Pagina nueva 1

----------------------------------------------------------------------
Letter sent by IBERIA to Arturo Quirantes, 18 June 2.003
(for privacy reasons, some data have been hidden)
----------------------------------------------------------------------

IBERIA L.A.E. S.A
Dirección Sistemas / UC Producción
Zona Industrial nº 2
28042 Madrid.

Madrid, wednesday 18 June 2003

Dear Mr. Sr. Quirantes:

In our hands there's an access request on your name.

We inform you that access to your data (held by Iberia L.A.E.) has been granted.

Together with this letter, we enclose a list of all data stored in our systems, as a consequence of your relation with our company:

Up to today, the customer registered himself at IBERIA.COM by using two different profiles:

SURNAME, NAME             TID/USER_ALIAS        Date
QUIRANTES, ARTURO - >   xxxxxxxx              xx/xx/2003
QUIRANTES, ARTURO - >   xxxxxxxx              xx/xx/2003

A profile is created on xx-xx-2003 and is recorded as user_alias: "xxxxxx". On xx-xx-2003 a ticket is bought (#: xxxxxxxxxxxxx) for the travel:

FLIGHT    FLIGHT DATE ORIGIN DESTINATION    DEPARTURE AND ARRIVAL HOURS
IB6251       26-March-2003       MAD           NYC             13:15             15:30
IB6250         5-April-2003          NCY           MAD             17:05             07:10

Afterwards, on xx xx year 2003 a new web profile is created with the user_alias: "xxxxxx". That same day a ticket is bought (#: xxxxxxxxxxxxx) for the travel:

FLIGHT    FLIGHT DATE ORIGIN DESTINATION    DEPARTURE AND ARRIVAL HOURS
IB0279       26-March-2003       GRX           MAD             13:15             15:30
IB0274         6-April-2003          MAD          GRX              10:30             11:30

As a result, data related to you are held in the following systems:

Iberia.com: company webpage through which Interner reservations can be done. Data stored in this system are used to make the reservation and to offer our customers a better service.
Amadeus: is the international reservation system used by Iberia L.A.E.in order to make the reservation in your name. Data sent to this system will be used for making the reservation.
PNR (Passenger Name Record): data concerning reservation and flight data needed to make it (airport, origin, destination, passport, etc.)

Reservation Record
Booking Record

Ticketing: in this system, monetary operations are made in order to buy the ticket purchases..

About data accesed by US Customs, US Transport Security Bill (November 2001) states that custom authorities of that country can access information concerning flight reservations with origin, destination, or stop on any US airport.

The Commission of the European Union and US Costums signed an Agreement on 17,18 February 2003 in Brusells, allowing European airlines to comply with the US requests, starting 5 March 2003

Data US Customs have access to are just those contained in the PNR (Passenger Name Record) of passengers, and not the contents of the Iberia Plus databases on frequent flyers or other "ticketing" systems.

All personal data within Iberia L.A.E. systems are protected, and its confidentiality is guaranteed as stated in the [Spanish] Personal Data Protection Law (LOPD 15/1999)

Finally, I'd like to remind you that the webpage "http://www.iberia.com", on "Legal Information" section, the laws on your data' protection are included, as well as your rights. In any doublt, you can address us.

Thank you for using our services.

        Kind Regards,
        [Signed] Pedro Bajo Sánchez
        Computer Security
        Iberia Líneas Aéreas de España

ANNEXES: [Translated into English by AQ]

Data in Iberia.com:    Profile 1, Profile 2
Data in Amadeus:      Profile 1, Profile
PNR - Reservation Record: Legend
PNR - Booking Record: Legend
PNR - Reservation and Booking Records:    Madrid-NY, Granada-Madrid
Ticketing data