1. Privacy Notice
Our privacy commitment to you
When you use our products and services, you entrust us with your personal data. We find this relationship extremely important and promise you the following:
We process your personal data in accordance with European & UK data protection laws and regulations and other applicable privacy laws to protect your personal data from unauthorized access and to ensure secure data transfers.
We are transparent about how we use your collected personal data.
We make it clear in advance what the advantage of sharing your personal data is and tailor our communication to your needs and preferences.
We do this in understandable language and throughout the entire customer journey with KLM UK Engineering Limited and partners.
We ensure that you have control over your personal data and use your feedback to continuously improve ourselves.
We ensure that your personal data is safe with us. In the unlikely event that your personal data has been leaked, we will ensure that the leak is stopped as soon as possible and you are notified immediately.
We process your personal data primarily to process your training booking, to take care of your training and purchases and to answer your questions.
We may also use your information to provide you with offers tailored to your interests and preferences.
Please click on the relevant paragraph below for more information.
1. Who we are
We are KLM UK Engineering Limited base at Norwich international Airport, Liberator Road, Norwich, Norfolk, NR6 6ER, United Kingdom.
2. The types of personal data we process
We may collect and process the following categories of personal data:
(A) Name, passport number and other identity data
If you make a training reservation with us, we will record your name, title, gender, date of birth, nationality, country of residence and passport details. If you make a training reservation for other people, we also record their identity details. You should ensure that they know that we collect their personal data and how we use that data.
(B) Your contact details and details of your personal account or registration
We may collect your address, telephone number and email address. If you register for a service, book a maintenance slot, event, contest or promotion or create a personal online account, we may also record your login details and other information that you enter when registering or on the account form.
(C) Information about your training reservations, bookings and purchases
If you make a training reservation or book an online course with us, we process your reservation and booking data, such as details of your course, prices and the date of your reservation or booking. In addition, we process data about the purchase of additional services (CAA & EASA registrations) and products.
(D) Information about your booking
If you book with us, we process information about your course such as your schedule & online learning account. We can also record your specific medical needs or dietary requirements and any additional assistance you may need. Unless otherwise indicated, we do not receive any identity information about you (such as facial images) other than the personal information we already hold.
(E) Our communication with you
If you send us an email, chat with us via the website, or contact us online or via social media with our chat, we record your messages. If you call us, our customer service will record your questions or complaints in our database. We may also record telephone conversations for training purposes or to prevent and combat fraud. We record your communication preferences, for example when you subscribe to or unsubscribe from one of our newsletters, or if you choose to receive information or alerts about your training courses through channels other than email (such as WhatsApp).
(F) Information we collect when you use our websites, mobile apps and other digital media
ii. We will be automatically notified when you open our emails or click on a link in these emails. We can link this information to other data that we already have about you.
iii. With your consent, we may receive your location data.
iv. You can give us permission to access certain data on your mobile phone, such as photos and contacts.
(G) Data relating to social media
Depending on your social network settings, we may receive data from your social network provider. For example, if you log in to our services via a social media account, we may receive your social media profile, with your contact details, interests and contacts. In addition, we receive visitor statistics from Facebook in connection with our Facebook fan page. KLM UK Engineering is jointly responsible for these visitor statistics together with Facebook, but Facebook Ireland Limited is your first point of contact and handles requests to exercise your rights and any complaints. If necessary, we will help Facebook deal with your request or complaint. More information about the personal data we receive from social network providers and about changing your settings can be found on the website and in the privacy policies of these providers.
(H) Information you choose to share with us
We process the information you share with us on your own initiative, for example if you express your interests and preferences on our website, post a comment on our Facebook page, participate in a customer survey or register for a competition.
2.4 Specific services, mobile apps, events, contests or promotions
3. How we collect your data
We collect the categories of personal data as follows:
Personal data provided by you
When you book a book a course with us, create an online account, contact us via social media, participate in a customer survey, contact our customer service, sign up for our emails or mobile push notifications or sign up for one of our events or promotions.
Personal data we receive from your booking agent, our training partners and other companies involved in your booking
We receive your data from these parties to process your reservations and bookings and to facilitate your training and purchases. For example, if you book a course through a booking agent or online platform, we receive your identity, contact and booking details from these third parties.
If you use our website or mobile apps, we collect information via cookies and similar technologies
If you use a social network, we may also receive data from your social network provider
See for more information section 2.1 (H) above.
4. The purposes for which we use your data
4.1. The main purposes for which we use your data
(A) To provide our services to you
We use the information described under 2.1 (A) to (G) to process your reservations and bookings and to facilitate your training and purchases. For example, we use your name and other identity information to provide your training confirmation. We use your contact details to communicate changes in your training booking.
(B) To provide our online services and mobile apps to you and ensure a silent digital experience
i. For example, we use your name when you login into our online services and apps.
ii. Our online services and apps sometimes use your location, for example to show you the nearest point of interest.
iii. In order to provide you with an optimal digital experience, we analyse your digital media usage. For example, we tailor our communications to the digital channel or device you use most often (see 2.1 (G)).
(D) For statistical research
i. General: We research general trends in the use of our services, websites, mobile apps, and social media, as well as trends in the behaviour and preferences of our customers and users. We use our research results to develop better services and offers for our customers, provide better customer service, and improve the design and content of our websites and mobile apps.
ii. Data categories: for our research, we may use the categories of personal data described in sections 2.1(A) to (H). For the research, we only use ‘aggregated’ and ‘pseudonymised’ data. This is data that cannot be directly traced back to you and from which all directly identifiable elements (such as name and e-mail address) have been removed or recoded into a number. We take appropriate measures to ensure that only a limited group of employees have access to the dataset.
iii. Example: for example, our research into booking data and data on the purchase of additional services (additional Modules, Refresher courses) may show that 737 Training courses are more likely to purchase aircraft safety courses. With this information we can improve our services.
iv. Legal basis and right to object: we process your personal data in the context of the legitimate interests described above (see section (i) ‘General’). You have the right to object at any time to the processing of your personal data for statistical research on grounds relating to your particular situation (see section 8 ‘Your rights’ below).
(E) Marketing purposes
i. General: we may use your personal data for direct marketing purposes. In this section we explain how we do that.
ii. Channels: we use various channels such as e-mail, mobile push notifications, our own websites and apps and third-party websites and apps, social media and regular mail. For example:
– Booking-related emails: if you book a training course with us, you will receive several emails related to your booking (such as a booking confirmation and course information). These emails may also contain advertisements and offers tailored to you and your training.
– E-mails from KLM UK Engineering Limited with updates and offers: you can sign up for e-mails with updates and offers tailored to your interests, such as our newsletter. These e-mails may contain offers for our own services and those of our partner.
– Direct messages via other communication channels: with your consent, we use other communication channels to send you direct messages with personalized advertisements and special offers, such as by post, mobile push notifications or via social media (such as Messenger, WhatsApp or LinkedIn).
– Targeted marketing via social media platforms (‘custom audience targeting’): you can sign up to receive personalised advertisements and offers via the social media platforms you use.
In order to be able to show you relevant information and personalized advertisements through various channels, we may share certain identifiers (such as, for example, your e-mail address, telephone number, IP address or your name record in pseudonymized (“hashed”) form with third parties.
For example, we use the Facebook Custom Audience programme of Meta. Among other things, this programme enables us to display personalised advertisements and offers in your newsfeed on Meta platforms, including Facebook Messenger and Instagram. We can also use this programme to exclude you from advertising campaigns on Meta platforms, if, for example, you have already received similar advertisements or offers by e-mail.
To enable Meta to determine whether you have a account on one of Meta’s platforms, we share a pseudonymised (hashed) identifier with Meta. We do not share any other data with Meta. Meta, in turn, only provides us with aggregated data about the effectiveness of an advertising campaign. This is data that cannot be traced directly back to you. This way, we try to make every effort to keep your personal data secure and confidential.
To determine our audience for a specific ad campaign, we may use your booking details or the data we collect when you use our websites, mobile apps, or other digital media. In addition, Meta may use the personal data it collects about you to compile a similar audience. This allows us to reach a new audience through Meta.
We may participate in similar programmes offered by other third parties to display relevant information and personalised advertisements via other channels. These may for example include programmes offered by other social media platforms (such as Twitter, LinkedIn and Pinterest), but also search engine platforms (such as Google and Microsoft Bing) and third-party websites (such as International Aviation Academy Norwich (IAAN) and City College Norwich). Please check the privacy policies of these third parties for more information.
If you no longer want us to include you in the programmes we use to display relevant information and personalised advertisements via various channels, please send an e-mail to Sales.Marketing@klmuk.com to withdraw your consent. When sending this e-mail, please use the e-mail address for which you would like to withdraw your consent.
iii. Personalised offers: we aim to make advertisements and offers as relevant as possible for you. To that end, we may analyse the categories of personal data described in 2.1 (A) to (H), 4.1 (C) (statistical research data) and the personal data we collect when you are registered. We use the results of this analysis to personalise advertisements and offers. For example, with your consent, we may send you an e-mail after you return from a course with offers based on your booking history, to offer you inspiration for your training course. We may also use your booking history to provide you with a discount.
iv. Legal basis and right to object: unless indicated otherwise, we collect and use your personal data as described in this section 4.1 (E) for our legitimate interests and the interests of third parties. You have the right to object to the use of your personal data for direct marketing purposes, including related profiling activities, at any time (see 8 “Your rights” below).
v. Unsubscribe: you can always unsubscribe from receiving personalised advertisements and offers. Please find below an explanation of how you can unsubscribe.
– E-mails: you may unsubscribe from our advertisements and offers in our booking and loyalty programme e-mails and from e-mails to which you have subscribed at any time by clicking on the unsubscribe link in the e-mail. In many cases, you can also unsubscribe by changing your communication preferences in your account. If you unsubscribe, you will only receive e-mails necessary to be able to use our services (e.g. your booking confirmation)
– Postal mail: you may unsubscribe from receiving personalised advertisements and special offers by postal mail by contacting us (see 8 “Your rights” below).
– Other communication channels: if you have opted to receive personalised advertisements and offers through mobile push notifications, you can unsubscribe by changing your smartphone settings (for mobile push notifications). Visit the website of the social media platform for more information on how to unsubscribe from receiving personalised advertisements and offers through social channels (e.g. Messenger, WhatsApp, and WeChat).
– Contact our Privacy Offices: you may always contact us to unsubscribe from receiving messages containing advertisements and offers (see 8 “Your rights” below).
(F) To communicate with you
We use your contact details to communicate with you about our services or loyalty programme, to answer your questions, or to address your complaints.
(G) To conduct our business operations or to comply with statutory obligations
We collect, use, and retain your personal data to conduct our business operations, such as for record-keeping purposes, to prevent or combat fraud, or to settle disputes. In the case of fraud or misuse of our services, we may enter your personal data in our internal fraud control and warning systems. As a result, your bookings may be subject to close scrutiny and in particular cases be refused or cancelled, or you may no longer be welcome on board our aircraft or only on certain conditions (see 4.1 (G) above). We also collect and use your personal data to comply with our legal and tax obligations.
4.3 Legal basis
We may collect and use your personal data only if we have a legal basis for doing so. In many cases, we need your personal data to receive your booking, arrange your training or purchases, or to answer your questions (see 4.1 (A) to (B) and (F) above). In those cases, the legal basis for processing your data is ‘necessary for the performance of a contract’.
If you have consented to the collection and use of your personal data (which consent you may withdraw at any time, see 8 “Your rights” below), we will collect and use your data based on that consent.
In certain cases, we may use your personal data if we or third parties have a legitimate interest in doing so. We will always consider all interests carefully: your interests, the interests of others, and KLM UK Engineering Limited interests. On that legal basis, we will collect and use your data for, for instance, flight safety, statistical research, or direct marketing purposes, or to offer personalised discounts and offers (see 4.1 (C), (D), (E) and (G) above for more information).
We may have a legal obligation to collect and use your data, for example, to satisfy aviation governing bodies (CAA or EASA) (see 4.1 (H).
If you refuse to provide the personal data that we need to perform the contract we have concluded with you or to comply with a legal obligation, we may not be able to provide all the services you have requested from us. Consequently, we may have to cancel your booking, or we may not be able to provide you with the additional services you have requested. If you provide incomplete or inaccurate information, we may be forced to deny you access to the course or online services
5. Granting access to or exchange of data with third parties
(A) To facilitate your bookings
To handle your reservations and bookings and to arrange your bookings and purchases, we often need to share your personal data with our partners, airport operators, and other companies involved in facilitating your booking (see 3.1 (B) above, “How we collect your data”).
(B) Corporate accounts
If you book using your employer’s account, your employer will have access to certain booking details, such as the price, dates, and service information. Your employer is independently responsible for how it collects and uses your personal data and informs you about it.
(C) For support or additional services
To provide our services, we use the support or additional services of third parties, such as IT suppliers, social media providers, marketing agencies, and screening service providers. All such third parties are required to adequately safeguard your personal data and only use such data in accordance with our instructions.
(D) Payment services
To process payments for your purchases, we may work with third parties that offer payment services. In many cases, those payment service providers also conduct fraud checks. They operate their own privacy policies in terms of the way in which they use your personal data.
(E) Personalised marketing through social media platforms
For more information, see 4.1 (E) under “Purposes for which we use your data”.
(F) To enable our partners to tailor their services to your trip
We may share your non-personalised information (Product, date, and duration of the course) with partners that offer additional services (e.g. hotel accommodations, car rental services) so that they can provide you with offers tailored to your booking. Our partners operate their own privacy policies in terms of the way in which they use your personal data.
5.2. Specific services, apps, events, contests, or campaigns
5.3 Government agencies
We may be legally required to collect your personal data before you travel to another country and share it with the government agencies in the countries on your itinerary. For example, we may be legally required to collect and share your identifying data and your booking and booking information with those agencies for purposes of border control, immigration formalities, entering a country, or combatting terrorism or other serious crimes (see 5.4 (B) below). We may also be statutorily required to share your health data with the government agencies in the countries on your itinerary for public health purposes (see 2.1 (D) above).
5.5. Third-party websites
6. Security and storage
(A) Our commitment
To ensure the security and confidentiality of your personal data is our priority. Taking into account the nature of your personal data and the risks of processing, we have taken all appropriate technical and organizational measures required by the applicable legal regulations (in particular Article 32 of the General Data Protection Regulation (GDPR)), so that an appropriate level of security is guaranteed and in particular to prevent accidental or unlawful destruction, loss, alteration or provision of, breach of or unauthorized access to this data.
(B) The security measures we have taken
i. Organizational measures: we have taken various organizational measures to increase the alertness of our employees and for accountability. Programs have been introduced that raise awareness while promoting the exchange of good practices and safety standards. In that context, our employees have access to a wide range of documents about information security and privacy protection and everything that comes with it.
ii. Technical measures: we strictly monitor the physical and logical access to the internal servers on which your personal data is hosted or processed. We secure our network with the latest hardware (Firewall, IDS, DLP etc.) and architecture (including security protocols such as TLS 1.2) to prevent and mitigate the risks of cybercrime.
(C) The development of our security systems In order to maintain an appropriate level of safety, we have internal processes according to the best practice. We use competent professionals to ensure the highest possible level of protection.
(D) What you can do yourself The security and confidentiality of personal data is all about optimal use of all parties involved. When you make a booking, you will be sent the file references. These booking references must remain confidential at all times. If these references reach other passengers, they may access your booking details through our systems or those of third parties involved in the execution of your booking. If you are booking together and do not want your colleagues to have access to your personal data, we advise you to book separately.
We also advise you not to disclose the passwords you use to access our services to third parties, to log out of your profile and social account systematically (especially in the case of linked accounts), and to close the browser window at the end of your session, especially if you are accessing the Internet from a public computer. This will prevent other users from accessing your personal data. To avoid the risk of hacking, we recommend using different passwords for every online service you use. We cannot be held responsible for theft of your data on a platform that is not managed by us.
In addition, we strongly recommend that you do not distribute to third parties documents issued by KLM UK Engineering Limited containing your personal data (your booking, course details, etc.) or other information related to your booking or to publish these on social networks. If you decide to publish these documents on social media, you are responsible for consulting and understanding the general conditions of use, information security practices and privacy policies applicable to those third-party social networks. We cannot be held responsible for how data is processed, stored or disclosed on these platforms.
(E) Management of security incidents
There is no such thing as ‘zero risk’ and even if we implement all the security measures recognised as appropriate, unforeseen things can happen. We have specific procedures and resources in place to manage security incidents under the best possible conditions. We have also set up a specific procedure for assessing possible breaches of security that could lead to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to your personal data, for notifying the competent supervisory authority within the period stipulated by applicable law, and for warning you when a breach is likely to result in a high risk to your rights and freedoms. Tests are carried out periodically to verify the functioning of the security installations and adequacy of the procedures and devices deployed.
We do not store your personal data longer than necessary. How long your personal data is stored depends on the purposes for which this data is processed and on the applicable statutory retention period.
7. Your rights
7.1. You may contact our Privacy Office (see 7.4 below) to exercise any of the rights you are granted under applicable data protection laws, including (A) the right to access your data, (B) to rectify your data, (C) to erase your data, (D) to restrict the processing of your data, (E) the right to data portability, and (F) the right to object to processing.
(A) Right to access
You may ask us whether we collect or use any of your personal data and, if so, to receive access to that data in the form of a copy.
(B) Right to rectification
You have the right to have your data rectified if it is inaccurate or incomplete. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
(C) Right to erasure
You have the right to have your personal data erased. This means that we will delete your data. Erasure of your personal data only takes place in certain cases, as prescribed by law and listed in Article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data is no longer necessary for the purposes for which it was originally processed and situations where your data was processed unlawfully. Due to the way in which we maintain certain services, it may take some time before backup copies are erased.
(D) Right to restriction of processing
You have the right to obtain a restriction on the processing of your personal data. This means that we will suspend the processing of your data for a certain period. Circumstances which may give rise to this right include situations where the accuracy of your personal data is contested, and we need some time to verify its (in)accuracy. This right does not prevent us from continuing to store your personal data. We will inform you before the restriction is lifted.
(E) Right to data portability
Your right to data portability entails that you may ask us to provide you with your personal data in a structured, commonly used and machine-readable format, and have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible, we will transmit your personal data directly to the other controller.
(F) Right to object
You have the right to object to the processing of your personal data. This means you may ask us to no longer process your personal data. This only applies if the ‘legitimate interests’ ground (including profiling) constitutes the legal basis for processing (see 4.3 “Legal basis” above). You can object to direct marketing at any time and at no cost to you if your personal data is processed for this purposes, which includes profiling to the extent that it is related to direct marketing. If you exercise this right, we will no longer process your personal data for such purposes.
7.2. Withdrawal of consent
You may withdraw your consent at any time by following the specific instructions concerning the processing for which you provided your consent. For example, you can withdraw consent by clicking the unsubscribe link in the e-mail, adjusting your communication preferences in your account (if available), or changing your smartphone settings (for mobile push notifications and location data).
7.3. Denial or restriction of rights
There may be situations where we are entitled to deny or restrict your rights as described in 7.2 above. In all cases, we will carefully assess whether such an exemption applies, and inform you accordingly. We may, for example, deny your request for access when necessary to protect the rights and freedoms of other individuals, or refuse to delete your personal data in case the processing of such data is necessary for compliance with legal obligations. The right to data portability, for example, does not apply if the personal data was not provided by you or if we process the data on grounds other than your consent or for the performance of a contract.
7.4. Privacy Office
If you wish to exercise your rights, please send your request to KLM UK Engineering Limited Privacy Office:
KLM UK Engineering Limited
Norwich international Airport,
7.5. Questions, comments or complaints