Protecting your data

Carrying 184m customers p.a. and employing 25,000+ aviation professionals, we take the protection and appropriate processing of personal data of our customers, employees, partners and suppliers very seriously. We are committed to protecting their privacy and ensuring transparency around how their data is processed.

Personal data is processed in accordance with the Company Data Protection Policy (which was approved by the Board) and in compliance with applicable laws, including the EU General Data Protection Regulation (GDPR). GDPR, as well as other data protection legislation, safeguards customer data and individuals’ specific rights to their personal information.

We process personal data fairly, lawfully and transparently. This data protection rule means, amongst others, that we are transparent with individuals about the use and processing of their personal data.

All Ryanair employees and contractors are required to comply with the Company Data Protection Policy when they process personal data on Ryanair’s behalf. Each department must be able to point to a specific legal basis for each category of personal data that the department is processing. We ensure all employees are aware of the importance of processing and protecting personal data and are informed about data protection security measures, requirements and legal obligations through regular awareness campaigns.
All employees, including contractors, are required to do annual mandatory data protection training.

We have adopted comprehensive and effective governance measures to meet the requirements under data protection laws, including robust procedures for personal data breach management, for the exercise of data subjects’ rights and for vetting and assessing of our suppliers. We require suppliers to have appropriate technical and operational measures in place in line with data protection laws.

To enhance the effectiveness of our compliance efforts, we have appointed a Data Protection Officer (DPO) whose tasks and responsibilities are clearly set and documented in accordance with the GDPR. The DPO reports to the Group CLO and has regular access to senior management across the business. In addition, each department in Ryanair has a Data Protection Steward who acts as a data protection champion and first point of contact for day-today queries.

Ryanair DAC is the data controller of all personal information that is collected and used on Ryanair customers, as well personal information relating to its employees and contractors, suppliers and business contacts. The Irish Data Protection Commissioner is the lead data protection supervisory authority for Ryanair.

We are committed to ensuring the security and confidentiality of your personal data. Taking into account the nature of your personal data and the risks of processing, we have put in place appropriate technical and organizational measures as required by applicable legal provisions to ensure an appropriate level of security and to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion of or unauthorized access to these data.
All payment details are transmitted and stored in compliance with Payment Card Industry Data Security Standards (PCI DSS).

Secure Socket Layer

technology encrypts all payment details