Privacy Policy

 

Introduction

This Privacy Policy explains how PT Citilink Indonesia (hereinafter referred to as "Citilink", "We", or "Our") generally collects, stores, handles, processes, transfers, discloses, and protects your personal data.

This Privacy Policy applies to all users of Our Website and mobile apps and/ or all of Our passengers or customers. For the avoidance of doubt, this Privacy Policy does not apply to Citilink's employees, partners, contractors, and other parties with which a special term & condition has been agreed upon.

Please read this Privacy Policy carefully to ensure that you understand Our personal data processing policy and your rights.

About Us

In this Privacy Policy, PT Citilink Indonesia, a limited liability company established under the law of the Republic of Indonesia, domiciled in Jakarta Pusat, and having its address at Citilink Management Building, Jl. M2, Soekarno-Hatta International Airport, Tangerang 15000, Banten Indonesia Tromol Pos 123 TNG 15000, shall be the controller of any personal data processed as described in this Privacy Policy.

Personal Data which We Collect

The types of personal data that We collect from and process for you shall depend on the type of relationship and/ or transaction that We have with you. It will include some or all of the following:

  1. Name, national identity card number, passport number, and other identifying information (which may include your image).
    We may record your name, title, place and date of birth, nationality, and passport number.
  2. Your contact details and personal account or registration details.
    Your contact details include your email, telephone number (home, mobile, and/ or business), home and/ or office address, and company name.
  3. Information about your reservations, bookings, and purchases.
    When you make a reservation or book a flight with Us, We collect and process your data, including details about your flight, prices, and date of your reservation or booking. In addition, We also collect and process information relating to your reservation on Our ancillary services (such as seating arrangement, meals, extra baggage, and lounge access) and online merchandise shop/ LinkShop products that you purchase.
  4. Information about your payment.
    When you have purchased a ticket or other product We offer, We may collect your data regarding the payment, such as credit card number and type, cardholder name, address, and LinkMiles.
  5. Information regarding your travel.
    When you travel with us, We process information related to your journey, such as your travel itinerary, check-in (including online check-in), boarding pass, baggage tag, LinkMiles number and membership level, and special requests, if any. At your request, We may also record any detailed information such as your medical condition to meet your medical requirements or any additional assistance you require to help us serve you better. We may also process the data of your use of Our in-flight entertainment systems and CCTV videos or images recorded or captured in baggage drop counters, boarding gates, baggage claim areas, or airport lounges that We operate, whether independently or by our partners.
  6. Your membership at LinkMiles.
    When you join our loyalty program, We collect your information, for instance, hobbies, religion, nationality, and language. We also process your membership number, miles, rewards and benefits, type, and level of membership, travel transaction history, conversion of points to miles, redemption history, expired miles, complaint, request, suggestion, complimentary, and other information related to your membership.
  7. Our communication with you.
    When you send Us an email, telephone, or other communication, or through Our social media, We may register your communication with Us. When you contact Us, Our customer service will register your questions, complaints, needs, or other purposes in Our database. We may also collect information you choose to share with Us, for instance, when you fill out our customer survey, fill out a suggestion or complaint form, or submit data for a contest held by Us.
  8. Use of Our Website, apps, and other digital media.
    When you visit Our Website or apps, We may collect information such as geo-location, IP address, browser type, operating system, referring Website, Web-browsing behavior, device ID (for mobile apps only), and app use.
  9. Information Used to Detect and Prevent Fraud.
    An assessment of whether your transaction is potentially fraudulent (if any), including the historical and other information that We use to make such an assessment.

Sensitive Information

  1. Under the applicable laws, certain categories of personal data are deemed as sensitive and specific data or information, including but not limited to information about health, biometric data, genetic data, criminal conviction offenses data, data of minors, and personal financial data. We may collect, use, and share sensitive and specific information with third parties for the purpose and with the details as stipulated under this Privacy Policy. For example, We keep records of Our passengers who allegedly commit a crime or endanger aviation safety.

     

  2. We may also collect, use, and share sensitive information with third parties, for instance, your medical condition because you need medical assistance or you have been permitted (with written evidence) to fly with such medical condition (for example, a Covid-19 test result which complies with the applicable rules) or you request special meal so that We can offer to refer to your religion. By providing information that may be considered as sensitive information, you agree that We may collect and process, including sharing this information with Our third parties to help us tailor our service to you, as described in this Privacy Policy. If you choose to withdraw your consent, We may not provide the service you requested.

How We Collect Personal Data

How We collect personal information about you will depend on your relationship or interactions with Us.

  1. We may collect your personal data in various ways, for example, directly from you when you book your flight or purchase our product through our website, mobile apps, sales office, or ticketing office, register to LinkMiles, participating in our promotional programs, and/or interact or communicate with us through social media, call center, and other interactions, whether directly or indirectly.
  2. We may also collect your personal data indirectly from a third party or someone else, for example:
    1. travel agents, airlines, or our other partners in regard to the reservation of your flight with Us;
    2. partners of Our LinkMiles program;
    3. someone else who books Our flights or purchases Our products and services for and on your behalf;
    4. Our service providers in regard to flight operation support, including ground handling;
    5. service provider on marketing activities for Our products and services;
    6. immigration, customs & excise, aviation security officer, law enforcement, and government and regulatory authorities;
    7. other members of Garuda Indonesia Group; and
    8. other service providers or partners cooperating with Us.
  3. When you choose to use a third-party platform to book Our flight, for example, travel agents, General Sales Agent (GSA), or Global Distribution System (GDS), We may collect your personal data from them and you must comply with their privacy policies. When you purchase and/or fly with Our airline partners (such as codeshare or alliance partnership), they may share with Us your personal data, including but not limited to, your loyalty program data, flight origin and destination, flight number and date, service class, booking reference, and ticket number.
  4. If you provide Us with information about other individuals, regardless of whether you are traveling together, you are responsible for telling those individuals and letting them know that they can find a copy of this Privacy Policy on Our Website.

Usage of Your Personal Data

By accessing Our website or mobile apps through any gadget, booking a flight through Our Website, offline channels, including Our travel agents, and other indirect channels, you agree that your personal data may be collected, stored, used, and transferred by Us and Our partners, other third parties which have a partnership with Us, or other institutions authorized to compel Us to disclose data pursuant to legal issues, for one or some of following purposes:

  1. To give Our service to you during the pre-journey, pre-flight, in-flight, post-flight, and post-journey stages. This shall include but not be limited to the purposes of verifying your identity and contacting you regarding your reservation and journey with Citilink (for example when We have to inform you of a flight reschedule);
  2. To facilitate Our loyalty program;
  3. For legal purposes and compliance with the laws applicable to Citilink, whether within or outside the jurisdiction of Indonesia. These legal and compliance purposes shall include but not be limited to regulatory requirements in relation to immigration, public health, customs, and excise, or in the case of request of disclosure of personal information by the competent court, law enforcement agencies in connection with inquiries, investigations, or proceedings by such parties in any country under which law, Citilink is compelled to comply;
  4. To ensure the security and safety of all passengers, including in conducting security investigations and screenings, and to take appropriate steps to prioritize the health of those passengers and Our flight crew;
  5. To enhance Our promotion activities for Our own products and partners cooperating with Us. This shall include to provide you with updates and offers, to operate our promotional activities, lottery, and other events. To the extent where required by law, We shall provide you with an option to unsubscribe from any further marketing communication from Us;
  6. To conduct market, consumer behavior, consumer satisfaction, and other related research and/or surveys to improve the quality of Our products, services, and marketing activities;
  7. Specifically, to provide customer support to handle your inquiries, complaints, and claims. Relevant examples include when you submit a request for a refund or in the event that We receive a report that any reservation of our service or purchase of a product in which payment is reported to be fraudulent;
  8. For quality assurance and training purposes, such as training Our staff and system tests;
  9. To identify you in the case of an emergency situation in the operation of Our flight referring to the terms of Emergency Response Plan and/or the applicable and relevant laws on aviation; and
  10. To retain your personal data for a certain period as required by the relevant and applicable laws.

Disclosure of Your Personal Information

We may disclose your personal information to third parties for the following purposes, including but not limited to:

  1. To facilitate your journey with Us;
  2. To provide service in the configuration of your journey with Us;
  3. To support the undertaking of Our service;
  4. To support Our loyalty program;
  5. To comply with the legal obligation to disclose or transfer your personal data, or in the event that Citilink is ordered by any authorized body, or to enforce or implement Our policy and agreements; dan
  6. To protect Our customer or passenger, or other party's rights, property, and safety; and
  7. To fulfill Our marketing targets.

The abovementioned third parties may include:

  1. Other members of Garuda Indonesia Group;
  2. Other carriers cooperating with Us (for example codeshare or interline flights, or airline alliance partnerships);
  3. Partners involved in our loyalty program (LinkMiles);
  4. Travel agents, marketing agents, ground handling service providers, cargo and postal screening service providers, special service providers in airports, lounge operators, catering providers, call center and/ or customer service providers, banks, insurance providers, and hotels;
  5. Marketing consultants;
  6. Information technology service providers, such as data storage, passenger and freight booking and distribution systems, telecommunication networks, software and system development, maintenance and support, and information processing, analysis, and reporting; and
  7. Airport authorities, Customs, Immigration, and Quarantine (CIQ), various law enforcement agencies, regulatory authorities, and governments of any country under which law, Citilink is compelled to comply.

Save to the extent permissible and/or not excepted under the applicable laws, all abovementioned third parties shall be obliged to adequately protect your personal data and to process them strictly in accordance with Our instruction or together with Citilink acting as personal data controllers, each under a particular arrangement covering the scope of personal data processing.

Legal Grounds to Process Your Personal Data

  1. Our legal grounds to collect and use the abovementioned personal data shall be contingent on the type and the purpose of collection of each personal data.
  2. The principal legal grounds for Us to process your personal data are as follows:
    1. Your consent for Us to process personal data. For avoidance of doubt, We shall request for your approval before commencing to process your personal data. Particularly regarding the processing of personal data of children and persons with disability, any consent toward this Privacy Policy shall be deemed to have been given by the relevant parents and/or guardians;
    2. Contract performance. This legal ground is relevant in the event that We need to process your personal data in order to provide you with the services that We have contractually agreed to provide to you, for example where you have booked a flight with Us or the use of Our freight service;
    3. Fulfilment of legal obligation. This legal ground is relevant in the event that We need to process your personal information to fulfill Our obligations under the relevant laws and regulations;
    4. Protection of vital interests. This legal ground is relevant where We need to process your personal data in order to protect the vital interests of you or another natural person, for example where you require emergency assistance;
    5. Duty for public interest. This legal ground is relevant in the event that We need to process your personal data in order to carry out a task that is in the public interest; and
    6. Fulfilment of legitimate interests. This legal ground is relevant in the event that We need to process your personal data to achieve a legitimate interest and such interest outweighs any prejudice to your data protection rights.

Retention Period and Data Security

  1. We shall retain the personal data that We obtained from you for as long as We have an ongoing and legitimate business requirement (for example, in order to provide you with services as you requested), required to comply with the applicable laws, taxation interest, or accounting purposes, or as long as required for the purposes as stipulated in this Privacy Policy.

     

  2. We shall exercise our best effort to protect your personal data from any loss or unauthorized use that violates the applicable laws by providing appropriate technical and organizational measures.

     

  3. When personal data is no longer needed, We either securely destroy it, or irreversibly anonymize the data (and We may further retain and use the anonymized information).

Your Rights

You have the following rights in regards to the protection of personal data:

  1. You may request access and are entitled to update and change your personal data for our loyalty program.
  2. You may decline any processing of your personal data, request Us to limit the processing of your personal data or request for the transfer of your personal data. You may exercise these rights by sending an email to Us at customercare@citilink.co.id with the subject "Customer Rights-Data Protection".
  3. If We have collected and processed your personal data based on your consent, then you may withdraw such consent at any time. Your withdrawal shall not affect the validity of any of our processes that occurred prior to your withdrawal, and shall not affect any processing of your personal data based on any legal ground besides your consent. By withdrawing your consent, you agree that such withdrawal may affect the services We provide you.
  4. You may exercise any other rights available under the applicable laws on personal data protection by sending  sending an email to Us at customercare@citilink.co.id with the subject "Customer Rights-Data Protection".

International Data Transfer

Citilink may transfer your personal data to other countries other than the country where you are domiciled in. We exercise this measure in order to enable the configuration of your journey or because any member of Our group companies, partner, or service provider operates in countries all over the world. If necessary, Citilink will exercise its best effort to render adequate protection in order to fulfill the requirements for international data transfer under the applicable data protection laws.

Update on the Privacy Policy

We may update or alter this Privacy Policy from time to time, including in order to comply with the applicable laws or to fulfill our business requirements that may change. When We update our Privacy Policy, We shall take measures to notify you, including by placing any update or amendment on Our Website.

If you have any inquiry, comment, or complaint in regard to Our Privacy Policy, you may contact us at the following address with a clear subject (PRIVACY POLICY):

PT Citilink Indonesia 
Citilink Management Building
Jl. M2, Soekarno-Hatta International Airport
Tangerang 15000, Banten Indonesia
Tromol Pos 123 TNG 15000
customercare@citilink.co.id

Back to Home Page