At Universal Flights, part of Universal Travel Synergy LTD, we are committed to protecting the personal data of our customers, employees, and business partners. This policy outlines how we collect, process, store, and safeguard personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Scope of the Policy

This policy applies to all personal data processed by Universal Flights, including but not limited to:

  • Customers who book flights or services through our website or contact us directly.
  • Employees and contractors working with or for the company.
  • Partners and third-party service providers who engage with us.

Principles of Data Protection

We adhere to the following key principles of data protection:

  1. Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and transparently.
  2. Purpose Limitation: Data will only be collected for specific, explicit, and legitimate purposes.
  3. Data Minimization: Only data that is relevant and necessary for the intended purpose will be collected.
  4. Accuracy: Personal data will be accurate and kept up-to-date.
  5. Storage Limitation: Data will not be retained longer than necessary for its intended purpose.
  6. Integrity and Confidentiality: Personal data will be processed securely to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

Data We Collect

We may collect the following types of personal data:

  • Personal Information: Name, contact details (email, phone, address), and payment information.
  • Travel Details: Passport information, travel preferences, and booking history.
  • Technical Information: IP addresses, browser data, and cookies (see our Cookies Policy).

How We Use Personal Data

We process personal data for the following purposes:

  • To facilitate bookings and provide travel services.
  • To comply with legal obligations (e.g., immigration requirements or financial reporting).
  • To enhance customer service and provide personalized offers.
  • To improve our website, services, and marketing campaigns.

Legal Basis for Processing

The legal grounds for processing personal data include:

  • Contractual Necessity: To perform obligations under service agreements (e.g., booking a flight).
  • Consent: For marketing communications (customers can opt-out at any time).
  • Legitimate Interests: To analyze service usage and improve user experience.
  • Legal Obligations: To meet regulatory requirements, including tax and anti-fraud laws.

Sharing of Data

Personal data may be shared with:

  • Travel Service Providers: Airlines, hotels, and other travel partners.
  • Third-Party Vendors: IT providers, payment processors, and analytics services.
  • Regulatory Bodies: As required by law, such as for immigration or taxation.

    • We do not sell personal data to third parties.

Data Security

We implement robust measures to protect personal data, including:

  • Encryption for sensitive data.
  • Access controls to restrict unauthorized access.
  • Regular audits and risk assessments.
  • Secure disposal methods for data no longer needed.

Data Retention

Personal data will be retained only for as long as necessary to fulfill the purpose it was collected for or to comply with legal obligations. After this period, data will be securely deleted or anonymized.

Rights of Individuals

Under the UK GDPR, individuals have the following rights:

  • Access: Request access to their personal data.
  • Rectification: Request corrections to inaccurate or incomplete data.
  • Erasure: Request deletion of personal data, subject to legal and contractual constraints.
  • Data Portability: Request a copy of their data in a portable format.
  • Objection: Object to data processing for specific purposes.
  • Withdraw Consent: Revoke consent for marketing communications.

To exercise these rights, please contact us at support@universalflights.co.uk.

International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure compliance with data protection laws by using mechanisms such as Standard Contractual Clauses (SCCs).

Breach Reporting

In the event of a data breach, we will:

  • Notify affected individuals and relevant authorities within 72 hours, where required.
  • Take immediate steps to mitigate the impact and prevent recurrence.

Review and Updates

This policy is reviewed regularly and updated to reflect changes in laws, regulations, or business practices.

Contact Information

If you have questions or concerns about this Data Protection Policy, please contact:

Universal Flights

Operated by Universal Travel Synergy LTD

Email: support@universalflights.co.uk

Phone: +44 020 8609 8009