Privacy & Security Center
Privacy at SITA
As the world’s leading specialist in communications and information technology for the air transport industry and national border management services, we believe that trust is the foundation of every connection we make, now and in the future.
That’s why, at SITA, we embed privacy and data protection into the heart of how we work. From secure passenger services to reliable border management solutions, we're dedicated to transparent and responsible data practices, prioritizing privacy and data protection across the entire data lifecycle.
Our Privacy & Security Center has been designed to help you understand our philosophy and approach to privacy and data protection.
Wherever SITA operates,
privacy matters.
Privacy Notice
SITA is a global leader in air transport telecommunications and IT solutions, providing comprehensive business solutions to airlines, airports, governments, and other customers in the Air Transport Industry.
This Privacy Notice explains how, Société Internationale de Télécommunications Aéronautiques S.C.R.L., SITA N.V., and our affiliated companies ("SITA", “we”), are committed to protecting the privacy of the individuals we engage with through our business operations, our products and services (“services”) and our websites (including www.sita.aero and customer portal) (“Websites”) and informs them about their rights regarding their personal data. The Privacy Notice applies to all SITA operations businesses globally.
Our Role in Processing Personal Data
Provision of services to our customers
Acting as a ‘Data Processor’, SITA provides services under contract to our customers who retain ownership and control of the personal data that we process on their behalf including, but not limited to, personal identifiers, flight details, passport information, payment d and sensitive data such as biometric data, as applicable.
We are committed to ensuring the security and confidentiality of customer personal data and only retain it as long as necessary to fulfil the intended purposes, in accordance with customer instructions and our legal obligations.
SITA as a Data Controller
As a ‘Data Controller’ SITA will determine the purposes and means of the processing of personal data under our direct control. The remainder of this Privacy Notice explains our practices and obligations as a Data Controller.
At SITA, we regard "Personal Data" to mean any data that identifies or relates to a specific person, either directly or indirectly. It also may be data about a person’s characteristics, preferences, or interactions if it is linked to them.
Lawful basis under data protection laws
For the purposes set out below, the lawful basis that we generally rely upon is that the processing of your personal data, is necessary to initiate your request to enter into or to perform a contract with us or for us, or to comply with our legal obligations. Where applicable, we will also process your personal data as we have a legitimate interest in providing our products and services, contacting our customers with important notices or updates, responding to our customer queries and complaints, running, improving, and preventing harm to our business, enforcing contracts, and operating as an efficient and effective business.
For some types of processing or where required by local law in relation to any particular types of data, we will rely on consent for data collection as applicable.
Purposes SITA may collect Personal Data
We may collect, use and process the following categories of Personal Data listed in the table below.
| Purposes | Relevant categories of personal data processed | Lawful Basis |
|---|---|---|
| MANAGEMENT OF BUSINESS ACTIVITIES RELATED TO CUSTOMERS WHICH INCLUDE CONTRACTING, PROVISIONING OF SERVICES, BILLING AND ACCOUNT MANAGEMENT As a provider of services to our customers (and prospective customers) we collect and process Personal Data for the following: • to manage sales, contacts, opportunities and development plans with your company • to create, provision and manage your account on our Customer Portals, including Digihub and other web-based services, using the contact data provided by your organization as our customer • to address and resolve complaints, including customer issues • to communicate with you about inquiries, services, and account management • to enable you to engage with our customer support teams and field support staff • to manage and dispatch field and support services to our customers • to analyze, monitor and improve our services |
This may include: • Identifying data, such as your name, date of birth, and nationality • Contact data, such as your postal address, email address and telephone number • Professional and business data, including your job title and role, and data relating to your company such as the business name, address and country • Usernames and passwords, that you create when registering for an account with us • Details of any services we provide to you • Communication records, including any messages you send to us or that we send to you • Data automatically collected from using our internet-based services (such as IP addresses, browser type, ISP, referring/exit pages, operating system, date/time stamp and navigation data) |
• Contract performance • Legal obligation • Legitimate interests • Legal claims |
| MANAGEMENT OF MARKETING AND PROMOTION OF SITA PRODUCTS AND SERVICES To send you marketing and to identify products and services that may interest you: • to enable you to sign up to our newsletters, industry events or webinars or enquire about our products and services • to create an account on our website or customer portals • to send you updates, newsletters and promotions about our services • to run online advertising campaigns To analyze, improve and personalize our websites: SITA uses cookies and similar technologies to collect Data automatically when you visit our websites which help us understand how you interact with our site, to enhance your user experience, and provide you with tailored content. We also use these to monitor site performance, and to gather analytics about site traffic and usage patterns. For more Data on the types of cookies and similar technologies that we use and how to manage them, please click here to access our Cookie Policy. |
This may include: • Contact data, such as your postal address, email address and telephone number • Professional and business data, including your job title and role, and data relating to your company • Usernames and passwords created when registering for an account • Marketing preferences • Usage data, such as interaction with and use of our services and websites • Communication records • Data automatically collected from use of internet-based services (e.g., IP addresses, browser type, ISP, referring/exit pages, operating system, date/time stamp and navigation data) |
• Consent • Legitimate interests |
| INFORMATION YOU PROVIDE WHEN PARTICIPATING IN CUSTOMER SURVEYS OR RESEARCH STUDIES From time to time we may ask you to participate in surveys about SITA, our products and services or matters related to the air transport industry. |
This may include: • Any Personal Data provided online or in writing • Where applicable, Personal Data provided through audio or video channels |
• Legitimate interests • Consent (where applicable) |
| INDUSTRY EVENTS AND WEBINARS We or our third parties may host industry events and webinars that may be of interest to you and require your personal data to enable us to manage your invites and administer your participation. |
This may include: • Information on your attendance such as event and travel data, such as travel bookings, flight data, accommodation, dietary preferences and passport Data. • Food allergies and other individual requirements • Any images or videos captured at the event by us or a third party on our behalf |
• Legitimate interests • Consent (where applicable) |
| FULFILLMENT OF OUR LEGAL OBLIGATIONS INCLUDING SCREENING PROCESSES, LICENSE REGISTRATIONS AND RESPONDING TO AUTHORITIES SITA may be required by applicable law and regulation to process certain personal data: • to prevent fraud and other crimes • to ensure that we comply with international trade sanction laws and regulations, where appropriate customers, vendors and suppliers are screened against applicable sanctions lists • to perform due diligence on potential and existing contractors and suppliers including intermediaries • to obtain an appropriate business licenses or registrations to operate and provide our business services and operations • to respond to queries or requests made by law enforcement |
This may include: • Identifying data, such as your name, date of birth, and nationality • Contact Data, such as your postal address, email address and telephone number • Professional and business data, including your job title and role, and data relating to your company such as the business name, address and country. This may include and is not limited to business registrations, pre-employment screening results, finances, company structures, legitimate business activity, references or background checks • Information from other organizations such as data brokers, our partners (e.g. business directories), and publicly available sources like the electoral roll • Details of any associated services • Usernames and passwords, that you create when registering for an account with us • Communication records, including any messages you send to us or that we send to you |
• Legal obligation • Legitimate interests |
| SAFETY OF OUR VISITORS AND PROPERTY INCLUDING LOCAL HEALTH AND SAFETY OBLIGATIONS This includes for the purposes of management of access to business premises, the prevention and detection of crime, protection of confidential information, and the security of SITA’s premises. |
This may include: • Contact details such as names, job title, e-mail address, date of entry and leave, purpose of visit • Surveillance and video footage, such as where we use CCTV to secure and monitor our premises |
• Legal obligation • Legitimate interests • Legal claims |
| APPLYING FOR A JOB OR POSITION WITH US |
For further details pleaser review Applicant Privacy Notice: Click here |
As described in Applicant Privacy Notice |
| MANAGEMENT OF SERVICES FROM VENDORS AND PARTNERS Providing us with contact information for procurement of services from our vendors. |
This may include: • Identifying data, such as your name, date of birth, and nationality • Contact data, such as your postal address, email address and telephone number • Professional and business data, including your job title and role, and Data relating to your company such as the business name, address and country including details of associated services • Information from other organizations such as data brokers, our partners (e.g. business directories), and other publicly available sources • Usernames and passwords, that you create when registering for an account with us • Communication records, including any messages you send to us or that we send to you |
• Contract performance • Legal obligation • Legitimate interests • Legal claims |
| MANAGEMENT OF SHAREHOLDER RELATIONS • On-boarding, due diligence, and other administrative tasks relating to the Directors of the SITA Board and the Representatives of the SITA Council • to handle onboarding and administrative tasks for our Board and Council • to comply with our legal obligations in the countries where we operate |
• Identifying data, such as your name, date of birth, and nationality • Contact data, such as your postal address, email address and telephone number including emergency contact information • Professional and business data, including your job title and role, and Data relating to your company such as the business name, address and country • Usernames and passwords, that you create when registering for an account with us • Communication records, including any messages you send to us or that we send to you • Event and travel data, such as travel bookings, flight data, accommodation, dietary preferences and passport data • Financial data, such as bank account details • Criminal data, where legally required for example background checks may be required for appointing legal representative in some countries |
• Consent • Contract performance • Legal obligation • Legitimate interests |
Personal Data Sharing and Disclosure
As an international business and to provide you with our services and products, we will share your Personal Data in the following ways:
- Group entities – We may share your Personal Data with our subsidiaries, affiliate companies, or agents within our corporate group for operational, administrative, and service-related purposes as outlined in this Privacy Notice.
- Third-party service providers, agents, and distributors ("service providers") – We may share your data with our service providers who process Personal Data on our behalf, such as those assisting with website functionality, payment processing, customer support, IT services, and analytics. We have contracts with these providers that prohibit them from sharing your data or using it for any purpose beyond the agreed services. Where we share customer personal data with our authorized sub-processors, we contractually bind them to protect and use customer personal data only for the SITA services that they support, ensuring we have sufficient guarantees of the appropriate technical and organizational measures we require to be in place.
- Commercial partners – We may share your Personal Data with our commercial partners or the entities they designate required to fulfil contractual obligations or to analyze and improve our service offerings.
- Law enforcement bodies, the authorities and courts – Where necessary, we will disclose personal data to prevent, investigate, or prosecute criminal activities, comply with legal obligations, enforce our rights or defend against legal claims involving law enforcement, courts, regulatory bodies, or other authorities.
- Your authorized representatives – We may share your data with individuals or organizations who you have authorized to act on your behalf, such as legal representatives, financial advisers, or travel agents.
- Sale or merger of our business – If our company or any of its affiliates undergoes a business restructuring, including a sale, merger, or transfer of assets, we may transfer your Personal Data to relevant third parties, including potential buyers and their advisors, as part of the due diligence and transaction process.
- Advertisers and advertising networks – We may share your Personal Data with advertisers and ad networks that place adverts on our behalf or on our websites to deliver relevant marketing content.
- Other disclosures required or permitted by law – We may share your Personal Data with third parties when required by law or where we have obtained your consent.
International Data Transfers
SITA is an international business, and your Personal Data may be transferred and accessed by our colleagues, affiliate companies, agents and third-party service providers based around the world, including for processing orders and providing support services.
Where required by applicable data protection laws, we use appropriate safeguards (for example, standard contractual clauses) to ensure that Personal Data remains protected when transferred across borders.
Where Regulators have published lists of those countries that they regard as having equivalent protections, no additional safeguards are required to export personal data to these third countries from the original country.
Where the approvals have not been granted, we will either ask for your consent to the transfer or transfer it subject to contractual terms that impose equivalent data protection obligations directly on the recipient (as approved by the relevant local authority e.g. Standard Contractual Clauses), unless we are permitted under applicable data protection law to make such transfers without such formalities.
For data transfers across borders we use Data Transfer Impact Assessments (TIAs) to assess the legal and regulatory landscape of the recipient third country to help us identify any potential privacy and security risks which we typically mitigate through use of contractual safeguards or security protocols.
How We Keep Your Personal Data Secure
SITA has implemented a variety of technical, physical, and organizational measures to protect your Personal Data safe from unauthorized access, disclosure, alteration, or destruction.
These measures include but are not limited to organizational, physical and technological safeguards such as processing Personal Data within secure facilities, use of secure access controls, regular updates to our systems to address emerging security risks, utilizing end point protection and encryption tools whilst ensuring our employees undergo mandatory privacy and security training.
Our websites contain links to other sites that are not owned or controlled by SITA. We are not responsible for the privacy and security practices of such other sites, and we encourage you to read the privacy notices for these sites accordingly.
Retention of Personal Data
We will retain your Personal Data where we have a legitimate business need to do so. For example, to provide our services, run our business operations, or to comply with applicable legal, tax or accounting requirements, or pursuant to an ongoing service contract. Otherwise, we will either delete or anonymize it.
Where this this is not possible (for example, because elements of your Personal Data have been stored in backup archives), then we will securely store this Personal Data and isolate it from any further processing until deletion is possible.
Your Data Rights
SITA operates in countries with a variety of data protection laws that provide different data rights to individuals in respect of access, deletion, rectification and limiting processing of Personal Data. In most cases the location of the SITA Controller will determine the data rights you are entitled to, which may include to:
- Access your Personal Data held by us;
- Know more about how we process your Personal Data;
- Rectify inaccurate Personal Data and, taking into account the purpose of processing the Personal Data, ensure it is complete;
- Erase or delete your Personal Data;
- Restrict our processing of your Personal Data;
- Transfer your Personal Data to another controller, to the extent possible;
- Object to any processing of your Personal Data;
- Opt-out of certain disclosures of your Personal Data to third parties;
- Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects
The data rights set out below apply regardless of where the SITA Controller is located.
Updating your Personal Data and marketing preferences
Where we collect and process your Personal Data in the context of our Website(s), you may access, update and rectify your Personal Data on your profile directly.
In the context of our marketing communications, you may opt-out of receiving them by following the instructions included in each of our communications or via our Preference Center.
If we process your Personal Data based on your consent, you can withdraw it at any time. This will not affect the lawfulness of processing done before the withdrawal, nor will it affect processing based on other legal grounds.
You can find out more about your data rights and how they apply to your personal data by making a data rights request or contacting the SITA Privacy Office via our online Privacy Web Form.
Changes to this Privacy Notice
From time to time, we may update this Notice in response to changing legal, technical or business developments. When we do, we will publish the changes on this Website, as appropriate and update the ‘last updated’ date below. If material changes are made to this Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We encourage you to periodically review this Privacy Notice to stay informed about our collection, processing and sharing of your Personal Data.
Contact Us
SITA has appointed a Chief Privacy Officer and where required by law, a Data Protection Officer. You can submit any questions, complaints or concerns that you may have regarding this Privacy Notice, or privacy matters generally, by contacting the SITA Privacy Office via our online Privacy Web Form.
We are committed to working with you to reach a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, and you are located in the European Economic Area or the United Kingdom, you have the right to raise a complaint with the competent supervisory authority. You may find the contact details for your appropriate data protection authority here.
Translations of the SITA Privacy Notice
We have also made a copy of this Notice available in Chinese and Portuguese. Depending on your browser, you can also use auto-translation to change into your natural language for your convenience.
©SITA - last updated: 10th April 2025