Privacy Policy
Learn how we handle your data
Cambridge Flying School, (us, our, we, CFS) is committed to protecting and respecting your privacy.
This privacy policy explains how personal data is collected and used when you engage with our website found at www.cambridgeflyingschool.com (Website) or via any other means including mobile and web-applications in main domain or any sub-domains (App). It also explains how we process any data that you supply to us on the Website, App or otherwise. CFS is the controller of any personal data that you supply to us.
It is important that you read this policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them. If, for any reason, you do not agree to the terms of this policy, please stop using this Website or App.
Please note that our Website or App are not directed at children under the age of 13 and we do not knowingly collect personal information about children.
What is Personal Data?
Where this Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, your contact details and even your IP address.
What personal data do we collect and how?
The personal data collected depends on how you interact with us and our Website or App. You can browse the Website or App, you can fill in forms on the Website or App to request information, download blogs and other activities, and can interact with us directly via other means.
We may collect and hold the following personal data (these will not always be personal data, depending on the context in which they are collected, the actual data collected, and whether the data collected allows us to directly or indirectly identify you) from you:
- username (which may or may not contain your name, and may therefore not always be personal data);
- email address;
- telephone number;
- address
- age;
- date of birth;
- IP address;
- operating system, browser type and version (which may not always be personal data);
- location (which may not always be personal data);
- details as to how you use and interact with our Website or App and products;
- your preferred language;
- job title;
- personal documents and flight documents data;
- family and members data information;
- your marketing and communication preferences; and
- others not mentioned here, but required for legal or flight operations requirements.
We use different methods to collect data from and about you including:
when you voluntarily supply your personal data to us, for example:
if you use the Website or App to upload or send personal data (by filling out a form, subscribing to a publication or newsletter, ‘contact us’ via an online form, taking part in an online survey, posting a comment, entering competitions, or similar activities in which you volunteer data about yourself); if you contact us by post, telephone, email or SMS, if you provide us with your data in person; and if you report a problem with a Website or App; we may also collect information about you when you visit the Website or App through the use of technologies such as cookies, for example Google Analytics and HotJar; through third parties to which you provide personal data, for example Mailchimp and Google Analytics.
How do we use your personal data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you;
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or where we need to do so in order to comply with a legal or regulatory obligation.
The following table sets out how we handle your personal data, the purposes for which we use it, and our legal basis for doing so under GDPR and Data Protection Act 2018.
What We Do
Our Legal Basis for Processing
Use your contact details and name to respond to a query or discussion in relation to our services or your services..
We do this on the basis that it is necessary step to take at your request in order to enter into, or discuss entering into, any agreement for our or your services.
Use your contact details and name to contact you regarding the services we provide.
We do this on the basis that it is necessary for the purposes of our legitimate interests so that we can gather more information for the provision of our services, or to deliver the services most effectively. Such legitimate interests are not overridden by your rights and freedoms, as all of our services are business-to-business in nature, and so this contact is low-risk in nature.
Use your contact details to send you our regular newsletter.
We do this on the basis that it is necessary for the purposes of our legitimate interests so that we can provide you with our newsletter. You will always have the option to opt-out of this newsletter.
Use your contact details to send you email marketing about products and services which we may provide to you.
We do this on the basis that it is necessary for the purposes of our legitimate interests so that we can provide you with relevant information as to our products and services.
You will always have the option to opt-out of these marketing emails.
Use your personal data as required to fulfil any obligations arising from any contracts entered into between us and you.
We do this on the basis that it is necessary for the performance of our contract with you.
Use your personal data, in particular data as to how you access and use our Website or App, to personalise your experience of our Website or App, to help us to respond better to your individual needs and to improve our services and customer experience.
We do this on the basis that it is necessary in our legitimate interest to ensure that our Website or App is delivered, and our services are provided, in the best possible way.
To send you periodic email or notifications about our services, technology, events and any updates or changes to them.
We do this on the basis that:
it is necessary in our legitimate interest to keep you up to date on our services, technology and events; and some communications with you are necessary for the performance of our contract with you under which we are obliged to provide you with services.
To create and analyse Website or App usage, data on the devices used to access our Website or App and our services generally, including to monitor and improve performance.
We do this on the basis that it is necessary in our legitimate interests to constantly monitor and seek to improve our performance.
We may review your personal data if we have reason to believe that our services or our Website or App have been used unlawfully or illegally, or if any services provided to you have resulted in an unlawful or illegal act. We do this on the bases that:
it is necessary in our legitimate interest to ensure that our services are being used appropriately and lawfully; and
where relevant, it is necessary to protect your or any third party’s vital interests – this will only be the basis where we have reason to believe that you or any third party have or may come to harm.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Marketing:
From time to time, we may send you information regarding that which we perceive may be of interest to you or your business. You may receive this information by letter, telephone or email.
We send this marketing on the basis that it is necessary for the purposes of our legitimate interests so that we can provide you with relevant information as to our products and services. You will always have the option to opt-out of these marketing emails by emailing us.
Will we share your data?
Depending on how and why you provide us with your personal data we may share it in the following ways:
we may share your personal information with any member of our company group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; with selected third parties, such as law enforcement, regulatory authorities or where we are legally obliged to share the information, or service providers, such as professional advisers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services with analytics and search engine providers that assist us in the improvement and optimisation of our Website or App and services; and other specific third party processors that we use to process your data in accordance with this privacy policy, including Mailchimp, EventBrite, Survey Monkey, Salesforce and BrightTalk.
We may also disclose your personal information to third parties in the following events:
if we were to sell or buy any business or assets, in which case we might disclose your personal information to the prospective seller or buyer of such business or assets as part of that sale;
if CFS or substantially all of its assets are acquired by a third party, in which case personal information held by us about our customers will be one of the transferred assets;
if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect the rights, property, or safety of us, you or any third party or if we are asked to provide your details to a lawful authority in order to aid in the investigation of crime or disorder; this includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and/or in order to enforce or apply our Website’s or App’s terms of use or terms and conditions.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
We do not sell, trade, or otherwise transfer your personal identifiable information to outside parties other than as set out in this privacy policy.
Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”). These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; or where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
How long do we keep your personal data?
We will hold your personal information on our systems only for as long as required to provide you with the services you have requested or to perform the purpose for which that data was collected. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where you sign up to receive e-mail marketing from us we will retain your e-mail address on file should you ever ‘opt-out’ of receiving e-mails from us. We will retain your e-mail address in this way in order to ensure that we continue to honour and respect that opt-out request.
In some circumstances you can ask us to delete your data: see ‘Your Rights’ below for further information.
Data Security
We take the protection of your information very seriously. We use encryption (SSL) to protect your personal data when appropriate, and all the information provided to us is stored on secure servers once we receive it. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We may store your personal data on secure servers either on our premises or in secure third-party data centres. If we ever give you (or where you have chosen) a password which enables you to access certain parts of this Website or App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Your Rights
You have the following rights in relation to the personal data held on you by the Group:
- right to be informed about how the personal data is used (this notice);
- right to access a copy of the personal data that CFS holds about you;
- right to correction of any errors in personal data held by CFS;
- right to erasure of any personal data;
- right to restrict processing;
- right to data portability;
- object to or restrict the processing of your personal data in certain circumstances; and
- right to object to direct marketing communications at any time.
If you wish to learn more about these rights please contact CFS on the address below.
Changes
If we decide to change this privacy policy, any changes will be posted on this page.
Last updated December 2020.
Other Websites
Our website may contain links to other sites. This privacy policy only applies to this website so when you link to other websites you should read their privacy policy.
Contact Us
Cambridge Flying School – Registered in England and Wales. Registered office 16 Apley Way, Lower Cambourne, Cambridge, England, CB23 6DF.
If you wish to contact us in relation to this privacy policy please contact us at info@cambridgeflyingschool.com.
Cookie Policy
CFS, along with its third-party providers, sets and uses cookies and similar technologies to store and manage user preferences, deliver targeted advertising, enable content, and gather analytic and usage data. The use of cookies and other tracking technologies is standard across websites and apps through which information is collected about your online activities across applications, websites, or other services. More information about how CFS uses cookies and similar technologies and how you can control and manage them is below.
What is a Cookie?
A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: absolutely necessary cookies, performance cookies, functional cookies, and cookies for marketing purposes.
Types of Cookies and Why We Use Them
absolutely necessary cookies: These cookies are essential to enable you to move around a Website or App and use its features. Without these cookies particular services cannot be properly provided.
performance cookies: These cookies collect information about how you use our services and Website or App. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. These cookies do not collect information that personally identifies you and only collect aggregated and anonymous information. Performance cookies are used to improve the user-friendliness of a website and enhance your experience.
functionality cookies: These cookies allow the our Website or App to remember choices you make and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other customisable parts of web pages. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.
targeting and advertising cookies: These cookies track browsing habits and are used to deliver targeted (interest-based) advertising. They are also used to limit the number of times you see an ad and to measure the effectiveness of advertising campaigns. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations, such as advertisers.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
- Cookie
- Purpose
- Functionality
CFS uses many cookies to make our Website, App and services work. These include cookies that customise your experience, recognise you when you return to our Website and services and generally improve your user experience.
Analytics
Cookies collect information and report website usage statistics without personally identifying individual visitors. In addition to reporting website usage statistics, Google Analytics can also be used, together with some of the advertising cookies described below, to help show more relevant ads on Google properties (like Google Search) and across the web and to measure interactions with the ads we show. Hotjar uses cookies and other technologies to collect data on users’ behaviour and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website.
Advertising
CFS uses cookies to make advertising more engaging to users and more valuable to publishers and advertisers. Some common applications of cookies are to select advertising based on what’s relevant to a user; to improve reporting on campaign performance; and to avoid showing ads the user has already seen.
Google uses cookies like NID and SID to help customize ads on Google properties, like Google Search. For example, CFS uses such cookies to remember your most recent searches, your previous interactions with an advertiser’s ads or search results, and your visits to an advertiser’s website. This helps us to show you customized ads on Google.
Sometimes advertising cookies may be set on the domain of the site you’re visiting. In the case of advertising our services across the web, cookies may be set on the domain of the site you’re visiting. Unlike cookies that are set on Google’s own domains, these cookies can’t be read by Google when you’re on a site other than the one on which they were set. They serve purposes such as measuring interactions with the ads on that domain and preventing the same ads from being shown to you too many times.
Google also uses conversion cookies, whose main purpose is to help advertisers determine how many times people who click on their ads end up purchasing their products. These cookies allow Google and the advertiser to determine that you clicked the ad and later visited the advertiser’s site. Some of CFS’s other cookies may be used to measure conversion events as well. For example, DoubleClick and Google Analytics cookies may also be used for this purpose.
Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
Managing Cookies
You can manage website cookies in your browser settings, and you always have the choice to change these settings by accepting, rejecting, or deleting cookies. If you choose to change your settings, you may find that certain functions and features will not work as intended on our Website and services. All browser settings are slightly different, so to manage cookies, you should refer to the relevant settings within your browser.
We understand that you may want to know more about cookies. Here are some useful resources that provide detailed information about types of cookies, how they are used, and how you can manage your cookie preferences: www.aboutcookies.org or www.allaboutcookies.org.