Data and the protection of data are at the centre of everything we do. As such, our business is built on security, compliance, and accountability, enabling us to protect individuals and businesses most valuable assets. We are committed to delivering products and services that are secure and compliant with requirements, including the EU’s General Data Protection Regulation (GDPR) which becomes enforceable on 25 May 2018.
1. About Us
1.2 If you have any questions about your personal information, please click contact us using the details on our website, or email us directly at DC@ACCaviation.com.
3. Collection of Information
3.1 When you access the Website via any means, register or send a request, respond to or participate in any survey or questionnaire sent to you by us, provide comments, purchase our services or contact us from anywhere worldwide using any media, we may collect, store, use and share certain personally identifiable information in line with this policy.
3.2 To register or make an enquiry on the Website or by any other media, we will ask for your name and email address. As part of your profile you may also provide your location and other information that will help us to tailor the service to suit you. We may also ask you about your gender and employment history or qualifications in order to understand more about you (responding to these questions will always be optional. When you make a purchase by Credit Card, we and/or our payment services provider will also collect and process your credit card or other payment details and necessary proof of Identity. If you contact us, we may also keep a record of that correspondence.
3.3 We may also collect data relating to your visits to the Website that cannot identify you but records your use of our Website, for example, details of how long you have used the Website for.
3.4 We may also collect your computer’s IP address in order to help us tailor the service to your location.
3.5 If you elect to verify your identity through our Website, we will receive and process and store your personal information and identity documentation for this purpose.
3.6 Finally, we may receive information about you from third parties (such as credit reference agencies) who are legally entitled to disclose that information.
4. Use of Your Information
4.1 By accessing our Website via any means, registering or send a request, providing comments, or purchasing a service, you agree that your personal information may be collected, stored, used and shared by us and our partners or third parties we work with, for any of the following purposes:
- to fulfil any contractual agreements between you and us;
- to provide, maintain, protect and improve the quality of the Website, including by conducting anonymised market research, and to protect us and our users;
- to provide you with a personalised browsing experience when using the Website;
- to send you details of our other products and services which we think may interest you, unless you opt out as described at paragraph 9.1.3 below. You can control your email preferences on the settings page accessed through any email which we have sent you;
- to tailor our advertising on social media to your use of the Website;
- to allow you to use the full range of features on or via our Website;
- to comply with legal and regulatory requirements;
- to contact you occasionally in order to invite you to share your opinions and experiences of ACC; and
in order to provide third party goods or services available through our Website.
4.2 We may use your email address to send you updates about our Services. You can control your email preferences on the settings page accessed through any email which we have sent you.
5. Storage of Information/Data Security
5.1 ACC use secure hosting at Tier 1 data centres in the UK, which consist of redundant networking connections with high levels of both digital and physical security and deploy leading EU based Cloud Software as a Services (SaaS) to support our Enterprise Resource Planning (ERP) systems.
Our servers are backed up nightly to an offsite location to ensure that if anything were to happen – to the server or the premises – the data would remain completely secure. Each server we provide is fully supported by us at ACC, alongside the dedicated support team at our data centre, ensuring that we provide the best uptime and the quickest response possible.
All servers are monitored 24/7, alerting key personnel within the company should a data breach occur. This allows us to easily notify users should anything happen to the server.
ACC ensure that the servers and their applications and security packages, are fully up to date at all times, to provide the best possible security and performance to our Clients. In addition to this, we operate our own dedicated Firewall that sits in front of the server to help protect against DDoS and other attacks.
In addition we have deployed a DDoS mitigation software platform, which provides always-on Layer 3/4 DDoS mitigation to ensure the availability of our network when under attack. Each DDoS mitigation centre in our network is based on a Juniper MX480 routing platform and Arbor TMS mitigation platform, for high capacity packet filtering. This software is managed 24/7 by ACC and third-party cybersecurity teams at our Tier1 data centres.
5.2 We (or third parties acting on our behalf) may also store or process information that we collect about you in countries outside the European Economic Area, which may have lower standards of data protection. We have put in place technical and organisational security measures, including 2 factor authentication access, to prevent the loss or unauthorised access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.
6. Legal Basis for Processing Your Information
6.1 Our legal basis for collecting and using the personal information described above will be Legitimate Interests. Article 6(1)(f) of the GDPR is the one that is relevant here – it says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.”
6.2 However, we will normally collect personal information from you only (i) where the processing is in our legitimate interests and not overridden by your rights, (ii) where we need the personal information to perform a contract with you, or (iii) where we have your consent to do so. In some cases, we may also have a legal obligation to collect personal information from you.
6.3 If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as the possible consequences if you do not provide your information); this will include providing airline travel services to you when travelling on or working as passengers or crew members on Chartered or Leased flights; this may necessitate transferring personal information overseas. This may necessarily be to counties and territories around the world and ACC are required to ensure that when we need to do this we comply with the DPA.
6.4 In certain of the jurisdictions in which we operate, a different legal basis for data processing, Consent, will be applied and if we collect and use your sensitive personal data, such as medical and dietary information your specific consent will always be requested at the relevant time.
We don’t think that any of our activities prejudice individuals in any way – in fact, they help us to offer you a more tailored, efficient service. However, you do have the right to object to us processing your personal data on this basis.
7. Disclosure of Your Information
We may disclose your personal information to third parties when permitted by law including:
a. With your consent;
b. to our suppliers in order for them to help us provide our services to you, this includes:
- ACC and its subsidiaries and branches;
- ACC’s contracted airline operators and their subsidiaries, branches and agents;
- our customer relationship management services (which allows us, for example, to send personalised email communications to you);
- our provider of file storage and management services if you email us directly;
- our payment services provider (as discussed at paragraph 3.2 above) when you make a purchase to process your payment;
- our identity verification partner (as discussed at paragraph 3.5 above) to verify your identity where you choose to select this option; and
- our customer service software if you contact our support team.
e. if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our DPA Policy and other agreements; or to protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
8. Data Retention
8.1 We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
8.2 When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
9. Your Rights
9.1 You have the following data protection rights:
- You can request a copy of your personal data from us in a commonly used and machine-readable format.
- You can edit your personal details by contacting us using the contact details provided at paragraph 12 below whenever you wish. We maintain a procedure in order to help you confirm that your personal information remains correct and up-to-date or choose whether or not you wish to receive material from us. We will answer every email as promptly as possible.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided at paragraph 12 below.
- You can request the erasure of personal information that we hold about you where there is no good reason for us to continue processing it, where you have successfully exercised your right to object to processing, where we may have processed you information unlawfully or where we are required to erase your personal data to comply with local law.
- You can object to our processing of your personal data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- You may unsubscribe from certain email communications by following the Unsubscribe link in the email communication itself.
- Similarly, if we have collected and process your personal information on the basis of your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- If you have any privacy-related questions or unresolved problems, you may contact us using the information provided at paragraph 12 below.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland and certain non-European countries (including the US and Canada) are available online.)
- The Website may, from time to time, contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies. Please check these policies before you submit any personal information to these websites.
We strongly believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 13 years of age, and no part of the Website is directed to persons under 13 years of age. If you are under 13 years of age, then please do not use or access the Website at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 13 years of age.