What is in this Privacy statement?This privacy statement sets out the basis on which we process any personal data we collect from you, or that you provide to us, including that of your employees, customers and representatives. It also explains what rights you have in relation to the personal data we hold about you.
Who we areDetails of who we are can be found under www.airpartnergroup.com/who-we-are. For the purpose of Data Protection Law, the “controller” is the relevant entity of the Air Partner Group which processes your data, as notified to you at the time your data is collected.This means we are responsible for deciding how we use the personal data we collect about you and ensuring that it is at all times processed in accordance with Data Protection Law. You can contact us using the details set out in the final section of this privacy notice below.
What personal data do we collect and process from/about you?
Information you give us: You may give us information about you and/or third parties who you are acting on behalf of, (for example, if you are booking flights on behalf of passengers or booking a training course for your staff, or providing information on a victim of a disaster or their family members) by corresponding with us by phone, e-mail or otherwise (including in-person), filling in forms on our website, at an assistance centre and/or as part of the response to an incident, or using any of our Apps. This includes information you provide when you: (i) make an enquiry about any of our services or products or carry out a search of our website; (ii) purchase services or products from us (either for yourself and/or on behalf of third parties); (iii) register for our newsletters and other electronic and postal communications; (iv) respond to a job vacancy notice or email a CV to us; and (v) report a problem with our website. The information you give us may include your own (or a third party’s) personal data, including, but not limited to the following:
- Identity Data: name, profession or job, employer, personal description;
- Contact Data: address, e-mail address, phone number (including when you contact us by these means);
- Passenger Data: passport and visa information (or copies thereof), and travel preferences;
- Financial Data: bank account, and credit/ payment card information and other financial information;
- Transaction Data: details about your payments to and from you and other details of products services you have purchased from us;
- Marketing and Communications Data: your preferences in receiving marketing from us and our third parties and your communication preferences;
- Special Category Data: sensitive personal data relating to your race/ethnicity, religion, health and/or medical history, genetic data, and biometric data (for identification and security pass purposes, as below);
- Recruitment Data: qualifications, references, CV and application, interview and assessment data (in addition to Identity and Contact Data) and (for certain roles within the Air Partner Group) criminal records and other background check data); and
- Closed Circuit Television (CCTV) and security pass Data: any data collected using CCTV or premises access points which our premises are equipped with for security purposes.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you are providing personal data to us about someone else, for example passengers for whom you are arranging flights with us, family members and/or next of kin or your employees’ training records, you must have their prior permission to do this and make them aware of this privacy statement.
Our website is not aimed at children and we do not knowingly collect personal data of children, unless it is provided by you on their behalf, or on behalf of someone else (for example passengers) and you have the required parental or guardian’s permission to share such data with us. In exceptional circumstances for the purposes of incident response we may need to take data from a child if no alternative family member or guardian can.
- Technical Data: technical information, including the Internet Protocol (IP) address used to facilitate your connection to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Usage Data: information about your visit to or use of our websites and traffic patterns, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); services and/or products you viewed or searched for; length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we receive from other sources: We work closely with third parties (including, for example, flight operators, government departments, health practitioners, response agencies and law enforcement agencies, suppliers, business partners, sub-contractors in technical, payment and delivery services, analytics providers, credit reference agencies and search information providers) and may receive personal data about you from them and from public sources to supplement the information you have given to us.
What will we do with your personal data?
We will only use your personal data where Data Protection Law allows us to. Data Protection Law says we can collect and use personal data in the following (applicable) circumstances:
- it is necessary for us to be able to perform a contract with you;
- it is necessary for our legitimate interests (and your interests and fundamental rights do not override those interests);
- if we have your consent (which you can withdraw at any time); or
- to comply with a legal obligation (i.e. rules laid down by courts, statute or regulation).
Accordingly, we lawfully use your personal data in the following ways:
We use Recruitment Data to recruit and select new employees of the Air Partner Group. This processing is necessary to take steps at the applicant’s request to enter a contract of employment.
This processing is also necessary for the purpose of the legitimate interests pursued by the Air Partner Group. The Air Partner Group considers that it has a legitimate interest in fully assessing applications for employment to ensure that only suitable and appropriate candidates are both assessed and selected. Candidates who are considered further will be provided with our Employee Privacy Notice which explains fully how the Air Partner Group handles Recruitment Data and any additional personal data collected during the recruitment process (including criminal records and other background checks).
To deliver our services
To carry out our obligations arising from any contracts entered into between you and us we need your Identity and Contact Data to register you as a new customer, perform any background checks, manage our relationship with you, and provide the services requested and any related information. We also need your Financial, Transaction and Passenger Data (as applicable) to process and deliver your request. We need Special Category Data to the extent it is necessary (for example to enable us to accommodate dietary requirements, for the purposes of repatriation, personal effects processing and return and memorial planning, or your religious or other needs), to ensure that you receive the requested services. We also process Special Category Data when providing fatigue risk management, incident response and consultancy services. Therefore, we use this data on the basis that it is necessary for us to be able to perform our contract with you (i.e. the terms and conditions of the relevant services) and for our legitimate interests of delivering the services in this way. We use the Special Category Data on the basis that this is with your consent which you can withdraw at any time. If you do so however, we may not then be able to provide the services in the manner you request.
We use your Identity, Contact, Usage and Transaction Data in order to develop an understanding of the services and products that may be of interest to you including by reference to those that you have already purchased or enquired about. Therefore, we use this data on the basis that it is necessary for our legitimate interests in developing and improving our services and to inform our business strategy and provide you with relevant information. On this basis we may inform you of products and services offered by other business entities of the Air Partner Group which you may not have yet used and may be of interest to you from time to time. We also use certain Usage Data to measure and analyse the behaviour of visitors to our website and traffic patterns by using cookies, and we will seek your consent to such use where we are legally required to do so. We use certain third-party applications to help us do this. For example, we use Google Analytics, a service which analyses website traffic data and webpage usage. Google Analytics does not identify individual users or associate your IP address with any other data held by Google (see www.google.com/policies/privacy/partners/ for more information).
Marketing and other communications
We may also wish to provide you, or permit selected and named third parties to provide you, with the information about services or products we feel may interest you. We will always give you the option to provide opt-in consent to receive different kinds of marketing communications from us or third parties or you can decide not to do so.
OPT-ING OUT: You can withdraw your consent or opt-out of any type of marketing communication from us at any time by following the instructions provided to you in the relevant communication (for example, the ‘unsubscribe’ link in an email) or you may contact us at firstname.lastname@example.org. If you have chosen to receive marketing communications from another organisation, your relevant personal data will be passed onto that organisation and will be held in accordance with their privacy policies. You should contact the relevant organisation directly if you no longer want to receive their marketing communications.
Note that even if you do not provide your consent, or subsequently withdraw it, in respect of marketing communications we will still need to send you communications in respect of our services and your contracts with us (for example, booking terms and confirmations and emergency information).
Website/ business administration
We use Identity, Contact and Technical Data to maintain our website and for internal operations, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. We use this data on the basis that it is necessary: (a) for our legitimate interests: running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and (b) to comply with a legal obligation.
We also use Technical and Usage Data to improve our website to ensure that content is presented in the most effective manner for you and for your computer and allow you to participate in interactive features of our service, when you choose to do so.
We may have to use your personal data which we hold to protect your or someone’s else’s vital interests, for example, to make contact in rare emergency situations. We could also have to use your personal data in connection with legal and regulatory or policy matters such as our maintenance of business records, compliance with our environmental policy, compliance with external reporting requirements and internal policies and procedures and responses to requests by government, law enforcement, regulators, courts, rights holders or other third parties including in respect of the use or misuse of intellectual property, such as our brand or media rights, or those of our licensees/ commercial partners or their parties. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting, defending and enforcing rights and interests in this way and also so that we can comply with legal obligations.
What Cookies does our website use?
Who will we disclose your personal data to?
We may share personal data with other parties in order to achieve our purposes (see What will we do with your personal data?):
Group companies: We may share your personal data with any entity of the Air Partner Group and, if necessary, with local agents outside the UK where those agents act on our behalf. Our headquarters and servers are primarily located in the United Kingdom using either on premise servers or the Microsoft Azure platform but your personal data may be transferred to or accessed by any of our offices in other countries, including offices outside the UK where we have a legal or contractual obligation to do so or to enable the provision of our services or products (see International Transfers below).
Third party service providers: We use third party organisations to provide services to us or to you on our behalf, including:
(i) flight operators, handling agents, ground transport providers and other agents/ sub-contractors necessary for the performance of any contract we enter into with you;
(ii) analytics, social media platforms and search engine providers that assist us in the improvement and optimisation of our website;
(iii) providers of IT systems such as Microsoft D365 or Learning Management Systems, and or their administration or maintenance;
(iv) credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; and
(v) market research companies if we carry out marketing or client care surveys to gain feedback and improve our services and products.
(vi) Coroners, medical examiners, disaster victim identification teams, funeral directors, and other relevant response agencies.
In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf (to the extent necessary). Our service providers only process personal data in accordance with our instructions and are not permitted to use your personal data for their own purposes.
Legally required: We may also disclose your personal data where we are under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the terms of a legal agreement; or to protect the rights, property, or safety of the Air Partner Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Business sale: we may have to share certain personal data if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Notwithstanding anything else in this privacy statement, we may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and individuals cannot be re-identified.
Some countries outside of the UK and European Union (EU) do not have laws that protect privacy rights as extensively as the UK and countries within the EU. Given the nature of our services, however, it is likely that personal data will need to be processed by staff operating outside the EU or the UK in such countries who work for us or for one of our suppliers (see Who will we disclose your personal data to?). Where possible, however, when we transfer your personal data outside of the EU or the UK, to a territory for which an adequacy decision has not been made under the GDPR, we will try to ensure that your personal data is afforded a similar degree of protection, in accordance with Data Protection Law.
Security of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
Once we have received your personal data, we will use strict procedures and security features to try to prevent your personal data transmitted, stored or otherwise processed from being accidentally or unlawfully destroyed, lost, altered, disclosed or accessed (a Data Security Breach). In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Data Security Breach and will notify you and any applicable regulator where we are legally required to do so.
Where we have given you (or where you have chosen) a username and/or password which enables you to access certain parts of our website, you are responsible for keeping your username and password confidential. Please do not share your username or password with anyone.
How long do we keep your personal data?
We will only keep (or “retain”) your personal data for as long as necessary to fulfil the purposes we collected it for (see What will we do with your personal data?), including for the purposes of satisfying any legal, accounting, disaster victim identification, long term storage and return of personal effects, memorial planning or reporting requirements.
To determine the appropriate retention period, we review – in addition to the purposes of use and how we can achieve them – other relevant factors such as the nature and scope of the personal data, the potential risks to the individuals to whom the information relates from a Data Security Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court. For example, we need to keep basic information about our customers (including identity, contact, financial and transaction information) for at least six years after they cease to be customers.
We will also retain your email address on our internal suppression list after you have opted-out of receiving communications from us to ensure that we do not contact you again (in accordance with good industry practice).
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are using it lawfully, provided always that this does not adversely affect the rights and freedoms of other people.
- Request correction of the personal data that we hold about you. Where any of the information we hold about you is incorrect or incomplete we will act promptly to rectify this, including where you have requested us to do so.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to our use (see below).
- Object to use of your personal data where we are relying on our legitimate interests (see above section What will we do with your personal data?) and there is something about your particular situation which makes you want to object to our use on this ground.
- Withdraw your consent to our use of your personal data where we do so in reliance on your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- Request the restriction of use of your personal data. This enables you to ask us to suspend the use of personal data about you, for example if you want us to establish its accuracy or the reason for using it.
- Request the transfer of the personal data you have provided, on the basis of consent or for a contract with us, to you or a third party where technically feasible.
If you would like a copy of your personal data, believe that any personal data we are holding on you is incorrect or incomplete, or have any other queries in relation to any other rights, please contact us at email@example.com. We will comply with your request within a reasonable period unless we have a lawful reason not to do so. To exercise your rights, we may ask you to verify your identity and cooperate with us in our effort. Please note that requests must be made in writing (including email). In responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.
Please note that we may need certain information to enable us to provide you with the services and/or information you ask for, so changes you make to your preferences or restrictions you ask us to make on how we use your personal data may affect what services and information we can provide.
You also have the right to complain to the relevant data protection regulator in your country if you believe we have not handled your request in an appropriate manner, for example the Information Commissioner Office (ICO) in the UK (www.ico.org.uk). However, we would appreciate you contacting us in the first instance, so that we may seek to resolve any complaint or query.
Is there a fee?
We will not charge you a fee to exercise your rights unless your request is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.
Links to other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (the Other Sites). The owners and operators of those Other Sites are responsible for their collection or use of your personal data and you should check their respective privacy policies/ notices if you follow a link to any of these Other Sites.
Changes to this privacy notice
This privacy notice was last updated in November 2021. Any changes we may make to this privacy notice in the future will be posted on our website. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access our website or use our services.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org.