Privacy policy
ICO REGISTRATION NUMBER:
Organisation name: Airport Ontime Limited
Reference: ZB104249
DATA PROTECTION POLICY
Data Processing & Storage
The following policies explain how Airport ontime obtain, store and process your personal information. We are committed to ensuring that your privacy is protected and are registered with the information commissioner’s office (UK) to ensure transparency and GDPR provision compliance (GDPR (EU) 2016/679). Should we ask you to provide certain information by which you can be identified when using our products and services, you can be assured that it will only be used in accordance with this privacy statement.
Please note: All telephone calls are recorded & all emails are stored for monitoring purposes. We use the latest AVAYA system to make and receive calls through an encrypted watchdog. This device encrypts all calls for security purposes, this is provided by Vale communications.
What Personal Data Do We Collect?
We may collect the following information when you use our products or services:
-
Name, telephone number and email address
-
Booking information including the date & time, pickup location and destination.
-
Additional information including Aeroplane flight number, luggage and child seat requirements.
What Sensitive Data Do We Collect?
We will only collect the following information upon receiving specific authority to do so from individuals who have agreed to our terms & conditions and privacy policies.
-
Debit or credit card details (card number, expiry date, CVC and AVS)
How Do We Collect Or Obtain Your Personal Data?
-
When you input your data through electron forms on our website
-
When you input data through our mobile booking application
-
When you contact us by phone, email and writing
-
When you order goods or services from us
-
When you post or react to our social media channels
How Do We Collect Or Obtain Your Sensitive Data?
-
When you verbally tell us over the phone
-
When you input data through our mobile booking application
How Do We Process Your Personal Data?
All personal data relating to the booking of our services and products is processed using our cloud-based computer software provided by “Cordic limited”. Cordic is registered as a data handler for the purposes of GDPR provision compliance (GDPR (EU) 2016/679).
How Do We Process Your Sensitive Data?
All sensitive personal data relating to the payment of our services and products is processed using our cloud-based merchant providers “Stripe”. Stripe is a payment services provider that lets merchants accept credit and debit cards or other payments.
Payment security is a priority for Stripe. This is evident through the various measures it uses to protect card information.
Here are some of those security measures:
-
PCI Service Provider Level 1 Certification - The highest level of certification in the payments industry.
-
Encrypted Data and Communication - The service uses PGP keys for safe communication.
-
Money Transmitter Licenses - Stripe complies with legal regulations for payment platforms.
How Long Do We Store Your Personal & Sensitive Data
As required by law, all data is stored for a minimum period of six months from the point of service or purchase. After this period has lapsed, data can be deleted upon request.
Who Do We Share Your Personal & Sensitive Data With?
All data that is collected, processed and stored is secure and we do not share it with third parties.
Upon lawful request from authorities, we are obliged to assist and share personal data.
What Happens In The Unlikely Case Of A Data Breach?
If a data breach was to occur the ICO and affected consumers would be notified within 72 hours.
How Do We Detect A Data Breach?
Although unlikely, we must remain vigilant that a data breach could occur.
Airport ontime have kept the “supply chain” very compact, communicating directly with Cordic, Vale and Adelante, so that we can work in partnership to detect and inform of data breaches. Each member of the supply chain has stringent data policies and security, and they have a duty of care to inform us of any data issues at the earliest possibility.
Data Protection Officer & What They Do?
We have a sole dedicated data protection officer who is registered with the ICO. You can contact our officer at anytime for enquiries or more information. The officer is responsible for overseeing the security and protection of both personal
and sensitive data. Our data protection officer is the only person who has access to sensitive data for the purpose of refunds and monitoring.
What Measures Do We Take To Ensure The Security Of Your Personal & Sensitive Data?
All members of office staff & drivers have received training and adhere to strict privacy & data protection policies. Airport ontime have kept the “supply chain” very compact, working directly with Cordic, Vale and Adelante, so that we have a complete overview of how data is collected, processed and stored. Personal data is retained within our booking office cloud software (Cordic) at all times and only trained office staff have restricted access. Our data protection officer is the sole person who has restricted access to your sensitive data.