EVA AIR is committed to protecting your privacy.

You are encouraged to know all your rights about using the services of this website provided by EVA Airways Corporation (hereinafter ‘the Company’ or ‘EVA AIR’). EVA AIR hereby makes the following statement in accordance with Article 8 of the Personal Information Protection Act of Taiwan and Article 7 of EU General Data Protection Regulation, which includes the guidelines we use for protecting the information you provide us during a visit to our web-site.

EVA Air collects passengers' personal information for the following purposes: the flight-booking process, establishment of ticket-related data, ticketing notifications, issuing itineraries, transportation management, providing consumer/passenger/membership services and management, handling payment issues and irregularities, baggage claims, product marketing, online shopping, inflight shopping, additional purchases, service, online advertising, and statistical surveys and analyses in order to improve service quality and strengthen personalised services.

To safeguard your rights and interests in your transaction process through EVA AIR, the personal information which you have provided us will be verified against that of a third-party agency to facilitate transaction security and prevent your credit card from being fraudulently used by others.

EVA AIR will collect passengers’ personal information through the following means:

• Infinity MileageLands membership application
• EVA Fans application
• Online booking and other pre-paid services
• Taiwan High Speed Rail’s additional purchase service 
• Online shopping, inflight shopping, refund and after-sales service
• Online services (meal selection, check-in, filling out the arrival/departure records as mandatory required by the competent government authority)
• Short message service (text message) subscriptions
• Online activities/Advertising 
• EVASION tour package 
• Liaison regarding flight booking, ticketing, membership services, customers’ opinion survey, etc.
• Process of services at the EVA AIR ticketing counters
• Airport operation procedure
• Others.

Through the above collection methods, the types of personal information EVA AIR collects may include:

• C001: Personal identifiers, including but not limited to: name, job title, home address, work address, previous addresses, home phone numbers, cell phone numbers, instant messaging accounts, online platform accounts, mailing and registered addresses, photographs, fingerprints, email addresses, electronic signatures, personal certificate card numbers, digital certificate numbers, records of online identification/queries, log-in password, IP addresses, Cookies, mobile device identifiers or any other information for identifying a person;
• C002: Identifiers of personal finance, including but not limited to: account numbers/names with financial institutes, credit/debit card numbers, insurance policy numbers, or any other number or account regarding personal finance;
• C003: Identifiers issued by government agencies, including but not limited to: Personal I.D. card number, ROC Uniform ID number, taxpayer ID number, insurance certificate number, disabled certificate number, retiree certificate number, license numbers, passport number, etc.; 
• C011: Personal details, including but not limited to: age, gender, date of birth, place of birth, nationality, voice, etc.; 
• C023: Details of the member’s family members, including but not limited to: information about the children, dependents, other members in the family or relatives, parents, cohabiters, or relatives living in China and elsewhere; 
• C031: Residence and housing facilities, including but not limited to: home address, equipment types, house ownership or tenancy, duration of residence, rents, taxes and the other housing costs, types and value of housing, the owner’s name, etc.;
• C034: Travel and other migration details, including but not limited to: details about previous migrations/travels, passports of foreign countries, residence certificates, work permits, etc.; 
• C035: Leisure activities and hobbies, including but not limited to: hobbies, sports and the other interests; 
• C038: Occupations, including but not limited to: school principals/presidents, parliamentary representatives, etc.; 
• C094: Compensations, including but not limited to: the details and amount of compensation/claims; 
• C111: Health records, including but not limited to medical reports, treatment and diagnostic records, physical exam results, types and levels of disabilities, expiry date and number of disabled certificate, contact persons, etc.
• C132: Uncategorized information, including but not limited to: correspondence, files, reports, audio recordings or electronic mails that cannot be categorized.

If you cannot provide the personal information required by the respective service scope, we may not be able to provide, in whole or in part, the services and/or transactions you requested.

• Usage period: The period of use of the personal information mentioned above is based on the duration of collection of the specified purpose, or as determined by applicable laws (e.g. Civil Law, Personal Data Protection Law of Taiwan, etc.) or the period of preservation necessary for the execution of the business (if longer than the period prescribed by law) or on a contractual basis. The length of time required for the contract to preserve the data.
• Regions: Passengers’ personal information will be used by EVA AIR’s and UNI AIR’s worldwide business offices for providing relevant services.
• Targets and methods:
  • Targets and methods: In addition to applying the collected personal information in ticket purchase, and any other pre-paid service, EVA Air will also use the information in the following areas:
    • Ticketing notifications, certificates of ticket issuance, receipts, invoices, fare information, purchasing information and related online services, etc.
    • Financial transactions and authorization: The financial information provided by passengers on their ticket or through any ancillary services purchased (e.g., preordering, online or duty-free shopping) will be submitted to the respective financial institution for the ticket purchase process (e.g., for credit card authorization or bank transfer) before the ticket purchase is complete.
    • Email, App and text messaging services: EVA Air will send flight-related and order information to the e-mail address and/or mobile phone No. provided by passengers.
  • Passenger’s personal information may be used by the Company, its contractors, agencies, subsidiaries, associated companies, group, and/or business partners to offer services that include, but are not limited to: general/online reservations, local transportation service, online shopping, online check-in, text-messaging, online events, social activities, membership rewards programs and various types of activities. The data will also serve as a basis for statistical surveys/analyses that will facilitate the provision of the services mentioned above.
  • For the presentation and marketing of products and advertisement, including the services and products of the Company and/or of a third-party contract partner, and the Company's contractors, agencies, subsidiaries, associated companies, groups and/or business partners.
  • The personal information you provide is processed via computerized instruments, with the required cross border data transmission to the Company and its contractors, agencies, subsidiaries, associated companies, group, immigration authorities of the arrival country and business partners, for the provision of products and services. The Company shall make every effort to ensure that its employees, agents, contractors, agencies, subsidiaries, associated companies, group and partner service providers observe and adhere to the terms of this Privacy Policy.
  • When you book or purchase peripheral services (e.g. car rental, local transportation, accommodation, or other related products) through the EVA AIR web-site, EVA AIR mobile web, the EVA Sky Shop web-site and the EVA Sky Shop App, as the process may be completed through a third-party transaction platform, hence the personal information and the finance-related information you input may be collected by suppliers of related travel products for subsequent service provision.

We promise that, without your consent, we will neither disclose your personal information to a third party irrelevant to the named service nor use it for any purpose other than that aforementioned, with the following exceptions: Your personal information may be disclosed or used in cooperation with legal investigations initiated by judicial authorities or authorities concerned as per duties and responsibilities of the investigators.

EVA Air has developed a comprehensive set of work guidelines serving as the standard procedures for all employees, business partners and their employees engaged, temporary employees, visitors, etc. to ensure compliance with relevant laws and regulations regarding the collection, processing, and utilization of personal data. By adhering the following adequate security measures to ensure the confidentiality, integrity and availability of the personal data we hold:

• Access to personal information is controlled by adequate identity and access management;
• Bind its employees and outsourced providers who collect, process or use personal data with confidentiality agreements, and require them to comply with the internal information security policies and regulations;
• Require all employees to complete annual information security and personal data protection training and exercise to foster a strong culture of compliance;
• Conduct internal compliance audit of data privacy lifecycle and review the legality of policies annually. Furthermore, we compile and assess internal and external issues and address the demands of relevant stakeholders to assess risks. These assessments are integrated into our risk management procedures to proactively identify and address potential risks as well as monitor them;
• Undergo biannual audits conducted by external independent certification body to evaluate the effectiveness of our management measures for personal data protection. These audits are performed from an unbiased and objective perspective, reinforcing our control mechanisms and ensuring their effective implementation;
• EVA AIR’s network infrastructure has been validated by ISO 27001. All transaction and privacy information of its customers are protected with Transport Layer Security(TLS) encryption technology, where data will be encrypted in advance and securely transmitted over the Internet;
• Maintain a zero-tolerance policy towards any infringements of personal data protection. Should an investigation reveals any violations of relevant laws and regulations, including failure to report misconduct by individuals with regulatory responsibilities, we will promptly review and enhance our management measures. Disciplinary actions, including termination, will be taken in accordance with labor contracts, internal disciplinary regulations and procedures.
• If you have any feedback or concerns regarding our privacy protection policy, we encourage you to reach out to us through the following channels:
  EVA Airways Corporation
  Data Protection Officer/Personal Information Protection Officer
  No.376, Sec. 1, Xinnan Rd., Luzhu Dist.,
  Taoyuan City, 33801 Taiwan
  
  DPO@evaair.com

• Purpose: to inform FFP Members of marketing/promotional events and special offerings concerning the co-branded cards. 
• The personal information that may be disclosed includes: Chinese/English full name, gender, I.D. Card number, membership card number/type, year of birth, telephone number, mobile phone number and home address. 
• Usage period: within the period of existence of the contractual relationship between the Company and co-branded card issuers, the record retention period stipulated by relevant regulations, or according to the terms and conditions of the co-branded card issuers. 
• Targets and regions: the co-branded card issuers and locations of their contractors for handling related affairs. 
• Methods: the collection, processing, all kinds of international transmission and use of personal information in accordance with the regulations of the Personal Information Protection Act of Taiwan (such as digital files, paper documents, phone, or any other method considered fit for dominant technologies at the time of data collection)

In accordance with Article L.237-7 of French Internal Security Code, please be informed that airlines may be required to communicate personal data to authorized booking, check-in and boarding data collected from their passengers (API/PNR) to the French authorities for the purposes and under conditions as defined in the Decret N° 2014-1095 dated 26/09/2014.

Anyone who voluntarily provides the Company with his/her personal information is entitled to the following rights according to the Article 3 of Taiwan Personal Information Protection Act and Article 16 to 20 of EU General Data Protection Regulation:

• make an enquiry or request reviewing the information
• request a copy of the information 
• request supplementation or corrections 
• request stopping of data collection, handling or utilization 
• request restriction of processing 
• request restriction of automated decision-making, including profiling 
• Request deletion (We may not be able to delete your data or respond to other service requests in the case that the data processing is necessary. In such cases, the right to erasure does not apply according to the applicable data protection laws.)
• request of data portability

You can exercise any of the aforementioned rights through our worldwide business offices; your request will be handled as soon as your identity is verified. To request the personal data removal, you will need to download the request form (Click on this link to download the Personal Data Removal Request Form). After completing the request form, please submit the request form in person to our offices worldwide.

We will keep your information for as long as it is necessary to fulfill the purpose for which it was collected. For example, the legal or business purposes of EVA, or as required by relevant laws.

We will keep the information, so we can fulfil the specific travel arrangements you have made and after that, we will keep the information for a period which enables us to handle or respond to any complaints, queries or concerns relating to the travel agreement and the information may also be retained so that we can continue to improve your experience with us.

If you provide incorrect or incomplete personal information, such as a nickname, which prevents us from verifying your real identity, we might be unable to uphold your exercise of privacy rights listed above.