ACC AVIATION LTD & ITS SUBSIDIARIES & AFFILLIATES
Data and the protection of data are at the centre of everything we do. As such, our business is built on security, compliance, and accountability, enabling us to protect individuals and businesses most valuable assets. We are committed to delivering products and services that are secure and compliant with requirements, including the EU’s General Data Protection Regulation (GDPR) which becomes enforceable on 25 May 2018.
1.2 If you have any questions about your personal information, please click contact us using the details on our website, or email us directly at DC@ACCaviation.com.
3.1 When you access the Website via any means, register or send a request, respond to or participate in any survey or questionnaire sent to you by us, provide comments, purchase our services or contact us from anywhere worldwide using any media, we may collect, store, use and share certain personally identifiable information in line with this policy.
3.2 To register or make an enquiry on the Website or by any other media, we will ask for your name and email address. As part of your profile you may also provide your location and other information that will help us to tailor the service to suit you. We may also ask you about your gender and employment history or qualifications in order to understand more about you (responding to these questions will always be optional. When you make a purchase by Credit Card, we and/or our payment services provider will also collect and process your credit card or other payment details and necessary proof of Identity. If you contact us, we may also keep a record of that correspondence.
3.3 We may also collect data relating to your visits to the Website that cannot identify you but records your use of our Website, for example, details of how long you have used the Website for.
3.4 We may also collect your computer’s IP address in order to help us tailor the service to your location.
3.5 If you elect to verify your identity through our Website, we will receive and process and store your personal information and identity documentation for this purpose.
3.6 Finally, we may receive information about you from third parties (such as credit reference agencies) who are legally entitled to disclose that information.
4.1 By accessing our Website via any means, registering or send a request, providing comments, or purchasing a service, you agree that your personal information may be collected, stored, used and shared by us and our partners or third parties we work with, for any of the following purposes:
4.2 We may use your email address to send you updates about our Services. You can control your email preferences on the settings page accessed through any email which we have sent you.
5.1 ACC use secure hosting at Tier 1 data centres in the UK, which consist of redundant networking connections with high levels of both digital and physical security and deploy leading EU based Cloud Software as a Services (SaaS) to support our Enterprise Resource Planning (ERP) systems.
Our servers are backed up nightly to an offsite location to ensure that if anything were to happen – to the server or the premises – the data would remain completely secure. Each server we provide is fully supported by us at ACC, alongside the dedicated support team at our data centre, ensuring that we provide the best uptime and the quickest response possible.
All servers are monitored 24/7, alerting key personnel within the company should a data breach occur. This allows us to easily notify users should anything happen to the server.
ACC ensure that the servers and their applications and security packages, are fully up to date at all times, to provide the best possible security and performance to our Clients. In addition to this, we operate our own dedicated Firewall that sits in front of the server to help protect against DDoS and other attacks.
In addition we have deployed a DDoS mitigation software platform, which provides always-on Layer 3/4 DDoS mitigation to ensure the availability of our network when under attack. Each DDoS mitigation centre in our network is based on a Juniper MX480 routing platform and Arbor TMS mitigation platform, for high capacity packet filtering. This software is managed 24/7 by ACC and third-party cybersecurity teams at our Tier1 data centres.
5.2 We (or third parties acting on our behalf) may also store or process information that we collect about you in countries outside the European Economic Area, which may have lower standards of data protection. We have put in place technical and organisational security measures, including 2 factor authentication access, to prevent the loss or unauthorised access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.
6.1 Our legal basis for collecting and using the personal information described above will be Legitimate Interests. Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.”
6.2 However, we will normally collect personal information from you only (i) where the processing is in our legitimate interests and not overridden by your rights, (ii) where we need the personal information to perform a contract with you, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you.
6.3 If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information); this will include providing airline travel services to you when travelling on or working as passengers or crew members on Chartered or Leased flights; this may necessitate transferring personal information overseas. This may necessarily be to counties and territories around the world and ACC are required to ensure that when we need to do this we comply with the DPA.
6.4 In certain of the jurisdictions in which we operate, a different legal basis for data processing, Consent, will be applied and if we collect and use your sensitive personal data, such as medical and dietary information your specific consent will always be requested at the relevant time.
We don’t think that any of our activities prejudice individuals in any way – in fact, they help us to offer you a more tailored, efficient service. However, you do have the right to object to us processing your personal data on this basis.
a. With your consent;
b. to our suppliers in order for them to help us provide our services to you, this includes:
e. if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our DPA Policy and other agreements; or to protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8.1 We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
8.2 When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
We strongly believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 13 years of age, and no part of the Website is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access the Website at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 13 years of age.
* indicates required fields.