayman Islands.  This may include sensitive information as defined under the Data Protection Law, 2017 of the Cayman Islands ("DPL"), the GDPR, the UK GDPR, or other applicable law if you have provided such information to Delta in connection with your SkyMiles account.  Where your information is shared with a Delta entity established in the Cayman Islands, you may have various rights under the DPL.  These rights are similar to the rights described in section 9.  Where your information is shared with a Delta entity established in the Cayman Islands, you also may have the right to lodge a complaint with the Cayman Islands Ombudsman.  Any onward transfer of your information by any Delta entities in the Cayman Islands shall be in accordance with the requirements of the DPL and may include measures similar to those described in section 13 above.  If you have any questions regarding this section, or if you would like to exercise your data protection rights under the DPL, please contact our Data Protection Officer at Cayman.Privacy@delta.com or contact our Customer Care center by telephone or mail.

In addition, each of SkyMiles IP Ltd. and SkyMiles IP Finance Ltd., whose address is at c/o Maples Corporate Services Limited, P.O. Box 309, Ugland House, Grand Cayman, KY1-1104, Cayman Islands, will be a data controller of personal information of SkyMiles members.  This Privacy Policy constitutes a notice by such entities to those SkyMiles members about its use of their personal information, which only concerns the SkyMiles Program.

Delta is a member of the SkyTeam Alliance, a global network of airlines that process personal data to provide passengers with a more seamless travel experience.  For more information, please read the SkyTeam Alliance Joint Privacy Notice.

This section describes our specific practices related to the use, storage, and disclosure of your personal information in Peru and supplements the generally applicable sections 1 through 14 in this Privacy Policy. It applies to personal information we collect from or about you when you interact with us in the course of our providing commercial air travel services, ancillary services, or other services provided by us or by others acting on our behalf in Peru, including when you use our Website or our App. With respect to personal data collected or processed by Delta’s branch office in Peru, the provisions discussed here take precedence over any inconsistent or deviating provisions set out in the generally applicable sections 1 through 14 in this Privacy Policy.

1. Updates

Delta reserves the right to modify this Privacy Policy and will post any changes in an updated version of this policy.

2. How to Contact Us?

For the exercise of data protection rights and/or if you have any questions or comments regarding this Privacy Policy, please contact our Data Protection Officer at Privacy@delta.com or contact our Customer Care center by telephone or mail.

3. How Delta Uses Your Data

This section describes what personal information we collect about you, the purposes for which we use it, and why we use it. Your personal data will be collected and processed in accordance with Law N° 29733 - Law of Protection of Personal Data, and applicable regulations, approved by D.S. 003-2013-JUS. Your personal data will be incorporated into the Personal Data Database named "Pasajeros", "Skymiles Usuarios Web" and "Procedimientos, quejas y reclamos” identified with RNPDP code No. 17069, 17065 and 17063 (Databases). Any processing of personal data that we perform is in accordance with the provisions of the privacy laws in Peru, and this data may only be used for the limited purposes discussed in this section.

The data controller in Peru is Delta’s Branch office in Peru, DELTA AIR LINES INC. SUCURSAL DEL PERÚ (en adelante, “Delta”), con Registro Único de Contribuyente No. 20387428331, located at Av. Elmer Faucett 2851, Edificio Lima Cargo City, Oficina 406, Callao, Lima, Peru.

4. What if You Do Not Provide Information?

In some cases, we are legally required to collect certain information from you so we can provide the services you have requested, such as Secure Flight Passenger Data or Advance Passenger Information when you make a reservation to fly within, into, or out of the United States, or for point-to-point international travel. Failure to provide this information will mean we cannot provide the service.

In some circumstances we need your information to perform our contract with you or to provide products and services, such as payment details. If you do not provide this information, we may not be able to enter into or perform the contract or provide the products and services.

Any processing of personal data that we perform is in accordance with the provisions of the current data protection legislation of Peru, and this data may only be used for limited purposes such as those mentioned in this section.

5. Sensitive Information

We may collect or receive sensitive or special categories of personal information, such as that relating to health, disabilities, race, ethnicity, political opinions, biometrics, or religion, where permitted by applicable law. For example, we may collect and receive sensitive personal information from you when you:

• provide such information to us, a travel agent, or another third party involved in your travel arrangements at the time of or following your booking;
• disclose to us that you have a specific medical condition, will have an accompanying service animal, or request specific medical care or assistance, such as the provision of an accompanying nurse or wheelchair assistance, from us, an airport, or a third party involved in your travel arrangements; or
• make a request that implies or suggests something about you which could be interpreted as sensitive personal information, such as a request for a specific type of meal that may suggest that you have a certain medical condition or hold a particular religious belief.

We will collect, store, use, and transfer your sensitive personal information for the purposes for which it was provided and otherwise in accordance with the terms of this Privacy Policy if you provide your express consent at the time of collection

6. Data Retention

We store your information for as long as legally required and for so long as necessary to support business purposes described in the generally applicable section 3 of this Privacy Policy and consistent with our record retention policies.

7. With Whom Does Delta Share Your Information?

We may disclose your personal information we collect or receive:

• to third parties to process your information on our behalf, or to assist us in providing our services and/or products, such as our customer care center operators and providers of technical services such as data centers and online tools; however, Delta requires that third parties comply with Delta’s Privacy Policy when processing your information;
• to the party providing the service or product when you request or purchase services or products through Delta that are to be provided by another party (for example, Iron Mountain Peru S.A., CORPAC S.A., catering, VIP lounges, such as SUMAQ and HANAQ), hotels, transport companies, accounted outsourcing, Lima Airport Partners S.R.L., Talma Servicios Aeroportuarios S.A., and security companies);
• to other Delta Group Companies, including Delta Air Lines, Inc., a Delaware corporation with registration number 2387598 domiciled in the United States of America, for the purposes described in and in accordance with this Privacy Policy. Information regarding the Delta Group Companies is available in the generally applicable section 7.1 of this Privacy Policy and Delta’s filings with the Securities and Exchange Commissions, including SEC Form 10-K.
• to government agencies and authorities, law enforcement officials, law courts, or to third parties: (a) if we believe disclosure is required by applicable law, regulation or legal process (such as pursuant to a subpoena or judicial order); or (b) to protect and defend our rights, or the rights or safety of third parties, including to establish, make, or defend against legal claims.

8. Your Rights

This section applies only to the personal information of individuals in Peru which grants the rights described here.

• Right to access your personal information

To the extent you are legally entitled, you can request confirmation of whether or not we process your personal information, and details of the information that we hold about you and how we use it.

You also have a right to access your personal information and to be provided with a copy. 

• Right to rectification of personal data

If you believe that the personal data we hold about you is inaccurate, you may request that we correct it. You may also request us to complete personal data about you which is incomplete. We will make reasonable efforts to revise any information that is incorrect, or update or change your information as we are required to do by applicable law.

• Right to restrict the processing of personal data

You have the right to request that we restrict processing of your personal information where one of the following applies:

o You claim that the personal data is not accurate. The restriction will apply until we have taken steps to ensure the accuracy of the personal data.

o The processing is unlawful, but you do not want us to erase the personal data.

o We no longer require the personal data for the purposes of processing, but you still need it in connection with a legal claim.

o You have exercised your right to object to the processing. The restriction will apply until we have taken steps to verify whether we have compelling legitimate grounds to continue processing.

• Right to request deletion of personal data

You may request the erasure of your personal information in certain circumstances. For example, you may request erasure if:

o The personal information is no longer necessary in relation to the purposes for which it was collected or otherwise processed.

o You have withdrawn your consent and we have no other legal basis for processing the personal information.

o You have exercised your right to object to processing the personal information, and we have no overriding legitimate grounds to continue processing it.

Under certain circumstances, we may refuse a request for erasure, for example, where we need to use the personal data to comply with a legal obligation or to establish, make or defend legal claims. 

If you exercise your right to erasure, this will potentially remove records which we hold for your benefit, such as your SkyMiles account information (including miles that may be in your SkyMiles account) and your presence on a marketing suppression list.

• Right to object to processing of personal data for specific purposes

You have a right, at any stage, to object to our using your personal information to send you marketing information.

You also have the right to object to our using your personal information where our reason is based on our legitimate interests. We will have to stop processing until we can establish that we have compelling legitimate grounds which override your interests, rights, and freedoms, or that we need to continue using it for the establishment, exercise, or defense of legal claims.

• Right to withdraw your consent

Where you have provided your consent to us for processing your information, you can withdraw this at any time by opting out in your SkyMiles Profile, or by contacting us at https://www.delta.com/contactus/commentComplaint.

You may also contact us by using the Email Us page or by calling our Customer Care Offices at +1-800-455-2720.  Assistance for those with disabilities is available at +1-404- 209-3434.

9. Exercising These Rights

In order to exercise the rights described in this section, you must submit a request in accordance with the provisions of the Regulation of Law No. 29733. Any request you make must be in writing and include your name and address and any other information that may identify you, such as where your request relates to a travel booking, please provide your booking reference (e.g., confirmation number or record locator number), SkyMiles Account number if you have one, the dates on which the travel took place, and any other relevant information that will assist us to identify your booking. You must also provide a photocopy of your passport or driver’s license so we can verify your identity. Please send your written requests to our Data Protection Officer by emailing us at Privacy@delta.com.

10. Security

Information Security is important to Delta. We have established appropriate physical, electronic, and managerial safeguards to protect the information we collect in accordance with this Privacy Policy and to protect against unauthorized access, disclosure, loss, misuse, alteration, and improper use of your information, and to maintain the accuracy and integrity of that data. 

11. Complaints to Regulator

You have a right to file a complaint with the National Authority of Personal Data Protection by addressing the front desk of the Ministry of Justice and Human Rights (Calle Scipión Llona 350, Miraflores, Lima Peru) in connection with your rights under this Privacy Policy.