Lwenta Logo

Privacy Policy – Lwenta

Last updated: February 12, 2026

1. Introduction

Lwenta attaches great importance to the protection of personal data. This Privacy Policy explains what data we collect, for what purpose, how it is stored and protected, and the rights of individuals under the General Data Protection Regulation (GDPR).

2. Data Controller

  • Company: Lwenta – SAS
  • Head office: 60 RUE FRANCOIS IER 75008 PARIS
  • SIRET number: 993 567 502 00014
  • VAT Intracommunity: FR91 993 567 502
  • Data Protection contact email: services@lwenta.eu

Data protection and compliance are managed directly by Lwenta.

3. Data We Collect

As part of our technological solutions for airlines, we collect and process the following categories of personal data:

  • Passenger data: PNR, first name, last name, contact details, flight information.
  • Baggage data (DBAG): photos, baggage condition, destination, baggage tag number, passenger or agent signature.
  • Hotel data (RHOT): name, stay dates, PNR reference.
  • Meal voucher data (VOUCHER): meal vouchers, amount, PNR reference.
  • Technical data: connection logs, IP addresses, platform usage.

4. Purpose of Processing

  • DBAG: manage and provide evidence of baggage condition, fraud prevention.
  • RHOT: automated hotel booking management during operational disruptions (IROP).
  • VOUCHER: distribution of printed meal vouchers with amount tracking.
  • AeroAPI: flight tracking and operational data.

5. Legal Basis

The processing carried out by Lwenta is based on:

  • The performance of contracts with airline clients.
  • Compliance with legal obligations.
  • Lwenta’s legitimate interest in ensuring security, fraud prevention, and service quality.

6. Data Sharing and Subprocessing

Your data is used exclusively within the scope of Lwenta’s services and may be shared with:

  • Hosting provider: OVH (France/EU) for main storage.
  • Storage & Backup: AWS S3 (Paris, eu-west-3) for images and database backups.
  • Third-party partners: AeroAPI for flight information and data.

No data is transferred outside the European Union.

7. Data Retention

  • Operational data (passenger, baggage, hotel, vouchers): 1 year.
  • Security logs: 6 months.
  • Billing and accounting data: 10 years (legal requirement).

8. Data Subject Rights

In accordance with the GDPR, individuals have the following rights:

  • Right of access to their data.
  • Right to rectification of inaccurate data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to object to processing.
  • Right to data portability.

To exercise these rights, please contact us at services@lwenta.eu.

9. Data Security

Lwenta implements technical and organizational measures to protect personal data, including:

  • Secure hosting (OVH – France/EU, AWS S3 – Paris/eu-west-3 for images and backups).
  • Restricted access to authorized users only.
  • Strong authentication (login + password + company code).
  • Data stored exclusively on Lwenta’s servers.
  • Full access reserved only for airline clients.

10. Changes to This Policy

We reserve the right to modify this Privacy Policy at any time. Updates will be published in this document with a revised date.