Privacy Policy

This privacy policy explains how Flight School Booking Limited ("we") processes your personal data. Please read it carefully, as it specifies which rights you have and how you can exercise your rights.

We take your privacy very seriously. So we've decided to make a promise about what we'll use the information you give us for. You consent to us processing these types of personal data so that we can provide the system to you.

We think the term process is a little misleading for what we're doing, but the term is widely used in the EU's General Data Protection Regulation (GDPR). In plain English, we collect and store your email address so we can identify you as an account holder. We will also email you about your account from time to time, for example if there's a problem with your system, to let you know about maintenance or an occasional newsletter with tips for using the system more effectively.

When you use the booking system, your role as a Data Controller means you should ensure you have consent from your customers and suppliers to store their personal information. Our role as a Data Processor is limited to storing your customer's details; we do not access the information you store unless you want us to.

If at any time you do not want us to "process" this personal data, you can contact us via the website. You should be aware that we will not be able to provide the app to you without your permission to store your email address.

Purchases

If you purchase directly from us by entering your contact and credit card details we will store additional information about the sale, linking it to your license file(s):

  • Your name
  • Your company name

We do not store your credit card information, this is stored by our trusted payment company.

Contacting You

We will use your information to contact you if it affects your service from us. For example, if we need to upgrade the service and it's not possible to do this in the normal period overnight we might consider it important enough to let you know. We may also use your contact details to email you about changes we've made to the system. You can unsubscribe from our emails by clicking a link at the bottom.

Lawful Basis for Data Processing

When you register using your email address, the lawful basis for processing is 'consent'. You can withdraw your consent, but we will not be able to provide the service to you.

Support

You can ask for help by contacting support or via our Contact Page.

Payments

We use a well known and respected payment gateway called Stripe to handle payments. We don't receive credit card information ourselves.

Retention of Data

If you stop your subscription to use the booking system, the system will be deleted shortly afterwards. To avoid this happening by accident, we will contact you first to let you know.

Deleting Your Account

If you have made purchases, Stripe will retain information about your purchases. If you ask us to delete your account, we remove your details from our database, but we retain access to your historical payment information for tax purposes.

Data Security

You authorise the engagement of Amazon Web Services, Inc. ("Infrastructure Provider") to provide underlying infrastructure services in the provision of the software. Infrastructure Provider’s role includes storage of Customer Personal Data.

Data you enter into the software, such as your student names and addresses are stored in a database especially created for your booking system. This database is stored by Infrastructure Provider and encrypted while at rest. Decryption keys are managed by Infrastructure Provider and stored in a different location. You acknowledge your role as Data Controller, and ours as Data Processor.

You should make sure all your staff use strong passwords (long and complex) in order to protect access to your customer's data. You should disable someone's access to your system when they leave your employment as soon as possible.

Servers are housed in Amazon's secure data centres in the United Kingdom and are managed by us. We secure all communications to and from the system using TLS, and we reject any connections that are not encrypted. This keeps your information confidential between your device and our servers, and ensures that the data is safe from eavesdropping while on the Internet.

We will implement and maintain technical and organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. Security Measures include measures to encrypt personal data; to help ensure ongoing confidentiality, integrity, availability and resilience of our systems.

We will take appropriate steps to ensure compliance with the Security Measures by our employees and contractors to the extent applicable to their scope of access, including ensuring that all persons authorised to process Customer Personal Data have committed themselves to confidentiality. Our staff connect to the servers for monitoring and maintenance. While connected, we also use encrypted connections. In addition, all our computers have encrypted hard drives and complex passwords to prevent unauthorised access, in case they are stolen.

For information about Amazon's GDPR Data Processing Addendum, please click here.

Payment Processing

To process credit card payments, we use Stripe a well known and respected payment gateway. All data passed between your computer and Stripe are encrypted too, so your credit card details are safe. We don't store - or even see - your card information apart from the expiry date and last four digits to help you identify which card you have stored. We are able to charge stored cards by referring to them by their unique token issued by Stripe and valid only for use by Flight School Booking.

When you make a payment to us for your use of the service, Stripe store Personal Data such as your name, email address and card number.

Third Parties

We will never pass on your details to anyone else without your permission. In addition, we have not been required by any court order to reveal any user information we have stored or to keep any secrets about doing so.