PRIVACY POLICY

1. Welcome
2. About Us
3. Contact Details
4. Our Global Presence
5. Personal Information we collect about you
6. How and why we use your Personal Data
7. Marketing and your Personal Data
8. Personal data sharing and transferring
9. Retention of your Personal Data
10. Security of your Personal Data
11. Your rights under Applicable Data Protection Law
12. Sensitive information and information from children
13. Updates to the Privacy Policy

1. Welcome

The Club is operated by Airport Dimensions Holdings Ltd. trading as “Airport Dimensions”, a wholly owned subsidiary of The Collinson Group Ltd. (“Collinson Group”). At The Club ("we, us, our,") we respect and commit to protecting your personal data. Our Privacy Notice, together with our terms of use , will explain how we collect, use, store, share and look after your data:
a) When you interact or use our website, or
b) If you use any of our products, services and or applications (together “services”).

For ease, we have divided our Privacy Notice into sections. At the end of our Privacy Notice, we have also included a Glossary to explain some of the terms mentioned.

2. About Us

Airport Dimensions head office in the United States is located at 7950 Legacy Drive, Suite #700, Plano, TX 75024.
Under Applicable Data Protection Law, we are the Controller of the Personal Data we process.

3. Contact Details

The Club has appointed a Group Data Protection Officer (“DPO”) through our parent company Collinson Group. If you would like to contact the DPO or the Data Protection Team please contact us by email at dataprotectionteam@collinsongroup.com or by post to The Data Protection Officer, Collinson Group, 3 More London Riverside, London, SE1 2AQ, United Kingdom.

4. Our Global Presence

As a company with a global presence, we are subject to the varying requirements of data protection and privacy legislation in jurisdictions where we operate. Our aim is to be as consistent as possible and obey all applicable laws operating with a high standard in our approach. For example, if you are a resident of the European Union (“EU”), we are bound by EU local laws including the General Data Protection Regulation (“GDPR”) or if you are a resident of California, we also respect the local laws of California, The Californian Consumer Privacy Act (“CCPA”).

5. Personal Data we collect about you.

We will collect Personal Data about you from:
• You e.g., when you register your interest or sign up to use our services or provide us with your marketing preference.
• Our clients or prospective clients send us your Personal Data to allow us to give you access to our services or communicate with you.
• Your devices e.g., when you connect to our Website, use our Website.
• Through cookies we use on our Websites to secure our Website, offer you personalised experiences.
• Third parties such as social media platforms where you may interact with our social media pages, companies within our parent company the Collinson Group assisting us with services we offer you, service providers carrying out services on our behalf e.g., marketing.
The table below outlines the categories of Personal Data we collect and examples of the type.

Categories of Personal Data & Types of Personal Data:

Contact details Name, email address, telephone number, mobile number, address

Membership details Information about your membership with us, login details, date of birth, payment detail and marketing preference.

Transaction details and history Services, you access and purchase

Travel details Flight details and entry methods to our lounges

Payment details Payment method used, credit and debit card, bank details

Device details Traffic information, IP address, time of access, date of access, location, web pages visited, device identifiers.

Website use data Please see our Cookie Policy.

Marketing and Advertising data Your marketing preferences and responses to our direct marketing, e.g. when and if you have open, read and deleted our marketing emails, links clicked in marketing emails.

Your communications with us Any Personal Data you provide us when you contact us. We also record your calls with us. We collect and store all copies of emails sent.

Fraud data Any suspicious activities and details.

6. How and why we use your Personal Data

We will use your Personal Data in the following circumstances:
• To perform a contract, we have with you (Terms and conditions – to allow us to carry out our services) or about to enter with you.
• For our Legitimate Interest (or those of another company), but only when your rights and freedoms do not override our legitimate interest. Our legitimate interest is, to help us improve our services and products and to obtain feedback from you.
• to comply with a legal and regulatory obligation.
• Where we have your consent: For direct marketing from The Club. If we have relied on consent to process your personal data, you have the right to withdraw consent at any time by contacting us here or clicking unsubscribe in email communications.

Below outlines the lawful basis we can rely on to process your Personal Data. What 'what' we use Information for and our legal basis for doing so 'why':

What: To provide you with access to our website and or our mobile app.
Why: To perform a contract, we have with you or about to enter with you.

What: To manage our relationship with you as a user of the website which includes notifying you about changes to our Websites and the services we offer.
Why: Legitimate Interest (to keep our records updated and to study how customer use our product and services).

What: To provide you with information you have requested, including without limitation, quotations, Service documentation, brochures, and responses to applications. Why: Where we have your consent.

What: To respond to any enquiries from you regarding our services.
Why: To perform a contract, we have with you or about to enter with you.

What: To provide you with information about certain other goods and services which we believe may be of interest to you. Why: Where we have your consent.

What: To send you targeted electronic communications about our services for marketing purposes.
Why: Where we have your consent

What: To send marketing communication by post about our services.
Why: Legitimate Interest - where you have not opted out to receive communication via post. To help us communicate to you about our services that may be of in

What: To receive feedback from you on our services Why: Legitimate Interest to help understand how we can improve our services

What: To provide a better customer experience and understand your advertising needs.
Why: Legitimate Interest to help us understand how we can develop our marketing strategy.

What: To provide customer support services
Why: To perform a contract, we have with you or about to enter with you.

What: To improve operational efficiency and available capacity in our lounges.
Why: Where we have your consent

What: To protect the company and you from fraud
Why: Legitimate Interest (to prevent and detect fraud and other financial crime)

What: For Medical Covid-19 testing
Why: Where you have consented

What: Dietary Requirements (where it can disclose, medical conditions e.g. allergies or religious belief)
Why: Where you have consented

Other use

a. We may also keep and use your Personal Data information to comply with our legal obligations, resolve disputes, and enforce our agreements.
b. We may access, use and preserve your Personal Data to comply with law, in anticipation of litigation, or to protect our rights or property or those of third parties, even if your Personal Data is subject to a deletion request from you. We may also provide information to law enforcement or authorities to protect the safety of you, other users of our services or others.
c. Sale, acquire, merger, or change of ownership. If we merge with another company, or our equity securities or all or a part of our assets are sold to a third party, your Personal Data may be transferred to the buyer or successor entity. We will notify you and other users of any transfer to a different legal entity.

7. Marketing and your Personal Data

Marketing communications to our clients or other companies
We send commercial e-mails to individuals at our clients’ or other companies where we want to develop or maintain a business relationship or if they have used or shown interest in our services previously and have not opted out of marketing.

Marketing within the Collinson Group
We are part of the Collinson Group. If you consent to receive marketing from other companies within the Collinson Group, we will share your Personal Data with these companies so they can send you information about their products and services and any news that may be of interest to you. Each entity will be a separate Controller for the marketing they send to you and will handle your Personal Data, and any opt outs as set out in their Privacy Notice on their website.

Third Party Marketing
With your consent we may share your information with selected third parties and partners outside the Collinson Group for marketing purposes. If you consent, we will share your Personal Data with these partners and third parties. They will handle your Personal Data, and any opt outs as set out in their Privacy Notice on their website.

Opting out of Marketing
Where you consent to receive communication for marketing purposes, you have the right to opt-out. You can opt-out of receiving marketing communication at any time by following the opt-out link option in any marketing messages sent or by using our contact us form here.

If you opt-out of marketing through an opt-out link, you will stop receiving marketing from us within 24 hours. If you opt-out of marketing via our contact us form, you will stop receiving marketing from us within 5-10 business days. Please note, this does not apply to service communication, market research or customer surveys or any other processing outside marketing.

Where you consented to receive marketing from our selected partners or third parties, we do not control the use of your Personal Data by these partners and third parties. You should contact them directly to opt-out of receiving their marketing communications.

8. Personal Data Sharing and Transferring

We will not share your personal data except as necessary to provide the Services and/or fulfil our contract with you, with your consent, and/or as permitted by this Privacy Policy or applicable law. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:
1. Another member of our group of companies where they help provide our Services to you;
2. Our Service providers and subcontractors, where they us help provide our Services to you. In such cases those service providers may act as data processors on our behalf and with appropriate contractual, technical and organizational measures required by applicable law and/or by this Privacy Policy.
3. To a regulating body or other authority where we need to comply with a regulatory or legal obligation; and
4. Fraud prevention or debt collection organisations when required to protect our legitimate interests.

We may also share your Personal Data with law enforcement and statutory authorities when required by the law in the following circumstances:
· To comply with a request for information from a governmental body such as law enforcement (police) or other public authorities;
· To comply with a court order to disclose your Personal Data;
· To comply with a regulatory investigation; and
· The establishment, exercise or defence of a legal claim (including in connection with an investigation or enquiry by a competent regulatory authority).

There are other circumstances where we share your Personal Data:
· The Club may transfer all your Personal Data to a third party if the operator of the Website changes, or if there is a sale of all or any part of its business or its assets or if we go out of business, enter bankruptcy, or go through some other change of control. In the event of any of these transfers occurring, the party who acquires the data will assume the rights and obligations described in this Privacy Notice. We may share your Personal Data with courts, law enforcement, and governmental authorities and other third parties if required by law, subpoena, a directive from a regulatory authority or as otherwise necessary to comply with legal requirements or to protect our rights or property or those of third parties.

Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country if they ensure an adequate level of protection of your rights and freedoms, or you have given us your consent, or that organisation is contractually bound to meet European Economic Area data protection law.
We will not sell your personal data to anyone.

9. Retention of your Personal Data

We will not keep your Personal Data for longer than is necessary. When defining the retention period, we take several factors into consideration, the type and sensitivity of the Personal Data in question, the reasons why the data was collected and processed, our legal basis for processing the Personal Data, who the Personal Data relates to and their rights and freedom. We also consider any legal and regulatory requirements to keep the data. Where we are the Processor, we will retain and dispose of the information under instructions from the Controller.

For example, we may retain your personal data for so long as we have a business relationship with you or as needed to provide products and services to you. We will retain and use your information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your information to comply with applicable tax/revenue laws), resolve disputes, enforce our agreements and as otherwise described in our Privacy Policy or by applicable law. We may also be required to retain and use your information to comply with our own legal obligations.

When the retention period has expired, we dispose of your Personal Data securely in the following ways, anonymisation of the data, permanently deleted (including all copies) from our systems. For paper records we use of confidential bins and secure disposal by a certified company.

If you opt-out of receiving marketing, some Personal Data will be retained and added to our suppressive list to ensure we do not market to you again.

10. Security of your Personal Data

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies regularly audited, and the audits are reviewed at a senior level.

11. Your rights under Applicable Data Protection Law

Under Applicable Data Protection Law, you may have certain rights. The below outlines your rights. If you would like to request to exercise your rights, please email marketing@airportdimensions.com. Your request will be reviewed and responded to as quickly as possible.

Your Right: The right to object to the processing or sharing of your Personal Data
Meaning: You have the right to object to the processing or sharing of your Personal Data in certain situations.
Meaning: You have the right to object to the processing of your Personal Data in certain situations.
You have an absolute right to stop your Personal Data being used for direct marketing.

Your right: The right to information
Meaning: You have the right to be informed whether and to what extent we process your data. E.g. this Privacy Notice.

Your right: The right of access Meaning: You have the right to request access to your Personal Data we hold. You also have the right to request a copy, and we will provide you with this unless legal exceptions apply.

Your right: The right to rectification
Meaning: If the Personal Data that we process is incomplete or incorrect, you have the right to request their completion or correction at any time.

Your right: The right to Erasure (also known as the “right to be forgotten”)
Meaning: You have the right to request we delete your Personal Data.
This is not an absolute right and only applies in certain circumstances, for example, we cannot delete information if there is a legal or regulatory obligation on us to keep it.

Your right: The right to limit or restrict the processing
Meaning: You have the right to request that we limit or restrict the processing of your Personal Data in certain situations.

Your right: The right to data portability
Meaning: You have the right to request that we provide your Personal Data to you in a machine-readable format.
This right can only be used where the processing relies on your consent or contract and is carried out by automated means or as required by applicable law.

Your right: Your rights in relation to automated decision making and profiling
Meaning: You have the right to object to decisions based exclusively on the automated processing of your Personal Data.
We do not engage in profiling or any processing related to automated decision-making activity.

Your right: The right to withdraw your consent
Meaning: If your Personal Data is processed based on your consent, you have the right to withdraw your consent at any time.
If you withdraw your consent, this will not affect the lawfulness of how we used your personal data before you withdrew consent, and we will let you know if we can no longer provide you with your chosen service.

We will keep a copy of any request. Further, we may charge a reasonable fee or refuse to act on a request if such a request is excessive, repetitive or manifestly unfounded.
If you make a request, where required, we will confirm your identity and ask you to provide us with information to help us deal with your request. We have one month from receiving your request (provided we have verified your identity) to respond.
Please note that for a complex request, we may extend the one month by two months. To exercise your rights please contact marketing@airportdimensions.com

Making a complaint
If you have any questions, concerns or complaints about this Privacy Notice, please contact our Data Protection Officer or our Data Protection Team at dataprotectionteam@collinsongroup.com

If you are unsatisfied with our response, you can contact the United Kingdom (“UK”)’s Supervisory Authority, the Information Commissioner at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire, United Kingdom
SK9 5AF

Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)

If located within the EU you can also make a complaint to our lead supervisory authority in Malta at:
Floor 2, Airways House,
Triq Il-Kbira,
Tas-Sliema SLM 1549, Malta

If outside the UK or EU, you can also make complaint to your local privacy supervisory authority where the matter you are complaining about took place.

12. Sensitive information and information from children

Sensitive Personal Information

We ask that you not send us, and do not share sensitive personal information (for example, information related to racial or ethnic origin, political opinions, religion or other beliefs, genetic or biometric data, etc.).

Children’s privacy

Our business is not directed to minors and we do not promote or market our services to minors. If you believe we have mistakenly or unintentionally collected personal information of a minor, please notify us so that we may immediately delete the information from our servers and make any other necessary corrections.

13. Updates to the Privacy Notice

We keep our Privacy Notice under regular review, and we will make new versions available on our Privacy Notice page on our website. This Privacy Notice was last updated in June 2023.