08 February 2023
1. What is a Privacy Notice?
Your personal data includes all the information we hold that identifies you or is about you. It does not include data where the identity has been removed (anonymous data). More information about the types of personal data we collect from you is set out below.
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We will comply with the relevant legislation to make sure that your information is properly protected and used appropriately.
2. Who are we?
Air Charter Service is made up of different legal entities and this Privacy Notice is issued on behalf of the Air Charter Service group so when we mention “Air Charter Service”, “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in this group that is responsible for processing your data.
Air Charter Service Group Limited (company registration number: 04028491) of Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom and its affiliates (including The Travel Division Ltd trading as Air Charter Service Travel & Concierge with company registration number: 08697954) are all deemed data controllers. However, where Air Charter Service is provided with information from a third party or a customer relating to a passenger that we are arranging a charter for we are data processors and will only process such data in accordance with the third party’s or the customer’s instructions.
3. What personal data do we collect?
When you purchase a service, purchase a product, contact us or complete an online form, we may collect a variety of information, including, but not limited to; your name, title, job title, mailing address, telephone number, email address, passport details, credit/debit card or bank details.
We process most of your information on the grounds of the fulfilment of our contract with you, namely to confirm your order, contact you about delivery of services, arrange for your payment to be processed and provide you with the products you have purchased. We may also use your personal data for our legitimate interests, including for the purposes of fraud protection and for training and quality.
Special category data is a category of personal data which requires more protection because it is sensitive in terms of applicable law, such as data concerning health.
Health data will only be processed for the purposes of ensuring your safety prior, during and after a flight, and where we have received your consent. By providing this sensitive personal data to us, you explicitly agree that we may collect, use, share with third parties (such as airlines) and transfer such data.
Suppliers, Business Contacts and Visitors to our Premises
If you work for one of our suppliers or are one of our business contacts, we usually process your name and business contact details, such as your business email address and phone number and the address of your organisation. We process the information on the grounds of our legitimate interests in maintaining our relationship with you or in limited circumstances, on the grounds of fulfilment of a contract with you or to comply with a legal obligation imposed on us.
We use CCTV in and around our premises for the purposes of crime prevention, detection and security. We retain CCTV images for 30 days at which point they are deleted.
If you apply for a job vacancy with us, or speculatively send us your CV, the personal data that we are likely to process about you includes:
- Identity data such as your first name, middle names, surname, marital status, title, date of birth and gender;
- Contact data such as your postal address, email address and telephone numbers;
- Background data regarding your education, career backgrounds and work experience;
- Personal information regarding your skills and qualifications; and
- Any other information that you include in your CV, application or covering letter you send to us.
We process your information on the grounds of our legitimate interests to determine whether or not we have a suitable vacancy for you. To the extent we need to process special categories of data about you (for example, to ensure our premises are suitably equipped for you if you attend for an interview), we will do so in accordance with our legal obligations. If you provide special categories of data to us which we have not requested, we will process it on the grounds of your consent because you have voluntarily provided the information to us.
4. How is personal data collected?
Customers, Suppliers and Business Contacts
- Direct Interactions
You may give us your personal data by filling in forms on our Website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: place an order for our products or services; submit a query about our products or service whether on our Website or by email or phone; request for marketing to be sent to you; or give us feedback or contact us for any other reason.
- Third Parties
We may collect your personal data from third parties, such as our customers who may be providing your passenger details for the purpose of arranging a charter. We may also collect information from publicly available sources (such as Companies House) and data suppliers to validate or supplement the information we hold.
We receive personal data directly from you when you contact us in respect of a specific vacancy or with a speculative approach. We may also receive information about you from recruiters and agencies that provide temporary workers or from your previous employer.
5. When will we contact you?
- In relation to any service, product, activity or online content you have signed up for in order to ensure that it can be delivered or provided, e.g. to ensure payment of your charter, offer other charter related services or upgrades, or to enquire whether you’re in need of our services;
- In relation to any correspondence we receive from you or any comment or complaint you make;
- To invite you to participate in voluntary surveys.
- To update you on any material changes to policies and practices.
- To keep you informed periodically on relevant products and services that we think may be of interest to you. Types of communication include quarterly newsletter updates, Cloud magazine or emails such as empty legs and charter availabilities.
We will only send you marketing material if we are entitled to do so under data protection and privacy legislation, which usually means we either have your consent to send you marketing, we send it to you because you are one of our existing customers, or on the ground of Legitimate Interest. You can unsubscribe to our marketing communications at any time, either by clicking “unsubscribe” in any marketing email we send to you or by contacting us using the contact details at the end of this Privacy Notice.
6. How long do we keep personal data?
Your personal data is retained for the duration of our relationship with you, or no more than 6 years from the date you place your order. This enables us to deal with maintaining business and financial records, resolving disputes or warranties. After that date your personal data will be deleted or anonymised so that it is no longer personally identifiable. Your information will be kept securely at all times.
Suppliers and Business Contacts
Your personal data is retained for the duration of our relationship with you or the organisation for which you work. Please let us know if you leave the organisation or if your details change. If we receive notification from you or your organisation that you no longer work at that organisation, or if we no longer maintain a working relationship with your organisation, we will delete your information from our system.
If we are corresponding with you as a potential supplier, we will retain your details until we receive notification from you or your organisation that you no longer work at that organisation or until we no longer correspond with the organisation for which you work.
Further to the above, we retain your personal data as long as it is necessary and relevant for our operations. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. In addition, we may retain personal data relating to previous booking activity to comply with national laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted or required by applicable national laws.
After it is no longer necessary for us to retain your personal data, we anonymise part of the data for analytical purposes and dispose of the rest in a secure manner. If you have any questions in relation to our retention periods, please contact us at firstname.lastname@example.org
7. Who we share personal data with?
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Below is a list of potential third parties that we may share your personal data with.
Our service providers
This includes external third-party service providers, such as an airline for when you book a flight; accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Governmental authorities and third parties involved in fraud prevention and law enforcement
We may share Personal Information with governmental or other public authorities (including, but not limited to, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
Our group companies
We are a member company of Mountfitchet Group Ltd. We may share your personal data with certain members of our group companies. Where they have access to your personal data they will use it only for the purposes set out in this Privacy Notice. We will remain responsible for the management and security of jointly used Personal Information. Access to Personal Information is restricted to those individuals who have a need to access the information for our business purposes.
Mergers and acquisitions
To the extent that it is necessary, third parties to whom we may choose to sell, transfer or merge parts of our business or our assets may gain access to your personal data. Alternatively, we may seek to acquire other businesses or merge with them at which point they may also gain access to your personal data. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Whenever we transfer your personal data we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection to it by the relevant authorities; or
- we may make the transfer of your personal information subject to specific contractual provisions which ensure it is suitably protected.
Please contact us if you want further information on the specific methods used by us when transferring your personal data.
8. How do we keep personal data secure?
We are committed to keeping your personal data safe and secure from unauthorised access, unauthorised alterations, disclosure or destruction of information that we hold.
Our security measures include:
- encryption of our services and data;
- review our information collection, storage and processing practices, including physical security measures;
- access control restrictions for personal information;
- contractual confidentiality and processing agreements for employees and/or third parties who may require access to personal data; and
- internal policies setting out our data security procedures and training for employees
9. What rights you have in relation to personal data?
We do not carry out any automated decision making using your personal data (i.e. making a decision without any human involvement), nor is your personal data used for any profiling purposes.
Under certain circumstances, by law you have the right to request access to your personal information, request correction of the personal information that we hold about you, request erasure of your personal information where there is no good reason for us continuing to process it, object to processing of your personal information and there is something about your particular situation which makes you want to object to processing on this ground, request the restriction of processing of your personal information or request the transfer of your personal information to another party.
You have the right to withdraw your consent to the processing of your personal data at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them, if we believe that is the case upon receipt of a request from you, we will let you know.
10. Need to contact us?
For any queries or comments about this Privacy Notice or updates, amendments and corrections to your records, or for personal data requests, please contact email@example.com or by post to: Data Protection Team, Air Charter Service, Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom.
If you wish to make a complaint about how we use your information, please contact our Data Protection team. You can also contact the local data protection authority.
11. Changes to Privacy Notice
We will occasionally update this Privacy Notice in accordance with business and legal requirements. We will post a notice of any material changes on our website, and where appropriate, notify you using the contact details we hold for you for this purpose. We encourage you to periodically review this Privacy Notice to be informed of how we use your information.
12. Supplementary Notices
This Notice supplements our Privacy Notice and applies solely to California and Virginia consumers. Terms used but not defined shall have the meaning ascribed to them in the California Privacy Rights Act of 2020 (“CPRA") or the Virginia Consumer Data Protection Act (“VCDPA”), as applicable. This Notice does not apply to personal information that we process as a service provider on behalf of our customers or that we collect from job applicants, contractors or employees.
Personal information collected and disclosed
We collect and disclose the following categories of personal information and have collected and disclosed these categories in the preceding 12 months:
|A. Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||YES|
|B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.||YES|
|C. Protected classification characteristics under California or federal law||Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).||NO|
|D. Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||YES|
|E. Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||NO|
|F. Internet or other similar network activity||Browsing history, search history, information on a Consumer’s interaction with a website, application, or advertisement.||YES|
|G. Geolocation data||Physical location or movements.||YES|
|H. Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||YES|
|I. Professional or employment-related information||Current or past job history or performance evaluations.||YES|
|J. Non-public education information (per the Family Educational Rights and Privacy Act||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||NO|
|K. Inferences drawn from other Personal Information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||YES|
|L. Sensitive Personal Information||A Consumer’s social security, driver’s license, state identification card, or passport number; a Consumer’s account log-ln, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a Consumer’s precise geolocation; a Consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a Consumer’s mail, email and text messages, unless the business is the Intended recipient of the communication; a Consumer’s genetic data; and the processing of biometric information for the purpose of uniquely identifying a Consumer; Personal Information collected and analyzed concerning a Consumer’s health; or Personal Information collected and analyzed concerning a Consumer’s sex life or sexual orientation.||NO|
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To provide you with information, products or services that you request from us.
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information, including in the preceding 12 months, to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Category A: Identifiers.
Category B: California Customer Records Personal Information categories.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category I: Professional or employment-related information.
Category K: Inferences drawn from other Personal Information.
We do not knowingly share the personal information of minors under 16 years of age.
We retain your personal information for as long as necessary to provide the Service and fulfill the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. The criteria used to determine retention periods includes the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements, and industry standards.
You may request to know whether we process your personal information and to access such personal information.
In addition, if you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request: (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the business or commercial purpose for collecting, selling or sharing personal information about you; (iii) the categories of personal information about you that we sold or shared (as defined by the CPRA) and the categories of third parties to whom we sold or shared such information; and (iv) the categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
You may request to correct inaccuracies in your personal information.
You may request to receive a copy of your personal information, including specific pieces of personal information, including, where applicable, to obtain a copy of your personal information in a portable, readily usable format. If you are Virginia resident, this applies to personal information you previously provided to us.
You may request that we delete your personal information, subject to certain exceptions. If you are a California resident, this applies to personal information collected from you.
You may request to “opt-out” of your personal information being sold to certain third parties, as defined by applicable law. This right may be exercised by submitting a Do Not Sell or Share My Personal Information request.
Our use of tracking technologies through some of our websites may be considered a “sale” or “sharing” of your personal information for cross-context behavioral advertising under the CPRA or target advertising under the VCDPA. You may request to opt-out of such tracking technologies by utilizing the “Cookie Settings” link on our websites that use tracking technologies for cross-contextual behavioral advertising or targeted advertising or by sending an opt-out preference signal supported by your device or browser. Your use of an opt-out preference signal will apply only to your device or browser and not to other consumer information that is not linked to your device or browser.
If you are a Virginia resident, you may request to opt out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
If you are a California resident, you may also request to limit the use or disclosure of your sensitive personal information to what is necessary for us to perform our services and provide goods as requested, as authorized by regulations, or as otherwise permitted under the CPRA. This right may be exercised by submitting a Limit the Use of My Sensitive Personal Information request.
We will not unlawfully discriminate against because you exercise any of your rights under the CPRA or VCDPA.
We do not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
How to Make a Request
You may make a request for the disclosures, correction, opt-out, or deletion described above by contacting us at:
Postal: Air Charter Service California, Attn: U.S. Consumer Privacy Request, 11150 Santa Monica Blvd, Suite 1020, Los Angeles CA 90025
You may be required to submit proof of your identity for certain of these requests to be processed. Such information may include your First Name, Last Name, Street Address, City, Zip, and Date of Birth and either your Social Security Number or your Driver’s License Number and State. This information will be used only for the purposes of verifying your identity and processing your request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession.
Authorized Agents – may be required to use the above web form to submit CA Consumers Requests on the behalf of California Consumers. Requests submitted via other methods may be directed to utilize the above web form. Authorized Agents must also submit proof of authorization by the Consumers which meets the requirements of the CCPA.
We will respond to your request consistent with the CPRA and the VCDPA, as applicable.
Where we maintain or use de-identified data, we will continue to maintain and use the de-identified data only in a de-identified fashion and will not attempt to re-identify the data.
We will update this Notice from time to time. Any changes will be posted on this page with an updated revision date.
Postal: Data Protection Team, Air Charter Service, Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom