Privacy Policy

Please take the time to read and understand our privacy policy.

Please take the time to read and understand our Privacy Policy.

1. Introduction

Who we are

Nauru Air Corporation trading as Nauru Airlines (“Nauru Airlines”, “we”, “us” or “our”).

The importance of privacy

Nauru Airlines understands the importance of privacy to all individuals. We are committed to protecting your personal information in accordance with applicable privacy legislation. We limit our collection and use of your personal data to the information that is reasonably necessary to conduct our business and provide you with the highest quality service.

This Privacy Policy

This Privacy Policy is designed to inform you about the type of information we collect from you, how we will use it and the rights you have in relation to it. This Privacy Policy applies to personal information about you that is reasonably necessary for us to collect, use and otherwise process, including when you travel with us, use our other services and websites, make enquiries, enter competitions or promotions, contact our service agents or Nauru Airlines Reservations, and book to use our services through third parties (such as travel agents and other airlines).

Please ensure that you read this Privacy Policy in full before submitting your personal information to us.

Additional Terms and Conditions or policies may apply if you elect to take additional services from us, such as entering a competition or promotion.

2. What is ‘personal information’?

Personal information means data relating to you from which you can be reasonably identified, such as your name and contact details, your travel arrangements and purchase history. It may also include information about how you use our websites and mobile applications. We recognise that your personal information is valuable, and we will process it in accordance with applicable laws.

3. Information you provide to us and how we use it

3.1. What personal information you provide to us

When you use our services, you will need to provide us with your personal details and/or the details of the individual(s) who will be travelling with you. Some examples of the type of personal information we may collect from you in the process of conducting our business and providing services include:

a) Contact information – your name, address, phone number, email address and social media handle;

b) Identity information – your government identification number such as your passport number, date of birth or image;

c) Financial information – your credit or debit card details and expiry date;

d) Our website and mobile apps – your browser type, web pages visited, your geo-location, your mobile telephone number or your IP address and details of how you use the website or app and any third party sites you access from them;

e) CCTV Images – images captured in our airport lounges, airport offices and premises; and/or

f) Health and dietary information - dietary requirements and health information, including request for specific assistance, in connection with the use of our products and services.

3.2. How we collect personal information

We may collect personal information from you when you interact with us directly, for example when you:

a) complete and manage a booking you have made with us or a service you have requested from us;

b) travel with us and update your travel arrangements; and/or

c) use our website and apps, complete online registrations, enter promotions and engage in other online interactions.

You can choose not to provide us with any of your personal information however we may then be unable to respond to your enquiry, engage in further communications with you and/or provide you with the requested services.

When we collect personal information, we do so because it is reasonably necessary to:

(a) use and disclose your personal information to communicate with you and/or on your behalf;

(b) facilitate and/or perform a contract with you;

(d) comply with applicable laws, regulations and the requirements of Government authorities.

We may also collect personal information from you indirectly, such as from Government agencies like customs and immigration, border security, partner airlines, others who interact with us on your behalf or from third party service providers such as websites, apps or social media platforms.

3.3. How we use your personal information

a) If you are travelling with us - we may use your personal information to fulfil your travel arrangements and deliver services you have requested, manage the travelling process, facilitate flight connections, send status updates and other communications to you, keep track of you at the airport and keep you safe when you fly with us as well as personalise the way we provide and market benefits, products and services to you.

b) If you make an enquiry about our company, services or products - we may use your personal information to respond to your query or comply with a legal obligation.

c) If you are an existing customer, supplier, or partner of ours – we may use your personal information to fulfil an obligation or perform an agreement with you, respond to any query or comply with a legal obligation.

d) If you make an enquiry about working for us – we may use your personal information to consider and respond to your enquiry, comply with a legal obligation or retain your personal information in relation to future work opportunities.

e) If we do not know you and/or your role at your business – we may use your personal information to confirm your identity and the business that you work for, as well as your role at that business. We do this because it is reasonably necessary to make sure that your enquiry is genuine and is not spam or being made for fraudulent reasons. We may also do this because we may be subject to legal obligations which require us to confirm the details that you provide to us before entering a relationship with you.

f) If you opt-in or otherwise consent to receive marketing communications – we may use your personal information (other than sensitive information) to contact you to share information about relevant products, services, news, promotion and events in accordance with paragraph 4. When you provide your contact details for this reason, you will be consenting to us contacting you for these purposes, including for future promotions we may offer.

4. Marketing Communications

4.1. When you opt-in to receive marketing communications from us, you are giving your consent for your personal information to be used by us to contact you by email, direct mail, telephone, SMS, MMS, social media, apps and via other forms of communications for the purpose of direct marketing, which includes:

a) delivering personalised website, app or social media experiences such as sharing information with you about products and services provided by us and our industry partners (such as third party hire car companies, travel insurance providers or hotels);

b) sending you press releases, newsletters and information about industry news and events; and/or

c) notifying you about promotions and competitions held by us and our industry partners (Marketing Communications).

4.2. If you decide that you do not want to receive Marketing Communications from us, you may withdraw your consent at any time to receive Marketing Communications, or you can unsubscribe by selecting the opt-out or unsubscribe link contained in the relevant Marketing Communication (where applicable) or amend your communication preferences by contacting us at [email protected] or using the details in paragraph 18. We aim to action requests to stop marketing communications within 10 working days of receiving such requests.

4.3. Please note that if you opt-out of Marketing Communications, you will still receive service communications (as described in paragraph 3.3 above) which are necessary, for example, to confirm your booking or to provide you with an update on its status.

5. Special categories of personal information (sensitive information)

5.1. Under privacy laws, certain categories of personal information, such as information about race, ethnicity, religion, health, sexuality or biometric information are special categories of data requiring additional protection (sensitive information). For example, you may have requested services (such as a special meal) which is not ’sensitive data’ or ‘sensitive information’ itself but may imply or suggest your religion, health or other information. Other examples would be information required by government authorities to demonstrate fitness to fly (eg: COVID-19 testing requirements) or for public health reasons. Generally, we try to limit the circumstances in which we collect and process sensitive information.

5.2. We may collect and use sensitive information where the collection or use of such information is required by law or you have:

a) requested specific medical assistance, such as the provision of wheelchair assistance or oxygen;

b) sought clearance from us to fly with a medical condition or because you are more than 28 weeks pregnant; and/or

c) chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through whom you made your booking.

5.3. Sensitive information will only be collected by us if you have explicitly consented, unless otherwise stated above, and in accordance with applicable laws, including the Australian Privacy Principles.

6. Information received from third parties

6.1. We may receive personal information about you from third parties, such as companies contracted by us to provide services to you, companies involved in your travel plans, airlines involved in your prior or onward journey, airport operators, customs and immigration authorities and companies that participate in our partner loyalty schemes and other customer programmes.

6.2.These third parties receive your personal information in accordance with their own privacy policies and procedures and, where applicable, may function as separate controllers under the European Data Protection Legislation (refer to section 15 of this Privacy Policy for more information).

6.3.We recommend you consult their individual privacy policies for further information.

6.4. We are not responsible for the privacy practices of third parties or for the content, products, or services provided by them.

7. Information we automatically collect about you

7.1. When you visit our website or mobile apps, our browser or other applications automatically collect information about your interaction with us such as your IP address, traffic data, clickstream information, time stamp, location data, web logs, other communication data and the resources that you access.

7.2.We automatically collect data about your use of our website or apps using various technologies such as cookies as explained below. This information allows us to:

a) ensure content from our website and apps is presented in the most effective manner for you and your device and to make improvements to our website;

b) recognise you when you return to our website or app and to record your use;

c) keep our website and apps secure;

d) administer and maintain our website and apps by conducting testing and solving errors; and/or

e) analyse your and other users' use of the website and apps to create anonymised and aggregated research or statistics from time to time. Once your personal information has been anonymised and aggregated with that of other users, we will no longer be able to identify you or anyone else from the combined information.

7.3.We use your personal information in this way because it is reasonably necessary for us to determine how you may be viewing and using our website and any apps so that we can operate them effectively and improve them.

8. Cookies

8.1. Our websites and apps may use cookies, which are small data files containing an identifier (a string of letters and numbers) that is sent by a server to a browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

8.2.We use cookies to enhance your use of our websites, apps and/or services and to monitor your activity during your visit(s) to our websites and apps and to help us make our website more useful for you. By continuing to use our websites and apps you consent to our use of cookies as explained in this Privacy Policy.

8.3.Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

8.4. Some cookies are deleted when you close your browser. These are known as session cookies. Others remain on your device until they expire, or you delete them. These are known as persistent cookies and enable us to remember things about you as a returning visitor. If you do not want cookies to be stored, then you may turn off cookies individually or select the appropriate options on your browser or device to delete some or all cookies. Please note that if you block some or all cookies (including essential cookies) you may not be able to use or access all or parts of our websites.

8.5. If you would like to disable cookies, you can set your web browser or device to reject cookies. However, if you disable the cookie function, you may not be able to access or receive all the information contained on our websites or apps. The method of altering your cookie settings will depend on the type of browser you use.

9. How long do we keep personal information?

9.1. We will keep your information for as long as we need it for the purpose(s) for which it was collected. For example, where you book a flight with us, we will keep information related to your booking for a period that allows us to fulfil the travel arrangements, handle or respond to any complaints or queries, continue to improve your experience with us, ensure that you receive any loyalty rewards which are due to you and to allow us to comply with any legal obligations.

9.2. We regularly review the information we hold and delete it securely, or in some cases anonymise it, when there is no longer a legal, business or customer need for it to be retained. We may retain a record of the existence of our relationship with you, to the extent that and for so long as we are required to do so by law.

10. Who do we share your personal information with?

10.1. We do not sell personal information to any third parties.

In certain circumstances, we may be required to share your personal information with third parties, including:

a) other airlines and service providers where, for instance, part of your travel itinerary involves a flight operated by a different airline or includes car hire or a hotel booking;

b) credit and charge card companies, credit reference agencies and anti-fraud screening service providers to process payments and (where necessary) to carry out fraud-screening;

c) to confirm your identity or check your personal information (including by searching for your name and that of your business in publicly available and private databases);

d) service providers we are using to provide services that involve data processing, for example, to carry out marketing initiatives or run customer surveys on our behalf;

e) our business partners if you have expressed an interest in a product or service of such business partner. For example, if you have joined an affiliated loyalty program so that we can administer the benefits of the loyalty program to you;

f) government and law enforcement agencies such as customs and immigration authorities, in response to a valid, legal requirement or request;

g) any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) in so far as reasonably necessary for the purposes set out in this policy;

h) analytics and search engine providers that assist us on the improvement and optimisation of our websites;

i) any of our employees, officers, insurers, professional advisers, lawyers, tax or business advisors, agents, suppliers or subcontractors insofar as it is reasonably necessary for the purposes set out in this policy;

j) a purchaser or successor entity in the event of a sale or other corporate transaction involving some or all of our business or as needed to effect the sale or transfer of business assets, or as needed for external audit, compliance or corporate governance related matters; and/or

k) a third party to whom we have a duty to disclose or share your information:

i. to enforce or apply our conditions of carriage and other agreements with you;

ii. as required by applicable law, court orders, government entities or legal process (including subpoenas);

iii. as necessary to protect the property, safety and rights of others.

By providing us with your personal information, you consent to the disclosure of your personal information to third parties as set out in paragraph 10.1. In the event you do not wish for us to disclose your personal information to third parties pursuant to paragraph 10.1, please contact us using the details in paragraph 18.

11. International Data Transfers

11.1. We may transfer, store and process your personal information in servers located in countries worldwide, including in offshore cloud storage provided by third party suppliers. The nature of our business means it is often necessary for us to send your personal information outside the country in which you are located to fulfil your travel arrangements. This occurs because our business and the third parties we share your personal information with as described in this Privacy Policy have operations in countries across the world. By providing us with your Personal Information, you consent to this storage and transfer, as is reasonably necessary in conducting our business and the supply of our services to you.

11.2. By providing us with your personal information, you consent to the disclosure of your personal information offshore as set out in paragraph 11.1.

11.3. We are located in Australia and Nauru, which are not countries that have been deemed to offer adequate data protection by the European Commission. If you do provide your personal information to us, please note that you are doing so on the basis that you consent to the transfer of your personal information outside the European Economic Area (EEA). The potential consequence of this is that there is a risk that your personal information will not be protected in a manner that complies with European Data Protection Legislation. You can withdraw your consent to such international transfers by contacting us in accordance with paragraph 18 of this Privacy Policy, but it will mean that we will not be able to contact you about the services we can or have agreed to provide to you going forward. Please see how we handle your personal information under European Data Protection Legislation in paragraph 15.

12. Your Rights

12.1. With respect to the personal information that we collect about you, you have the right to:

a) request access to that personal information;

b) receive a copy of the personal information that you have provided to us in a commonly used format so that you can share it with others;

c) where personal information is inaccurate or incomplete, ask for personal information to be rectified or completed;

d) request the transfer of your personal information to another party;

e) ask that your personal information be erased;

f) object to us processing your personal information by asking for the processing of that personal information to be restricted or stopped. For example, by requesting that we do not use your personal information for marketing purposes; and/or

g) make a complaint about the way we process your personal information under any applicable laws.

12.2. Please contact us using the details listed in paragraph 18 to exercise these rights or to ask us for additional information. When you contact us to exercise the above rights, we may ask for further information from you, to confirm your identity, as we take the protection of your personal information seriously. In the event you email us, we will endeavour to respond to requests, complaints or queries as soon as reasonably practicable.

12.3. Please note that despite paragraph 12.1, we are not required to give you access to your Personal Information to the extent that:

a) we reasonably believe that giving access would pose a serious threat to the life, health or safety of any individual, or to public health or public safety; or

b) giving access would have an unreasonable impact on the privacy of other individuals; or

c) the request for access is frivolous or vexatious; or

d) the information relates to existing or anticipated legal proceedings between us and you, and would not be accessible by the process of discovery in those proceedings; or

e) giving access would reveal our intentions in relation to negotiations with you in such a way as to prejudice those negotiations; or

f) giving access would be unlawful; or

g) denying access is required or authorised by or under applicable laws or a court/tribunal order; or

h) both of the following apply:

i. we have reason to suspect that unlawful activity, or misconduct of a serious nature, which relates to our functions or activities has been, is being or may be engaged in;

ii. giving access would be likely to prejudice the taking of appropriate action in relation to the matter; or

i) giving access would be likely to prejudice one or more enforcement related activities conducted by, or on behalf of, an enforcement body; or

j) giving access would reveal evaluative information generated by us in connection with a commercially sensitive decision-making process.

13. Security of your personal information

13.1. We will take reasonable technical and organisational precautions to prevent the loss, misuse, disclosure or alteration of your personal information.

13.2. We will use a range of physical, electronic and network security controls to take reasonable steps to protect the information we hold about you.

13.3. All electronic financial transactions entered into through our website will be protected by encryption technology.

13.4. You acknowledge that the transmission of information over the internet is inherently unsecure, and we cannot guarantee the security of data sent in this manner.

13.5. You are responsible for keeping your booking information secure. To help you keep your information secure, we recommend that you:

a) keep your booking reference confidential - when you make a booking, you will be given a booking reference on the email confirmation or ticket. You should always keep your booking reference confidential. Giving your booking reference to others may allow them to access your booking details through our system. If you are travelling with others and would not like your individual booking details to be accessible by them, you may prefer each person to make separate bookings.

b) be aware of and protect yourself against Internet scams, fraud and ‘phishing’ - there is an Internet fraud practice known as ‘phishing’ (the illegal gathering of personal information by deception).

13.6. If we become aware of a breach of security of your Personal Information, we will provide written notice to your postal address, contact you by telephone or contact you electronically within the period required by applicable laws.

14. USA TSA Secure Flight Program - Privacy Notice

14.1. This paragraph is relevant for flights to and from the United States.

14.2. The United States Transportation Security Administration (TSA) may require you to provide your full name, date of birth, and gender for the purpose of watch list screening, under the authority of Title 49 U.S.C. section 114, the Intelligence Reform and Terrorism Prevention Act of 2004 and Title 49 C.F.R parts 1540 and 1560. You may also provide your Redress Number, if available.

14.3. Failure to provide your full name, date of birth, and gender may result in denial of transport or denial of authority to enter the boarding area. TSA may share the information you provide with law enforcement or intelligence agencies or others under its published system of records notice. For more information on TSA privacy policies, or to review the system of records notice and the privacy impact assessment, please see the TSA Web site at www.tsa.gov.

15. European Data Protection Legislation

15.1. For the purposes of this Privacy Policy, “European Data Protection Legislation” means all applicable legislation relating to data protection in the European Economic Area, including the EU General Data Protection Regulation 2016/679 (GDPR) and all legislation implementing, made under, pursuant to, replacing or superseding the GDPR. Where this Privacy Policy uses terms defined in the GDPR, the definitions set out in the GDPR will apply.

15.2. Where the European Data Protection Legislation applies to personal information collected about you, Nauru Airlines is the “controller” of your personal information. If you have made a flight booking with us but one or more flights are to be provided by another airline or airlines, then that other airline will also be considered a “controller”. Any provider of services such as a hotel or car rental company will also separately be a “controller”. Please be careful to review the privacy policies of each individual service provider, which you can access from them directly.

15.3. This paragraph 15 applies if you are based in the European Economic Area (EEA), either as a citizen or resident of the EEA, during your communications with us (outside of when you are in the EEA for travel purposes) and sets out the additional information Nauru Airlines is required to provide to you under European law.

15.4. Personal Data

Whilst we have used the term “personal information” throughout our Privacy Policy in line with Australian terminology, EU legislation uses the term “personal data” and therefore we have used that term in this paragraph 15 only.

15.5. How we use personal data

We collect and use personal data in the ways we have set out in this Privacy Policy. We recommend you review this section as well as the remainder of our Privacy Policy to understand the nature of the personal data we may collect and the circumstances in which it is collected and used.

“Controllers” can only process personal data in one of the following circumstances:

a) with consent;

b) where there is a contractual obligation;

c) to meet a legal obligation;

d) where processing is necessary for the performance of a task carried out in the public interest;

e) to protect the vital interests of an individual;

f) for an organisation’s legitimate interests (except if these are overridden by the interests or fundamental rights of individuals).

In addition, the GDPR establishes additional conditions for the processing of sensitive data. We rely on the following GDPR lawful bases to process your personal data:

Purposes of the data processing	Basis of Use
Providing our travel services	Performance of a contract, such as providing you with a flight to complete your travel bookings. Legitimate interests, to allow us to perform our obligations and provide services. Consent, where you have provided us with sensitive personal data.
Marketing and conducting consumer research	Legitimate interests, in marketing our services to you. Consent, which you may withdraw at any time by contacting us and telling us so.
Providing customer support	Performance of a contract Meeting our legal obligations Legitimate interests, such as enabling us to communicate with you.
Meeting our legal and regulatory obligations and for health, security and safety purposes	Meeting our legal obligations Legitimate interests, such as complying with the requirements of law enforcement agencies and regulatory authorities or ensuring the health and safety of our passengers and staff. Sensitive Personal Data collection: Meeting our legal obligations Vital interests, in the case of an emergency. Public interest, regarding public health and safety.
To prevent fraudulent activity	Legitimate interests, such as identifying and responding to possible fraudulent transactions.
To ensure our website functions as well as possible	Legitimate interests, such as identifying for you the appropriate content and services on our website.

15.6. Protecting your personal data

We use several controls to protect your personal data such as encryption and multi factor authentication. We may at times have to transfer your personal data to a third party in another country who does not meet the requirements of the GDPR or other EU legislation relating to data protection. If that occurs, we use appropriate safeguards to protect your personal data such as including standard contractual clauses in our agreements with third parties, using procedures or other controls.

15.7. How long we keep your personal data

How long we keep your personal data depends on our business needs and legal requirements. We keep the data for as long as is necessary to meet our regulatory obligations, even after you have flown with us or otherwise ceased using our services. We may also retain your personal data for other permitted purposes, such as contacting you.

15.8. Marketing

We may use your personal data for marketing purposes however you have the right to ask us not to. We will tell you if we share your personal data with third parties for marketing purposes. You can contact us at [email protected] at any time to withdraw your consent if you have previously opted in to sharing your personal data.

15.9. Other rights for EU citizens and residents

You have rights to access, correct and withdraw consent in relation to your personal data. If you are an EU resident or citizen you may also have additional rights under EU law such as asking us to:

a) provide details as to how we process your data;

b) restrict our use of your personal data;

c) delete your personal data;

d) stop using your personal data for marketing purposes, legitimate or public interests; and/or

e) share your personal data to a third party.

We may be able to refuse your request on legal grounds however, if that occurs, we must explain in writing to you why that is the case.

15.10. Complaints

If you wish to make a complaint about how we handle your personal data, please contact us at [email protected]. We take all complaints seriously and will do our best to resolve any issues within 30 days of your complaint being lodged with us.

If you are still not satisfied with our actions, you may contact your EU member state data protection authority https://www.edpb.europa.eu/edpb_en

16. CCTV Images

16.1. We, or our third party providers, may operate CCTV cameras at airport terminals, buildings and facilities.

16.2. Your personal information may be collected through our CCTV cameras if you are reasonably identifiable from the images captured by these cameras.

16.3. Where we use CCTV, we do so because it is reasonably necessary to:

a) monitor access to our terminals, buildings, and workplaces;

b) identify and respond to security incidents or threats;

c) investigate incidents or accidents occurring on our premises;

d) assist airport authorities, security and management personnel, regulatory bodies and law enforcement agencies; and/or

e) meet our legal and regulatory requirements.

16.4. We may disclose personal information captured by our CCTV cameras to our related companies, airport authorities, security, management, law enforcement agencies, our insurers, and those third parties who provide us with our CCTV equipment.

17. Amendments to this Privacy Policy

17.1. We may update this policy from time to time to reflect any changes in our practices, services and legal obligations by publishing a new version on our website.

17.2. Your continued use of our services, websites and apps following the effective date of a change to this Privacy Policy signifies your acceptance and agreement to the terms of the revised Privacy Policy. We encourage you to check this page periodically to ensure you have the most up to date privacy statement and terms.

18. Ownership and Contact details

18.1. This website is owned and operated by Nauru Air Corporation trading as Nauru Airlines.

18.2. If you have any questions on our Privacy Policy or any concerns about the ways in which we protect your personal information, please contact us by email at [email protected] or by telephone on 1300 369 044 (#2) inside Australia or +61 7 3229 6455 outside Australia.