Baines Simmons Privacy StatementAir Partner plc and all of its subsidiaries, which include Baines Simmons Limited, Redline Aviation Security Limited, Air Partner CHS Limited, and subsidiaries outside of the UK (together herein referred to as “the Air Partner Group”) are committed to protecting and respecting your privacy in accordance with all applicable data protection laws (referred to collectively in this privacy statement as “Data Protection Law”).
This privacy statement is issued on behalf of each company of the Air Partner Group so when we mention “we”, “us”, and “our” in this privacy statement, we are referring to the relevant company in the Air Partner Group responsible for processing your data at any one time, be that Air Partner Plc, Baines Simmons Limited, Redline Aviation Security Limited, Air Partner CHS Limited, Kenyon International or any other subsidiaries of the group, including outside the UK.
Please note that we collect various personal data (meaning any information about you from which you can be identified) from you or about you when you visit our websites, use our apps, procure or use our products and services, and/or otherwise interact with us.
Any reference to “website” in this statement may be to the Air Partner website (www.airpartner.com), Baines Simmons’ website (www.bainessimmons.com) Redline’s website (www.trustredline.co.uk), Air Partner CHS’s website (www.chsservices.com) or Kenyon International’s website (www.kenyoninternational.com) as appropriate.
What is in this Privacy statement?
This privacy statement sets out the basis on which we process any personal data we collect from you, or that you provide to us, including that of your employees, customers and representatives. It also explains what rights you have in relation to the personal data we hold about you.
Who we are
Details of who we are can be found under www.airpartnergroup.com/who-we-are. For the purpose of Data Protection Law, the “controller” is the relevant entity of the Air Partner Group which processes your data, as notified to you at the time your data is collected.
This means we are responsible for deciding how we use the personal data we collect about you and ensuring that it is at all times processed in accordance with Data Protection Law. You can contact us using the details set out in the final section of this privacy notice below.
What personal data do we collect and process from/about you?
Information you give us: You may give us information about you and/or third parties who you are acting on behalf of, (for example, if you are booking flights on behalf of passengers or booking a training course for your staff, or providing information on a victim of a disaster or their family members) by corresponding with us by phone, e-mail or otherwise (including in-person), filling in forms on our website, at an assistance centre and/or as part of the response to an incident, or using any of our Apps. This includes information you provide when you: (i) make an enquiry about any of our services or products or carry out a search of our website; (ii) purchase services or products from us (either for yourself and/or on behalf of third parties); (iii) register for our newsletters and other electronic and postal communications; (iv) respond to a job vacancy notice or email a CV to us; and (v) report a problem with our website. The information you give us may include your own (or a third party’s) personal data, including, but not limited to the following:
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you are providing personal data to us about someone else, for example passengers for whom you are arranging flights with us, family members and/or next of kin or your employees’ training records, you must have their prior permission to do this and make them aware of this privacy statement.
Our website is not aimed at children and we do not knowingly collect personal data of children, unless it is provided by you on their behalf, or on behalf of someone else (for example passengers) and you have the required parental or guardian’s permission to share such data with us. In exceptional circumstances for the purposes of incident response we may need to take data from a child if no alternative family member or guardian can.
What will we do with your personal data?
We will only use your personal data where Data Protection Law allows us to. Data Protection Law says we can collect and use personal data in the following (applicable) circumstances:
Accordingly, we lawfully use your personal data in the following ways:
We use Recruitment Data to recruit and select new employees of the Air Partner Group. This processing is necessary to take steps at the applicant’s request to enter a contract of employment.
This processing is also necessary for the purpose of the legitimate interests pursued by the Air Partner Group. The Air Partner Group considers that it has a legitimate interest in fully assessing applications for employment to ensure that only suitable and appropriate candidates are both assessed and selected. Candidates who are considered further will be provided with our Employee Privacy Notice which explains fully how the Air Partner Group handles Recruitment Data and any additional personal data collected during the recruitment process (including criminal records and other background checks).
To deliver our services
To carry out our obligations arising from any contracts entered into between you and us we need your Identity and Contact Data to register you as a new customer, perform any background checks, manage our relationship with you, and provide the services requested and any related information. We also need your Financial, Transaction and Passenger Data (as applicable) to process and deliver your request. We need Special Category Data to the extent it is necessary (for example to enable us to accommodate dietary requirements, for the purposes of repatriation, personal effects processing and return and memorial planning, or your religious or other needs), to ensure that you receive the requested services. We also process Special Category Data when providing fatigue risk management, incident response and consultancy services. Therefore, we use this data on the basis that it is necessary for us to be able to perform our contract with you (i.e. the terms and conditions of the relevant services) and for our legitimate interests of delivering the services in this way. We use the Special Category Data on the basis that this is with your consent which you can withdraw at any time. If you do so however, we may not then be able to provide the services in the manner you request.
We use your Identity, Contact, Usage and Transaction Data in order to develop an understanding of the services and products that may be of interest to you including by reference to those that you have already purchased or enquired about. Therefore, we use this data on the basis that it is necessary for our legitimate interests in developing and improving our services and to inform our business strategy and provide you with relevant information. On this basis we may inform you of products and services offered by other business entities of the Air Partner Group which you may not have yet used and may be of interest to you from time to time. We also use certain Usage Data to measure and analyse the behaviour of visitors to our website and traffic patterns by using cookies, and we will seek your consent to such use where we are legally required to do so. We use certain third-party applications to help us do this. For example, we use Google Analytics, a service which analyses website traffic data and webpage usage. Google Analytics does not identify individual users or associate your IP address with any other data held by Google (see www.google.com/policies/privacy/partners/ for more information).
Marketing and other communications
We may also wish to provide you, or permit selected and named third parties to provide you, with the information about services or products we feel may interest you. We will always give you the option to provide opt-in consent to receive different kinds of marketing communications from us or third parties or you can decide not to do so.
OPT-ING OUT: You can withdraw your consent or opt-out of any type of marketing communication from us at any time by following the instructions provided to you in the relevant communication (for example, the ‘unsubscribe’ link in an email) or you may contact us at firstname.lastname@example.org. If you have chosen to receive marketing communications from another organisation, your relevant personal data will be passed onto that organisation and will be held in accordance with their privacy policies. You should contact the relevant organisation directly if you no longer want to receive their marketing communications.
Note that even if you do not provide your consent, or subsequently withdraw it, in respect of marketing communications we will still need to send you communications in respect of our services and your contracts with us (for example, booking terms and confirmations and emergency information).
Website/ business administration
We use Identity, Contact and Technical Data to maintain our website and for internal operations, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data. We use this data on the basis that it is necessary: (a) for our legitimate interests: running our business, the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; and (b) to comply with a legal obligation.
We also use Technical and Usage Data to improve our website to ensure that content is presented in the most effective manner for you and for your computer and allow you to participate in interactive features of our service, when you choose to do so.
We may have to use your personal data which we hold to protect your or someone’s else’s vital interests, for example, to make contact in rare emergency situations. We could also have to use your personal data in connection with legal and regulatory or policy matters such as our maintenance of business records, compliance with our environmental policy, compliance with external reporting requirements and internal policies and procedures and responses to requests by government, law enforcement, regulators, courts, rights holders or other third parties including in respect of the use or misuse of intellectual property, such as our brand or media rights, or those of our licensees/ commercial partners or their parties. Therefore, we use this data on the basis that it is necessary both for our legitimate interests in protecting, defending and enforcing rights and interests in this way and also so that we can comply with legal obligations.
What Cookies does our website use?
Who will we disclose your personal data to?
We may share personal data with other parties in order to achieve our purposes (see What will we do with your personal data?):
Group companies: We may share your personal data with any entity of the Air Partner Group and, if necessary, with local agents outside the UK where those agents act on our behalf. Our headquarters and servers are primarily located in the United Kingdom using either on premise servers or the Microsoft Azure platform but your personal data may be transferred to or accessed by any of our offices in other countries, including offices outside the UK where we have a legal or contractual obligation to do so or to enable the provision of our services or products (see International Transfers below).
Third party service providers: We use third party organisations to provide services to us or to you on our behalf, including:
(i) flight operators, handling agents, ground transport providers and other agents/ sub-contractors necessary for the performance of any contract we enter into with you;
(ii) analytics, social media platforms and search engine providers that assist us in the improvement and optimisation of our website;
(iii) providers of IT systems such as Microsoft D365 or Learning Management Systems, and or their administration or maintenance;
(iv) credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you; and
(v) market research companies if we carry out marketing or client care surveys to gain feedback and improve our services and products.
(vi) Coroners, medical examiners, disaster victim identification teams, funeral directors, and other relevant response agencies.
In providing their services, they may access, receive, maintain or otherwise process personal data on our behalf (to the extent necessary). Our service providers only process personal data in accordance with our instructions and are not permitted to use your personal data for their own purposes.
Legally required: We may also disclose your personal data where we are under a duty to do so in order to comply with any legal obligation, or in order to enforce or apply the terms of a legal agreement; or to protect the rights, property, or safety of the Air Partner Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Business sale: we may have to share certain personal data if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
Notwithstanding anything else in this privacy statement, we may share aggregated or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and individuals cannot be re-identified.
Some countries outside of the UK and European Union (EU) do not have laws that protect privacy rights as extensively as the UK and countries within the EU. Given the nature of our services, however, it is likely that personal data will need to be processed by staff operating outside the EU or the UK in such countries who work for us or for one of our suppliers (see Who will we disclose your personal data to?). Where possible, however, when we transfer your personal data outside of the EU or the UK, to a territory for which an adequacy decision has not been made under the GDPR, we will try to ensure that your personal data is afforded a similar degree of protection, in accordance with Data Protection Law.
Security of your personal data
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
Once we have received your personal data, we will use strict procedures and security features to try to prevent your personal data transmitted, stored or otherwise processed from being accidentally or unlawfully destroyed, lost, altered, disclosed or accessed (a Data Security Breach). In addition, we limit access to your personal data to those employees, contractors and other third parties who have a business need to know. They will only use your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Data Security Breach and will notify you and any applicable regulator where we are legally required to do so.
Where we have given you (or where you have chosen) a username and/or password which enables you to access certain parts of our website, you are responsible for keeping your username and password confidential. Please do not share your username or password with anyone.
How long do we keep your personal data?
We will only keep (or “retain”) your personal data for as long as necessary to fulfil the purposes we collected it for (see What will we do with your personal data?), including for the purposes of satisfying any legal, accounting, disaster victim identification, long term storage and return of personal effects, memorial planning or reporting requirements.
To determine the appropriate retention period, we review – in addition to the purposes of use and how we can achieve them – other relevant factors such as the nature and scope of the personal data, the potential risks to the individuals to whom the information relates from a Data Security Breach, and the applicable legal requirements, for example the limitation period for which legal claims can be made in court. For example, we need to keep basic information about our customers (including identity, contact, financial and transaction information) for at least six years after they cease to be customers.
We will also retain your email address on our internal suppression list after you have opted-out of receiving communications from us to ensure that we do not contact you again (in accordance with good industry practice).
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under Data Protection Law, you have certain rights (depending on the circumstances) in connection with your personal data:
If you would like a copy of your personal data, believe that any personal data we are holding on you is incorrect or incomplete, or have any other queries in relation to any other rights, please contact us at email@example.com. We will comply with your request within a reasonable period unless we have a lawful reason not to do so. To exercise your rights, we may ask you to verify your identity and cooperate with us in our effort. Please note that requests must be made in writing (including email). In responding to such requests, we will explain the impact of any objections, restrictions or deletions requested.
Please note that we may need certain information to enable us to provide you with the services and/or information you ask for, so changes you make to your preferences or restrictions you ask us to make on how we use your personal data may affect what services and information we can provide.
You also have the right to complain to the relevant data protection regulator in your country if you believe we have not handled your request in an appropriate manner, for example the Information Commissioner Office (ICO) in the UK (www.ico.org.uk). However, we would appreciate you contacting us in the first instance, so that we may seek to resolve any complaint or query.
Is there a fee?
We will not charge you a fee to exercise your rights unless your request is clearly unfounded or excessive, in which case we may charge you a reasonable fee. Alternatively, we may refuse to comply with the request in such circumstances.
Links to other websites
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates (the Other Sites). The owners and operators of those Other Sites are responsible for their collection or use of your personal data and you should check their respective privacy policies/ notices if you follow a link to any of these Other Sites.
Changes to this privacy notice
This privacy notice was last updated in November 2021. Any changes we may make to this privacy notice in the future will be posted on our website. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access our website or use our services.
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to firstname.lastname@example.org.