08 February 2023
1. What is a Privacy Notice?
Your personal data includes all the information we hold that identifies you or is about you. It does not include data where the identity has been removed (anonymous data). More information about the types of personal data we collect from you is set out below.
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We will comply with the relevant legislation to make sure that your information is properly protected and used appropriately.
2. Who are we?
Air Charter Service is made up of different legal entities and this Privacy Notice is issued on behalf of the Air Charter Service group so when we mention “Air Charter Service”, “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in this group that is responsible for processing your data.
Air Charter Service Group Limited (company registration number: 04028491) of Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom and its affiliates (including The Travel Division Ltd trading as Air Charter Service Travel & Concierge with company registration number: 08697954) are all deemed data controllers. However, where Air Charter Service is provided with information from a third party or a customer relating to a passenger that we are arranging a charter for we are data processors and will only process such data in accordance with the third party’s or the customer’s instructions.
3. What personal data do we collect?
When you purchase a service, purchase a product, contact us or complete an online form, we may collect a variety of information, including, but not limited to; your name, title, job title, mailing address, telephone number, email address, passport details, credit/debit card or bank details.
We process most of your information on the grounds of the fulfilment of our contract with you, namely to confirm your order, contact you about delivery of services, arrange for your payment to be processed and provide you with the products you have purchased. We may also use your personal data for our legitimate interests, including for the purposes of fraud protection and for training and quality.
Special category data is a category of personal data which requires more protection because it is sensitive in terms of applicable law, such as data concerning health.
Health data will only be processed for the purposes of ensuring your safety prior, during and after a flight, and where we have received your consent. By providing this sensitive personal data to us, you explicitly agree that we may collect, use, share with third parties (such as airlines) and transfer such data.
Suppliers, Business Contacts and Visitors to our Premises
If you work for one of our suppliers or are one of our business contacts, we usually process your name and business contact details, such as your business email address and phone number and the address of your organisation. We process the information on the grounds of our legitimate interests in maintaining our relationship with you or in limited circumstances, on the grounds of fulfilment of a contract with you or to comply with a legal obligation imposed on us.
We use CCTV in and around our premises for the purposes of crime prevention, detection and security. We retain CCTV images for 30 days at which point they are deleted.
If you apply for a job vacancy with us, or speculatively send us your CV, the personal data that we are likely to process about you includes:
- Identity data such as your first name, middle names, surname, marital status, title, date of birth and gender;
- Contact data such as your postal address, email address and telephone numbers;
- Background data regarding your education, career backgrounds and work experience;
- Personal information regarding your skills and qualifications; and
- Any other information that you include in your CV, application or covering letter you send to us.
We process your information on the grounds of our legitimate interests to determine whether or not we have a suitable vacancy for you. To the extent we need to process special categories of data about you (for example, to ensure our premises are suitably equipped for you if you attend for an interview), we will do so in accordance with our legal obligations. If you provide special categories of data to us which we have not requested, we will process it on the grounds of your consent because you have voluntarily provided the information to us.
4. How is personal data collected?
Customers, Suppliers and Business Contacts
- Direct Interactions
You may give us your personal data by filling in forms on our Website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: place an order for our products or services; submit a query about our products or service whether on our Website or by email or phone; request for marketing to be sent to you; or give us feedback or contact us for any other reason.
- Third Parties
We may collect your personal data from third parties, such as our customers who may be providing your passenger details for the purpose of arranging a charter. We may also collect information from publicly available sources (such as Companies House) and data suppliers to validate or supplement the information we hold.
We receive personal data directly from you when you contact us in respect of a specific vacancy or with a speculative approach. We may also receive information about you from recruiters and agencies that provide temporary workers or from your previous employer.
5. When will we contact you?
- In relation to any service, product, activity or online content you have signed up for in order to ensure that it can be delivered or provided, e.g. to ensure payment of your charter, offer other charter related services or upgrades, or to enquire whether you’re in need of our services;
- In relation to any correspondence we receive from you or any comment or complaint you make;
- To invite you to participate in voluntary surveys.
- To update you on any material changes to policies and practices.
- To keep you informed periodically on relevant products and services that we think may be of interest to you. Types of communication include quarterly newsletter updates, Cloud magazine or emails such as empty legs and charter availabilities.
We will only send you marketing material if we are entitled to do so under data protection and privacy legislation, which usually means we either have your consent to send you marketing, we send it to you because you are one of our existing customers, or on the ground of Legitimate Interest. You can unsubscribe to our marketing communications at any time, either by clicking “unsubscribe” in any marketing email we send to you or by contacting us using the contact details at the end of this Privacy Notice.
6. How long do we keep personal data?
Your personal data is retained for the duration of our relationship with you, or no more than 6 years from the date you place your order. This enables us to deal with maintaining business and financial records, resolving disputes or warranties. After that date your personal data will be deleted or anonymised so that it is no longer personally identifiable. Your information will be kept securely at all times.
Suppliers and Business Contacts
Your personal data is retained for the duration of our relationship with you or the organisation for which you work. Please let us know if you leave the organisation or if your details change. If we receive notification from you or your organisation that you no longer work at that organisation, or if we no longer maintain a working relationship with your organisation, we will delete your information from our system.
If we are corresponding with you as a potential supplier, we will retain your details until we receive notification from you or your organisation that you no longer work at that organisation or until we no longer correspond with the organisation for which you work.
Further to the above, we retain your personal data as long as it is necessary and relevant for our operations. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. In addition, we may retain personal data relating to previous booking activity to comply with national laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted or required by applicable national laws.
After it is no longer necessary for us to retain your personal data, we anonymise part of the data for analytical purposes and dispose of the rest in a secure manner. If you have any questions in relation to our retention periods, please contact us at firstname.lastname@example.org
7. Who we share personal data with?
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Below is a list of potential third parties that we may share your personal data with.
Our service providers
This includes external third-party service providers, such as an airline for when you book a flight; accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Governmental authorities and third parties involved in fraud prevention and law enforcement
We may share Personal Information with governmental or other public authorities (including, but not limited to, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
Our group companies
We are a member company of Mountfitchet Group Ltd. We may share your personal data with certain members of our group companies. Where they have access to your personal data they will use it only for the purposes set out in this Privacy Notice. We will remain responsible for the management and security of jointly used Personal Information. Access to Personal Information is restricted to those individuals who have a need to access the information for our business purposes.
Mergers and acquisitions
To the extent that it is necessary, third parties to whom we may choose to sell, transfer or merge parts of our business or our assets may gain access to your personal data. Alternatively, we may seek to acquire other businesses or merge with them at which point they may also gain access to your personal data. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Whenever we transfer your personal data we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection to it by the relevant authorities; or
- we may make the transfer of your personal information subject to specific contractual provisions which ensure it is suitably protected.
Please contact us if you want further information on the specific methods used by us when transferring your personal data.
8. How do we keep personal data secure?
We are committed to keeping your personal data safe and secure from unauthorised access, unauthorised alterations, disclosure or destruction of information that we hold.
Our security measures include:
- encryption of our services and data;
- review our information collection, storage and processing practices, including physical security measures;
- access control restrictions for personal information;
- contractual confidentiality and processing agreements for employees and/or third parties who may require access to personal data; and
- internal policies setting out our data security procedures and training for employees
9. What rights you have in relation to personal data?
We do not carry out any automated decision making using your personal data (i.e. making a decision without any human involvement), nor is your personal data used for any profiling purposes.
Under certain circumstances, by law you have the right to request access to your personal information, request correction of the personal information that we hold about you, request erasure of your personal information where there is no good reason for us continuing to process it, object to processing of your personal information and there is something about your particular situation which makes you want to object to processing on this ground, request the restriction of processing of your personal information or request the transfer of your personal information to another party.
You have the right to withdraw your consent to the processing of your personal data at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them, if we believe that is the case upon receipt of a request from you, we will let you know.
10. Need to contact us?
For any queries or comments about this Privacy Notice or updates, amendments and corrections to your records, or for personal data requests, please contact email@example.com or by post to: Data Protection Team, Air Charter Service, Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom.
If you wish to make a complaint about how we use your information, please contact our Data Protection team. You can also contact the local data protection authority.
11. Changes to Privacy Notice
We will occasionally update this Privacy Notice in accordance with business and legal requirements. We will post a notice of any material changes on our website, and where appropriate, notify you using the contact details we hold for you for this purpose. We encourage you to periodically review this Privacy Notice to be informed of how we use your information.