Version Française

Guide content


In the process of running the Airfrance-KLM business large quantities of data is involved. This might entail corporate data, commercial data and personal data. It is of vital importance to protect this data, not only as result of legal obligations but foremost to protect our reputation. The basic principle is that Airfrance-KLM data should not be disclosed to persons and/or organizations that do not have any role or authorization regarding Airfrance-KLM data. Unauthorized disclosure of Airfrance-KLM data should be considered a data breach, which might have far-reaching consequences.

Please find in this Quick Reference Guide some initial pointers that will help you to protect Airfrance-KLM data.

Authorization to use Airfrance-KLM systems

Without official authorization you may not access Habile and/or Corporate Authentication and Authorization Service (CAAS). AF/KL services may only be used for conducting AF/KL business. Any other use should be authorized beforehand by AF/KL management.

This function is only intended for the owner of the userid. Use of any AF/KL data, like personal or commercial data, is only allowed for the purpose it has been intended for; disclosure of these data to unauthorized third parties is not allowed.

Unauthorized use will lead to disciplinary measures.

By using this service, you accept the AF charter of use of the Information systems of AF and/or KLM information security policy, described in further detail in the brochure code of conduct for e-mail and internet use. AF/KL may audit data and electronic communications used and conducted through this service.

To protect your account from unauthorized access, Habile-CAAS automatically ends your session after a period of inactivity. If your session ends, and the logon page is not displayed, click on the refresh-button, and you should be redirected to the logon-page, where you can logon again.

Your working environment

It is strongly advised not to work with Airfrance-KLM systems that present sensitive data in public areas. It is a given fact that outsiders will read along with you when you work on laptop/tablet and/or hardcopy documentation in public.

Classification of Airfrance-KLM data (like mail and documents)

Airfrance-KLM uses classification of Airfrance-KLM data into 4 categories: unrestricted, internal use only, confidential, and secret. Each classification of data dictates a certain number of organizational and technical measures to be taken to protect that data.

So when initiating a mail or document please carefully consider the appropriate classification level. More information in on how to classify data and what measures to be taken is found on the "Information Security" pages on and Intraligne.

Use of E-mail and Internet

Please ensure to limit the number of addressees and copyreaders in your E-mail to persons that are authorized to receive subject information. Never react to suspicious e-mails. Please report (forward as attachment) suspicious e-mails to

When using internet resources from your workspace please adhere to the following basic rules: Only work related, do not visit sites with illegal, obscene or objectionable content.

Sensitive Airfrance-KLM data

If data is considered sensitive (other than unrestricted), you are not allowed to share (disclose or forward) it with anyone without the appropriate authorization. Even Airfrance-KLM colleagues should have the appropriate authorization.

Sharing of Airfrance-KLM data with third parties can only be done as part of contractual arrangements. Please consult Airfrance-KLM legal when in doubt.

Limiting the risk of unintential data disclosure (or breach)

To limit the risk of unintential data disclosure you should only carry work relevant data with you to the amount that is required for your function. Be extra careful with the Airfrance-KLM data you have on your laptop, tablet and other mobile devices (like USB sticks). Take sufficient measures to protect such devices from theft and lost.

Personal data

Personal data is considered confidential. For the use of personal data (any data related to an identified or identifiable natural person) Airfrance and KLM have to make a declaration with the data protection authorities. A privacy assessment procedure is mandatory at all times. Please check with your Privacy Office.

In short

Be careful with all data to which you have access as part of your function.

Limit the sharing of data at all times.

Never assume that data can be freely shared - on the contrary!

In doubt, please check with the Corporate Information Security Office and/or Privacy Offices of Airfrance and KLM

back to the top