Last updated: 8 June 2026
Legal
Privacy Policy
What personal information we collect about you, why we collect it, who we share it with, how long we keep it, and the rights you have under UK GDPR.
1. Who we are
Adur Aviation Ltd ("we", "us", "our") operates a flight school and members' flying club at Brighton City Airport (Shoreham), West Sussex, UK, and provides a member-area web application and mobile apps for booking flights, managing membership, and recording flight activity.
Data controller: Adur Aviation Ltd
Address: Room 39, Main Terminal Building, Cecil Pashley Way,
Brighton City Airport, Shoreham-by-Sea, BN43 5FF
Contact for data protection questions:
info@adur-aviation.co.uk
Aviation regulatory status: Adur Aviation Ltd is a CAA-approved Declared Training Organisation, reference GBR.DTO.0404.
2. What this policy covers
This policy explains what personal information we collect from members, how we use it, who we share it with, how long we keep it, and what rights you have over your information.
It applies to:
- our website at https://adur-aviation.co.uk
- our member-area mobile apps for iOS and Android
- any personal information we hold about you on our behalf
3. What information we collect
Identity and contact information
- Full name
- Email address
- Password (stored as a one-way salted hash — we never see your actual password)
- Mobile phone number
- Postal address
- Date of birth
Aviation-specific information
- Pilot licence number
- Licence expiry date (SEP / FI(A) where relevant)
- Medical certificate expiry date
- Membership joined / renewal dates
- Booking history and flight log entries (departure / arrival airfields, times, aircraft used, instructor where applicable)
- Block-hour purchases and consumption
Emergency and safety information
- Next of kin name, relationship, phone number, email
- Medical notes that ground crew or your instructor should be aware of (allergies, medications, recent surgery, etc.)
Account activity
- Sign-in timestamps
- Authentication cookies / session tokens
- Booking creation, modification, and cancellation history (audit log)
Push notifications (mobile app only)
- A device notification token — a unique identifier issued by Google Firebase Cloud Messaging to your specific app installation. We store this token against your member account so we can send you notifications about your bookings (confirmations, changes, cancellations) and reminders before key dates expire (for example licence, medical, or membership renewal).
- The token identifies an app installation, not you personally; we link it to your account purely so the right notifications reach the right member. It is refreshed by the operating system from time to time and removed when you sign out or uninstall the app.
- Push notifications require your permission. You can decline them when first asked, or turn them off at any time in your device's notification settings — the app continues to work without them.
We do not collect:
- Location data from your device
- Photos from your device
- Contacts from your device
- Marketing tracking data
- Advertising identifiers
4. Why we collect it, and our lawful basis under UK GDPR
| Purpose | Categories of data used | Lawful basis (Article 6 UK GDPR) |
|---|---|---|
| Operating your club membership and processing bookings | Identity, contact, aviation-specific, account activity | Performance of contract — Article 6(1)(b) |
| Verifying your eligibility to fly (licence, medical validity) | Aviation-specific | Legal obligation — Article 6(1)(c) and aviation regulations |
| Day-of-flight safety contact, emergency response | Mobile phone, next of kin, medical notes | Legitimate interests (safety of members and ground crew) — Article 6(1)(f) AND vital interests in an emergency — Article 6(1)(d) |
| Maintaining audit records of bookings and flights | Booking and flight history, account activity | Legitimate interests (regulatory compliance, accident investigation, dispute resolution) — Article 6(1)(f) |
| Sending you operational emails (booking confirmations, renewal reminders, etc.) | Email, name, booking data | Performance of contract — Article 6(1)(b) |
| Sending push notifications to the mobile app (booking updates, expiry reminders) | Device notification token, booking data | Performance of contract — Article 6(1)(b), enabled by your device permission which you can withdraw at any time |
4a. Special category data — medical information
The medical notes you provide are "special category data" under Article 9 of UK GDPR. Our additional lawful basis for processing this data is:
- Your explicit consent — Article 9(2)(a). You provide medical information voluntarily in your member profile, and you can clear it at any time. By saving medical information in your profile, you are providing explicit consent for us to process it for the purposes of flight safety and emergency response.
- Protection of vital interests — Article 9(2)(c). In a medical emergency where you are unable to give consent, we may process this information to protect your life.
You may withdraw this consent at any time by clearing the medical notes field on your member profile, after which we will no longer process that information. (The historical fact that you previously provided it may remain in audit logs.)
5. Who we share your data with
We do not sell, rent, or share your personal information with third parties for marketing or any commercial purpose.
Your information may be shared in the following limited circumstances:
- Our staff (instructors, administrators, owners) on a need-to-know basis for operating the club. For example, your instructor sees your licence status and medical heads-up notes before flying with you; ground crew may see your next-of-kin details in an emergency.
- Service providers that host our infrastructure, such as our web host and database provider. These providers act as data processors on our behalf under a written agreement that requires them to handle your data only as we instruct.
- Google (Firebase Cloud Messaging) processes your device notification token solely to deliver our push notifications to your device. Google acts as our data processor for this purpose; we do not use it for advertising or analytics.
- Regulators and authorities (CAA, AAIB, police) when required by law, for example in an accident investigation or in response to a lawful request.
- Insurers when required to administer or claim against our aviation insurance policies.
We do not transfer your personal information outside the United Kingdom or European Economic Area without putting appropriate safeguards in place as required by UK GDPR.
6. How long we keep your data
| Category | Retention period |
|---|---|
| Active membership records | While you are a member, plus 7 years after your last interaction (for tax, regulatory, and insurance purposes) |
| Booking and flight history | 7 years after the flight date |
| Medical notes | While you remain an active member. Cleared if you remove them from your profile, subject to retention in audit logs |
| Authentication logs (sign-ins, password resets) | 12 months |
| Device notification token | While the app is installed and you remain signed in; deleted on sign-out, uninstall, or when Firebase reports it invalid |
| Cancelled or rejected booking records (audit only) | 7 years |
| Backups | Rolling — old backups overwritten within 30 days |
If you ask us to delete your account (see Section 7), we will remove or anonymise your data in line with the retention rules above. Where we are legally required to retain a record (e.g. for tax or aviation regulatory purposes), we will retain only the minimum required, and we will tell you which records we cannot delete and why.
7. Your rights under UK GDPR
You have the following rights regarding your personal information:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — ask us to correct any inaccurate or incomplete data. Most fields are directly editable from your member profile in the app.
- Right to erasure ("right to be forgotten") — ask us to delete your data, subject to the retention obligations described in Section 6.
- Right to restrict processing — ask us to pause processing your data while a question or complaint is resolved.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing we carry out on the basis of legitimate interests.
- Right to withdraw consent — for any processing we do on the basis of consent (such as your medical notes), you can withdraw consent at any time.
To exercise any of these rights, contact us at info@adur-aviation.co.uk. We will respond within one calendar month.
8. Complaints
If you are not happy with how we have handled your personal information, please contact us first so we can try to put things right. If you remain unhappy, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
0303 123 1113 — https://ico.org.uk
9. Cookies
Our website and member apps use only a small number of cookies, and they are all strictly necessary for the service to work. Under the UK Privacy and Electronic Communications Regulations (PECR), strictly-necessary cookies do not require a consent banner, because they are essential to deliver the service you have explicitly asked us for — signing into your account.
We do not use cookies for marketing, advertising, analytics, profiling, or behavioural tracking. We do not embed third-party tracking pixels (Google Analytics, Meta Pixel, etc.) and we do not share any cookie data with third parties.
9a. Cookies we set
| Cookie name | Purpose | Duration | Category |
|---|---|---|---|
.AdurAviation.Auth |
Keeps you signed in. Set when you log in and removed when you log out. If you tick "Remember me" the cookie lasts up to 30 days; otherwise it lasts only until you close your browser. | Session, or up to 30 days with "Remember me" | Strictly necessary |
AspNetCore.Antiforgery.* |
Protects forms on the site against cross-site request forgery (CSRF) attacks. Required for every secure form submission such as creating a booking or updating your profile. | Session (deleted when you close your browser) | Strictly necessary |
9b. How to control cookies
Because the two cookies listed above are essential to signing in and using your account, blocking them in your browser will prevent the member area from working. The public website pages (Home, Fleet, Prices, About, Contact, etc.) work fine without cookies.
You can manage cookies for any website — including ours — through your browser's settings. The ICO's guide to cookies explains how to do this for the major browsers.
9c. If this ever changes
If we ever add a non-essential cookie (for example, if we decide to use analytics in the future), we will update this policy and present you with a consent banner offering a clear choice to accept or reject, before any such cookie is set. Until then, no banner is shown because none is legally required.
10. Children's data
Our membership and booking services are intended for adults (16+) who are training for or hold a pilot's licence. We do not knowingly collect data from children under 13. If you believe we have collected data from a child under 13, please contact us at info@adur-aviation.co.uk and we will delete it.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top will reflect the most recent change. Material changes will be notified to you by email and / or by an in-app notice the next time you sign in.
12. Contact
For any question about this policy, your data, or to exercise any of your rights, please contact:
Adur Aviation
Room 39, Main Terminal Building, Cecil Pashley Way,
Brighton City Airport, Shoreham-by-Sea, BN43 5FF
info@adur-aviation.co.uk
01273 111084