Privacy Charter

This is version 1.3, and is considered active as of May 10, 2024 12:00 AM.

Change Summary: Updated references to external parties..

Who are 'we'?

We're Volanti.aero Ltd ("we", "our", "us") and operate under the names "Volanti", and "Volanti.aero".

We're registered with the UK data protection authority (the Information Commissioner's Office, or ICO) under number ZB313867.

This charter details how and why we use your personal information when you open a Volanti account on behalf of an organisation, use our platform, or any of our related services.

If you require additional details about something in this notice, or want to speak to us with regard to data protection, you can email us at [email protected].

The information we hold as a controller, and how we use it 🗂

When you sign up for a Volanti account

  • Personal details of the organisation owner
  • Contact details of the organisation owner
  • Information about your identity, such as a copy of identity documents

When you sign up for Volanti Pay

  • Details that you provide us, such as bank account information, to facilitate payouts
  • Information that you provide us, which we may pass to our payment partner(s)
  • Information that is provided to us following third party checks, reviews, or references

When you get in touch

Depending on the mechanism you use to contact us, we may collect the following:

  • Your email address you use and the contents of the email, along with any attachments
  • The phone number you're calling from and any details you give us during the call
  • Public details from your social media profile (like Facebook, Instagram, or Twitter) if you reach out via them

Information we collect or generate when you use our platform

We collect information about actions taken within the platform, for security and auditing purposes. These details contain data relating to the user who carried out the behaviour, along with metadata relating to the activity. For example, where you record that you have signed an agreement, verified a license, or made an offline payment, we will store details of your browser and internet connection as a digital fingerprint.

We will also collect payment details about your organisation as/when we facilitate payments, or where we record these as part of an offline checkout. This will include us keeping a running total of payments made, along with details of these payments.

Information we get from external sources

When completing the onboarding process, we will take all organisations through an identity verification process as part of our KYB (Know Your Business) checks. We partner with Stripe for this. The results of this check are passed to us and may include details from external sources - such as fraud prevention, AML (Anti Money Laundering), credit reference, or identity verification agencies.

For further details about data we collect from and share with external companies, see "who we share your data with" below.

As part of our ongoing KYB and AML checks, we may use public sources or market research, such as official public records, Electoral registers, Companies House, or information published by the press and social media.

The information we hold as a processor, and how we use it ⚙️

We process user data on your behalf, at your request. We do so as a processor and beyond guiding you on what data collection should take place to facilitate the smooth operating of your organisation, you remain in control of it.

When your users sign up

  • Personal details like name, or date of birth; and/or
  • Contact details such as telephone number, contract address, or email; and/or
  • License information for Flight Crew and/or Medical licenses; and/or
  • Financial details, such as payment methods, bank accounts, or related personal information.

When your users complete an identity check

We partner with Stripe for identity checks, who collect personal details and identity information as part of this process. They may carry out KYC (Know Your Customer) checks on your behalf, and at our request. The results of these checks are passed to us and may include details from external sources - such as fraud prevention, AML (Anti Money Laundering), credit reference, or identity verification agencies.

For further details about data we collect from and share with external companies, see "who we share your data with" below.

Reasons for using your information 👩‍⚖️

Data protection laws state that we must have a lawful basis for using your personal data. At least one of the following must apply: contractual or legal duty, legitimate interest, public interest, vital individual interest, or consent.

We categorise our data usage in a number of ways - this means that for different businesses cases, different lawful basis may apply. These categories are as follows:

When it's in our legitimate interest to do so. This means that we'll use your data for legitimate purposes in line with our business, in the way that you'd expect, that is in the interest of you and/or us and/or a third party. This will never involve eroding your personal right to privacy.

To fulfil a contract with you, or enter into a contract with you. This means that we use the data to:

  • provide the service to which you have subscribed
  • send messages and notifications about your account whether you initiate the conversation, or we do
  • exercise our contractual rights, such as administering, collecting, chasing, and recovering money that you may owe us
  • investigate complaints

For product development, marketing, and research. As a technology company we always look to improve our business processes and our platform. Your data may help us to do that, by:

  • allowing us to tell you about products, services, and features that we offer, via any of our main communication channels, or via advertising partners
  • excluding you from specific advertising campaigns, to ensure our marketing reaches the intended audiences
  • providing additional information about features or services you are interested in, along with any information you willingly provide to us to express your interest
  • check your identity records, as part of our onboarding process, and when we wish to offer new products to you
  • sharing insights, trends, metrics, and statistics of platform usage and user engagement, without personally identifying you.

It's important to reiterate, we will never sell your data.

Where we need to comply with the law which may be as simple as confirming your identity, right up to complying with a legal obligation. Examples of these scenarios include:

  • confirming your identity when you sign up to the platform, or we are instructed to by any organisation on the platform
  • cross-reference your identity information with other identity, registration, or address records
  • prevent illegal activities
  • keep your information inline with our legal obligations for accurate record keeping

For security. We take this incredibly seriously, but to make our platform secure, we sometimes need to use your data:

  • to protect the rights, or safety of us, our organisations, or other customers
  • maintain the security of our platform and other services, ensuring we provide a good experience for you
  • when communicating with third parties that are providing services on our behalf (such as identity checks)

When working with third parties to provide an enhanced experience to you, or facilitating some of the features on the platform. You can read more about our data sharing partners further in this policy.

With your consent. It is, after all, your data. We'll ask for your implied or explicit consent before:

  • sharing your profile picture with others on the platform
  • displaying your personal details to other organisations or users
  • we share more fine-grained or non-aggregate details about your account with third parties, where we haven't outlined that usage in this policy
  • subscribe you to our mailing lists for the purpose of sharing platform updates

It's incredibly important to remember that whilst you can withdraw your consent to these situations at any time, the data may be covered by another lawful basis, and that if we stop processing your information, we may not be able to provide a service to you.

Our data sharing partners 🤝

Named Companies

Volanti partners with a number of companies that provide services to us. This could be companies related to the provision of the technical hardware and infrastructure that we operate from, or payment partners, for example. We will always share the minimum amount of information necessary to maintain the relationship we have with these organisations, and we will never sell your data to them. Where it's possible to share information with them without making you personally identifiable, we will do so.

These companies include:

Payment Processing

We use Stripe for payment, analytics, and other business services. Stripe collects identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection. You can learn more about Stripe and read its privacy policy at https://stripe.com/privacy.

Law enforcement

If the law requires us to share your information, we will comply. However, outside the affordances offered by these terms, we will only do so with a Government authority where we are compelled to do so.

In instances where organisations are in breach of our restricted usage policy, and their behaviour warrants reporting to the authorities, we will take action and pass the necessary details to aid with the investigation. Further, where we suspect cases of money laundering, crime, tax evasion, we have a moral duty to stop the proceeds of financial crime being transferred via our platform, and will report this to the necessary agencies.

Any other parties

Where you provide us written permission to do so, we will share your data with other parties. These companies may include:

  • providers of insurance, to whom you wish to make an inquiry
  • other users of the platform, with whom you wish to communicate
  • people you've asked to represent you, such as solicitors
  • other platforms, if you wish to leave us and transfer your data

How long do we keep your information? 🗄️

We keep hold of your data, in a secure location, whilst you are an active user of Volanti. We will retain data related to your membership of an organisation, at their request, for as long as you are a member. After you cease to be a member of an organisation, or the platform, we will attempt to remove all personal data within 30 days (although it can take up to 60 days for your data to no longer exist within our backups).

In some situations - mostly financial - we must retain some of your data for longer periods of time (up to 6 years). This data will only be held for as long as necessary.

Where your account has been terminated for breach of our terms, and we are liaising with external agencies due to the severity or nature of that breach, it is our legitimate interest to retain data for longer than specified within this document, for the safe and effective investigation of the situation.

Your rights 👀

The law bestows upon you some basic rights regarding your data:

  • The Right to Information: requires us to explain how and why we are processing your information
  • The Right of Access: which guarantees your ability to access the data we hold on you, or get a copy of it
  • The right to Rectification: mandates our requirement to correct inaccurate data after you notify us
  • The Right to Erasure: requires us to delete, or suppress, your data (although for legal reasons we might not always be able to comply)
  • The Right to Restriction of Processing: ask us to temporarily reduce the processing we carry out on your information
  • The Right to Data Portability: grants access to your data in a portable (machine-readable) format, or requires us to transmit it to someone else
  • The Right to Object: tell us 'no' for further processing for other legitimate interests
  • The Right to Avoid Automated Decision-Making: enables you to request a manual review of any automated decisions our platform makes using your data