Privacy policy

This Privacy Policy explains how American Airlines, Inc. ("we," "us," "our," "American") collects, uses, shares, and protects information in connection with American’s services, systems, websites, and apps that refer or link to this Privacy Policy (our "Services"), including without limitation, the collection and processing of personal information in connection with bookings and travel on American Airlines or flights operated by our regional carriers (for example, Envoy Air, Piedmont Airlines and PSA Airlines). This Privacy Policy applies regardless of the type of device or other means you use to access our Services.

American reserves the right to change this Privacy Policy at any time by posting the updated Policy here along with the date on which the Policy was changed. If we make material changes to this Privacy Policy that affect the way we collect, use and/or share your personal information, we will notify you by including a "NEWLY UPDATED" label with the "PRIVACY POLICY" link on aa.com for 30 days after material changes are made.

We collect and maintain personal information about you from many sources to understand and meet your needs, facilitate your travel, manage our business, and for other purposes disclosed to you. For example, we collect personal information about you from:

• You, when you voluntarily provide us with information
• Your transactions with American
• Other third party sources, such as travel agents, other airlines (e.g., code share and alliance partners) and travel and hospitality service providers (e.g., transportation or tour operators).

If the information is to be collected directly from you, you may in some cases have the option to decline providing that information. However, your choice to not provide information may impact your use of certain features or services.

The personal information we collect about you through these various sources may include, but is not limited to:

• Name, addresses and telephone numbers
• Date of birth and gender
• Email addresses, fax numbers and pager numbers
• AAdvantage^® account number
• Credit/debit card number(s), including associated billing address(es) and expiration date(s)
• Information required to facilitate travel or other services, including travel companion(s) names, emergency contacts, and photographs
• Information about your travel, including booking and itinerary information, requests for assistance, interactions with staff and cabin crew, and dietary restrictions
• Details of your previous travel, such as previous flights and travel-related issues
• Driver’s license number
• Passport number, nationality and country of residence
• Technical information such as your browser type, IP address, type of operating system you use, your geolocation, the name of your internet service provider, mobile advertising identifiers, and pages visited on our Services
• Information provided via survey, focus group or other marketing research efforts
• When you send us an email or online customer service request, we will retain the content of the message, your email address or any contact information you provide, and our response in order to handle any follow-up questions you may have. We also use this information to measure how effectively we address your concerns.
• Corporate-contract, employer and/or other corporate affiliation (e.g., employer name, title, work address and contact information), including Business Extra^® account information (e.g., tax ID, business type, number of employees, number of business travelers, and travel manager information)

American creates a record for each booking that involves travel on American Airlines, even if the ticket is sold under another airline’s booking code. When you book travel on American, we will collect and store information about your transaction, including whether you booked your flight on aa.com or through another sales channel (such as a travel agency). American will also collect and store information about changes to your booking, including a cancellation or failure to complete your travel, upgrades, your baggage requirements, airport disruption, and lost baggage.

If you book travel for someone else, we may collect your billing information but may communicate with the passenger directly about their flight.

If your booking includes emergency contact information, we may share personal information with your emergency contact or attempt to collect information about you from your emergency contact, as appropriate based on the nature of the emergency.

In the event of a flight delay, cancellation, or other service disruption, we may use the contact information provided in your booking to notify you, and the individuals traveling on the same booking, about the disruption.

To the extent that the personal information we collect constitutes sensitive personal information under applicable law, including where such laws promote a substantial public interest, American will collect and process this sensitive personal information within the limits provided by applicable law. Where required by law, American will seek your specific consent before processing sensitive personal information.

Some examples of this type of information include:

• You have provided medical information to us while requesting specific assistance (such as the provision of wheelchair assistance) from us and/or an airport operator
• You have sought clearance from us to fly with a medical condition or device
• You have otherwise chosen to provide such information to us or it has been passed onto us by a third party such as the travel agent through which you made your booking.

In addition, you may have requested services (such as a meal preference or a request for wheelchair assistance) which is not “sensitive personal information” but may imply or suggest your religion, health or other information. American does not use such data to infer sensitive personal information about you.

Due to the nature of our Services, we may collect travel information, which may include personal information, about children when it is required to comply with the law, including federal aviation or security regulations, or as otherwise required to provide transportation needs and services. We may retain personal information when required to provide transportation and related services to a child. American does not knowingly collect personal information directly from children – persons under the age of 13, or another age if required by applicable law – other than when required to comply with the law or for safety and security reasons.

If you are a parent or guardian of a child who has provided personal information without your knowledge and consent, you may request we remove this child’s information by emailing privacy@aa.com.

Email privacy@aa.com

When you use our Services, we may receive technical information such as your browser type, the type of operating system you use, your geolocation, the name of your internet service provider, mobile advertising identifiers, and pages visited on our Services. American gets this information by using technologies, including cookies, web beacons, and mobile device geolocation to provide and improve our Services and advertising, including across browsers and devices (also known as cross-device linking). We also use this information to verify that visitors meet the criteria required to process their requests and for reporting activity on our Services. For example, we may want to know how long the average user spends on our Services or which pages or features get the most attention. This technical information may be combined with information that is personally identifiable in order to personalize our Services and advertising to your interests, including across browsers and devices. For example, if you spend time reviewing a particular flight or destination but do not complete a travel reservation, we may use this information to show you targeted advertising about similar flights or destinations on our Services or on third-party websites. Some of this information may be shared with third parties, as described below under “Information collected by third parties on our Services.”

Additionally, and with your specific consent where required by law, American may combine the information we receive from you with information collected from other sources. This information may be used to provide offers and/or services specifically tailored to your interests in accordance with applicable laws.

Cookies on our services

When you use our Services, you may receive cookies or other similar technologies such as pixel tags from us and the third parties that collect information on our Services. We use cookies to determine that we give you a high-quality experience on our Services. We also use cookies to show you advertising that is relevant to you.

However, if you prefer, you can change your cookie settings. Some browsers have options that allow the visitor to control whether the browser will accept cookies, reject cookies, or notify the visitor each time a cookie is sent. You may elect to reject cookies by adjusting your settings, but doing so will limit the range of features available to you on our Services and other major websites that use cookies.

Managing cookies Opens another site in a new window that may not meet accessibility guidelines

Our Services also occasionally use "local shared objects" (also known as "Flash cookies"). Like browser cookies, Flash cookies may be used for coordinating content delivery, website functionality, maintaining preferences, advertising, or analytics. Unlike browser cookies, "Flash cookies" are not stored in the browser. You may be able to manage these Flash cookies by visiting the Adobe website.

Managing Flash cookies Link opens another site that may not meet accessibility guidelines

There are four types of cookies used on our Services:

1. Essential cookies – These cookies enable you to use our Services. These cookies are essential to enable you to browse our Services and use certain features. Disabling them may prevent you from using certain parts of the Services. Without these cookies, services such as shopping activity and paying activity cannot be provided. These cookies also help keep our Services safe and secure.
2. Preference cookies – These cookies store information such as your preferred country and language selection, AAdvantage^® login data and website preferences. Without these cookies, our Services may not be able to remember certain choices you've previously made (such as a saved country / language preference) or personalize your browsing experience by providing you with relevant information (such as saved reservation preferences or AAdvantage^® award miles balance). These cookies can also be used to recognize your device so that you do not have to provide the same information more than once.
3. Performance cookies – These cookies collect information about how you use our Services such as which pages you visit regularly. These cookies are used to provide you with a high-quality experience by doing things such as tracking page load, site response times, and error messages.
4. Content / advertising cookies – These cookies gather information about your use of our Services so we may improve your experience and provide you with more relevant content and advertising. They are also used to gather feedback on customer satisfaction through surveys. They remember that you've visited our Services and help us understand usage of our Services. Some of these cookies are from third parties that collect information about users of our Services (as described below under “Information collected by third parties on our Services”) in order to provide advertising (on our Services and elsewhere) based on users’ online activities (so-called "interest-based advertising") on our Services and elsewhere online. The third parties involved in interest-based advertising collect internet browsing information (e.g., websites visited, time of visit) across different websites and over time, and they may use the information they collect on our Services to provide you ads (from us and other companies) across the internet.

Some of the content, advertising, and functionality on our Services may be provided by third parties, including third parties that are not affiliated with us. As noted above, these third parties may collect or receive technical information about your use of our Services, including through the use of cookies, pixel tags, web beacons, and other technologies, and this information may be collected over time and combined with information collected on different websites and online services.

For example, some of our Services include social network or other third-party plug-ins (such as Facebook’s "Like" button) that enable you to login to certain of our Services, to comment on content available on our Services, and to share things you find on our Services with your social network. The providers of these plug-ins may be able to collect information about you even if you do not click on or otherwise interact with the plug-in or widget and regardless of whether you have an account or other relationship with these social networks and third parties. If you use social network tools or visit social networking sites, you should read their privacy disclosures to learn what information they collect, use, and share.

Also, some third parties collect information about users of our Services in order to provide interest-based advertising (on our Services and elsewhere, including across browsers and devices, also known as cross-device linking). This may include anonymized or de-identified information about you, such as travel destinations that you search for while using our Services. These third parties may use the information they collect on our Services to make predictions about your interests in order to provide you ads (from us and other companies) across the internet (for example, travel products and services that are available at a destination you searched for online). Some of these third parties may participate in an industry organization that gives users the opportunity to opt out of receiving ads that are tailored based on online activities.

Opting out of marketing and sharing your information with third parties

We may use Adobe Analytics or Google Analytics to aggregate and analyze data about your use of our Services.

• Opt out of Adobe Analytics Opens another site in a new window that may not meet accessibility guidelines
• Opt out of Google Analytics Opens another site in a new window that may not meet accessibility guidelines
• Google privacy and terms Opens in a new window

General information and opt-out resources

• U.S visitors - Your ad choices Opens another site in a new window that may not meet accessibility guidelines
• European Union visitors - Your online choices Opens another site in a new window that may not meet accessibility guidelines

Our Services

We use personal information to complete transactions and fulfill requests for our products and services. For example, we require you to provide personal information when making a reservation to purchase airline tickets or related products and services such as renting cars or booking hotel rooms through an American Airlines Reservations Agent, travel agent, the aa.com website or other travel-related website, or enrolling in the AAdvantage^® and Business Extra programs.

Administrative, marketing, analytical purposes

In addition to processing, confirming and fulfilling the travel or other services or products you request, American may use personal information for administrative, analytical, and marketing purposes such as employee training, information systems management, accounting, billing and audits, credit card processing and verification, customer-relations correspondence, and/or operation of the AAdvantage^® and Business Extra programs. American also uses personal information to identify, develop and market products and services that we believe you will value, including across browsers and devices, in accordance with applicable laws. Where we are required by applicable law, we will seek your consent prior to sending you communications for marketing purposes. More specifically, we may use your personal information for the following purposes:

• Business purposes and communication: To provide flight services or information you requested, to communicate with you for business or customer service reasons, or for other such reasons such as changes to our policies or in response to your inquiry
• Financials transaction management: To facilitate payment for services or provide refunds
• Legal and regulatory obligations: To comply with legal, regulatory, or fiscal obligations, or in connection with litigation or an internal investigation or audit
• Tailored web experience: To personalize your advertising experience when visiting our sites, and to manage details about your accounts (such as an AAdvantage^®, Business Extra, or AirPass℠ account), when security updates are available, or when an action is required to keep the account active
• Improve our operations: To improve our route and service offerings as an airline operator, including reviewing our travel destinations, fare classes and operations more generally
• Marketing and analytics: To perform data analyses and other processing for marketing purposes
• Site maintenance: To improve content, functionality, and usability of our sites and to offer opportunities to participate in surveys and provide feedback to us
• Security management: To secure American’s premises, assets, and information
• Third party requests: To respond to and comply with outside requests initiated by you, as well as in response to legal requests
• Audit and controls: To evaluate internal controls and audits for compliance (including those conducted by American’s internal and external audit service providers)

There are Closed Circuit Television (CCTV) cameras in operation within and around our stations and other premises, which are used for these purposes:

• to prevent and detect crime;
• to protect the health and safety of American’s customers and employees;
• to manage and protect American’s property and the property of American’s guests and other visitors; and
• for quality assurance purposes

We take reasonable measures to protect the personal information you provide to us. Here are some things you can do to keep your information secure.

Keep your record locator confidential:

When you make a booking, you will be given a 6-character record locator, also known as a Passenger Name Record (PNR). This will appear on the email confirmation or ticket of each person in your booking. You should keep your record locator confidential, as giving it to others may allow them to access your booking details through our systems. If you are traveling with others and do not want them to have access to your booking details, you should have each person make their own bookings.

Keep your AAdvantage^® account number and login information confidential:

To make sure your access to our websites, other online services, and mobile applications is secure; you should not share your log in details with anyone else. You should always log out of the website, online services or mobile app after each use if others have access to your computer or device, especially if you are using a publicly accessible computer such as at library or internet café.

American uses reasonable technical, administrative, and physical measures to protect your personal information from loss, interference, misuse, unauthorized access, disclosure, alteration or destruction, both during transmission and once we receive it. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current. When your personal information is shared, American will take a reasonable approach to prevent the unauthorized use of personal information.

Please note, however, that while American attempts to safeguard your personal information, no method of transmitting or storing electronic information is ever completely secure, and thus we make no warranty, express, implied, or otherwise, that your information will never be accessed, used or released in a manner that is inconsistent with this Privacy Policy. IN NO EVENT SHALL WE BE LIABLE FOR ANY DAMAGES (WHETHER CONSEQUENTIAL, DIRECT, INCIDENTAL, INDIRECT, PUNITIVE, SPECIAL OR OTHERWISE) ARISING OUT OF, OR IN ANY WAY CONNECTED WITH, A THIRD PARTY'S UNAUTHORIZED ACCESS TO YOUR INFORMATION, REGARDLESS OF WHETHER SUCH DAMAGES ARE BASED ON CONTRACT, STRICT LIABILITY, TORT OR OTHER THEORIES OF LIABILITY, AND ALSO REGARDLESS OF WHETHER WE ARE GIVEN ACTUAL OR CONSTRUCTIVE NOTICE THAT DAMAGES WERE POSSIBLE, EXCEPT AS PROVIDED UNDER APPLICABLE LAWS.

Your personal information will be retained only for so long as reasonably necessary for the purposes set out above, considering criteria such as applicable rules on statute of limitations, legal requirements and the duration of your use of our website and receipt of our Services.

General

American does not share personal information with third parties except as stated in this Privacy Policy. We may disclose information to companies affiliated with American and/or unaffiliated third parties (i) to provide the products and services you have requested; and (ii) for administrative, analytical, and marketing purposes.

For instance, we may disclose or share information about you to:

• third parties to distribute promotions, sweepstakes, marketing surveys and messages, focus groups, interviews and other opportunities offered by American;
• third parties who have arranged for discounts, pre-paid travel or other services on your behalf, such as employers;
• other airlines in order to fulfill your booking requests relating to your flights, or in connection with your use of alliance or partner benefits such as airport lounge access

How other airlines process your personal information Opens another site in a new window that may not meet accessibility guidelines

• hotels, car rental companies, or other travel industry partners in order to fulfill your booking requests relating to vacation packages or other travel services booked using our Services;
• our co-branded credit card partners, in connection with a co-branded credit or debit card that is linked to your AAdvantage^® account; and
• third-party vendors that assist American with respect to reservations, ticketing, baggage, boarding, and flight check-in technology functions; receive and respond to customer complaints or enquiries; and manage our AAdvantage^® program enrollments and AAdvantage^® travel partnerships.

In addition, from time to time, we may share information with certain third party companies with which we have a business relationship, including AAdvantage^® and Business Extra participants. These companies may send you offers based on the information you have provided us. Where we are required by applicable law, we will seek your consent prior to sharing your personal information with such third parties for marketing purposes. Also, as described below, you can opt out of having your information shared with third parties for those parties' direct marketing purposes by emailing us at privacy@aa.com.

Email privacy@aa.com

In the event we undergo a business transition involving another company, such as a merger, corporate reorganization, acquisition, the lease or sale of all or a portion of our assets, or in the event of bankruptcy, information that we have collected from or about you or your devices may be disclosed to such other entity as part of the due diligence or business integration process and will be transferred to such entity as one of the transferred assets.

Legal requirements

Please note that the laws and regulations of several countries, including without limitation, the requirements imposed under the Transportation Security Administration Secure Flight program, require us to provide foreign and domestic government agencies with access to the personal information you disclose to us and data that we have about you and your travel plans, history, or status, including both before and after a flight arrives. For example, American and other airlines comply with legal obligations in the United States (U.S.), United Kingdom (UK) and other countries to provide border control agencies and customs authorities with access to booking and travel data when you fly to and from such countries, including stopover or layover destinations or countries that you may overfly en route to your destination. American does not have control or knowledge of the storage and use of that data after it has been delivered to the respective government entity. Further, to the extent required by law, we may disclose personal information to government authorities, or to third parties pursuant to a subpoena or other legal process, and we may also use or disclose your information as permitted by law to protect the rights or property of American, our customers, our services, or its users.

Learn more about the Secure Flight program Opens another site in a new window that may not meet accessibility guidelines

This Privacy Policy is not a contract. American will seek to obtain your additional consent where required by applicable law.

Where required by local law, you may have the right to access, request a copy of, update, transfer or port, restrict the processing of,or request that we delete your personal information. You may also have the right to object to our processing of your personal information. To exercise these rights please email us at privacy@aa.com. When we receive a request to exercise one of these rights, we will indicate what personal information we require from you to validate your identity. We will also provide information on the action we intend to take on the request without undue delay and no later than 30 days from receipt of the request where required by local law. This time may be extended by an additional two months in certain circumstances, for example, where requests are complex or onerous. Please note, these requests are subject to applicable legal, ethical reporting, or document retention obligations imposed on us.

Email privacy@aa.com

When you provide us with your information, you acknowledge that this information may be stored, transferred, and processed on servers located anywhere in the World, including either inside or outside of the U.S. or the European Union or Switzerland.

We'd also like to remind you that we provide additional links to resources we think you'll find useful. These links will lead you to sites that are not affiliated with American and may operate under different privacy practices. Our visitors are responsible for reviewing the privacy policies for such other websites, as we have no control over information that is submitted to these companies.

If you tell us you don’t want to receive marketing messages we will stop sending them. We will, of course, continue to send important information relating to a product or service you have purchased to keep you informed about your booking and travel itinerary.

American's websites do not honor web browsers' Do-Not-Track signals. You do have choices, however, when it comes to your privacy and internet browsing. As noted above, some third parties collect information about users of our Services in order to provide interest-based advertising elsewhere, including across browsers and devices (also known as cross-device linking). Some of these companies provide online users with the ability to opt out of receiving interest-based advertising.

Due to differences between using apps and websites on mobile devices, you may need to take additional steps to disable targeted ad technologies in mobile apps. Many mobile devices allow you to opt out of targeted advertising for mobile apps using the settings within the mobile app or your mobile device. For more information, please check your mobile settings. You also may uninstall our apps using the standard uninstall process available on your mobile device or app marketplace.

To opt out of interest-based advertising across browsers and devices, please opt out through the Digital Advertising Alliance or Network Advertising Initiative website and also through the settings within the mobile app or your mobile device. Your opt-out choice may apply only to the browser or device you are using when you opt out, so you should opt out on each of your browsers and devices if you want to disable all cross-device linking for interest-based advertising. If you opt out, you will still receive ads but they may not be as relevant to you and your interests.

• Digital Advertising Alliance Opens another site in a new window that may not meet accessibility guidelines
• Network Advertising Initiative Opens another site in a new window that may not meet accessibility guidelines

If you’re an AAdvantage^® member and you want to opt out of receiving marketing email, log in to your AAdvantage^® profile and update your preferences, or contact AAdvantage^® Customer Service. Please note, you’ll continue to receive AAdvantage^® program updates and email products for which you’ve subscribed. If you’re a Business Extra member and you want to opt out of marketing emails, log in to the Business Extra website and update your preferences.

• Log in to your AAdvantage^® profile and manage your email preferences
• Contact AAdvantage^® Customer Service
• Update your Business Extra preferences Link opens another site that may not meet accessibility guidelines

If you’re not an AAdvantage^® program member and you want to opt out of marketing emails, you can click the opt-out or unsubscribe link in the marketing email you receive to manage your marketing preferences. You can also send an email from the email address you wish to unsubscribe with the word “unsubscribe” in the subject line to privacy@aa.com. When you do this, we will unsubscribe all users with the same email address, even if they are registered AAdvantage^® members or Business Extra members with registered preferences.

Email privacy@aa.com

If you want to opt out of receiving forms of communication from American other than marketing email, or if you want American to stop sharing your personal information with third parties for those parties' direct marketing purposes, please email privacy@aa.com with your request. Regardless of your opt-out preferences, we reserve the right to send you certain communications and share your information with third parties for administrative, transactional, and analytical purposes.

Email privacy@aa.com

Other companies or programs of American affiliates may require different steps to change your preferences for participation. Please consult the privacy policies of the relevant companies or programs for further information.

This section of the Privacy Policy applies only if you use our website or Services covered by this Privacy Policy from a country that is a Member State of the European Union or Switzerland, and supplements the information in this Privacy Policy.

Controller of Personal Information

To the extent that American Airlines, Inc. is subject to the laws of the European Union and Switzerland when processing personal data (“Personal Data”), it shall be the “data controller” under such laws.

If you have made a flight booking with us but one or more flights or services (including, for example, access to travel lounges operated by our partner airlines) are to be provided by other airline(s), then that other airline will also separately be considered a “data controller”. Your Personal Data will be processed in accordance with the applicable airline’s privacy policy and, if your booking is made via a reservation system provider (“GDS”), with its privacy policy. These are available at http://www.iatatravelcentre.com/privacy or from the airline or GDS directly. You should read this documentation, which applies to your booking and specifics (for example, how your personal data is collected, stored, used, disclosed and transferred).

Any travel services provider (such as a hotel or car rental company) or AAdvantage^® participating partner (such as an AAdvantage^® co-branded credit card issuer) will also separately be a “data controller”. You can access the privacy policies of those providers from them directly.

Legal Basis for Data Processing

We process Personal Data for the purposes set out in this Privacy Policy, as described above. Our legal basis to process Personal Data includes processing that is:

• necessary for the performance of the contract between you and American (for example, to facilitate your travel on American under our conditions of carriage, to provide you with other services that you request, or for resolving billing or customer service inquiries related to your use of our Services);
• necessary to comply with legal requirements (for example, to comply with applicable accounting rules or to make mandatory disclosures to law enforcement);
• necessary for our legitimate interests (for example, to manage our relationship with you and to improve the website and our Services);
• to protect the vital interests of you or another person (for example, if we collect and process medical information in the event of a medical emergency and you are incapable of giving your consent);
• to perform a task carried out in the public or substantial public interest (for example, to provide disabled persons and persons with reduced mobility opportunity for air travel comparable to those of other persons); and
• where legally required and we have no other valid legal basis to process Personal Data, we will use consent by our customers (for example, to provide you with marketing information or share information with third parties), which may subsequently be withdrawn at any time (by emailing privacy@aa.com) without affecting the lawfulness of processing based on consent before its withdrawal.

Email privacy@aa.com

In some instances, you may be required to provide us with Personal Data for processing as described above, in order for us to be able to provide you all of our Services, and for you to use all the features of our website.

International Transfers of Personal Data

The nature of American’s business means that the Personal Data collected through our Services will be transferred to the United States. Also, the American personnel and some of the third-parties to whom we disclose Personal Data (as set out above) may be located in the United States and other countries outside of the European Union or Switzerland, including in countries to which you fly and that may not provide the same level of data protection as your home country. We take appropriate steps to ensure that recipients of your Personal Data are bound to duties of confidentiality and we implement measures such as standard data protection contractual clauses to ensure that any transferred Personal Data, remains protected and secure. A copy of these clauses can be requested by emailing privacy@aa.com.

Email privacy@aa.com

Your Rights

As described above in the “Local Laws” section, under data protection laws in the European Union and Switzerland, you have certain rights related to your Personal Data.

You may be entitled to exercise the right to:

• object to the processing of Personal Data (for instance, where the basis of our processing is our legitimate interests, see section above “Legal Basis for Data Processing”), and we will stop processing your data. We will not resume processing unless we can establish compelling legitimate grounds that override your rights.
• request the restriction of processing of your Personal Data (for instance, this can be done if the Personal Data is not accurate and needs to be updated). This can also be done in relation to data where the purposes of processing no longer apply, but you still need the data and do not want us to erase it.
• request updating of your Personal Data (if you believe the information we have about you is not accurate or incomplete). You may ask us to update your Personal Data but we cannot modify it for previously flown bookings because that is the official record of the transaction.
• request access to your Personal Data (for instance, if you wish to receive a copy of your information, confirmation as to whether we are processing your information, and information as to how we use your information), You may request access to your Personal Data but that may not include information relating to others that you either did not provide to us or who have not consented to the disclosure of their information to you.
• request erasure of your Personal Data (for instance, if we have no legal basis to process the information and you have not given us your consent to do so, if the purposes of processing no longer apply, or if you have objected to the processing and we cannot establish compelling legitimate grounds to override your rights). Certain data may not be erased if we have a requirement to retain it for legal purposes, or if we have a contract with you as a member of AAdvantage^® or Business Extra (as we need to be able to perform contractual obligations owed to you). You may ask us to delete your Personal Data, but we cannot do so if you have a pending flight booked with us.
• request portability of your own Personal Data (the transfer of information you have provided to us, to another controller, in a structured, commonly used and machine-readable format), if such a request is technically possible to complete.

To exercise these rights please email us at privacy@aa.com.

Email privacy@aa.com

When we receive a request to exercise one of these rights, we will indicate what Personal Data we require from you to validate your identity. We will also provide information on the action we intend to take on the request in accordance with applicable law.

We will respond to your request as soon as possible and no later than 30 days from receipt of the request. In certain circumstances this time may be extended by an additional two months, for example, where requests are complex or onerous. You may always contact our Data Protection Officer, at privacy@aa.com. If you consider that our processing of your Personal Data infringes applicable law, you may submit a complaint with a supervisory authority.

Email privacy@aa.com