The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It focuses on the processing, usage, and storage of personal data.
Delta has the personal data of customers, employees, and third parties, which can include: name, SkyMiles numbers, passenger numbers, email addresses, IP addresses, and mobile phone number. Personal data also includes data revealing: racial or ethnic origin, religious or philosophical beliefs, trade union membership, biometric data for the purpose of uniquely identifying a natural person, health (allergies, handicap), or a person's sexual orientation.
The GDPR applies to any organization located outside the EU if it offers goods or services to, or monitors the behavior of, EU data subjects (customers and employees). It will affect our transactions that originate in the European Economic Area (the 28 EU member countries plus Iceland, Liechtenstein and Norway), as well as our over 400 employees in those locations.
The lawful basis under the GDPR for processing personal data include:
- Performance of a contract
- To comply with a legal obligation
- To protect the vital interests of the individual
- In the public interest
- For Delta’s legitimate interests
Under the GDPR, an individual has the freedom to inquire about usage of his or her data, ask that it not be used in certain ways, and demand that it be returned or removed. The request for this information or action is reviewed in accordance with the circumstances and applicable law, and if possible, the information must be provided or action must be taken to comply with the request.
- “Opt-in” consent means that an individual has to affirmatively choose to participate or be included in a program and is otherwise excluded by default.
- ”Opt-out” consent means that an individual is automatically included by default in a program and has to take some affirmative steps to be excluded.
- Please note that a pre-marked checkbox does not constitute “opt-in” consent, but rather “opt-out” consent, because the individual has to uncheck the box to be excluded.
- “Double opt in” requires an individual to take a second confirmatory step after providing initial consent to participate or be included in a program. This is typically done via an email confirmation message to the individual after he or she signs up; the individual must respond to the email confirmation message to reconfirm his or her consent. If the user fails to respond to the message, the individual is not enrolled in the program.