Baines Simmons (Baines Simmons and references to we, us, and our mean the same) are committed to protecting and respecting your privacy in accordance with all applicable data protection laws, including the EU’s General Data Protection Regulation (GDPR) (referred to collectively in this privacy notice as “Data Protection Law”). Please note that we collect various personal data (meaning any information about you from which you can be identified) from you or about you when you visit our websites, use our apps, procure or use our products and services, and/ or otherwise interact with us.
WHAT’S IN THIS PRIVACY NOTICE?
This privacy notice sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. It also explains what rights you have in relation to the personal data we hold about you.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it. You can also page through below to the section most relevant to you:
- Who we are
- What personal data will we collect and process from/about you?
- What will we do with your personal data?
- What cookies does our website use?
- Who will we disclose your personal data to?
- International transfers
- Security of your personal data
- How long do we keep your personal data?
- Your rights
- Links to other websites
- Changes to this privacy notice
- Contacting us and complaints
WHO WE ARE
This means we are responsible for deciding how we use the personal data we collect about you and ensuring that it is at all times processed in accordance with Data Protection Law. You can contact us using the details set out in the final section of this privacy notice below.
WHAT PERSONAL DATA WILL WE COLLECT AND PROCESS FROM/ABOUT YOU?
Information you give us: You may give us information about you (and/or third parties who you are acting on behalf of, for example, if you are booking flights on behalf of passengers or booking a training course for your staff) by corresponding with us by phone, e-mail or otherwise (including in person), filling in forms on our website, or using our Private Jet app. This includes information you provide when you: (i) make an enquiry about any of our services or products or carry out a search of our website; (ii) purchase services or products from us (either for yourself and/or on behalf of third parties); (iii) register for our newsletters and other electronic and postal communications; (iv) respond to a job vacancy notice or email a CV to us; and (v) report a problem with our website. The information you give us may include your (or a third party’s):
- Identity Data: name, profession or job, employer, personal description
- Contact Data: address, e-mail address, phone number (including when you contact us by these means).
- Passenger Data: passport and visa information (or copies thereof), and travel preferences.
- Financial Data: bank account, and credit/ payment card information and other financial information
- Transaction Data: details about your payments to and from you and other details of products services you have purchased from us.
- Special Category Data: sensitive personal data relating to your race, religion, health and/ or medical history.
- Recruitment Data: qualifications, references, CV and application, interview and assessment data (in addition to Identity and Contact Data).
IMPORTANT NOTE If you are providing personal data to us about someone else, for example passengers for whom you are arranging flights with us, you must have their prior permission to do this and make them aware of this privacy notice.
- Technical Data: technical information, including the Internet Protocol (IP) address used to facilitate your connection to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Usage Data: information about your visit to or use of our websites and traffic patterns, including the full Uniform Resource Locators (URL) clickstream to, through and from our websites (including date and time); services and/or products you viewed or searched for; length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
Information we receive from other sources: We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case, we will have informed you when we collected that personal data that it may be shared internally and combined with information collected on this website. We also work closely with third parties (including, for example, flight operators, suppliers, business partners, sub-contractors in technical, payment and delivery services, analytics providers, credit reference agencies and search information providers) and may receive personal data about you from them and from public sources to supplement the information you have given to us.
WHAT WILL WE DO WITH YOUR PERSONAL DATA?
We will only use your personal data where Data Protection Law allows us to. Data Protection Law says we can collect and use personal data in the following (applicable) circumstances:
- it is necessary for us to be able to perform a contract with you;
- it is necessary for our legitimate interests (and your interests and fundamental rights do not override those interests);
- if we have your consent (which you can withdraw at any time); or
- to comply with a legal obligation (i.e. rules laid down by courts, statute or regulation).
Accordingly, we lawfully use your personal data in the following ways:
We use Recruitment Data to recruit and select new employees of Air Partner. This processing is necessary to take steps at the applicant’s request to enter a contract of employment.
This processing is also necessary for the purpose of the legitimate interests pursued by Air Partner. Air Partner considers that it has a legitimate interest in fully assessing applications for employment to ensure that only suitable and appropriate candidates are both assessed and selected. Candidates who are considered further will be provided with our Employee Privacy Notice which explains fully how Air Partner handles Recruitment Data and additional personal data collected during the recruitment process.
To deliver our services
To carry out our obligations arising from any contracts entered into between you and us we need your Identity and Contact Data to register you as a new customer and to manage our relationship with you, and, your Financial, Transaction and Passenger Data (as applicable) to process and deliver your request and, with certain Special Category Data to the extent it is necessary (for example to enable us to accommodate dietary requirements or your religious or other needs), to ensure your receipt and enjoyment of the requested services . Therefore, we use this data on the basis that it is necessary for us to be able to perform our contract with you (i.e. the terms and conditions of the relevant services) and for our legitimate interests of delivering the services in this way and, in the case of the Special Category Data, on the basis that this is with your consent which you can withdraw at any time but we may not then be able to provide the services in the manner you request (for example without your specific dietary requirements or religious or other needs).
We use your Identity, Contact, Usage and Transaction Data in order to develop an understanding of the services and products that may be of interest to you (including by reference to those that you have already purchased or enquired about). Therefore, we use this data on the basis that it is necessary for our legitimate interests in developing and improving our services and to inform our business strategy and provide you with relevant information. We also use certain Usage Data to measure and analyse the behaviour of visitors to our website and traffic patterns by using cookies, and we will seek your consent to such use where we are legally required to do so. We use certain third-party applications to help us do this. For example, we use Google Analytics (http://google.com/analytics), a service which analyses website traffic data and webpage usage. Google Analytics does not identify individual users or associate your IP address with any other data held by Google (see www.google.com/policies/privacy/partners/ for more information).
Marketing and other communications
We may also wish to provide you, or permit selected and named third parties to provide you, with the information about services or products we feel may interest you. We will always give you the option to provide opt-in consent to receive different kinds of marketing communications from us or third parties or you can decide not to do so.
OPT-ING OUT: You can withdraw your consent or opt-out of any type of marketing communication from us at any time by following the instructions provided to you in the relevant communication (for example, the ‘unsubscribe’ link in an email) or you may contact us at firstname.lastname@example.org. If you have chosen to receive marketing communications from another organisation, your relevant personal data will be passed onto that organisation and will be held in accordance with their privacy policies. You should contact the relevant organisation directly if you no longer want to receive their marketing communications.
Note that even if you do not provide your consent, or subsequently withdraw it, in respect of marketing communications we will still need to send you communications in respect of our services and your contracts with us (for example, booking terms and confirmations and emergency information).
Website/ business administration
We use Identity, Contact and Technical Data to maintain our website and for internal operations, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. We use this data on the basis that it is necessary: (a) for our legitimate interests: running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and (b) to comply with a legal obligation.
We also use Technical and Usage Data to improve our website to ensure that content is presented in the most effective manner for you and for your computer and allow you to participate in interactive features of our service, when you choose to do so.
We could have to use your personal data which we hold to protect your or someone’s else’s vital interests, for example, to make contact in rare emergency situations. We could also have to use your personal data in connection with legal and regulatory matters such as our maintenance of business records, compliance with external reporting requirements and internal policies and procedures and responses to requests by government, law enforcement, regulators, courts, rights holders or other third parties including in respect of the use or misuse of intellectual property, such as our brand or media rights, or those of our licensees/ commercial partners or their parties. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting, defending and enforcing rights and interests in this way and also so that we can comply with legal obligations.
Change of purpose
We will only use your personal data for the purposes for which we collected it (as described above) unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will try to notify you and we will explain the legal basis which allows us to do so.
What if you do not want to share your personal data?
Unless otherwise specified above, generally we only collect your personal data on a voluntary basis. However, please note that if you decline to provide certain mandatory personal data, you may not be able to purchase certain services from us, and we may not be able to fully respond to any inquiries you make.
WHAT COOKIES DOES OUR WEBSITE USE?
WHO WILL WE DISCLOSE YOUR PERSONAL DATA TO?
We may share personal data with other parties in order to achieve our purposes (see What will we do with your personal data?):
Group companies: We may share your personal data with any member of our group (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006) and, if necessary, with local agents outside the UK where those agents act on our behalf. Our headquarters and servers are located in the United Kingdom but your personal data may be transferred to or accessed by any of our offices in other countries, including offices outside the EU (see International Transfers below).
Third party service providers: We use third party organisations to provide services to us or to you on our behalf, including:
(i) flight operators, handling agents, ground transport providers and other agents/ sub-contractors necessary for the performance of any contract we enter into with you;
(ii) analytics, social media platforms and search engine providers that assist us in the improvement and optimisation of our website;
(iii) IT and system administration/ maintenance providers;
(iv) credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; and
(v) market research companies if we carry out marketing or client care surveys to gain feedback and improve our services and products.
In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf (to the extent necessary). Our service providers only process personal data in accordance with our instructions and are not permitted to use your personal data for their own purposes.
Legally required: We may also disclose your personal data where we are under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the terms of a legal agreement; or to protect the rights, property, or safety of Air Partner plc, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Business sale: we may have to share certain personal data if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Notwithstanding anything else in this privacy notice, we may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and individuals cannot be re-identified.
Some countries outside of the European Union (EU) do not have laws that protect privacy rights as extensively as the UK and countries within the EU and, therefore, for which an adequacy decision has not been made under the GDPR. Given the nature of our services, however, it is likely that personal data will need to be processed by staff operating outside the EU in such countries who work for us or for one of our suppliers (see Who will we disclose your personal data to?). Obviously, we must do this in order to arrange a flight for you to travel to such a destination and in such a case this will be necessary for the performance of our contract with you or a contract with a third party but in your interests (enabling you to travel). Where possible, however, when we transfer your personal data outside of the EU, to a territory for which an adequacy decision has not been made under the GDPR, we will try to ensure that your personal data is afforded a similar degree of protection, in accordance with Data Protection Law. We do this by ensuring one of the specific safeguards approved by the European Commission (EC) is in place, including by putting in place standard contractual clauses as approved by the EC (the form for the standard contractual clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm). You can find further information about these safeguards at https://ec.europa.eu/info/law/law-topic/data-protection_en.
If you would like further information on the specific mechanism used by us when transferring your personal data out of the EU you can contact us using the details provided below.
SECURITY OF YOUR PERSONAL DATA
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
Once we have received your personal data, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed (a Data Security Breach). In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Data Security Breach and will notify you and any applicable regulator where we are legally required to do so.
Where we have given you (or where you have chosen) a username and/or password which enables you to access certain parts of our website, you are responsible for keeping your username and password confidential. Please don’t share your username or password with anyone.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will only keep (or “retain”) your personal data for as long as necessary to fulfil the purposes we collected it for (see What will we do with your personal data?), including for the purposes of satisfying any legal, accounting, or reporting requirements, in accordance with our Data Retention Policy.
To determine the appropriate retention period, we review – in addition to the purposes of use and how we can achieve them – other relevant factors such as the nature and scope of the personal data, the potential risks to the individuals to whom the information relates from a Data Security Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court. For example, we need to keep basic information about our customers (including identity, contact, financial and transaction information) for at least six years after they cease to be customers.
We will also retain your email address on our internal suppression list after you have opted-out of receiving communications from us to ensure that we do not contact you again (in accordance with good industry practice).
Please contact us using the details provided below if you require specific details of our retention periods for different aspects of your personal data.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are using it lawfully, provided always that this does not adversely affect the rights and freedoms of other people.
- Request correction of the personal data that we hold about you. Where any of the information we hold about you is incorrect or incomplete we will act promptly to rectify this, including where you have requested us to do so.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to use it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to our use (see below).
- Object to use of your personal data where we are relying on our legitimate interests (see above section What will we do with your personal data?) and there is something about your particular situation which makes you want to object to our use on this ground.
- Withdraw your consent to our use of your personal data where we do so in reliance on your consent. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
- Request the restriction of use of your personal data. This enables you to ask us to suspend the use of personal data about you, for example if you want us to establish its accuracy or the reason for using it.
- Request the transfer of the personal data you have provided, on the basis of consent or for a contract with us, to you or a third party where technically feasible.
If you would like a copy of your personal data, believe that any personal data we are holding on you is incorrect or incomplete, or have any other queries in relation to any other rights, please contact us at email@example.com. We will comply with your request within a reasonable period unless we have a lawful reason not to do so. To exercise your rights, we may ask you to verify your identity and cooperate with us in our effort. Please note that requests must be made in writing (including email). In responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.
Please note that we may need certain information to enable us to provide you with the services and/or information you ask for, so changes you make to your preferences or restrictions you ask us to make on how we use your personal data may affect what services and information we can provide.
Is there a fee?
We will not charge you a fee to exercise your rights unless your request is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.
LINKS TO OTHER WEBSITES
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (the Other Sites). The owners and operators of those Other Sites are responsible for their collection or use of your personal data and you should check their respective privacy policies/ notices if you follow a link to any of these Other Sites.
CHANGES TO THIS PRIVACY NOTICE
This privacy notice was last updated in June 2018. Any changes we may make to this privacy notice in the future will be posted on this website and notified to you as otherwise required by Data Protection Law.
CONTACTING US AND COMPLAINTS
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org. You also have the right to complain to the Information Commissioner’s Office (ICO) if you believe we have not handled your request in an appropriate manner. For information on contacting the ICO please see their website.