Privacy Policy and Fair Processing Notice
Courier Facilities Limited is committed to protecting and respecting your privacy. This notice sets out how we collect and use your personal information.
The privacy notice sets out:
- who we are
- what personal data we collect and store about you, and how we collect it
- why we collect personal data and what we do with it
- the categories of third parties with whom we share your personal data
- how we retain and store your information
- your rights and how to exercise them
- how to contact us
1. Who we are
Data Controller: For the purposes of data protection law, the “data controller” is the person or organisation who determines the purposes for and the manner in which any personal data is processed. The data controller is Courier Facilities Limited, a company incorporated and registered in England and Wales under company number 01705359 and having its registered office address at Building 580/1, Sandringham Road, Heathrow Airport, TW6 3SN, United Kingdom (referred to as “CFL”, or as “we” and related words such as “us” and “our”). Our registered VAT number is GB226287359.
As data controller we are responsible for, and control the processing of, your personal data. We are registered as a data controller with the Information Commissioner’s Office (ICO).
If you would like to contact us about this notice or if you wish to receive further information, our details are as follows:
E-mail: DPT@cfl.aero
Post: Data Protection Officer, Courier Facilities Limited, Building 580/1 Sandringham Road, Heathrow Airport, Middlesex TW6 3SN
2. The information we collect from you
In the course of our business, we collect the following personal data when you provide it to us:
- personal details, such as name and title, username, gender, date of birth
- contact data, such as address, billing details, e-mail address, telephone and mobile numbers and any other personal information you provide
- image data, namely CCTV images and ID pass photos
- transaction data, such as details about payments to and from you, details of services you have purchased from us and credit referencing results
- profile data, such as ID pass information
- usage data, such as information about how you use your ID pass
- marketing data, such as your preferences in receiving marketing and communications
We do not knowingly collect “sensitive” personal data. Sensitive data is data to which more stringent processing conditions apply, and includes data concerning your race or ethnic origin, religion, political opinions, trade union membership, health, sex life or sexual orientation, and genetic and/or biometric data. We do not collect information about criminal convictions or offences.
3. How we collect personal data
We obtain personal data directly from you when you interact with us, for example when you:
- create an account
- request information
- email us
- phone our accounts and customer services teams (since your call may be recorded for training, fraud prevention and investigation purposes)
- create and use an ID pass
- take part in a survey or give us feedback
4. How we use your personal data
Introduction
We will only use your personal data for lawful purposes. Most frequently, we will use your personal data in the following circumstances:
- to allow you to register for an account
- to enable us to perform our services for you
- if it is necessary for our legitimate interests (or those of a third party) and these are not overridden by your own rights and interests
- where we need to comply with a legal or regulatory obligation.
Lawful processing
In order to process personal data, we must have a lawful reason. We will always ensure that this is the case, and we set out our lawful bases below. We will use your personal data only for the purposes for which we collected it, unless we fairly consider that we need it for another reason that is compatible with the original purpose.
Contractual Necessity
As our customer or potential customer we will process your personal data for the following purposes, on the legal basis that it is necessary for us to provide our services to you:
- to identify you
- to respond to your inquiries
- to allow you to register for an account
- to provide you with information you have requested in relation to our services before you decide to use them
- to contact you about our service
- to carry out billing and administration activities, including credits
You are not obliged to provide us with any of this information, but if you chose not to, we may be unable to provide the service that you have requested.
Legitimate Interests
We process your personal information for our legitimate business purposes, which include the following:
- to conduct and manage our business
- to analyse, improve and update our services for the benefit of our customers
- to deal with complaints
- to identify suspicious or criminal activity (for example, suspected smuggling)
- where you have used our services, to let you know about our services (including disruptions to), promotions or events that we consider may be of interest to you. You can opt out of receiving this information by asking to unsubscribe from our emails or by contacting us as set out in Section 1 above.
Whenever we process your personal data for these purposes, we ensure that your interests and rights are carefully considered.
Compliance with laws
We may process your personal data in order to comply with applicable laws, for example, if we are required to co-operate with a criminal investigation.
Consent
You have the right to withdraw consent to receive information from us at any time and can do so by contacting us as set out in Section 1 above.
5. Sharing your personal data (disclosure to third parties)
We may provide your personal data to the following recipients for the purposes set out in this notice:
- other service providers, including airlines and ground handlers, e-mail and mail service providers and technical and support partners, such as the companies who host our website and who provide technical support and back-up services
- law enforcement agencies, government or public agencies or officials, regulators, including UK Border Force, CAA, the Police, HMRC and any other person or entity that has the appropriate legal authority where we are legally required or permitted to do so, to respond to investigations, claims, or to protect our rights, interests, privacy, property or safety
- any other parties, where we have your specific consent to do so.
6. Provision of personal data
To provide our services to you, we will need some or all of the personal data described above so that we can perform that service or the steps that lead up to it. If we do not receive the data, the service could not be performed.
7. How long we retain personal data for
We carefully consider the personal data that we store, and we will not keep your information in a form that identifies you for longer than is necessary for the purposes set out in this notice or as required by applicable law. In some instances, we are required to hold data for minimum periods: for example, UK tax law specifies a set period for retention of some of your personal data.
8. Transfers of personal data outside the EEA
We may transfer your personal information to a location outside of the European Economic Area if we consider it necessary or desirable for the purposes set out in this notice. In such cases, we will safeguard your privacy rights and transfers will only be made to recipients with adequate safeguards in place for the protection of personal data.
9. How we keep your personal data secure
CFL has security measures in place designed to prevent data loss and unauthorised access to the data and to preserve data integrity. Only authorised CFL employees and third parties processing data on our behalf have access to your personal data. All CFL employees who have access to your personal data are required to adhere to the Courier Facilities Limited Data Protection Policy, CCTV Policy and Privacy Notice and we have in place agreements with our third-party data processors to ensure that your personal data is processed only as instructed by CFL.
Please contact us using the details in section 1 of this notice if you would like more information about this.
10. Your information rights
You have the following rights under data protection law:
- right to be informed about the collection and use of your personal data
- right of access to your personal data, and the right to request a copy of the information that we hold about you
- right to have inaccurate personal data that we process about you rectified if you believe it to be out of date or incorrect
- the right of erasure and in certain circumstances the right to be forgotten
- the right to object to, or restrict processing of personal data concerning you for direct marketing and in certain other situations, to our continued processing of your personal data
You will not have to pay a fee to access your personal data or to exercise any of the other rights set out above. Please contact us using the details in Section 1 of this notice if you would like to exercise any of these rights or know more about them.
These rights are subject to certain limitations that exist in law. Further information about your information rights is available on the ICO’s website: www.ico.org.uk.
11. Changes to this privacy notice
We may change this notice from time to time. You should check this notice on our website occasionally, in order to ensure you are aware of the most recent version.
12. What should you do if you have a complaint?
Please contact us using the details in Section 1 of this notice so that we may assist you and hopefully resolve your issue.
Alternatively, you have a right to raise a concern with the Information Commissioner’s Office: www.ico.org.uk.