Our role in your privacy
This notice explains what information we collect, when we collect it and how we use this. During the course of our activities, we will process personal data (which may be held on paper, electronically, or otherwise) about you and we recognise the need to treat it in an appropriate and lawful manner. The purpose of this notice is to make you aware of how we will process your personal data.
We take the issue of data protection very seriously, including compliance with the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations.
We are Southampton International Airport Limited (‘Airport’). Here’s how we use and protect your data whilst respecting your privacy.
Your personal data will be processed by Southampton Airport Limited (‘Southampton Airport’) who will act as the data controller. A data controller determines the purposes and means of processing personal data. We are registered as a data controller with the UK Information Commissioner’s Office (‘ICO’) under registration number Z6861626.
Importantly, within the airport environment, other organisations may also process your personal information, for example shops, restaurants, telecommunication providers. The personal data collected by these organisations will not be covered by this privacy notice and therefore your personal data privacy in this instance will be the responsibilities of these third parties.
Privacy note edit history
Text last updated: 22 September 2021
Page visually refreshed: 25 June 2020
• Read this privacy notice.
• If you are a customer, please also check your contracts between us: they may contain further details on how we collect and use your data.
• If you provide us with personal information about other people, or if others give us your information, we will only use that for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf in accordance with this privacy notice.
• This privacy notice does not cover the links within this site linking to other websites. You should read the privacy notices on the other websites you visit.
The types of personal data which we collect
Contact details - Your name, address, telephone number, email address, vehicle registration number and social media username (if public)
Financial information - Your bank account number, sort code, credit/debit card details.
Travel information - National Identity (passport numbers), flight numbers, trip purpose, products booked through our website, details of minors in your custody, travel schedule.
Image and voice - Call recording is underway on all calls to the airport. CCTV is in operation in and around the airport and on shuttle buses, including the usage of body worn cameras.
Data that identifies you - Your IP address, login information, online identifiers, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version.
Data on how you use our website - Your URL clickstreams (the path you take through our website), products/services viewed, page response times, download errors, how long you stay on our pages, what you do on those pages and other actions.
What about special categories of personal data - special categories of personal data include is personal data about race, ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life, sexual orientation, and genetic data.
In some circumstances we collect special categories of personal data about:
• health data; and
• biometric data (where used for ID purposes e.g. eGates at passport control)
We will generally receive this information from you, although there may be limited circumstances where data if received from third parties.
How and why we use your data
Data protection laws mean that we can only use your data for certain reasons and where we have a legal basis to do so.
The legal bases for processing personal data are:
• consent, where the individual has given clear consent for us to process their personal data for a specific purpose – please note that you also have the right to withdraw such consent;
• contract, where the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract;
• legal obligation, where the processing is necessary for us to comply with the law;
• vital interests, where the processing is necessary in order to protect someone’s life;
• public task, where the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law; and
• legitimate interests, where the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect individual’s personal data which overrides those legitimate interests. Our legitimate interests include research and surveys, commercial statistical usage of data from our CRM systems, handling noise complaints, processing photographs of persons who have breached airport byelaws, video recordings and telephone call recordings.
Here is a summary of the reasons we process your data.
Keeping the Airport Secure
Boarding card information will be collected for the purpose of access to air-side facilities, voice recording is underway on telephone calls to airport information lines to protect members of staff from malicious or abusive content and baggage will be scanned and images processed for security purposes.
CCTV and Video Images
When you pass through the Airport, we will collect static or moving imagery via our CCTV system. The Airport collects imagery via CCTV cameras located throughout the airport, in both landside (public) and airside (restricted access) locations and on some of our shuttle buses between terminals. We also use body worn cameras.
Southampton Airport may use CCTV imagery for a number of purposes including but not limited to the following:
• to maintain the safety and security of the airport for our passengers, colleagues and stakeholders, including but not limited to control authorities, national security, detection and prevention of crime and aviation security;
• to monitor flows and demand throughout the airport to optimise resourcing and passenger experience;
• to support the effective management of the airport operation and any incidents. For investigative purposes or as evidence to support any formal follow-up to airport incidents; and
• to provide evidence of regulatory compliance to Department for Transport (DfT) and Civil Aviation Authority (CAA).
• to retain CCTV images of persons that have breached the airport byelaws.
Fulfilling our contracts with you
Managing your purchases of Airport products or services e.g. car parking, including goods and services offered by third-party providers, such as e.g. flights and Wi-Fi.
Improving our website
Gathering visitor data to our website and e-commerce platform, which includes profiling.
Our website uses SessionCam, SEMRush, Hotjar and Google Analytics for analysis purposes and specifically to identify any technical issues or difficulties the users of our websites are having during the customer journey. To do this, SessionCam, SEMRush Hotjar and Google Analytics record your mouse clicks, mouse movements and how you scroll the pages on our website. The information that we collect from web sessions through SessionCam, SEMRush Hotjar and Google Analytics does not include your personal details, financial details, or any special categories of personal data. The information collected is used for internal purposes only and is used to improve the usability of our website and is stored and used only for the purposes of collecting aggregates and statistics relating to the functional performance of our websites.
Customer services / Surveys
To enable our customers to make enquiries, requests for information reports or submit a complaint and for us to survey our customers.
Marketing with your consent
Sending you emails and text messages about airport destinations, holidays, products and services and our partners. Asking you to take part in research and surveys.
We will always ask you before collecting your data for marketing. This is your choice and we never pre tick our boxes. If you have previously opted in to marketing, you can either unsubscribe at the bottom of any of our emails or you can contact us at DPO@agsairports.co.uk. If you opt out of marketing then you will not receive any related news, updates, offers or notices of events
For publicity purposes where images are taken in places where there is no expectation of privacy e.g. public foyer or retail spaces.
Track & Trace
If you attend our airport lounge, we will collect personal information from you to assist with the government’s COVID-19 track and trace programme.
This information will consist of: your name, email, date of travel, flight number, telephone number and your post code.
We use Sales Force to process this information and provide an automated confirmation email(s) to update you once you have registered for Track and Trace.
Ordinarily*, your information will be securely deleted after 21 days. The Airport will only share your personal information when it is requested by a legitimate public health authority.
We process this information for the performance of a task carried out in the public interest and/or our legal obligations. (*However, you may ‘opt in’ to receive future offers or marketing from us. If you make this choice, your details will be securely stored within our CRM system, Sales Force).
Your privacy choices and data subject rights
You can choose not to provide us with personal data
If you do not wish to provide us with your personal data (other than video imagery), you can come into the Airport however you will not be able to pass airside. You can also use the website however will not be able to purchase any products or services without providing personal data.
The Airport will respect all of your data subject rights. You can exercise any of your rights by contacting our group data protection officer at DPO@agsairports.co.uk. If we do hold the information we will:
• Authenticate you as the data subject
• Determine if a right can be administered
• Normally complete your request within 30 days
• Communicate to you in clear and intelligible language
A fee will not generally be charged for exercising any of these rights unless your requests are unfounded or are manifestly excessive.
If you would like to exercise any of these rights, or if you have any concerns about how your personal data is being processed, please contact us, using the contact details at the end of this Privacy Notice.
You have the right to...
You have the right to know how we manage your data and that is why we have made this great privacy notice! We have to tell you:
• The categories of data we process
• Why and how we use your data
• Who (if any) third parties we share your data with
• How long we hold your data
• Your rights regarding your data (which we have explained below). Please note that not all rights can be exercised in all circumstances. Where we are unable to assist you to exercise your rights, we will explain the legal basis for this.
Access any personal data we hold about you
You can ask at any time, for a copy of your personal data. The Airport will respond within one month to advise you if we hold your personal data and if so, we will provide you with a copy of the data unless it would adversely affect the rights of another person e.g. if providing it to you, broke another person’s confidentiality or otherwise not be authorised under the law.
Have any inaccurate data rectified
This right allows you to submit changes to your records and once changes are verified, they will be amended on the Airport records. Similarly, the Airport may periodically request you to check your data is held accurately.
You can request that delete all of your personal data. If you do this, and there is no other lawful basis to keep your data, then it will be deleted.
Restrict our use of your data
You have the right to ask us to restrict how we process your data. This means that we would be permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future. This is not an absolute right.
Object to us using your data
You have the right in some circumstances to object to how we use your data. This is not an absolute right.
Know about automated decision-making including profiling
The Airport does not perform automated-decision making. We may from time to time perform online profiling, however, this does not produce any decisions or legal effects.
About information security
We have physical and electronic procedures to secure the personal data we process All of our staff are trained in data protection.
Transmission: where personal data is electronically transmitted from one computing device to another over a public network an encrypted path will be used e.g. SSL. If your data is transmitted in a hard-copy format from one place to another a secure or locked method of transport will be used, suitable to the nature of the personal data.
Storage: personal electronic records are located on servers in secure premises. If your data is required to be stored outside of the secure premises, the data will be in an encrypted format. Personal paper-based records will be stored in a locked filing cabinet in secure offices to prevent inadvertent access by unauthorised third parties.
Access: only personnel authorised by the Airport will have access to your personal data records on a need-to-know basis.
Transfer to international countries
Your information will only be stored within the United Kingdom and the European Economic Area (‘EEA’) except where international transfers are authorised by law or with your consent.
How long do we store your personal data?
We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law, as recorded in our Data Retention Standard Operating Procedure.
Sharing personal data
Southampton Airport will share your personal data with other organisations in order to supply products or services to you. This could include but is not limited to, car parking, car rentals, hotels, travel companies and Wi-Fi providers.
We may also share your data in the following circumstances:
• You have given us your express consent to do so
• Where it is fair and reasonable for us to do so in the circumstances.
• If the Airport shares your data on a regular basis, it will perform due-diligence and hold written contracts and agreement with these organisations to legally safeguard your data.
• If you have consented for us to share your data with other organisations for the purposes of direct marketing, we will keep your consent on record until it is withdrawn or the purpose of holding your data is no longer valid. On deletion of your data, Southampton Airport will endeavour to contact you to confirm that your information has been removed.
• We also use third parties to help us host our applications and platforms to help us to communicate with customers etc. We only use third parties who are compliant with data protection laws.
We may share your personal data to any of our employees, officers, contractors, insurers, professional advisors, agents, suppliers or subcontractors, and trusted third parties (including group company key commercial shareholders) insofar as reasonably necessary, and in accordance with data protection legislation.
We may also share your personal data:
• with your consent;
• to the extent that we are required to do so by law;
• to protect the rights, property and safety of us, our customers, users of our websites and other persons;
• We need to do so for the purposes of making any services which you have ordered or purchased available to you (for example, where you have ordered goods via Shop and Collect, your information is shared with our Shop and Collect service provider, and when you book car parking services your information is shared with third party providers who help us deliver this service);
• It is necessary to allow us to meet or enforce a legal obligation (for example, we may need to share CCTV footage of you with the police or with the Department of Transport in certain circumstances);
• in connection with any ongoing or prospective legal proceedings;
• to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling;
• to another organisation if we enter into a joint venture or merge with another organisations.
Changes to this privacy notice
We keep our privacy notice under regular review and we will place any updates on this webpage. At the start of this privacy notice, we will tell you when it was last updated.
Wording changed on marketing consent to clearly cover mobile phones text messages.
Changes made to Improving our Website section.
Page visually refreshed and updated to new format.
Track & Trace added.
Updates to Improving our Website section.
Updates to Improving our Website section.
General updates and improvements.
Updates to how and why we use your data.
Complaints and queries
The Airport tries to meet the highest standards when processing personal information. For this reason, we take any complaints we receive about this seriously. We encourage people to bring it to our attention if they think our collection or use of personal information is unfair, misleading or inappropriate. Please contact the Group Data Protection Officer:
AGS Data Protection Officer
St. Andrew’s Drive,
Please reference the AGS airport concerned (Aberdeen, Glasgow, or Southampton) in your correspondence.
If you are still unhappy regarding how we have dealt with your complaint, you have the right to contact the UK Information Commissioner’s Office (ICO). You can do this by calling their helpline, contacting them through their website or writing to them. Their details are as follows:
ICO telephone helpline: 0303 123 1113
ICO website: https://ico.org.uk/concerns
Information Commissioner's Office