1. What is a Privacy Notice?
Your privacy is important to us. This Privacy Notice applies when you visit or use our websites, apps and other services, including events, that refer or link to this privacy policy (each, a “Service”). This privacy Notice may be supplemented by additional privacy statements, terms or notices provided to you. When we process your personal data, we will comply with relevant data protection and privacy legislation.
Your personal data includes all the information we hold that identifies you or is about you. It does not include data where the identity has been removed (anonymous data). More information about the types of personal data we collect from you is set out below.
Everything we do with your personal data counts as processing it, including collecting, storing, amending, transferring and deleting it. We will comply with the relevant legislation to make sure that your information is properly protected and used appropriately.
2. Who are we?
This Privacy Notice is issued on behalf of The Travel Division so when we mention “The Travel Division”, “we”, “us” or “our” in this Privacy Notice, we are referring to the company that is responsible for processing your data.
The Travel Division means either: The Travel Division Ltd (registered in England & Wales with CRN: 08697954, of Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, UK) or The Travel Division Inc. (registered in New York with DOS ID: 6436679, of 1200 RXR Plaza, Uniondale 11556, New York, NY, USA). The Travel Division is deemed a data controller. However, where The Travel Division is provided with information from a third party or a customer relating to a passenger that we are arranging a service for we are data processors and will only process such data in accordance with the third party’s or the customer’s instructions.
3. What personal data do we collect?
When you purchase a service, purchase a product, contact us or complete an online form, we may collect a variety of information, including, but not limited to; your name, title, job title, mailing address, telephone number, email address, passport details, credit/debit card or bank details.
We process most of your information on the grounds of the fulfillment of our contract with you, namely to confirm your order, contact you about delivery of services, arrange for your payment to be processed and provide you with the products you have purchased. We may also use your personal data for our legitimate interests, including for the purposes of fraud protection and for training and quality.
Special category data is a category of personal data which requires more protection because it is sensitive in terms of applicable law, such as data concerning health. Health data will only be processed for the purposes of ensuring your safety prior, during and after a flight, and where we have received your consent. By providing this sensitive personal data to us, you explicitly agree that we may collect, use, share with third parties (such as airlines) and transfer such data.
Payment Information
We may collect payment information relating to your credit, debit, or other payment card number, cardholder name, expiration date, authentication code and billing address associated with your payment instrument at the time of your transaction in order to process your payment. However, in rare cases where certain services may be billed via payment cards we will collect and transmit such data to payment providers but not store such data.
4. How is personal data collected?
Direct Interactions
You may give us your personal data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you: place an order for our products or services; submit a query about our products or service whether by email or phone; request for marketing to be sent to you; or give us feedback or contact us for any other reason.
Third Parties
We may collect your personal data from third parties, such as our customers who may be providing your passenger details for the purpose of arranging a service. We may also collect information from publicly available sources (such as Companies House) and data suppliers to validate or supplement the information we hold.
5. When will we contact you?
- In relation to any service, product, activity or online content you have signed up for to ensure that it can be delivered or provided, e.g. to ensure payment of your services, offer other flight related services or upgrades, or to enquire whether you’re in need of our services;
- In relation to any correspondence we receive from you or any comment or complaint you make;
- To invite you to participate in voluntary surveys.
- To update you on any material changes to policies and practices.
- To keep you informed periodically on relevant products and services that we think may be of interest to you. Types of communication include quarterly newsletters or updates by email.
We will only send you marketing material if we are entitled to do so under data protection and privacy legislation, which usually means we either have your consent to send you marketing, we send it to you because you are one of our existing customers, or on the grounds of Legitimate Interest. You can unsubscribe to our marketing communications at any time, either by clicking “unsubscribe” in any marketing email we send to you or by contacting us using the contact details at the end of this Privacy Notice.
6. How long do we keep personal data?
Your personal data is retained for the duration of our relationship with you, or no more than 6 years from the date you place your order. This enables us to deal with maintaining business and financial records, resolving disputes or warranties. After that date your personal data will be deleted or anonymised so that it is no longer personally identifiable. Your information will be kept securely at all times.
Further to the above, we retain your personal data as long as it is necessary and relevant for our operations. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. In addition, we may retain personal data relating to previous booking activity to comply with national laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted or required by applicable national laws.
After it is no longer necessary for us to retain your personal data, we anonymise part of the data for analytical purposes and dispose of the rest in a secure manner. If you have any questions in relation to our retention periods, please contact us at dataprivacy@thetraveldivision.com.
7. Who we share personal data with?
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Below is a list of potential third parties that we may share your personal data with.
Our service providers
This includes external third-party service providers, such as an airline for when you book a flight; accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.
Governmental authorities and third parties involved in fraud prevention and law enforcement.
We may share Personal Information with governmental or other public authorities (including, but not limited to, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.
Our group companies
We are a member company of Mountfitchet Group Ltd. We may share your personal data with certain members of our group companies. Where they have access to your personal data, they will use it only for the purposes set out in this Privacy Notice. We will remain responsible for the management and security of jointly used Personal Information. Access to Personal Information is restricted to those individuals who have a need to access the information for our business purposes.
Mergers and acquisitions
To the extent that it is necessary, third parties to whom we may choose to sell, transfer or merge parts of our business or our assets may gain access to your personal data. Alternatively, we may seek to acquire other businesses or merge with them at which point they may also gain access to your personal data. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.
Whenever we transfer your personal data, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:
- we will only transfer your personal information to countries that have been deemed to provide an adequate level of protection to it by the relevant authorities; or
- we may make the transfer of your personal information subject to specific contractual provisions which ensure it is suitably protected.
Please contact us if you want further information on the specific methods used by us when transferring your personal data.
8. How do we keep personal data secure?
We are committed to keeping your personal data safe and secure from unauthorised access, unauthorised alterations, disclosure or destruction of information that we hold.
Our security measures include:
- encryption of our services and data;
- review our information collection, storage and processing practices, including physical security measures;
- access control restrictions for personal information;
- contractual confidentiality and processing agreements for employees and/or third parties who may require access to personal data; and
- internal policies setting out our data security procedures and training for employees.
9. What rights you have in relation to personal data?
We do not carry out any automated decision making using your personal data (i.e. making a decision without any human involvement), nor is your personal data used for any profiling purposes.
Under certain circumstances, by law you have the right to request access to your personal information, request correction of the personal information that we hold about you, request erasure of your personal information where there is no good reason for us continuing to process it, object to processing of your personal information and there is something about your particular situation which makes you want to object to processing on this ground, request the restriction of processing of your personal information or request the transfer of your personal information to another party.
You have the right to withdraw your consent to the processing of your personal data at any time. To withdraw your consent, please contact us using the contact details below. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so.
These rights apply for the period in which we process your data. There are certain caveats and exemptions to those rights which mean that in some circumstances you may not be entitled to exercise them, if we believe that is the case upon receipt of a request from you, we will let you know.
10. Need to contact us?
For any queries or comments about this Privacy Notice or updates, amendments and corrections to your records, or for personal data requests, please contact dataprivacy@thetraveldivision.com or by post to: Data Protection Team, The Travel Division, Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom.
If you wish to make a complaint about how we use your information, please contact our Data Protection team. You can also contact the local data protection authority.
11. Changes to Privacy Notice
We will occasionally update this Privacy Notice in accordance with business and legal requirements. We will post a notice of any material changes on our website, and where appropriate, notify you using the contact details we hold for you for this purpose. We encourage you to periodically review this Privacy Notice to be informed of how we use your information.
12. Supplementary Notices
This Notice supplements our Privacy Notice and applies solely to California and Virginia consumers. Terms used but not defined shall have the meaning ascribed to them in the California Privacy Rights Act of 2020 (“CPRA”) or the Virginia Consumer Data Protection Act (“VCDPA”), as applicable. This Notice does not apply to personal information that we process as a service provider on behalf of our customers or that we collect from job applicants, contractors or employees.
Personal information collected and disclosed
We collect and disclose the following categories of personal information and have collected and disclosed these categories in the preceding 12 months:
Category | Examples | Collected |
A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. | YES |
B. Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories. | YES |
C. Protected classification characteristics under California or federal law | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | NO |
D. Commercial information | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric information | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | NO |
F. Internet or other similar network activity | Browsing history, search history, information on a Consumer’s interaction with a website, application, or advertisement. | YES |
G. Geolocation data | Physical location or movements. | YES |
H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | YES |
I. Professional or employment-related information | Current or past job history or performance evaluations. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other Personal Information | Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
L. Sensitive Personal Information | A Consumer’s social security, driver’s license, state identification card, or passport number; a Consumer’s account log-ln, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; a Consumer’s precise geolocation; a Consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership; the contents of a Consumer’s mail, email and text messages, unless the business is the Intended recipient of the communication; a Consumer’s genetic data; and the processing of biometric information for the purpose of uniquely identifying a Consumer; Personal Information collected and analyzed concerning a Consumer’s health; or Personal Information collected and analyzed concerning a Consumer’s sex life or sexual orientation. | NO |
We may use or disclose the personal information we collect for one or more of the following business purposes:
- To provide you with information, products or services that you request from us.
- To provide you with email alerts, event registrations and other notices concerning our products or services, or events or news, that may be of interest to you.
- To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collections.
- To improve our website and present its contents to you.
- For testing, research, analysis and product development.
- As necessary or appropriate to protect the rights, property or safety of us, our clients or others.
- To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
- To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.
Sharing Personal Information
We may disclose your personal information, including in the preceding 12 months, to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
Category A: Identifiers.
Category B: California Customer Records Personal Information categories.
Category D: Commercial information.
Category F: Internet or other similar network activity.
Category G: Geolocation data.
Category I: Professional or employment-related information.
Category K: Inferences drawn from other Personal Information.
We do not knowingly share the personal information of minors under 16 years of age.
Retention
We retain your personal information for as long as necessary to provide the Service and fulfil the transactions you have requested, or for other essential purposes such as complying with our legal obligations, maintaining business and financial records, resolving disputes, maintaining security, detecting and preventing fraud and abuse, and enforcing our agreements. The criteria used to determine retention periods includes the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements, and industry standards.
Consumer Rights
You may request to know whether we process your personal information and to access such personal information.
In addition, if you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request: (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the business or commercial purpose for collecting, selling or sharing personal information about you; (iii) the categories of personal information about you that we sold or shared (as defined by the CPRA) and the categories of third parties to whom we sold or shared such information; and (iv) the categories of personal information about you that we otherwise disclosed, and the categories of third parties to whom we disclosed such personal information.
You may request to correct inaccuracies in your personal information.
You may request to receive a copy of your personal information, including specific pieces of personal information, including, where applicable, to obtain a copy of your personal information in a portable, readily usable format. If you are Virginia resident, this applies to personal information you previously provided to us.
You may request that we delete your personal information, subject to certain exceptions. If you are a California resident, this applies to personal information collected from you.
You may request to “opt-out” of your personal information being sold to certain third parties, as defined by applicable law. This right may be exercised by submitting a Do Not Sell or Share My Personal Information request.
Our use of tracking technologies through some of our websites may be considered a “sale” or “sharing” of your personal information for cross-context behavioural advertising under the CPRA or target advertising under the VCDPA. You may request to opt-out of such tracking technologies by utilizing the “Cookie Settings” link on our websites that use tracking technologies for cross-contextual behavioural advertising or targeted advertising or by sending an opt-out preference signal supported by your device or browser. Your use of an opt-out preference signal will apply only to your device or browser and not to other consumer information that is not linked to your device or browser.
If you are a Virginia resident, you may request to opt out of the processing of your personal information for purposes of profiling in furtherance of decisions that produce legal or similarly significant effects concerning you.
If you are a California resident, you may also request to limit the use or disclosure of your sensitive personal information to what is necessary for us to perform our services and provide goods as requested, as authorized by regulations, or as otherwise permitted under the CPRA. This right may be exercised by submitting a Limit the Use of My Sensitive Personal Information request.
We will not unlawfully discriminate against because you exercise any of your rights under the CPRA or VCDPA.
We do not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
How to Make a Request
You may make a request for the disclosures, correction, opt-out, or deletion described above by contacting us at:
Email:
dataprivacy@thetraveldivision.com
Postal:
Air Charter Service California, Attn: U.S. Consumer Privacy Request, 11150 Santa Monica Blvd, Suite 1020, Los Angeles CA 90025
You may be required to submit proof of your identity for certain of these requests to be processed. Such information may include your First Name, Last Name, Street Address, City, Zip, and Date of Birth and either your Social Security Number or your Driver’s License Number and State. This information will be used only for the purposes of verifying your identity and processing your request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession.
You may be required to submit proof of your identity for certain of these requests to be processed. Such information may include your First Name, Last Name, Street Address, City, Zip, and Date of Birth and either your Social Security Number or your Driver’s License Number and State. This information will be used only for the purposes of verifying your identity and processing your request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession.
We will respond to your request consistent with the CPRA and the VCDPA, as applicable.
De-Identified Information
Where we maintain or use de-identified data, we will continue to maintain and use the de-identified data only in a de-identified fashion and will not attempt to re-identify the data.
Changes
We will update this Notice from time to time. Any changes will be posted on this page with an updated revision date.
Contact
Email:
dataprivacy@thetraveldivision.com
Postal:
Data Protection Team, The Travel Division, Millbank House, 171-185 Ewell Road, Surbiton, Surrey, KT6 6AP, United Kingdom
Last updated: 1st February 2024