Privacy policy
ASG Privacy Policy
Introduction
Aviation Systems Group Ltd runs this online store and website, including the related content, features, tools, products and services (together, the “Services”). We use Shopify to help provide the Services. This Privacy Policy explains how we collect, use and share your personal information when you visit the Services, make a purchase or another transaction, or contact us.
This Privacy Policy forms part of our overall policy framework and should be read alongside our Terms of Service, Returns & Refunds Policy, Shipping & Delivery Policy, and Cookie Policy.
In the event of conflict relating to personal data processing, this Privacy Policy will apply.
Aviation Systems Group Ltd is the data controller of the personal information described in this Privacy Policy, except where this Privacy Policy explains that another organisation, such as Shopify, is responsible for certain processing.
Please read this Privacy Policy carefully so you understand how we handle your personal information when you use our Services.
UK GDPR Lawful Bases (United Kingdom)
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we must have a valid lawful basis to use your personal information. Depending on what we are doing with your information, we rely on one or more of the following lawful bases:
Contract – where we need to process your information to enter into or perform a contract with you (for example to take payment, fulfil and deliver your order, handle returns/refunds, including our voluntary 50-day returns policy, and provide customer service).
Legal obligation – where we need to comply with our legal obligations.
Legitimate interests – including running and improving our store, preventing fraud, securing our systems, and understanding how customers use our website.
Consent – where you have given permission (for example marketing and non-essential cookies).
Lawful basis by processing activity.
The table below summarises the main types of personal information we use, why we use them, and the lawful basis we rely on.
| Processing activity | Personal information used | Purpose | Lawful basis |
|---|---|---|---|
| Orders and customer support | Contact, account, transaction and payment details | To process orders, take payment, deliver purchases, handle returns and provide support | Contract |
| Fraud prevention and security | Device, usage, account and transaction information | To secure the Services, detect misuse and help prevent fraud | Legitimate interests and, where relevant, legal obligation |
| Legal and regulatory compliance | Contact details, records of transactions, payments and correspondence | To meet legal, tax, accounting and regulatory requirements | Legal obligation |
| Analytics and service improvement | Device information, usage information and cookie identifiers | To understand website use and improve performance and functionality | Legitimate interests and/or consent for non-essential cookies or similar technologies |
| Direct marketing | Contact details, purchase history and marketing preferences | To send marketing and manage your preferences | Consent and/or legitimate interests where permitted, including the PECR soft opt-in where applicable |
| Personalised content and advertising | Usage data, device data, cookie identifiers and purchase history | To personalise content, show relevant products and support advertising | Consent where required for advertising cookies or similar technologies, and otherwise legitimate |
We do not intentionally collect special category data (for example information about health, religion, or ethnicity). If this ever changes, we will update this Privacy Policy and explain the additional protections that apply.
Personal Information We Collect or Process
In this Privacy Policy, “personal information” means information that identifies you or could reasonably be linked to you. It does not include information that has been anonymised or de-identified so that you can no longer be identified. Depending on how you use the Services, where you live, and what the law allows or requires, we may collect or use the following categories of personal information, including inferences drawn from that information.
- Contact details including your name, address, billing address, shipping address, phone number, and email address.
- Financial information including credit card, debit card, and financial account numbers, payment card information, financial account information, transaction details, form of payment, payment confirmation and other payment details.
- Account information including your username, password, security questions, preferences and settings.
- Transaction information including the items you view, put in your cart, add to your wishlist, or purchase, return, exchange or cancel and your past transactions.
- Communications with us including the information you include in communications with us, for example, when sending a customer support inquiry.
- Device information including information about your device, browser, or network connection, your IP address, and other unique identifiers.
- Usage information including information regarding your interaction with the Services, including how and when you interact with or navigate the Services.
Personal Information Sources
We may collect personal information from the following sources:
- Directly from you including when you create an account, visit or use the Services, communicate with us, or otherwise provide us with your personal information;
- Automatically through the Services including from your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
- From our service providers including when we engage them to enable certain technology and when they collect or process your personal information on our behalf;
- From our partners or other third parties.
Cookies and Similar Technologies (PECR – the Privacy and Electronic Communications Regulations)
We use cookies and similar technologies (such as pixels, tags and local storage) to operate our website, understand how it is used, and support marketing. Some cookies are strictly necessary for the website and checkout to work. Others are optional and are used for analytics and advertising.
Under PECR, we will only set and use non-essential cookies (for example analytics and advertising cookies) where we have the appropriate consent. You can manage your cookie preferences at any time using our cookie settings on the website (where available) and you can also control cookies through your browser settings. If you disable certain cookies, parts of the Services may not function properly.
How We Use Your Personal Information
We only collect and process personal information that is necessary for the purposes described in this Privacy Policy.
Depending on how you interact with us or which of the Services you use, we may use personal information for the following purposes:
Provide, Tailor, and Improve the Services.Provide, Tailor, and Improve the Services.We use your personal information to process orders and payments, deliver purchases, manage returns and refunds (including our voluntary 50-day returns policy), maintain your account, remember your preferences, provide customer support, and improve how the Services work. We may also use it to personalise your experience.
Marketing and Advertising.Where you subscribe or opt in via our Shopify checkout or account features, we record your marketing preferences and consent status in accordance with applicable law.
Security and Fraud Prevention. We use your personal information to keep accounts, payments and the Services secure, to detect and investigate fraud or other misuse, and to protect our business, our customers and the public. If you create an account, you are responsible for keeping your login details confidential.
Communicating with You. We use your personal information to respond to your questions, provide customer support, and keep in touch with you about your account, orders or other service-related matters.
Legal Reasons. We may use your personal information to comply with the law, respond to valid legal requests, enforce our terms and policies, and establish, exercise or defend legal claims.
You are responsible for ensuring that the personal information you provide to us is accurate and kept up to date.
How We Disclose Personal Information
We may share your personal information with third parties where this is needed for the purposes described in this Privacy Policy, including in the following situations.
The categories of recipients with whom we may share personal information include payment providers, website hosting and e-commerce platform providers, IT and security providers, analytics providers, advertising and marketing partners, delivery and logistics providers, professional advisers, insurers, auditors, and regulators or public authorities where required by law.
With Shopify, vendors and other third parties who perform services on our behalfWith Shopify, vendors and other third parties who perform services on our behalf (e.g. IT management, payment processing, data analytics, customer support, cloud storage, fulfillment and shipping).
With business and marketing partners to provide marketing services and advertise to you. For example, we use Shopify to support personalised advertising with third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your information in accordance with their own privacy notices. Where required by law, we will seek consent before using non-essential cookies or similar technologies for advertising.
When you direct, request us or otherwise consent to our disclosure of certain information to third parties, such as to ship you products or through your use of social media widgets or login integrations.
With our affiliates or otherwise within our corporate group.
In connection with a business transaction such as a merger or bankruptcy, to comply with any applicable legal obligations (including to respond to subpoenas, search warrants and similar requests), to enforce any applicable terms of service or policies, and to protect or defend the Services, our rights, and the rights of our users or others.
We do not control third-party services such as Shopify or integrated applications and are not responsible for their independent processing activities.
Relationship with Shopify
The Services are hosted by Shopify. This means Shopify collects and processes personal information about how you access and use the Services so that the Services can work and be improved. Information you submit through the Services may be sent to Shopify and shared with third parties, including parties in countries other than the one where you live, where this is needed to provide and improve the Services. We also use certain Shopify features that help us protect, grow and improve our business. To provide these features, Shopify may use personal information from your interactions with our store, other merchants and Shopify. In these cases, Shopify is responsible for this processing and for responding to requests to exercise rights relating to that processing. To learn more about how Shopify uses your personal information and any rights you may have, you can visit the Shopify Consumer Privacy Policy. Depending on where you live, you may be able to exercise certain rights here: Shopify Privacy Portal Link.
We do not control Shopify or other third-party services and are not responsible for their independent processing activities.
Third-Party Websites and Links
The Services may include links to websites or online platforms run by third parties. If you follow those links, you should review the relevant privacy notices, security information and terms, because we are not responsible for those third-party services. Information you choose to share in public or semi-public areas, including on third-party social media platforms, may be visible to others. Including a link does not mean we endorse that third party or its content unless we say so expressly.
Children’s Data
The Services are not intended for children and we do not knowingly collect personal information from children. If you are a parent or guardian and believe that a child has provided us with personal information, please contact us using the details below and we will take appropriate steps to delete that information.
Security and Retention of Your Information
We use reasonable security measures to protect personal information, but no system is completely secure. Information sent over the internet may not always be secure in transit, so we recommend that you do not send sensitive information through unsecure channels.
We keep personal information only for as long as we need it for the purposes described in this Privacy Policy. In practice, this usually means: account information for as long as you keep your account, and for a reasonable period afterwards in case of queries or disputes; order, payment and customer service records for as long as needed to complete your purchase and deal with returns, refunds and complaints; and records we must keep for legal, tax and accounting reasons for the period required by law, which is often up to 6 years in the UK. We may keep information for longer where needed to establish, exercise or defend legal claims, or to help prevent fraud.
Automated Decision-Making and Profiling
We do not currently carry out solely automated decision-making that produces legal or similarly significant effects on individuals. We may use limited profiling or analysis to help us personalise website content, product recommendations, fraud checks, and marketing, but this does not involve solely automated decisions with legal or similarly significant effects. If this changes, we will update this Privacy Policy and provide any additional information required by law.
Your Rights and Choices
If you are in the UK, you have rights under the UK GDPR in relation to your personal information. These rights are not absolute and may apply only in certain circumstances. If you are outside the UK, similar rights may apply under your local law.
- Right of access – you can ask for a copy of the personal information we hold about you.
- Right to rectification – you can ask us to correct inaccurate or incomplete information.
- Right to erasure – you can ask us to delete your information in certain circumstances.
- Right to restriction – you can ask us to limit how we use your information in certain circumstances.
- Right to object – you can object to processing based on legitimate interests, and you can object at any time to direct marketing.
- Right to data portability – where applicable, you can request that we provide your information to you or transfer it to another organisation.
- Right to withdraw consent – where we rely on your consent, you can withdraw it at any time. This will not affect processing carried out before you withdraw consent.
- Marketing preferences – you can opt out of marketing emails using the unsubscribe link in our emails. For SMS, you can opt out using the instructions in the message or by contacting us. If you opt out, we may still send you non-marketing messages (for example about your orders or account).
To exercise your rights, please use any options available within the Services (for example account settings) or contact us using the details below.
Where your personal information is processed by Shopify for Shopify’s own purposes (as described in the “Relationship with Shopify” section), you may also need to use Shopify’s tools to exercise certain rights in relation to that processing.
We will not treat you unfairly for exercising your rights. Where needed, we may ask for information to verify your identity before acting on your request. If the law allows, you may also appoint an authorised agent to make a request on your behalf. Before accepting that request, we may ask for proof that the agent has your permission and may also ask you to confirm your identity directly. We will respond within the time required by applicable law.
Complaints
If you have a complaint about how we use your personal information, please contact us first and we will try to resolve it. If you are in the UK, you also have the right to complain to the Information Commissioner’s Office (ICO). If you are in the EEA, you may also have the right to complain to your local data protection authority.
International Transfers
Please note that we may transfer, store and process your personal information outside the country you live in.
If we transfer your personal information outside the UK, we will ensure appropriate safeguards are in place. Depending on the destination and the recipient, this may include an adequacy regulation, or contractual safeguards such as the UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU Standard Contractual Clauses, together with any additional measures required by applicable law.
Where personal information is transferred outside the UK, you may request further information about the specific safeguard used for your data by contacting us using the details below. Where required, we also assess whether additional technical, contractual or organisational measures are needed to protect personal information transferred internationally.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements or operational needs. When we do, we will post the updated version on this website, revise the “Last updated” date, and provide any notice required by law.
Contact
If you have questions about our privacy practices or this Privacy Policy, or if you want to exercise your rights, please email us at info@asg.ltd or write to us at 2 Bailey Hill, Castle Cary, ENG, BA7 7AD, GB. Aviation Systems Group Ltd is the data controller of your personal information and is registered with the Information Commissioner’s Office under registration reference ZA286810.