This Privacy Policy sets out how STRATUS-1 uses and protects any personal data that you provide to STRATUS-1 (including personal data provided through the website [Your Website URL] (“Website”)). STRATUS-1 provides services to its business clients on a worldwide basis, including access to software and technology to notify passengers of clients about delays or cancellations to their travel arrangements, which may include the collection and processing of personal data about individuals on behalf of its clients or potential clients (“Services”). In addition to this, the Website also collects certain personal data from users.
STRATUS-1 and its affiliated Group companies (“STRATUS-1 Group”) are firmly committed to respecting and protecting the privacy of all personal data received or collected, in strict adherence to Data Protection Legislation (defined below) and best business practices. The STRATUS-1 Group has established this Policy so that you can understand the care with which we intend to treat personal data, as a standard. Although legal requirements may vary from country to country, the STRATUS-1 Group intends to adhere to the principles set out in this Privacy Policy even if, in connection with the above, we transfer your personal information from your country to countries outside of the EEA that may not require a high level of protection for your personal information.
STRATUS-1’s data protection and privacy measures are governed by applicable data protection legislation. For the purpose of applicable data protection legislation:
Where personal data is provided directly to STRATUS-1 through use of the Website, email, or other means where STRATUS-1 is determining the way in which that personal data is processed for its own use, then STRATUS-1 will be a data controller of such information.
Where STRATUS-1 is provided personal data in its capacity of providing Services to its clients, then STRATUS-1 will only process that personal data in accordance with the instructions of its clients and STRATUS-1 will, therefore, act as a data processor in respect of such personal data; STRATUS-1’s client will be the data controller of that personal data for that purpose and will be responsible to data subjects for the way in which their personal data is processed as the data controller.
Where STRATUS-1 acts as a data processor on behalf of its clients, STRATUS-1 will process that personal data on the instructions of its clients, who would have collected that personal data in accordance with that client’s own privacy policy. Individuals who have contracts with our clients should, therefore, check that client’s own privacy policy to ensure they understand how their personal data may be processed.
Personal data means any data or information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
Where STRATUS-1 is acting as a data controller, STRATUS-1 may collect, use, store and transfer different kinds of personal data about you which STRATUS-1 has grouped together as follows:
Identity Data includes first name, last name, username or similar identifier, title, job title, and date.
Contact Data includes the billing address, delivery address, email address, and telephone numbers.
Usage Data includes information about how you use STRATUS-1’s Services or submit an enquiry or query through the Website.
Preferences and Interests including information about STRATUS-1’s Services that you might wish to hear about.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
Subject to where STRATUS-1 needs to verify your identity and you provide your express consent for STRATUS-1 to process such information, STRATUS-1 does not process any Special Category personal data (as defined by Data Protection Legislation) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor does STRATUS-1 collect any information about criminal convictions and offences. As mentioned above, STRATUS-1 may process Special Category personal data about individuals on behalf of its clients, in which case our client’s own privacy policy will explain the Special Category data being processed and the purposes for which it will be processed.
STRATUS-1 uses different methods to collect personal data from and about you, including through:
Direct Interactions
You may give us your contact information by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when STRATUS-1 provides its Services.
Events
We may meet you at events, and you may provide us with your contact details in order for us to contact you about our Services.
Third Parties or Publicly Available Sources
We may receive personal data about you from various third parties and public sources such as:
Contact data from providers, including third-party debt agencies.
Internet / LinkedIn / websites.
STRATUS-1 will only use your personal data when the law allows us to, i.e., if we have a legal basis for doing so, as outlined in this Policy or as notified to you at the time we collect your personal data, and for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do this. Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
Where we act as the data controller for client contact information, we have set out below in a table a description of all the ways we plan to use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact STRATUS-1 if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out.
| Purpose/Activity | Type of Data | Lawful Basis for Processing (Including Basis of Legitimate Interest) |
|---|---|---|
| To register you or the company that you are connected to as a new client and verify your identity (where required) | (a) Identity, (b) Contact | Performance of a contract or Legitimate interests or Consent |
| To process and deliver the Services including: (a) Manage accounts, payments, fees, and charges, (b) Contacting you and corresponding about the Services | (a) Identity, (b) Contact | Performance of a contract or Legitimate interests |
| To respond to queries and enquiries and deal with your preferences and interests | (a) Identity, (b) Contact | Performance of a contract or Legitimate interests |
| To undertake marketing to you | (a) Identity, (b) Contact | Legitimate interests or Consent |
Where we act as the data controller for client contact information, or where permitted by STRATUS-1’s data controller clients, personal data processed by STRATUS-1 may be shared as follows:
with any member of the STRATUS-1 Group, which means STRATUS-1’s subsidiaries, STRATUS-1’s ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006;
with permitted third-party contractors of STRATUS-1 for the purposes of providing Services to STRATUS-1 or for performing its Services, helping us to deliver our products and information (“Data Processors” or “Sub-Processors”);
where STRATUS-1 is under a duty to disclose your personal data to comply with any legal obligation or to enforce or apply STRATUS-1’s terms and conditions and other agreements;
to protect the rights, property, or safety of STRATUS-1, STRATUS-1’s client, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws; or
with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
Where we provide your personal data to Data Processors or Sub-Processors we will have in place a written agreement with each third party confirming on what basis the third party will handle your personal data and will ensure that there are sufficient safeguards and processes in place to protect your personal data. We require all third parties to respect the security of your personal data and to treat it in accordance with the law and only process that personal data in accordance with our (or our client’s) instructions. The third parties that we may send your personal data to are either within the European Economic Area (“EEA”) or to third parties under suitable protection mechanisms as laid out in applicable Data Protection Legislation.
We are part of a Group of companies with offices in locations in the UK and Australia. We also contract with third parties who we may share your personal data with who are located outside of the UK and EEA. This means that from time to time we may transfer your personal data from within the UK or EEA to locations outside of the UK or EEA. In that case, we will ensure that the recipient is either located in a country to which the UK or EEA (as applicable) considers to be deemed to provide an adequate level of protection for personal data or to other countries where we have put in place adequate security mechanisms to ensure your personal data will be handled in a way that is required under applicable data protection legislation.
We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed and have an Information Security Policy in place to which we adhere to. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain personal data in accordance with our retention policy, which includes:
where we act as a data controller in connection with client contact information, for as long as necessary to fulfil the purposes we collected it for, e.g., contracts information is kept for 7 years;
where we act as a data processor on behalf of its clients, for the period as notified or agreed with the data controller client;
in either case, for the period required for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
The right to be informed – this is information on for what purpose we are processing it and what personal data we are processing.
The right of access – you have the right to be provided with copies of the personal data of you that we are processing as well as confirmation of the processing we are doing. You can do this by sending a “subject access request” to the contact details noted above for our consideration.
The right to rectification – if you think the personal data that we hold on you is wrong you can tell us and we will fix it.
The right to erasure (also known as the right to be forgotten) – if you want us to permanently delete the personal data we hold for you then you can ask us to do so.
The right to restrict processing – if you do not like how we are using your personal data then you can let us know and we will stop processing it in that way.
The right to data portability – if you want us to pass on your personal data to someone else then please let us know. This transfer should not affect the integrity or otherwise damage your personal data.
The right to withdraw your consent – you can withdraw your consent for us to process your personal data (if we have relied on your consent to process your personal data) at any time by contacting us. If we have relied only on your consent as the basis to process your personal data then we will stop processing your personal data at the point you withdraw your consent. Please note that if we can also rely on other bases to process your personal data aside from consent then we may do so even if you have withdrawn your consent.
Rights in relation to automated decision making and profiling – if we use either automated decision making or profiling then you have a right to know. Also, we need your consent if either of these are used to make a decision that affects you. As with all consent, you can withdraw it at any time.
To exercise any of the above rights please email your request to dataprotection@stratus1.com.
The Website is not intended for children and STRATUS-1 will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.
If you would like to make a complaint in relation to how STRATUS-1 may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). STRATUS-1 would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
STRATUS-1 is committed to ensuring that your information is secure and has in place reasonable and proportionate safeguards and procedures to protect your personal data. While STRATUS-1 does its best to protect your personal data, STRATUS-1 cannot guarantee the security of any information that you transmit to STRATUS-1 and you are solely responsible for maintaining the secrecy of any passwords or other account information.
As and when necessary, changes to this Privacy Policy will be posted here. Where changes are significant, we may also email all our registered users with the new details, and where required by law, we will obtain your consent to these changes.