We take your right to privacy seriously and want you to feel comfortable using our website. In accordance with the General Data Protection Regulation (GDPR), this page explains how we use your personal information.
CAA International is part of the UK Civil Aviation Authority. This General Privacy Notice is to let you know how CAA International generally uses and looks after your personal information. This includes what you tell us about yourself and what we learn during our relationship with you.
It does not provide exhaustive detail of all aspects of our collection and use of personal information, but our online service portals and individual applications will. However, we are happy to provide any additional information or explanation needed.
Sending promotional communications about services we provide
The type of personal data we process:
Contact details such as name, address, email address and telephone number
Payment card details
Who information is processed about:
Who the information is shared with:
Our Service Providers:
It may sometimes be necessary to transfer personal information overseas. When this is needed information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the data protection act.
Our website is hosted by a third-party provider, Rackspace Ltd, a UK based hosting company.
This website uses Google Analytics (GA) to track user interaction. Google is an American based company. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Should you choose to contact us using the contact form this website or an email link like this one, none of the data that you supply will be stored on this website. Instead, the data will be automatically sent to our CRM system, Microsoft Dynamics, that we use to process and administer your enquiry. The data collected will include your name, company name, email address, country, area of interest and a message/enquiry. This data will allow us to respond to your message. Your data will be stored on Microsoft Dynamics for three years.
You will not receive any unsolicited emails from us unless you have selected/ticked the relevant consent box beneath our contact form.
If you subscribe to any of our email mailing lists, the email address that you submit to us will be forwarded to Campaign Monitor who provides our email marketing services. Campaign Monitor is an American based company. The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems. Your email address will remain within Campaign Monitor’s database for as long as we continue to use Campaign Monitor services for email marketing or until you specifically request removal from the list. You can do this by selecting the unsubscribe link contained in any marketing related email that we send you or by requesting removal via email.
To subscribe to our mailing lists hosted by Campaign Monitor, we operate a double opt-in system. If you submit your information to one of our subscription forms, Campaign Monitor will send you a one-time confirmation email to the address entered asking the user to, in turn, confirm the email address. You are required to follow a link in the email to confirm their subscription. This is the second opt-in. Only after this confirmation is the email address added to the mailing list.
Customer Feedback and Reviews
As part of our ongoing commitment to deliver the highest standards and to conform to ISO 9001:2015, all our customers will receive an email after the service delivery requesting customer feedback. Users will be directed to Survey Monkey, an American based company. Users will be asked to complete a customer satisfaction survey. All responses remain confidential and will give us valuable information on how we can better serve and exceed our customer’s expectations. These emails are deemed a legitimate part of trading under GDPR. You may still receive these email requests, even if you have previously unsubscribed from our email marketing communications.
Our open access training delegates are invited to leave a review of the course they attended. The review is then displayed on the CAAi website. To do this, we share your details (name, course details and email address) with third-party review website, Feefo. Feefo is a UK-based company. Any reviews left will be displayed on the CAAi website. Delegates can opt to leave a review anomalously.
Applying to Work at CAAi
We display all live vacancies on the “Careers” section of our website. To apply for a position, users are redirected to the UK Civil Aviation Authority’s dedicated careers website. When individuals apply to work at the CAA, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example, where we want to take up a reference or obtain a ‘disclosure’ from the Disclosure and Barring Service (DBS) we will not do so without informing the applicant beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held until after the recruitment exercise has been completed. It will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities or for equality and diversity purposes, but no individuals are identifiable from that data.
Once a person has taken up employment with the CAA, we will compile a file relating to their employment. The information contained in this file will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the CAA has ended, we will retain the file in accordance with the requirements of our retention policy and then delete it.
The CAA’s Data Protection Officer (DPO)
The CAA’s DPO is:
Head of External Information Services
Civil Aviation Authority
Gatwick Airport South
To contact our DPO, please email FOI.firstname.lastname@example.org. This will ensure that in her absence your enquiry can be dealt with in the most efficient way.
This privacy notice is subject to change.
This webpage was last updated on 24th August 2019 to reflect changes to internal IT systems that we use to process personal data.
This webpage was updated on 9th May 2018 with our new GDPR privacy notice on how we use your information.
How long we keep your personal information
We keep your personal information for as long as you have a relationship with us and, thereafter, for specified purposes in line with our legal duties or our public functions, to respond to any questions or complaints, or to maintain records according to European or National aviation rules that apply to us. When you make an application for a service we will tell you how long we expect to retain your personal information and why.
Your Individual Rights
The General Data Protection Regulation (GDPR) provides you with a number of rights in relation to the processing of your personal data, including the right of access to a copy of the personal data we hold about you, known as a Subject Access Request.
External Information Services
Civil Aviation Authority
Gatwick Airport South
Letting us know if your personal information is incorrect
You have the right to question any information we have about you that you think is wrong or incomplete. Please contact us at FOI.email@example.com if you want to do this. If you do, we will take reasonable steps to check its accuracy and correct it.
You can ask us to stop using your personal information
You have the right to object to our use of your personal information, or to ask us to delete, remove, or stop using your personal information if there is no need for us to keep it. This is known as the ‘right to object’ and ‘right to erasure’, or the ‘right to be forgotten’.
There may be legal or other official reasons why we need to keep or use your data. But please tell us if you think that we should not be using it at FOI.firstname.lastname@example.org.
You can ask us to restrict the use of your personal information
We may sometimes be able to restrict the use of your data such as if:
It is not accurate.
It has been used unlawfully but you don’t want us to delete it.
It is not relevant any more, but you want us to keep it for use in legal claims.
You have already asked us to stop using your data but you are waiting for us to tell you if we can keep on using it.
This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we would not use or share your information in other ways while it is restricted.
If you want to object to how we use your data, or ask us to delete it or restrict how we use it or, please contact us at FOI.email@example.com.
How to withdraw your consent
Where we have relied on your consent to process your personal information, you can withdraw your consent at any time. Please contact us if you want to do so.
If you withdraw your consent, we may not be able to provide certain products or services to you. If this is so, we will tell you.
Complaints or queries about using your information
The CAA applies the highest standards when collecting and using personal information. We therefore take any complaints we receive about the processing of personal information very seriously. We encourage people to bring issues to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our information management procedures.