We regard your privacy as very important and we believe you should always know what data we collect from you and how we use it, and that you should have control over both.
Any personal data you provide to us will be dealt with in accordance with this policy together with any fair processing notice we may provide on specific occasions when we collect your personal data. Please read this policy and any fair processing notice provided carefully to understand our views and practices regarding your personal data and how we will treat it.
Information about us
What personal data do we collect and how do we use it?
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending marketing communications to you via email. You have the right to withdraw consent to marketing at any time by using the unsubscribe link in the marketing email communication or by contacting us by email to firstname.lastname@example.org or by post to Data Protection Group, Leeds Bradford Airport, Leeds, LS19 7TU.
We will collect personal data from you, when you register on our websites, buy a service or product from us, enter a competition, use our Wi-Fi service, use a social media platform to interact with us, make enquires or otherwise provide us with your personal data.
- Purchasing a service or product
We may collect your name, address, email address, phone number, vehicle registration number, make, model and colour, flight details and credit or debit card details. We will use this information to supply you with the service or product, to recover debt, to help us prevent fraud and keep records about your purchases. We do not store your full payment card details on our server. We do pass your full card details over a secure encrypted link to our third party payment processor who processes your payment.
In some circumstances, when your credit or debit card details are collected, our service providers may hold onto this information once payment has been taken in order to identify you as the purchaser at a later date, for example to allow you to get access to the car park if you have purchased your parking online. This information is kept secure in accordance with standard industry practice.
- Using our Wi-Fi service
When you register to use our Wi-Fi service, we will collect your name, email address, date of birth and unique device ID. We may also ask you for some additional information, although you do not have to provide this, such as your flight details. Each time you use our Wi-Fi service we may collect this information, along with details about your Wi-Fi session, such as how long you were logged into the Wi-Fi.
We process your personal data on the legal basis of our legitimate interests in giving you an outstanding airport experience including providing you with the Wi-Fi service, to simplify access to the service if you are a repeat customer and return within a 24-month period, and to help us improve our service.
- Visiting our websites
When you visit our websites, we collect data about how you use and navigate our websites and online products and services, including which links you click on, which pages or content you view and for how long, and other similar information about your interactions with our websites, such as date and time of visit, which site you came from and the exit page. We may also collect details of the device used to access our websites including your computer’s IP address, operating system type and web browser type. If you access one of our websites through a smart phone, the collected information may also include your phone’s unique device ID, and other similar mobile device data.
This information is captured using automated tracking technologies such as browser cookies and web beacon tracking pixels and through the use of third party tracking services such as Google Analytics that collect data in aggregate, such as number of visits to a particular page, or the amount of time spent on a website.
We may also use these technologies to capture information about how you respond to certain email campaigns, such as the time the email is opened and where you link to from the email.
We process your personal data on the basis of our legitimate interests in identifying ways in which we can improve your experience of our websites and to help develop our products and services.
Data collected through our websites by third party tracking technologies is retained for a period determined by the relevant third party, but which in the case of Google Analytics, for example, is a period of 26 calendar months, and then securely deleted.
We believe in safeguarding the privacy of children online and do not intentionally collect personal data from children under the age of 16. Parents or guardians are encouraged to participate in and monitor the online activities of their children.
- Social Media Interaction
We may collect personal data such as your identity, address, email address, or phone number through social media, for the purpose of responding to comments on or replies to our posts, reviews or if you if send a private or direct message.
Personal data will be stored for as long as the business matter remains and then securely deleted. Your data will not be shared with other organisations by us however your data may be collected by the social media network. To learn more about how your information may be obtained on social media, please visit the website of the relevant social network, such as Twitter or LinkedIn.
- Email Marketing
There are many exciting promotions, news, features and activities we want to keep in touch with you about by email. We invite you to consent to receive marketing information by email by using a tick box or other positive step to indicate you would like to subscribe. You may see this when purchasing a product or service, using our free Wi-Fi, browsing our website or in other situations.
So we remain up to date, in each marketing email you are given the option to change your personal preferences by following the instructions given in the email.
You may change your mind at any time and unsubscribe from receiving marketing emails by following the unsubscribe link provided in each email, or by emailing your email address to email@example.com with UNSUBSCRIBE as the subject.
We only send marketing emails where we have your explicit consent and, if you have not actively engaged with our emails for more than 2 years, your personal data will be securely deleted. However, if you subscribed to email marketing before May 2018, you have not asked us to stop and you have engaged with the content in the 2 years prior we will continue to contact you. The legal basis for this is our legitimate interests in continuing to contact you where we are not harming your rights or interests.
We seek to protect the privacy of children. If you are under 18, we will not knowingly make contact with you through marketing emails.
We may collect and use your personal data to administer a competition, or other similar marketing campaign or promotion. These events typically require the collection and use of personal contact information for prize fulfilment. To comply with legal requirements, we may publish or share a limited amount of personal information about the winners of a particular promotion, such as full name and city of residence.
- Contact Us
Through various communications, including website form, social media, email, telephone, letter or in person at the airport, we may collect and use your personal data to provide you with customer service, including responses to your inquiries. This typically requires the collection and use of certain personal data, such as your name or email address and information regarding the reason for your inquiry (e.g. lost property or consumer feedback on our products and services).
Personal data will be stored in a secure environment for as long as the matter remains live and then securely deleted.
If you complain to us, you can do so via our website form, social media, email, telephone, letter or in person at the airport. When we receive a complaint, we collect the details of the complaint, which may include your name, address, email address and phone number. We only use such personal data to process the complaint and to check on the level of service we provide.
Personal data will be stored in a secure environment for two years from closure of the complaint and then securely deleted.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us by email to firstname.lastname@example.org or by post to Data Protection Group, Leeds Bradford Airport, Leeds, LS19 7TU.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who do we share your personal data with?
We may share your personal data with:
- Any member of our group (being our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006);
- Our service providers who operate elements of our websites, provide services and/or process personal data on our behalf. Where such disclosures are made, this will be under contractual arrangements between the relevant service provider and us and carried out in accordance with the requirements of data protection laws; and
- Third parties who provide data cleansing, profiling and matching services, so they can assist us in building our profile of you. We would do this on the basis of our legitimate interests in ensuring that personal data and marketing preferences are kept accurate and up to date.
We may disclose your personal data to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets. We would do this on the basis of our legitimate interests in ensuring a continued operation of our services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Where we store your personal data
We may need to store or transfer your personal data to countries outside the European Economic Area (EEA) and some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe;
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our websites; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.
Protecting your information
Our websites use up to date industry procedures to protect your personal data. We also protect the security of your data during transmission using secure encryption protocols. We may vary this in the future if we feel you will benefit from greater security whilst using our websites.
We have appropriate security measures in place in our physical facilities to protect against the loss, misuse or alteration of information that we have collected from you via our websites.
We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Third party services
We may from time to time make available through our websites certain services provided by third parties and or you may link to a third party website from our websites. Please note that these third party websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long will we use your personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
- Requesting access to your data
Data protection law gives you the right to access personal data held about you. You can exercise this right at any time by contacting us by email to email@example.com or by post to Data Protection Group, Leeds Bradford Airport, Leeds, LS19 7TU.
On receipt, we will acknowledge and log the request and notify you of the next steps.
- Requesting your data be erased
Date protection law gives you the right to have personal data erased. You can exercise this right at any time by contacting us by email to firstname.lastname@example.org or by post to Data Protection Group, Leeds Bradford Airport, Leeds, LS19 7TU.
- Requesting amendments to your data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- What we may need from you when you exercise your rights
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
- Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
This policy was last updated on 14 May 2018 and historic versions can be obtained by contacting us.