Your Privacy, Protected

Effective Date: 9 June 2025

1. Introduction

This Privacy Policy explains how AirXcite Ltd T/A Virgin Balloon Flights ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website, book a flight, or interact with us in any way. We’re committed to keeping your information safe, secure, and in your control.

Company Registered Office:
Jesson House, Stafford Court, Telford, Shropshire TF3 3BD
Website: www.virginballoonflights.co.uk
Data Protection Contact: Data Compliance Officer
Subject Access Requests: SAR Form

2. What Data We Collect

We collect and process the following types of personal data:

• Name, email address, phone number, postal address
• Date of birth and weight (to assess suitability for balloon flight)
• Access needs or health conditions relevant to flying
• Purchase history, booking details, and payment methods
• Customer service records and communications
• Website usage data, including IP address, browser, and device information
• Email engagement (opens and clicks, if consented)
• CCTV images recorded during flight for insurance and safety purposes

3. How We Collect Your Data

We collect your data when you:

• Make a booking or purchase via our website
• Register, activate or book with your flight voucher
• Submit reviews, feedback, or complete surveys
• Contact our customer support team
• Use our website, which includes cookies and tracking technologies
• Opt-in to marketing or subscribe to our newsletter

4. How We Use Your Data

We use your personal data to:

• Provide, manage, and fulfil your balloon flight experience
• Assess flight suitability based on age, weight or health requirements
• Respond to enquiries and provide customer support
• Process secure payments and issue confirmation emails
• Improve our website, services, and marketing performance
• Send marketing communications (only if you’ve opted in)
• Create anonymised insights to help us improve our operations
• Ensure safety and insurance compliance through CCTV footage

5. Third-Party Processors and Platforms

We only share personal data with trusted third-party platforms that help us operate efficiently and securely:

Marketing & Analytics

• Google Analytics, Google Ads
• Ahrefs Analytics
• Meta (Facebook & Instagram)
• Webgains, Awin (affiliate tracking)

Automation Services

• Make

Email & Support Communications

• Mailchimp (marketing emails)
• Reamaze (customer support)

Payments

• Stripe, PayPal, Klarna

Please note: pilots may be contracted by us to operate flights on our behalf, but we do not share your data with third-party experience providers for fulfilment purposes.

6. Third-Party Platforms and Independent Data Use

Some third-party platforms we use (e.g. Google, Meta, Stripe) act as independent data controllers. They process your personal data according to their own privacy policies for services like fraud prevention, analytics, and advertising. We encourage you to review those policies separately.

7. International Data Transfers

When we transfer data outside of the UK or EEA (e.g. via Google or Meta), we rely on Standard Contractual Clauses (SCCs) and other approved safeguards to ensure your data is protected.

8. Profiling & Marketing Segmentation

We use limited profiling for marketing purposes, such as creating anonymised audiences in Google and Meta to deliver relevant ads based on website visits or previous purchases (only where consent has been given). No profiling results in legal or significant automated decisions.

9. How We Store Your Data

Your data is securely stored via encrypted cloud platforms and secure local systems at our head office. In some cases, hard copies may also be used and are held in locked, clean environments with strict access controls.

10. How Long We Keep Your Data

We retain personal data only as long as it’s needed for the purpose it was collected. Data is regularly reviewed for accuracy and securely deleted or anonymised when no longer required.

CCTV footage is held securely for up to 31 days, unless needed longer for safety, legal, or insurance purposes.

11. Your Rights Under UK GDPR

You have the right to:

• Access the data we hold about you
• Correct any inaccurate or outdated information
• Request deletion of your personal data
• Object to or restrict processing of your data
• Request a copy of your data (data portability)
• Withdraw marketing consent at any time

To exercise your rights, please use our Subject Access Request form:
👉SAR Form

12. Cookies and Tracking

We use cookies and tracking technologies to:

• Keep you logged in and enhance your user experience
• Understand how our website is used and make improvements
• Deliver personalised advertising (with your consent)

We use a Google Consent Mode V2-compliant Cookie Management Platform (CMP). Non-essential cookies are only activated once you’ve given permission. You can adjust your preferences at any time via our Cookie Settings link.

For full details, see our Cookie Policy.

13. Children’s Privacy

We do not knowingly collect or process data from children under 16 without parental or guardian consent. If we discover that a child has submitted personal data, we will delete it as soon as possible. Parents can contact us to review or request deletion.

14. Changes to This Privacy Policy

We review our policy regularly to make sure it reflects current practices and legal requirements. The latest version is effective from 9 June 2025.

15. Call Recordings

We may record telephone calls to or from our customer service team. These recordings are used for:

• Training and quality assurance
• Monitoring and resolving customer service issues
• Providing evidence in case of a dispute or complaint

Call recordings are stored securely on cloud-based servers and may be accessed by authorised team members only. At present, we retain these recordings indefinitely to support service review, safety, and compliance. If this policy changes, we will update this section accordingly.

Recordings are treated as personal data under UK GDPR and are handled in line with all data protection principles.

16. Contacting the ICO

If you have concerns about how we handle your data, you can contact:

Information Commissioner’s Office (ICO)
🔗 https://ico.org.uk/make-a-complaint/