Privacy Policy

OVERVIEW

At Virgin Balloon Flights we are very good at keeping the important things secure, and the most important thing to us is you!

Virgin Balloon Flights is the trading name for AirXcite Limited (“we”, “us”, “our”) we are committed to protecting your privacy and security online. You have control over the information we store about you and what types of information (if any) you would like to receive from us.

We are proud to carry the Virgin brand and we promise to look after your data as if it were our own.

Where to find us:

Registered office address: Jesson House, Stafford Court, Telford, Shropshire TF3 3BD.
Our website: www.virginballoonflights.co.uk

Data Protection Controller: Our Data Protection Controller is our Chief Technology Officer. If you have any queries relating to our use of your personal information, this privacy policy or any other related data protection questions, please contact us via the Subject Access Request form.

Last privacy policy update: May 2018

Our Privacy Policy provides the opportunity to understand how we collect, store and process your data and look after the information provided to us by you when you use our services and when we in turn provide you with our products and services.

Please read the Policy so that you are aware of your rights and be aware that the terms may be updated over time.

WHAT PERSONAL DATA IS COLLECTED AND WHY

In order for us to provide you with our products and services we typically collect the following data from you:

a. Information you submit via web forms such as your first name, surname, address, email, telephone number, weight, date of birth, payment details and product/service details.
b. Records you submit during the process of purchasing a product such as your first name, surname, address, email, telephone number, payment details and product/service
c. Data you submit during the activation, exchange or extension of vouchers and submission of reviews, which will require you to submit your first name, surname, address, email, telephone number, date of birth and weight.
d. A record of your correspondence with us via phone, email, live chat or other means.
e. CCTV images of you during your flight experience on board our commercial hot air balloons as a requirement of our insurance.
f. Information about how you use our website which helps us develop and improve our website, including details of your domain name, geographical location and Internet Protocol (IP) address, operating system, browser version, cookie details, how long you stayed on a page, the route you took to navigate through the pages, the website that you visited prior to accessing our site, what product you purchased, any search terms you used to find us online and any offers that you used.
g. Other data, from time to time, to help us be better at what we do e.g., we might ask you for feedback on our service.

Please note we do not share your details with any third parties without your consent.

COOKIES

You can read all about cookies and what types of cookies we use on this website here: Cookie Policy

PROCESSING YOUR PERSONAL DATA

We may process your personal data in a secure manner that meets European Privacy Laws. As a company we process under the concept of ‘legitimate interests’. Therefore, when you provide your personal details to us, we ensure that your data is processed for a distinct purpose whilst ensuring that your interests, rights and freedoms have been thoroughly considered. We will not use personal data for activities where our business interests are overridden by the impact on your privacy or other interests.

We will carefully process the personal information you have supplied to us to conduct and manage our business, to provide relevant marketing communications, fulfil our service commitments and provide the best possible customer service whilst delivering a secure experience.

If you are not happy about the manner in which we process your data, the ‘your rights’ section of this page provides details on how you can withdraw from processing.

We will not transfer your collected data to storage outside the European Economic Area (EEA) in compliance with requirements set by the General Data Protection Regulation.

By giving us your personal data to fulfil your order or to allow us to provide services to you, we will endeavour to keep your data secure. We pursue ongoing improvement in the methods used to transfer and store data, ensuring that we align with industry standards.

Personal data may be stored securely on third party platforms which are used for marketing or operational purposes.

Primarily, we use your data to process your request to us to provide you with our products and services.

RETAINING DATA

When storing data, we aim to retain the data for no longer than is necessary for the purpose in which it was obtained, with the objective to ensure the highest level of data accuracy. Where identified as inaccurate, data is either rectified or destroyed in a secure manner.

Data retention periods may vary between operational activities, with the business providing consideration as to the length of time data is held for on a case by case basis.

Regarding storage, there are several ways in which your data may be stored:

• Within cloud servers. When utilising platforms to fulfil our operational requirements, third party solutions may be used to store the data. As a company, we aim to utilise partners who have data centres within the European Economic Area (EEA).
• Within physical servers. We maintain several physical servers which are securely located at our Head Office.
• Hard copy, where hard copies of data are retained, they are kept in a secure and clean environment.

DATA SHARING

We avoid sharing your personal data with third parties for marketing purposes, unless you have provided explicit consent for us to do so.

We may disclose your information in the following cases:

• To develop and create an improved customer experience. Often, this data is anonymised anyway.
• For a supplier to fulfil your experience gift operationally.
• We can disclose it if we have a legal obligation to do so, or to protect your or other people’s property, safety or rights.
• We can exchange information with specific third parties to protect against fraud or credit risks.

Where data is transferred between systems, we ensure an encrypted connection is utilised. We are PCI (The Payment Card Industry Standard) compliant when taking payments via the web, with all payment partners meeting the highest level of compliance (Level 1). All of our associated websites maintain valid SSL certificates to allow secure connections from the web server to your browser, you will notice the padlock symbol is present within your search bar when browsing.

CCTV

CCTV video recording is installed on all of our hot air balloons as a requirement of our insurance.

Recordings from our CCTV may be shared with government and regulatory bodies and other individuals, bodies or organisations for legal obligations, reasons of safety and security or from a legal and administrative perspective.

CCTV recordings are retained and stored fully in compliance with GDPR. We will retain CCTV data as long as necessary to fulfil business needs that, in all but some rare circumstances, will be no longer than 31 days.

CCTV data that is longer needed is either irreversibly anonymised or securely destroyed. All CCTV data is handled sensitively with strict access controls.

YOUR RIGHTS

In line with the General Data Protection Regulation, you have the following rights:

• Subject access request – To see what information we hold on you, use our Subject Access Request form to complete the application.
• Right to be forgotten – Once you know what personal information we hold on you, you can request us to delete the relevant information, use our Subject Access Request form to complete the application.
• Right to object from us processing your data – You can object to processing from direct marketing communications using our unsubscribe form. For other types of processing, please complete our Subject Access Request form.
• Right to correct your data – Once you have completed a Subject access request, if any of your personal data we hold isn’t accurate, let us know and we’ll get it updated for you.
• You can request CCTV recordings of yourself (and only yourself) through a Subject Access Request
• Requests for information or any other concerns relating to our use of CCTV should be directed to customerservice@virginballoonflights.co.uk

We aim to comply with legislation and respond within thirty days of receiving personal data requests. These requests are handled by our Customer Support department.
Third parties seeking access to an individual’s data should initially contact the individual regarding such requests.

By using the Virgin Balloon Flights website or websites you agree to our Terms of Use of our Website. When you purchase our products and services, you agree to Virgin Balloon Flights’ Terms & Conditions.

CHILDREN’S PRIVACY

Virgin Balloon Flights does not knowingly solicit or collect personal data from or about children (aged 16 and under) without the consent of a parent or guardian. We do not knowingly market our products or services to children. If we become aware that the person submitting personal data, through any part of any Virgin Balloon Flights website, is a child, we will use reasonable efforts to delete that personal data from our files as soon as possible. We will also use reasonable efforts to ensure that this personal data is not used for any purpose, nor disclosed to any third party without the prior consent of the child’s parent or guardian. We do not seek to collect any personal data about children, and we will delete any data collected inadvertently as soon as it is discovered. If a parent requests review or deletion of data about their child before we have discovered and deleted the data, then we will of course honour that request.

Any future updates to this Policy will be published online at https://www.virginballoonflights.co.uk/privacy-policy/

AUTHORITY

We adhere to guidance from the ICO (Information Commissioner’s Office), they are the UK’s independent body that have been set up to uphold information rights.

The ICO have stated that In line with the GDPR, details we provide to you about how we process personal data must be:

• Concise, transparent, intelligible and easily accessible.
• Written in clear and plain language.
• Free of charge.

If you have a concern about information practices, you can raise your concerns with the ICO.