Here at Virgin Atlantic Airways Limited (“Virgin Atlantic”, or “we”, “us”) we pride ourselves on the importance of our customer relationships. This also extends to the way in which we handle personal information about our customers. We are committed to being transparent about the ways in which we intend to use your information, to provide you with choices about how we use it and fundamentally to ensure the security of your information.

1.1 Scope of this policy

This Privacy Policy describes and oversees the nature of all information that we collect, use and otherwise process about you in connection with your relationship with us as a customer, potential customer or just an enquirer (whether as a direct booker, agent booker, Flying Club member, lounge visitor, site visitor, app user, enquirer to one of our call centres, job applicant or otherwise).

We are happy to provide any additional information or explanation needed and/or answer any questions you may have (please refer to the “About us” section below for details on how to contact us).

1.2 Policy updates

We keep this Privacy Policy under regular review to ensure that we’re being transparent about the ways in which we use your personal information.  Any changes to our Privacy Policy will be reflected at www.virginatlantic.com and will take effect on the date of publication.

2.1 Who are we?

We are Virgin Atlantic Airways Limited, a company incorporated in England and Wales under company number 01600117, with our registered address as set out below.

2.2  Who's the Data Controller?

For the purposes of data protection laws, Virgin Atlantic Airways Limited are the “data controller” of all personal information that we collect, use and/or otherwise process about you under this Privacy Policy.  If you are a member of the Virgin Atlantic Flying Club,  Virgin Red Limited, who own and manage Virgin Points supporting the Flying Club will also separately be a data controller of your personal information relating to earning, redeeming and management of Virgin Points, details of which you can find in their privacy policy

If you are joining Flying Club on or after 8th February 2021 and fulfil the criteria set out in the Virgin Atlantic Flying Club terms and conditions, then you also agree that your data will be shared with Virgin Red for the purposes of the Virgin Red Loyalty Programme.  Virgin Red Limited’s address is 66 Porchester Road, London W2 6ET and you can contact their data protection officer at dpo@red.virgin.com.

2.3 How to contact us

If you have any questions about this Privacy Policy or the ways in which we handle your personal information you may contact us as follows:

The Data Protection Officer

General Counsel’s Office,

The VHQ,

Fleming Way,

Crawley,

West Sussex,

United Kingdom,

RH10 9DF

email: data.protection@fly.virgin.com

2.4       To comply with the General Data protection Regulation (2016/679) we have appointed a European representative. If you wish to contact them, their details are as follows:

MCF Legal Technology Solutions Limited

Riverside One

Sir John Rogerson’s Quay

Dublin 2

email: VirginatlanticEUrepresentative@mcf.ie

3.1 What types of information do we collect about you?

The types of information we collect about you depends on the nature of your interactions with us. Depending on the circumstances, we might collect any of the following types of information:

  • Details about you. Your name, email address, address, telephone number, your Flying Club  Membership Details, your Flying Club  tier status,  your payment details, meal preferences, language needs, special dietary requirements and other flying or lounge preferences and, if necessary, information about your health to the extent relevant to your fitness to fly and facial recognition data where we are required to do so in relation to security requirements imposed by a country through which you are travelling;
  • Identification documents/information. If you are flying on a route requiring Advance Passenger Information, your passport or identity card details, including your passport number, the country in which your passport was issued and the expiry date and we will take a copy of your identification, national insurance number and proof of address if you attend a job interview;
  • Details about the services you arrange with us. Your travel details, including details of your travel itinerary, where you’re flying from and to, any onward travel details if relevant (for example if you need our assistance for a connecting flight, if you’ve booked airport transportation with us, or if you’ve booked a holiday or package with Virgin Holidays), your baggage requirements, any upgrade information, your check in date and time, your lounge visits, seat preferences, meal preferences including special dietary requirements, details of any special assistance you might need from us and any other information relevant to enable us to provide you with the travel or other services that you’ve arranged with us;
  • Financial information. If you’re using the website to book flights or purchase products from our Retail Therapy online store, your payment details, which may include billing addresses, credit/debit card details and bank account details;
  • Your interactions with us or our partners. Information about your interactions or conversations with us and our people, including when you make enquiries, comments, complaints or submit feedback to us (whether formally via email or our website, over the phone or simply verbally to our people), when you get in touch via social media, when you attend any events we host or details of your preferences or attributes based on your interactions with our website or our goods or services.  In addition, we receive details of your preferences or behaviours based on your use of, or interactions with, our partners and their business offerings;
  • Job applications. If you apply for a job with us, your CV, work history, educational details, qualifications, skills, projects, references, proof of entitlement to work in the relevant country, national security number, your passport or other identity document details, your current level of remuneration (including benefits), the role you’re applying for and any other similar information that you provide to us; and Your use of our systems and services. Details of the way in which you use our site, app, call centres, WiFi, lounges, aircrafts and/or social media pages (please see the “OUR SITE, APP AND COOKIES” section below for further details).

4.1 Information that you provide to us:

  • When you browse our site or mobile application;
  • When you book or search for a flight or other service (such as lounge access, airport transportation or special assistance) via our site, app or via our Customer Centre;
  • When you manage your booking or check in online;
  • When you provide information at a kiosk at an airport in relation to your check-in, bag drop or boarding;
  • When you book or search for a flight or other service via a third party (such as Virgin Holidays or any other travel agent);
  • When you register to enrol in our VAA Flying Club via the site, app, call centre or via a third party (such as your corporate employer);
  • When you apply for a job with us by email, via the site or via a recruitment agency;
  • When you attend an interview or assessment;
  • When you contact us via our call centres, press office, social media, website, email or Live Chat;
  • When you ‘follow’, ‘like’, post to, or interact with our social media accounts;
  • When you participate in any of our competitions, promotions (for example via any social media channels or email) surveys or market research;
  • When you make a complaint via a third party (such as your travel agent);
  • When you travel with us (or with our codeshare partners on a code sharing arrangement);
  • When you use our airport lounges (and any services we make available in our lounges);
  • When you attend any events we might host; and
  • When you use our inflight entertainment.

 

4.2 Information that we get from third parties, including:

  • A person making a booking on your behalf. We will receive personal information in the form of booking details where, for instance, a family member or friend, travel agent or employer who may be based inside or outside the EU makes a booking on your behalf;
  • Employers, recruitment agencies and referees. If you are a job applicant we may contact your recruiter, current and former employers and/or referees, who may be based inside or outside the EU, to provide information about you and your application;
  • Partner airlines.  We will receive booking and flight information from partner airlines, together with (where relevant) information relating to your Flying Club earning or redemption activity;
  • Service providers. We may collect or receive personal information from travel agents, airport kiosk and gate providers, our website developer, IT support provider loyalty partners and service providers, analytics service providers and payment services provider (who may be based inside or outside the EU);
  • Social media plugins. We currently use social media plugins from the following service providers who are based both inside and outside the EU: Facebook, Twitter, LinkedIn Instagram and YouTube. By providing your social media account details you are authorising that third-party provider to share with us certain information about you
  • Government bodies. At some US airports, Customs and Border Protection use facial recognition technology during the check-in and boarding process in accordance with US law. The use of this technology is voluntary. Where your photograph is taken, Customs and Border Protection will confirm to us whether or not you have met its security requirements; and
  • We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

In certain circumstances, we will collect information which is deemed sensitive or referred to as special categories of personal data. This is most likely to include information about:

  • Information about your health (for example if you ask us to provide you with special assistance arrangements during your flight or at one of the airports, to determine your fitness to fly with us, or if you specify a particular meal preference indicative of a medical condition or sensitivity to certain foods;
  • Information about your religion (for example if you specify a particular meal preference indicative of a particular religion such as a kosher or halal meal);
  • Your race, ethnicity, religious or philosophical beliefs and sexual orientation for the purpose of our diversity and equal opportunities records;
  • Your health as necessary for the purpose of arranging your interview or supporting your needs and access to our workplace if you are an employee; and
  • Biometric data in the form of photographs for the purpose of testing new technology at our check-in kiosks and boarding gates;
  • Your criminal record for the purposes of completing background checks necessary for you to be able to work with us.


We need to have further justification for collecting, storing and using this type of personal information. We process special categories of personal information in the following circumstances:

  • In limited circumstances, with your explicit written consent;
  • Where we need to carry out our legal obligations or exercise rights in connection with employment;
  • Where it is needed in the public interest, such as for equal opportunities monitoring;
  • Where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent; and
  • Where you have already made the information public.

6.1 For what purposes do we use your information?

We will use your information for a variety of different purposes some of which will be dependent on the services that you engage us for. This includes:

  • To facilitate your travel with us. We will use your information to provide you with any services that you request or purchase from us. This includes providing your flight, checking you in to your airport, administering your Flying Club membership, (including earning and redeeming points and other benefits),providing your lounge access, managing the transit of your luggage, providing you with any special assistance, providing you with airport transportation, issuing you with your tickets (on the basis of performing our contract with you or where you have provided your consent);
  • To send you service communications and support services. We will use your information to send you any communications relevant to the services or products you’ve requested or purchased from us. This includes sending you an e-ticket for your flight, and sending you an email to notify you of changes to your flight time or itinerary. We will also provide you with customer service and support, deal with your enquiries, scheduling changes, complaints, comments or observations shared with us and monitor your progress through airport check in to ensure that you make your flight (on the basis of performing our contract with you or on the basis of our legitimate interests to provide you with customer service);
  • To manage our relationship with you. This includes notifying you of changes to our terms of use or privacy policy, and asking you to leave a review or take a survey (on the basis of performing our contract with you, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);
  • To send you marketing communications.  We will use your information to keep you up to date with our latest news, offers and competitions (including, where applicable, relating to Flying Club) unless you have told us that you’d prefer not to hear from us.  We (or our partners or service providers on our behalf) may do this using analysis compiled from information we have collected from you or which we have generated about you or which we have lawfully received about you from our partners (on the basis of our legitimate interests to provide you with marketing communications where we may lawfully do so or where you have provided your consent). Please see the “MARKETING” section below for more information;
  • To provide you with suggestions and recommendations. To share your information with selected third parties such as suppliers and partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
  • To enable you to join Flying Club and the Virgin Red Loyalty Programme or update your details. We will use and/or share (with Virgin Red) the details provided on your account registration form and any amendments to your online profile (on the basis of performing our contract with you);
  • To process and facilitate transactions with us. We will use your information to process transactions and payments, e.g. for flight bookings or purchases on our Retail Therapy store, and to collect and recover money owed to us (on the basis of performing our contract with you and on the basis of our legitimate interest to recover debts due);
  • To personalise and improve your customer experience. We will use your information to provide you with a more personalised service. For example, tailoring the communications we send to you with your preferred routes, serving you only with advertising that we think you might like, acknowledging your tier status with us and/or any inflight preferences (on the basis of our legitimate interests to present you with the right kinds of products and services);
  • To improve our customer service. We will record calls to our call centre and/or monitor calls for the purposes of improving our customer service, ensure quality assurance, training, security and for general business purposes (on the basis of our legitimate interest in improving our customer service);
  • To enable us to interact with you on social media platforms. These include Facebook, LinkedIn, Twitter, Instagram and YouTube, for example, posting status updates, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);
  • To process your job applications. We will use your information to process any job applications  you  submit to us, whether directly or via an agent or recruiter (speculatively or in response to any ad) (on the basis of our legitimate interest to recruit new employees or contractors);
  • To optimise our site and app. We will use your information to provide you with access to our site and application in a convenient and optimal matter, and with personalised content relevant to you, using site analytics and research and in certain circumstances combining that with other information we know about you (on the basis of our legitimate interests to operate and present an effective and convenient website to our website users);
  • To ensure security and protect our business interests. We will use your information to ensure the security of our services, buildings, and people, including to protect against and investigate and deter against fraud, unauthorised or illegal activities, systems testing, maintenance and development (on the basis of our legitimate interests to operate a safe and lawful business, where we have a legal obligation to do so, for establishing exercising or defending legal claims or for reasons of substantial public interest);
  • To determine your fitness to fly. In certain circumstances, we will use your information to determine whether it is safe for you and/or other passengers to fly with us (on the basis of your consent);
  • To conduct research. We will use your information to carry out aggregated and anonymised research about general engagement with our services and systems, or if you chose to participate in customer surveys, consumer focus groups and research (on the basis of our legitimate interests to improve our products, services and customer service);
  • To detect fraud, terrorism and unlawful activities. To protect against, investigate, and deter fraudulent, unauthorised, or illegal activity, including identity fraud, terrorism and other types of unlawful conduct (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);
  • To comply with our legal obligations, policies and procedures. We will use your information to enable us to:

 - Comply with our policies and procedures, and our legal obligations (for example adhering to court orders and subpoenas);

-  To enforce our legal rights;

-  To protect the rights, property and safety of staff, passengers and others;

This includes sharing your information with our lawyers, technical advisors, law enforcement and other regulatory bodies where necessary.

Occasionally we will use your information to make decisions about what communications you would like to receive from us in order to improve your customer experience.

6.2 On what grounds will we process your information?

We will use your information for the purposes listed above, either:

  • For the performance of your contract with us and the provision of our contract with you;
  • To comply with a legal obligation;
  • For our legitimate interests (we explain what we mean by this below);
  • To protect your or another person’s life;
  • With your consent;
  • For establishing, exercising or defending legal claims; or
  • For reasons of substantial public interest.

6.3 What do we mean by “legitimate interests"?

As outlined above, in certain circumstances we (or partners on our behalf) may use your personal information to pursue legitimate interests of our own or that of third parties, but this is provided your interests and fundamental rights do not override those interests. By “legitimate interests” we mean our interests in conducting and managing our business activities and to ensure that we are guaranteeing the best service and experience for you, our customers. This involves:

  • Providing you with and improving our customer service (including sharing data with our service providers and partners for the purposes of providing you with our goods and services, including to help us provide and administer your Flying Club membership and benefits);
  • Determining the effectiveness of our site/tools/services and improving the security and optimisation of our network, sites and services;
  • Confirming information that you provide to us in a CV or application, by reference to past employers and/or publicly available employment or business profiles;
  • Personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you, such as sending you marketing in certain circumstances, and serving you with advertising that is relevant and likely to be of interest to you;
  • Detecting, monitoring and preventing fraud or other unlawful acts, and operating a safe and lawful business;

Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. We won’t use your information if we believe your interests should override ours, unless we have other lawful grounds to do so (such as your consent or if we have a legal obligation. If you have any concerns about our processing please refer to details of “YOUR RIGHTS” section below.

As we outline in “YOUR RIGHTS” section below, you will have the right to object to our using your information for our legitimate interests. However, please keep in mind that your objection to this sort of processing may affect our ability to carry out the tasks that we have set out above.

7.1 Who do we share your information with?

In connection with the purposes and on the lawful grounds described above, we share your personal information with the following third parties:

  • Third party providers, subcontractors and suppliers that we work with. We share your information with third party suppliers that provide us with services in connection with our business and the provision of our services to you. This includes: marketing agencies and/or companies that run our marketing or research campaigns, IT developers, service providers and hosting providers, loyalty partners and service providers, analytics service providers, third parties that manage promotions or competitions that we may run, third party software companies that provide us with applications on a white label basis, advertising providers and networks, ground agents, site analytics providers, medical service providers, fraud detection agencies and credit card screening companies based in both inside and outside of the EU;       

·Sky Team Alliance. Virgin Atlantic are a member of the SkyTeam Alliance, a global network of airlines that process personal data to provide passengers with a more seamless travel experience. For more information, please read the SkyTeam Alliance Joint Privacy Notice https://www.skyteam.com/en/joint-privacy-notice.”

  • Travel agents, tour operators or other third parties. These include your corporate employer who you may book your flight through (whether as part of a package or otherwise) including for example, Virgin Holidays or any other person who has booked a flight on your behalf, who may be based both inside and outside the EU;
  • Third parties that are delivering a portion of your itinerary. We share your information with third parties that are providing a part of your travel itinerary, such as our codeshare partners, travel agents like Virgin Holidays based inside and outside the EU;
  • Companies within the Virgin Group, our Partner Airlines, Virgin Red Limited and Loyalty Partners. We share your information with our Flying Club partners based inside and outside the UK if you have agreed that you are happy to hear from them about products, services and offers that may be of interest.  We also share your Flying Club information including, for example, flights taken, to enable you to take advantage of the loyalty benefits available through our Flying Club and/or Flying Co programme, e.g. to credit your Flying Club account with Virgin Points;
  • Airports, immigration/border control and/or other government authorities.  The majority of destinations require us to provide ‘Advance Passenger Information’ about you to the border/immigration authorities of your travel destination. Advance Passenger Information comprises the basic information contained in your passport that you would be required to present on your arrival (see here for more details)

In addition, laws in certain countries in your itinerary such as the USA and countries your flight may fly over require us to provide certain additional advance information about you and your travel arrangements. We will provide this information where we are required to do so;

  • Third parties for marketing. We share your information with any selected third party that you consent to our sharing your information with for marketing purposes;
  • Regulators and governmental bodies. Where necessary, we share your information with regulators and governmental bodies including HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based inside and outside the EU, who require reporting of processing activities in certain circumstances;
  • Prospective sellers and buyers of our business. We may share your information with prospective sellers or buyers of such business or assets, only in the event that we decide to sell or buy any business or assets; and
  • Courts or advisors. Any other third parties (including legal, accountants or other advisors, regulatory authorities, courts and government agencies) where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

8. 1 When you’ll hear from us

We will keep you up to date with our latest news, offers and competitions (or those of our Flying Club) if you have indicated that you are happy to receive marketing communications from us.

8. 2 Opting out of marketing

If you no longer want to hear from us, you can opt-out or unsubscribe by:

  • Following the ‘unsubscribe’ link contained in any email marketing communications that you receive from us;
  • If you have a Flying Club Account with us, updating your marketing preferences within your account;
  • By contacting us using the details in the ‘ABOUT US’ section above.

Third parties and marketing

We might rely on third parties under contract to help us manage our marketing communications, but we won’t share your information with any third parties for their marketing purposes unless you agree to our doing so.

9.1 What we collect when you interact with our sites and apps

As you may already know, most sites and apps collect certain information automatically in log files about the way in which you interact with them. This includes your IP address, geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), browser type, referral source, length of visit to the site or app, number of page views, the search queries you make, and similar information.

This information will be collected by us or by a third party site analytics service provider and will be collected using cookies.

As we’ve described above, we use this information to help improve our functionality and services, run diagnostics, analyse trends, track visitor movements, gather broad demographic information and personalise our services.

9.2 What do we mean by ‘cookies’?

Cookies are small amounts of information in the form of text files, which we store on the device you use to access our site or our marketing communications. Cookies allow us to monitor your use of our services and improve them. For example, a temporary cookie is also used to keep track of your ‘session’. Without that temporary cookie, you would not be able to purchase flights via our site.

We also use cookies for site analytics purposes and to monitor how customers interact with and receive our marketing communications (for example if you open the marketing communication and/or click through any of our offers). We use this information to try to improve the relevance and tone of our future communications to ensure we’re servicing you as best as we can.

If you don’t want cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the ‘Help’ section of your internet browser (or visit http://www.aboutcookies.org). Please note that, if you do set your internet browser to reject cookies, you will not be able to access all of the functions of our site.

For details of all the cookies that we use, and what we use them for, head over to https://www.virginatlantic.com/tools/decorators/global/en/footer/cookie-policy.html

1.1 Overview of your rights

You have certain rights in respect of the personal information that we hold about you, including:

  • The right to be informed of the ways in which we use your information as we seek to do in this Privacy Policy
  • The right to ask us not to process your information for marketing purposes
  • The right to request access to the information that we hold about you
  • The right to request that we correct or rectify any information that we hold about you which is out of date or incorrect
  • In certain circumstances, the right to ask us to stop using information about you
  • The right to withdraw your consent for our use of your information in reliance of your consent
  • The right to object to our using your information on the basis of our legitimate interests (see paragraph 6.3 above for information about legitimate interests) or the legitimate interests of a third party and there is something about your particular situation which makes you want to object to us using it on this ground
  • The right to receive a copy of any information we hold about you in connection (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances
  • The right to ask us to limit or cease processing or erase information we hold about you in certain circumstances; and
  • The right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) or the relevant authority in your country of work or residence;
  • Please note that, notwithstanding these rights, we reserve the right to retain certain information for our own record-keeping and research purposes, and to defend ourselves against any legal claims. We will also need to send you service-related communications relating to your site user account even when you have requested not to receive marketing communications.

1.2 How to exercise your rights.

  • Contacting us. You can exercise your rights by contacting us using the details in the “ABOUT US” section above. Or, if you wish to stop receiving marketing communications, by checking the applicable boxes on forms that we use to collect your information to tell us that you don’t want to participate in marketing, clicking on the ‘unsubscribe’ link in marketing emails or by updating your marketing preferences on your Flying Club account.
  • Updating your own details. Depending on the nature of your request, you may also be able to do update your details yourself. For example:
  • You may update some of the details we hold about you by logging into your booking via My Booking and following the instructions to edit your details, or contact us to change details of your booking;
  • You can update some of the details we hold about you by logging into your Flying Club account via the Flying Club section of our site and following the instructions to edit your details;
  • Requesting information we hold about you. You are entitled to receive information we hold about you. You can submit a Subject Access Request by printing off, completing and sending in the Customer Access Request Form or write to us using the details in the ‘ABOUT US‘ section above. To help us confirm your identity and to ensure your personal data is not disclosed to anyone who does not have a right to receive it, please enclose a photocopy of your passport, or any other official document upon which your signature is present (or in the case of third party requests their official document and signature) with your request. Without this documentation, we may not be able to process your request.
  • Requesting Proof of Travel. We are happy to provide Proof of Travel letters as requested.  Simply submit a signed written request including the following information:

- Your full name - including any former names by which you may have been known;

- Your full address - including any former address or addresses, at which you may have been resident at the time the booking was made;

- Booking reference or flight number, route and date of travel;

- A photocopy of any official document on which your name, address and usual signature appear - i.e. your Driving Licence or Passport

Please send your request to us at the following address:

Customer Relations - Virgin Atlantic Airways

The VHQ

Fleming Way

Crawley

West Sussex

RH10 9DF

We will comply with your requests unless we have a lawful reason not to do so.

  • You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

1.1 Our service providers and suppliers

We are based within the  United Kingdom (“UK”), however, in certain circumstances, information that we collect about you will, during our relationship, be sent to and held by us in countries based outside of the UK where we work with suppliers and service providers that are either based outside of the UK, or have servers based outside of the UK. Countries based outside of the UK may protect information differently, and so where we do transfer your information to suppliers based outside of the UK and countries that the European Commission deems to provide adequate levels of protection for personal data, we will take all steps necessary to ensure that it is adequately protected and used in accordance with this Privacy Policy, including but not limited to relying on any appropriate cross-border transfer solutions such as the European Commission's Standard Contractual Clauses with the UK Addendum or the UK International Data Transfer Agreement .

1.2 Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

1.3 Destination territories

As we outline above, in certain circumstances, we are required to share certain information about you in advance of your travel with immigration or other government authorities before we can deliver you to your destination.

12.1 Our security measures

We strive to constantly keep our security practices under review to ensure that we are keeping your information as safe as possible. We use a variety of different technical and operational security measures to protect your information against unauthorised access or unlawful use. By way of example we:

  • Ensure the physical security of our offices, lounges, airports, warehouses and other sites
  • Ensure the physical and digital security of our equipment, devices and systems by mandating appropriate password protection, encryption and access restrictions
  • Are a company compliant with the Payment Card Industry Data Security Standard ‘PCI DSS’, which means high standards of security in respect of your payment information
  • Ensure appropriate access controls so that access to your information is only granted to those of our people that need to use it in the course of their work
  • Carry out regular penetration testing of our systems and third party reviews of our software
  • Maintain internal policies and deliver data protection and confidentiality training to ensure our people also understand their responsibilities in looking after your information and commit to taking appropriate measures to enforce these responsibilities.

12.2 How you can help ensure the security of your information?

You too can play a part in helping to keep your information safe, including:

  • Choosing strong passwords
  • Keeping your booking references and passwords confidential, avoid sharing them with anyone else or using your password for multiple accounts
  • Limiting the information you share on social media and be conscious of using public WiFi
  • Ensuring that you log out of your Flying Club account or profile with us after each session if you are using a shared computer
  • Informing us immediately if you know or suspect that your password or booking reference has been compromised, or if someone may have accessed your account
  • Keeping your devices protected by ensuring that you’re using the most up to date version of your operating system and have suitable anti-virus software if applicable
  • Keeping alert to any fraudulent emails that, although aren’t, might appear to be from us.

12.3 Links to other sites and resources

Our site contains content and links to other sites that are operated by third parties (including our partner airlines and/or any other third parties whom we believe you may be interested in). Please note that we do not control these third party sites or the cookies that such third parties operate and this Privacy Policy will not apply to them. Be sure to consult the Terms of Use and Privacy Policy of the relevant third party site to understand how that site collects and uses your information and to establish whether and for what purposes they use cookies.

We keep your information for as long as is reasonably necessary to enable us to provide you with the services that you have requested from us, to comply with any legal obligations that require us to keep information, or for as long as we reasonably require for our legitimate interests, including for example for the purposes of exercising our legal rights or defending ourselves against claims. We operate a data retention policy and look to find ways to reduce the amount of information we hold and the length of time that we need to keep it. For example:

  • We try to adopt a paperless approach wherever possible and securely destroy any paper correspondence we receive on a regular basis unless we are required to retain it for evidential or legal purposes;
  • We retain a suppression lists of individuals who no longer wish to be contacted by us indefinitely. We need to keep this information to comply with their wishes not to contact them.

14.1 Not happy?

If you have any comments, questions or concerns about the contents of this Privacy Policy or the way in which we use your information, we encourage you to contact us using the details in the “ABOUT US” section above to see if we can help resolve the issue in the first instance.

However, if you wish to make a formal complaint or have concerns regarding the ways in which we use your information, you may do so by contacting the Information Commissioner’s Office (also known as the “ICO”). The ICO is an independent authority and the UK’s supervisory authority for information rights.

You can register your concerns on the ICO site here https://ico.org.uk/concerns/handling/.

Last updated  22 February 2023.