Privacy and security

This Privacy Policy explains how Qantas generally handles your personal information.  We may also provide more specific information relating to particular products or services in our privacy collection notices.

We will update this policy on our website if we change the way we handle personal information.

This Privacy Policy does not apply to Qantas’ employee records and contractor records.

In addition to the general information in this Privacy Policy, we have included specific sections that you should read if you:

• travel for work with one of our corporate, business or government clients
• travel for work on a booking in connection with one of our Qantas Business Rewards members
• are a member of, or use, Qantas’ programs and clubs, including if you are a party to eligible transactions under the Qantas Business Rewards program
• are based in the European Economic Area (the EEA) during your interactions with us (other than when you are in the EEA solely for travel purposes)

This Privacy Policy applies to Qantas Airways Limited and its related bodies corporate (referred to as “Qantas”, “we” and our), excluding Qantas Superannuation Limited and excluding all Jetstar branded entities.

The types of personal information that we collect and process about you will depend on our relationship with you.  It will include some or all of the following:

• General information about you: your name, title, gender, date of birth, contact details, passport or other identification details (which may include your image) and your answer to a security question (for example, your favourite colour)
• Contact details: such as phone number, address, email address, and social media handle
• Travel details: such as travel itinerary, baggage, seat preferences, seat and meal requests
• Health and dietary information: dietary requirement and health information, including requests for specific assistance, in connection with your use of our products and services
• Payment details: such as credit or debit card number and expiry date
• Your use of our products and services: such as use of our inflight entertainment systems and your previous travel arrangements with us 
• CCTV images: captured in our airport lounges and other premises
• Our interactions with you: such as any feedback, complaints, compliments, claims you have made (such as in relation to lost luggage), responses to market surveys, records of any correspondence and interactions with us and our staff (including in person, online, by telephone or email and via social media)
• Your interests: such as destinations you have visited and products you have bought
• Website and mobile apps: if you use our website or mobile applications, your geo-location, IP address, mobile telephone number or ID, and details of how you use the website or app and any third party sites that you have accessed from them
• Programs and clubs: your membership number and details of your participation in our programs and clubs.  If you are a member of, or use, our programs and clubs, see “Qantas’ programs and clubs” section below for more information about the data we collect connected to your membership
• Employment information: if you are an employee or other person travelling or obtaining products or services in relation to one of our corporate, business or government clients or in connection with our Qantas Business Rewards programme, certain information about your employment or relationship with our corporate or government clients such as your employer’s name, your employee number, your professional title and your work contact information
• Incidents: details about any incidents that you are either involved in or that you witness, in connection with your flight or any of our products or services
• Information used to prevent and detect fraud: an assessment of whether your transaction is potentially fraudulent, including the historical and other information used by our service provider to make this assessment
• WiFi use: if you use WiFi in our lounges or onboard our aircraft, we collect information about you, your device and how you use the WiFi service
• Shareholders: We may collect certain details about you to register and verify your interest in our securities.  This includes your name, address, number of shares held, tax file number and bank account details.  We may obtain this information through your share broker

Certain aspects of your personal information, for example details of your travel documentation, payment details and contact information, are required for many of our products and services and if you fail to supply such information as requested for specific services, we may be unable to provide you with the products and services in full.

Under privacy laws, certain categories of personal information are considered particularly sensitive and therefore as needing additional protection. These categories include information about health, racial or ethnic origin, political opinions, religious beliefs, trade union membership or your sexual orientation. Sensitive information may also include genetic and biometric data. Information concerning criminal convictions and offences is also viewed as sensitive, for example, under European data protection law.

We may collect and handle your sensitive personal information, for example:

• when you request special medical or access assistance;
•  if you tell us you have specific dietary requirements relating to your religious beliefs; or
• information required by government authorities, to demonstrate fitness to fly (such as confirmation you meet any applicable COVID-19 testing requirements), or for public health reasons.

We will ask you for your consent to handle this type of personal information, to the extent required under applicable laws, for example under the Australian Privacy Act or the European General Data Protection Regulation.

How we collect personal information about you will depend on our relationship or interactions with you.

We mainly collect information directly from you, for example, when you use our website or social media, you call or write to us, we interact with you in person, such as when you use our products and services or participate in promotions, or you buy or sell shares in our company.

There may be occasions when we collect information about you from someone else, such as:

• Airline and non-airline partners participating in our programs and clubs
• travel agents, booking agents and other airlines, including when you make an inquiry but do not complete a booking
• When someone else books or purchases good or services on your behalf
• Our service providers, including providers of data analysis services
• Airports and their service providers
• Freight and associated service providers
• Third parties that provide us with marketing leads
• Immigration, customs, border, security, law enforcement and other government and regulatory authorities
• Other Qantas companies and Jetstar branded entities
• Businesses for whom we provide marketing and data analysis services
• Providers of third party websites, apps and social media platforms

We may also collect information about you via data matching activities conducted by us or our trusted service providers.

If you provide us with information about other individuals, regardless of whether you are travelling together, you are responsible for telling those individuals and letting them know that they can find a copy of this Privacy Policy on our website.

We may use your personal information for the following purposes:

• To provide and administer our travel products and services: to verify your identity, to contact you about your orders and bookings and travel, freight and other arrangements, to process payments, for quality assurance and training purposes, such as training our staff, testing our systems, and managing our suppliers. 
• For marketing purposes: to provide you with updates and offers, if you have chosen to receive these; to operate our competitions, promotions and events; to distribute our newsletters and other communications.  We may also use your information for marketing Qantas and our selected business partners’ products and services to you by post, email, SMS, phone and fax and, where required by law, we will ask for your consent at the time we collect your data to conduct any of these types of marketing.  We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you.
  
• To provide customer support: to handle queries, complaints and claims.
  
• To comply with our legal obligations and for health, safety and security purposes: to ensure the safety and security of all passengers, including investigating security and screening issues and to take appropriate steps to prioritise the health of those passengers and our crew. We may process your personal information to comply with our regulatory requirements including in relation to immigration, public health, customs and security or dialogue with regulators, as applicable, which may include disclosing your personal information to third parties, the court service, regulators or law enforcement agencies in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so.
• To detect and prevent fraudulent activity throughout our business operations 
• To operate and facilitate your participation in our programs and clubs: if you are a member of our programs and clubs, we will use personal information that we collect about you to ensure that you get the benefit of the programs and clubs and our partners’ programs and clubs, including to track your benefit accrual and redemption activities and record your usage of benefits.  Airline and non-airline partners participating in our programs and clubs, and operators of partner programs and clubs, may also use your personal information to facilitate your participation in the relevant program or club. 
  
• To conduct market, consumer and other research: to improve our products, services and marketing activities, including our websites, and to generate consumer insights that help us to market more efficiently and to be more relevant to you.
  
• To ensure website content is relevant: including to ensure that content from our websites is presented in the most effective manner for you and for your device, which may include passing your data to business partners, suppliers and/or service providers.
  
• To manage any shareholding you may have in Qantas Airways Limited: we use information about your interest in our securities to manage our share register, including through our service providers. 
  

 We may also combine the information that we collect and hold about you.

We may disclose your personal information to third parties in connection with:

• goods and services that you have bought through us or that we provide to you
• the operation of, and your participation in, programs and clubs
• our legal obligations, responding to complaints and claims, and fraud detection and prevention
• security, customs, public health and immigration purposes
• your interest in our securities

including:

• Other carriers on your itinerary so they can provide goods and services to you
• Airline and non-airline partners participating in our programs and clubs to allow you to receive offers and benefits in our programs and clubs
• Operators of other programs and clubs to allow you to receive offers and benefits in their programs and clubs
• various law enforcement agencies, regulatory authorities and governments around the world and their service providers
• such other third parties mentioned in the “How we use your personal information” section above

For example:

• travel operators and travel agents, ground handling service providers (such as check-in agents, freight handling, specific assistance and ground transport, airport lounge operators, chauffeur services, catering services), and other members of the Qantas group may need the information in connection with these purposes
• we are required to maintain a register of shareholders and make it available for inspection by the public under the Australian Corporations Act 2001 (Cth) and we may also disclose information collected in connection with your shareholding to regulatory bodies such as the Australian Taxation Office.
• US federal law requires airlines, including Qantas, to collect an attestation in relation to the COVID-19 pandemic for passengers arriving in the US from a foreign country.  We are required to retain a copy of each attestation for 2 years, and to provide this to the US Centers for Disease Control and Prevention (CDC) upon request.  Visit the CDC's websiteOpens in a new tab or window for more information. 

In addition to the above third parties, we may use service providers for the services listed below, many of whom handle your personal information on our behalf.

• Billing and payment processing, including detecting and preventing fraudulent or suspicious bookings
• Catering
• Chauffeur services
• Airport lounge operations
• Ground handling (such as check-in agents, freight handling, specific assistance and ground transport)
• Customer service and call centres
• Corporate and government travel sales and fulfilment functions
• Market research and analysis
• Marketing, printing and distribution (including mailing and email) services
• Information technology services such as data storage, passenger and freight booking and distribution systems, communication networks, software and system development, maintenance and support, incident investigation and resolution, and information processing, analysis and reporting
• Investigating and responding to incidents

We may disclose your personal information to comply with our legal obligations, respond to complaints and claims, and investigate and protect ourselves and third parties against any activity that we reasonably suspect to be fraudulent.  We may also disclose your personal information to law enforcement agencies, regulatory authorities and governments around the world and their service providers in connection with their investigations, screening, public health requirements or other functions.

We may transfer your information between our related bodies corporate who comply with this Privacy Policy.

If you are travelling: 

• under a travel agreement with our corporate, business or government clients; or
• on a booking in connection with one of our Qantas Business Rewards member,

we may collect information about your role with the client or member.  For example, your employment type, your role and title, your employee number, your start date with the client and your travel arrangements.

We may disclose your travel details and any information associated with your travel (such as incident reports) to the client or member.

Our programs and clubs include the Qantas Frequent Flyer Program, Qantas Business Rewards, Qantas Assure, Qantas Money, the Qantas Club, Qantas Golf Club, Qantas Marketplace and Qantas EpiQure. 

Membership of and participating in our clubs and programs is subject to the respective programs’ terms and conditions which can be viewed online at qantas.com.

The specific programs and clubs you join and participate in will determine the particular information we collect about you.  However, in general we collect the information below about our members.

• Information about your programs and club memberships: any information supplied as part of applications in connection with our programs and clubs.
• Your payment details: including information related to Qantas Frequent Flyer linked credit cards and Qantas branded credit and pre-paid cards.
• Marketing purposes: your preferences, marketing subscriptions, interests and details of other memberships you may have.
• Information about your use of our products and services: information about how you earn, redeem and transfer points and details about your activities with us and our airline and non-airline partners as part of participating in our programs and clubs.

We may collect logs of your use of qantas.com while you have logged in. This information may include date and time of visit, membership number, membership status, surname, location and actions, for example, pages viewed, and pages submitted.

We collect personal information about you as a member of our programs and clubs through your registration and participation in them.

We may collect information directly from you through our interactions with you. We may also collect information from others who interact with us on your behalf, our related bodies corporate and Jetstar branded entities, partner airlines, third parties providing services for our programs and clubs (including data analysis services), or our program and club partners, such as when you register through one of our program partners or transact with them, and other third parties.

We may also collect information about you via data matching activities conducted by us or our trusted service providers. This may also include collecting information from public sources (for example, Census data) and combining this information with information that we hold about you.

We use your personal information to personalise the way we provide and market enhanced benefits, products and services to you.  We aim to enhance the way you use our programs and clubs by understanding your preferences, interests and hobbies.

We may also market the products and services of our partners and other third parties who we believe may have products and services in which you would be interested.

We use the information we hold about you to administer our programs and clubs.  These activities include:

• assessing your membership applications
• keeping track of the points you have earned, redeemed and transferred
• confirming your eligibility to participate in, and receive the benefits, goods and services, associated with our programs and clubs
• fraud detection and prevention

We also use the information we hold to improve our services and customer service.  This may be achieved through activities such research, behavioural analytics, and planning and developing products.

We may use this information we collect when members are logged in and using qantas.com to monitor the use of, and improve, the information and functions on qantas.com. We may also use the information to understand your preferences and provide you with information about our products and services and our partners' products and services which we think may interest you.

We may disclose your information to partner airlines, oneworld alliance airlines, and non-airline program partners for the purposes outlined in this Privacy Policy.

We may also disclose your information to:

• Providers of goods and services to members of our programs and clubs
• Service providers for our programs and clubs
• Operators of partner programs and clubs to allow you to receive offers and benefits in their programs and clubs

They may use the information to operate programs and clubs. Such activities may include:

• administering programs and clubs generally
• determining your eligibility for, and providing, products and services
• handling and processing membership applications
• operating call and service centres
• providing market research and marketing services
• to facilitate your participation in the relevant program or club

We may also disclose your personal information for fraud prevention and detection.

If you purchase or use goods or services that have been acquired as part of a transaction that is eligible under the Qantas Business Rewards program, we may collect information about your role with the Qantas Business Rewards member. For example, your employment type, your employee number, your start date with the client and your travel arrangements.

Cookies are small pieces of data stored on the web browser on your computer. This website and associated websites (including those you reach by clicking on advertising) may store cookies on your web browser.

Tags (or pixels) are short snippets of javascript (code) that set and read cookies. This website and associated websites may use tags for analytics and marketing.

You can visit our viewing tips page to see if you have cookies enabled in your browser. See how we use cookies and to enable or disable cookies in your browser by visiting our Cookies Policy.

We hold your personal information in a combination of hard copy and electronic files. We use third party information system providers who may store or have access to your personal information.
When you book flights or access information about your membership of our programs and clubs, a secure server is used. Secure Sockets Layer (SSL) encrypts the information you send through this website.

No data transmission over the Internet or website can be guaranteed to be secure from intrusion. However, we maintain physical, electronic and procedural safeguards to protect your personal information in accordance with data protection legislative requirements and industry standards.

If we have given you (or you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential and for complying with any other security procedures notified to you. We require that you do not disclose your passwords to anyone else.

When you make a booking, you will be issued a booking reference. The booking reference serves as a unique passenger identifier and you should keep it secure. We recommend that you do not disclose your booking reference to anyone else and that you do not post a photo of your boarding pass or ticket on social media. 

When we disclose personal information in accordance with this Privacy Policy, it may be accessed from, transferred to, and/or stored outside the country in which you are located. The data protection laws in that country may be of a lower standard than those in your own country.  We will, in all circumstances, safeguard the personal information as set out in this Privacy Policy.

Refer to the section on European Data Protection Laws for information about the export of personal data from the EEA to outside the EEA.

As a provider of travel and reservations services, we may disclose your information to countries where you travel or send freight to, or in which you have reserved services such as car hire or accommodation. This includes countries through which you are transiting and travel on flights operated by other airlines. In addition, your information may be disclosed to countries in which the providers of the services you have reserved operate or have their headquarters located.

We may also disclose your personal information to data processors (including operators of global travel distribution systems and reservation systems, and processors that assist us in preventing and detecting fraud), customer service providers and managers of our credit and financial products. The countries in which these third parties are located include the United Kingdom, the United States, Germany, South Africa and the Philippines.

In some countries you have the right to access, or correct, the personal information that we hold about you. If you would like to request access to, or correction of, your personal information that we hold, please contact us using the details in the section titled 'Contacting Us'.

To the extent required by applicable law, we will provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, within a reasonable timeframe (or any time frame stipulated by the laws that apply to your request). If we are permitted to withhold some of your personal information and we choose to do so, we will advise you when responding to your request. If we refuse to provide you with access to, or to amend, the information, to the extent required we will notify you of our reasons for the refusal and how you may complain about the refusal.

Where permitted by law, we may recover from you our reasonable costs of supplying you with access to this information. However, we will not charge you for the making of the request or to correct or update your personal information. Loyalty Program members can update their profile information online or by contacting the Qantas Frequent Flyer service centre.

If you have a concern about your privacy or you have any query on how your personal information is collected or used please contact us using the details below. We will respond to your query or complaint within a reasonable time.

If you are not satisfied with our response, you may also contact the body responsible for administering the privacy laws in your country. If you are in Australia, you can contact the Office of the Australian Information Commissioner. In the United Kingdom you may contact the Office of the Information Commissioner.

This section applies if you are based in the European Economic Area (EEA) during your interactions with us (other than when you are in the EEA solely for travel purposes) and sets out the additional information that we are required to provide to you under European data protection laws.

Under European data protection laws, use of personal information must be based on one of a number of legal grounds and we are required to set out the grounds in respect of each use. Companies may process personal data only when the processing is permitted by the specific legal ground set out in the law.

In the table below, we have set out the relevant grounds that apply to each purpose of data processing that is mentioned in this Privacy Policy. You can find an explanation of each of the legal grounds for use of personal information here.

The principal legal grounds for our use of your personal information are as follows:

• Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent).
• Contract performance: where we are required to collect and handle your personal information in order to provide you with the services that we have contractually agreed to provide to you, e.g. where you have booked a flight with us or the use of our freight service.
  
• Legal obligation: where we need to use your personal information to comply with our legal obligations.
  
• Vital interests: where we need to process your personal information in order to protect the vital interests of you or another natural person, e.g. where you require urgent assistance.
  
• Public interest: where we need to process your personal information in order to carry out a task that is in the public interest.
  
• Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
  

The legal grounds for our use of the sensitive categories of personal information are:

• Consent: where you have explicitly consented to our use of your personal information. You may withdraw your consent to the use of your personal information.
• Vital interest: where we need to process your personal information in order to protect the vital interests of you or another natural person where you or the other person is physically or legally incapable of giving consent.
  
• Legal claims: where your personal information is necessary for us to establish, exercise or defend any legal claims.
  
• Substantial public interest: where we need to process your personal information for reasons of substantial public interest set out in EU law or the laws of the member state in which you are based.
  
• Public interest in area of public health: where we need to process your personal information for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health, set out in EU law or the laws of the member state in which you are based.
  

When we transfer personal information from inside the EEA to outside the EEA, we may be required by law to take specific measures to safeguard the relevant personal information. Certain countries outside the EEA have been approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal information from the EEA to these jurisdictions. In countries which have not had these approvals, we will use appropriate safeguards to protect any personal information being transferred, such as EU Commission-approved model contractual clauses or binding corporate rules permitted by applicable legal requirements.

Please refer to the section “Contacting Us” if you would like to see a copy of the specific safeguards applied to the export of your personal information.

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as is necessary for the processing purpose(s) for which the information was collected, and any other permissible, related purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from the transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer needed, we either securely destroy it, or irreversibly anonymise the data (and we may further retain and use the anonymised information).

You have the right to ask us not to process your personal information for marketing purposes. We will inform you if we intend to use your information for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not opting in when we invite you to participate in our marketing activities. You can also exercise the right by contacting us as set out in the “Contacting Us” section below or by managing your marketing preferences at “My Profile” if your profile is registered on our website.

In addition to the rights outlined elsewhere in this Privacy Policy, under certain conditions you may have the right under EU data protection law to ask us to:

• provide you with further details on how we use and process your personal information;
• delete personal information we no longer have grounds to process; and
• restrict how we process your personal information while we consider an inquiry you have raised.

In addition, under certain conditions, you have the right to:

• where processing is based on consent, withdraw the consent;
• lodge a complaint with a supervisory authority;
• object to any processing of personal information that we process on the “legitimate interests” or “public interests” grounds, unless our reasons for the underlying processing outweighs your interests, rights and freedoms; and
• object to direct marketing (including any profiling for such purposes) at any time.

You can exercise these rights by contacting us at the “Contacting Us” section below.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

If you wish to gain access to your personal information, have a complaint about a breach of your privacy or you have any query on how your personal information is collected or used, please forward your request, complaint or query to the address below. We will respond to your query or complaint as soon as possible. Privacy complaints about our acts or practices may be investigated by the Privacy Commissioner who has the power to make a determination including a declaration that the claimant is entitled to compensation.

Loyalty Program members can update their profile information online or by contacting the Qantas Frequent Flyer service centre. 

Our website may contain links to other companies’ websites or materials. If you choose to access such third-party websites, our privacy policy will not apply, and the privacy policy of the third-party website will apply instead. 

We may amend this Privacy Policy as our business requirements or the law changes. Any changes to this Privacy Policy will be updated on this website, so please visit periodically to ensure that you have our most current privacy statement. 

Our preferred method for receiving questions about privacy is for you to use our Customer Feedback Form.

You may also email us at PrivacyOfficer@qantas.com.auOpens in a new tab or window, or write to us at:

Group Privacy Officer
C/- Qantas Customer Care
Qantas Airways Limited
10 Bourke Road
Mascot NSW 2020
Australia

If your inquiry relates to European data protection laws you may email our European Data Protection Officer at PrivacyOfficer@qantas.com.au.