Our role in your privacy
Our responsibilities
AGS Airports take the issue of data protection very seriously, including compliance with the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.
You have the right to be informed of what information we use about you. This notice explains:
• The categories of personal data we process.
• Why and how we use your data.
• Who (if any) third parties we share your data with.
• How long we hold your data.
• Your rights regarding your data.
During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will process your personal data.
Your personal data will be processed by Aberdeen International Airport Limited (‘the Airport’) who is the data controller. A data controller determines the purposes and means of processing personal data. We are registered as a data controller with the Information Commissioner’s Office (‘ICO’), under registration number Z5843276.
If you are a customer, please also check your contracts between us: they may contain further details on how we collect and use your data.
Within the airport environment, other organisations may also process your personal information, for example: shops, restaurants, telecommunication providers. The personal data collected by these organisations will not be covered by this privacy notice and your personal data privacy in that case will be the responsibilities of those third parties.
Our website contains links to external websites. This privacy notice does not cover those websites. You should read the privacy notices on the other websites you visit.
Please note we have a separate privacy notice for our App.
The types of personal data which we collect
Contact details - Your name, address, telephone number, email address, vehicle registration number if using our car parks and social media username (if public)
Financial information - Your bank account number, sort code, credit/debit card details.
Travel Information - National Identity (passport numbers), flight numbers, trip purpose, products booked through our website, details of minors in your custody, travel schedule.
Call recordings and CCTV - Your Image and voice. Call recording is in operation on all calls to the airport. CCTV is in operation in and around the airport and on shuttle buses, including the usage of body worn cameras.
Online data that identifies you - Your IP address, login information, online identifiers, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.
Data on how you use our website - Your URL clickstreams (the path you take through our website), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages and other actions.
In some circumstances we collect special categories of personal data about:
• Race.
• Ethnicity.
• health data; and
• biometric data (where used for ID purposes e.g. eGates at passport control.)
We will generally receive this information from you, although there may be limited circumstances where data is received from third parties, such as the Police.
Data
How and why we use your data
Data protection laws mean that we can only use your data for certain reasons and where we have a legal basis to do so.
The legal bases for processing personal data are:
• consent, where the individual has given clear consent for us to process their personal data for a specific purpose, such as for making a complaint via our website (including noise complaints), direct marketing - please note that you also have the right to withdraw such consent.
• contract, where the processing is necessary for a contract, we have with you such as to book our lounges or car park, or because you have asked us to take specific steps before entering into a contract.
• legal obligation, where the processing is necessary for us to comply with the law, for example, for health and safety, or where we are required to report a crime to the Police.
• vital interests, where the processing is necessary in order to protect someone’s life.
• public task, where the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law;
• legitimate interests, where the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect individual’s personal data which overrides those legitimate interests.
Our legitimate interests include research and surveys, commercial statistical usage of data from our CRM systems, handling noise complaints, video recordings and telephone call recordings, audits, use of body-worn cameras, CCTV, data-sharing with key stakeholders, Mosaic Experian data, profiling and segmentation, marketing via soft opt-in, third-party usage of staff car park, and for the general running of our business.
Here is a summary of the reasons we process your data.
Keeping the Airport Secure
Boarding card information will be collected for the purpose of access to air-side facilities, voice recording is in operation on telephone calls to airport information lines to protect members of staff from malicious or abusive content, and baggage will be scanned, and images processed for security purposes.
CCTV and Video Images
When you pass through the Airport, we will collect static or moving imagery via our CCTV system. The Airport collects imagery via CCTV cameras located throughout the airport, in both landside (public) and airside (restricted access) locations and on some of our shuttle buses between terminals. We also use body worn cameras.
The Airport may use CCTV imagery for a number of purposes including but not limited to the following:
• to maintain the safety and security of the airport for our passengers, colleagues and stakeholders, including but not limited to control authorities, national security, detection and prevention of crime and aviation security.
• to monitor flows and demand throughout the airport to optimise resourcing and passenger experience.
• to support the effective management of the airport operation and any incidents. For investigative purposes or as evidence to support any formal follow-up to airport incidents; and
• to provide evidence of regulatory compliance to Department for Transport (DfT) and Civil Aviation Authority (CAA).
Fulfilling our contracts with you
Managing your purchases of Airport products or services e.g. car parking, including goods and services offered by third-party providers, such as e.g. flights and Wi-Fi; keeping you updated on changes to your contract.
Improving our website
Gathering visitor data to our website and e-commerce platform, which includes profiling.
Our website uses SessionCam, SEMRush, Hotjar and Google Analytics for analysis purposes and specifically to identify any technical issues or difficulties the users of our websites are having during the customer journey. To do this, SessionCam, SEMRush Hotjar and Google Analytics record your mouse clicks, mouse movements and how you scroll the pages on our website. The information that we collect from web sessions through SessionCam, SEMRush Hotjar and Google Analytics does not include your personal details, financial details, or any special categories of personal data. The information collected is used for internal purposes only and is used to improve the usability of our website and is stored and used only for the purposes of collecting aggregates and statistics relating to the functional performance of our websites.
Customer services / Surveys
To enable our customers to make enquiries, requests for information reports or submit a complaint and for us to survey our customers.
Marketing with your consent
Sending you emails and text messages about airport destinations, holidays, products and services and our partners. Asking you to take part in research and surveys.
We will always tell you before collecting your data for marketing. If you have previously opted in to marketing, you can either unsubscribe at the bottom of any of our emails or you can contact us at [email protected]. If you opt out of marketing then you will not receive any related news, updates, offers or notices of events, except where we are updating you on changes to your contract.
Publicity
For publicity purposes where images are taken in places where there is no expectation of privacy e.g. public foyer or retail spaces. If we intend to make you the focus of our publicity, we will ask for your prior consent to publish you image.
Your privacy choices and data subject rights
You can choose not to provide us with personal data
If you do not wish to provide us with your personal data (other than video imagery), you can come into the Airport, however you will not be able to pass airside. You can also use the website, however you will not be able to purchase any products or services without providing personal data.
Your rights
The Airport will respect all of your data subject rights. You can exercise any of your rights by contacting our group data protection lead at [email protected]. If we do hold the information we will:
• Authenticate you as the data subject.
• Determine if a right can be administered.
• Normally complete your request within one month.
• Communicate to you in clear and intelligible language.
A fee will not generally be charged for exercising any of these rights unless your requests are unfounded or are manifestly excessive.
Please note that not all rights can be exercised in all circumstances. Where we are unable to assist you to exercise your rights, we will explain the legal basis for this.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us, using the contact details at the end of this Privacy Notice.
You have the right to...
Be informed
You have the right to know how we manage your data. This is explained in this privacy notice.
Access any personal data we hold about you
You can ask at any time, for a copy of your personal data. After checking your identity, the Airport will respond within one month to advise you if we hold your personal data and if so, we will provide you with a copy of the data, unless it is exempt from release, e.g. if providing it to you, broke another person’s confidentiality, or release would otherwise not be authorised under the law.
Have any inaccurate data rectified
This right allows you to submit changes to your records and once changes are verified, they will be amended on the Airport records. Similarly, the Airport may periodically request you to check your data is held accurately.
Be forgotten
You can request that we delete all of your personal data. If you do this, and there is no other lawful basis to keep your data, then it will be deleted.
Restrict our use of your data
You have the right to ask us to restrict how we process your data. This means that we would be permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future. This is not an absolute right.
Object to us using your data
You have the right in some circumstances to object to how we use your data. This is not an absolute right.
Know about automated decision making including profiling
The Airport does not perform automated decision making. We may from time to time perform online profiling, however, this does not produce any decisions or legal effects.
Information security
About information security
We have physical and electronic procedures to secure the personal data we process All of our staff are trained in data protection.
Transmission: where personal data is electronically transmitted from one computing device to another over a public network an encrypted path will be used e.g. SSL. If your data is transmitted in a hard-copy format from one place to another a secure or locked method of transport will be used, suitable to the nature of the personal data.
Storage: personal electronic records are located on servers in secure premises. If your data is required to be stored outside of the secure premises, the data will be in an encrypted format. Personal paper-based records will be stored in a locked filing cabinet in secure offices to prevent inadvertent access by unauthorised third parties.
Access: only personnel authorised by the Airport will have access to your personal data records on a need-to-know basis.
Transfer to international countries
Your information will only be stored within the United Kingdom and the European Economic Area (‘EEA’) except where international transfers are authorised by law or with your consent.
How long do we store your personal data?
We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law, as recorded in our Data Retention Standard Operating Procedure.
Sharing personal data
The Airport will share your personal data with other organisations in order to supply products or services to you. This could include but is not limited to, car parking, car rentals, hotels, travel companies and Wi-Fi providers.
We may also share your data in the following circumstances:
• You have given us your express consent to do so
• Where it is fair and reasonable for us to do so in the circumstances.
• If the Airport shares your data on a regular basis, it will perform due-diligence and hold written contracts and agreement with these organisations to legally safeguard your data.
• If you have consented for us to share your data with other organisations for the purposes of direct marketing, we will keep your consent on record until it is withdrawn or the purpose of holding your data is no longer valid. On deletion of your data, the Airport will endeavour to contact you to confirm that your information has been removed.
• We also use third parties to help us host our applications and platforms to help us to communicate with customers etc. We only use third parties who are compliant with data protection laws.
• We may share your personal data to any of our employees, officers, contractors, insurers, professional advisors, agents, suppliers, or subcontractors, and trusted third parties (including group company key commercial shareholders) insofar as reasonably necessary, and in accordance with data protection legislation.
We may also share your personal data:
• to the extent that we are required to do so by law.
• to protect the rights, property and safety of us, our customers, users of our websites and other persons.
• if we need to do so for the purposes of making any services which you have ordered or purchased available to you (for example, where you have ordered goods via Shop and Collect, your information is shared with our Shop and Collect service provider, and when you book car parking services your information is shared with third party providers who help us deliver this service).
• if it is necessary to allow us to meet or enforce a legal obligation (for example, we may need to share CCTV footage of you with the police or with the Department of Transport in certain circumstances).
• in connection with any ongoing or prospective legal proceedings.
• to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling.
• to another organisation if we enter into a joint venture or merge with another organisations.
Changes to this privacy notice
Updates
We keep our privacy notice under regular review and we will place any updates on this webpage. This privacy notice was last updated on:
Text last updated: 30/07/2024
Page visually refreshed: 09/08/2024
Complaints and queries
The Airport tries to meet the highest standards when processing personal information. For this reason, we take any complaints we receive about this seriously. We encourage people to bring it to our attention if they think our collection or use of personal information is unfair, misleading, or inappropriate. Please contact the Group Data Protection Lead:
AGS Data Protection Lead
Glasgow Airport,
Erskine Court,
St. Andrew’s Drive,
Paisley
PA3 2SW
Please reference the AGS airport concerned (Aberdeen, Glasgow, or Southampton) in your correspondence.
We have appointed RGDP LLP, as our Data Protection Officer, who can be contacted either via 0131 222 3239 or [email protected].
We have also appointed GDPR Local, as our EU representative, who can be contacted by calling them on +44 1772 217800.
If you are still unhappy regarding how we have dealt with your complaint, you have the right to contact the UK Information Commissioner’s Office (ICO). You can do this by calling their helpline, contacting them through their website or writing to them. Their details are as follows:
ICO telephone helpline: 0303 123 1113
ICO website Make a complaint | ICO
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF