contact email]
Postal address: [Insert registered office or privacy correspondence address]
You also have the right to complain to the UK Information Commissioner’s Office (ICO), the UK regulator for data protection matters. We would appreciate the opportunity to deal with your concern first, so please contact us before approaching the ICO where possible.
ICO website: www.ico.org.uk

3. Purpose of This Privacy Policy
This Privacy Policy explains:

what personal data we collect;
how we collect it;
why we use it;
the lawful bases we rely on;
who we share it with;
how long we keep it;
how we protect it;
your legal rights;
how to contact us.

Our website and services are not intended for children, and we do not knowingly collect personal data from children for marketing purposes. Where a child or minor is included in a travel or service booking, we may need to process limited personal data about them to arrange the relevant service, obtain supplier approval, satisfy travel requirements or comply with legal obligations.

4. Personal Data We May Collect
Personal data means any information relating to an identified or identifiable individual.
Depending on how you interact with Velari, we may collect, use, store and transfer the following categories of personal data.
4.1 Identity Data
This may include:

first name;
last name;
title;
company name;
job title;
date of birth;
gender where required for travel or supplier purposes;
nationality;
passport details;
driving licence details;
government identification details;
photographs or ID copies where required for booking, compliance, supplier or legal purposes.

4.2 Contact Data
This may include:

email address;
phone number;
WhatsApp number;
billing address;
residential address;
business address;
emergency contact details;
assistant, PA, family office or representative contact details.

4.3 Booking, Travel and Service Data
This may include:

enquiry details;
flight, yacht, vehicle, helicopter, cargo, logistics or concierge requests;
passenger names;
guest names;
itinerary details;
departure and arrival locations;
dates, times and routes;
baggage details;
cargo details;
pet or animal details;
hotel, restaurant, venue or lifestyle preferences;
special requests;
communications relating to quotations, bookings and service delivery.

4.4 Financial, Payment and Transaction Data
This may include:

payment status;
invoice details;
bank transfer details;
payment references;
billing details;
card payment details where processed through a payment processor;
transaction history;
credit balances, deposits, retainers or membership balances;
refunds, chargebacks or payment disputes.

We do not intentionally store full payment card numbers unless this is necessary and lawful. Card payments are normally handled by third-party payment processors.

4.5 Compliance and Due Diligence Data
This may include:

identity verification information;
source of funds information;
company ownership or beneficial ownership information;
sanctions screening results;
politically exposed person checks where relevant;
fraud prevention data;
anti-money laundering and compliance records;
legal, regulatory or risk assessment notes.

4.6 Technical Data
This may include:

IP address;
browser type and version;
device type;
operating system;
time zone setting;
approximate location derived from IP address;
website usage information;
cookie identifiers;
analytics data;
referral source;
pages viewed and interactions with our website.

4.7 Marketing and Communications Data
This may include:

your marketing preferences;
email engagement;
SMS or WhatsApp preferences;
enquiry source;
campaign interactions;
preferences for services, destinations or lifestyle interests;
your communication history with Velari.

4.8 Special Category Data
Special category data includes more sensitive information such as health data, medical conditions, allergies, accessibility requirements or biometric information.
Velari does not seek to collect special category data unless it is necessary for a specific service, safety requirement, dietary requirement, accessibility need, travel arrangement, supplier requirement or legal obligation.
Examples may include:

allergies;
mobility requirements;
medical assistance needs;
pregnancy-related travel information where relevant;
dietary requirements that may reveal religious or health information;
health information required by a supplier, authority, aircraft operator, yacht operator, hotel or travel provider.

Where required by law, we will ask for explicit consent before processing special category data. In other cases, we may process it where necessary to protect vital interests, establish or defend legal claims, or comply with legal obligations.

4.9 Information About Other People
You may provide personal data about passengers, guests, employees, family members, assistants, invitees, clients, representatives or cargo recipients.
Where you provide personal data about someone else, you confirm that you have authority to do so and that you have made them aware of this Privacy Policy where appropriate.

5. How We Collect Personal Data
We may collect personal data in the following ways.

5.1 Directly From You
You may provide personal data when you:

use our website;
submit an enquiry form;
request a quote;
make a booking;
become a member;
contact us by email, phone, SMS, WhatsApp, social media, website form or other channel;
send us documents;
make a payment;
provide feedback or complete a survey;
attend an event or meeting with us.

5.2 From Representatives or Third Parties Acting for You
We may receive personal data from:

personal assistants;
executive assistants;
family offices;
travel agents;
brokers;
employers;
company representatives;
friends, family members or guests arranging services on your behalf.

5.3 From Suppliers and Partners
We may receive personal data from:

aircraft operators;
helicopter operators;
yacht owners, managers, captains or central agents;
car hire and chauffeur companies;
cargo carriers and logistics providers;
hotels, venues, restaurants and concierge partners;
payment processors;
compliance screening providers;
insurers, legal advisers, accountants or professional advisers;
airports, handlers, customs, immigration authorities or other service providers.

5.4 Automatically Through Our Website
As you interact with our website, we may collect Technical Data automatically through cookies, analytics tools, server logs and similar technologies.

6. How We Use Personal Data
We use personal data for the purposes set out below.

6.1 To Respond to Enquiries and Provide Quotes
We use Identity, Contact, Booking, Service and Communication Data to respond to enquiries, prepare quotes, check availability, understand your requirements and communicate with you.
Lawful basis: legitimate interests, taking steps before entering into a contract, consent where required.

6.2 To Arrange and Manage Bookings
We use personal data to arrange jets, helicopters, cars, yachts, cargo, logistics, concierge, hospitality and related services.
This may include sharing relevant details with suppliers, operators, handlers, airports, ports, customs, immigration, hotels, venues, payment processors and other parties necessary to perform the service.
Lawful basis: performance of contract, legitimate interests, legal obligation.

6.3 To Process Payments and Manage Accounts
We use Financial, Payment, Transaction and Contact Data to issue invoices, process payments, manage deposits, retainers, credit balances, memberships, refunds, chargebacks and unpaid amounts.
Lawful basis: performance of contract, legitimate interests, legal obligation.

6.4 To Carry Out Compliance, Security and Risk Checks
We may use Identity, Contact, Financial, Transaction and Compliance Data to perform anti-fraud, sanctions, anti-money laundering, source of funds, identity, security and risk checks.
Lawful basis: legal obligation, legitimate interests, substantial public interest where applicable.

6.5 To Comply With Travel, Immigration, Customs, Aviation, Maritime and Cargo Requirements
We may use and share personal data to comply with passenger, guest, cargo, border, customs, aviation, maritime, security and immigration requirements.
This may include sharing passport, nationality, itinerary, passenger name record, baggage, cargo or guest information with operators, carriers, airports, handlers, customs authorities, border agencies, port authorities, aviation authorities, maritime authorities or other public bodies.
Lawful basis: legal obligation, performance of contract, legitimate interests.

6.6 To Provide Concierge and Lifestyle Services
We may use personal data to arrange restaurants, hotels, events, reservations, personal shopping, luxury sourcing, security, experiences and other concierge requests.
Lawful basis: performance of contract, legitimate interests, consent where required.

6.7 To Communicate With You
We may contact you about enquiries, quotes, bookings, operational updates, payment, membership, service changes, legal notices, complaints, customer service and support.
Lawful basis: performance of contract, legitimate interests, legal obligation.
6.8 To Send Marketing and Promotional Communications
We may use Identity, Contact, Technical, Usage, Marketing and Communication Data to send updates, offers, service information, membership information, event invitations or marketing communications.
You can opt out of marketing at any time by following unsubscribe instructions or contacting us.
Lawful basis: consent where required, legitimate interests where permitted by law.

6.9 To Improve Our Website and Services
We may use Technical, Usage, Booking and Communication Data for analytics, service improvement, website testing, troubleshooting, security, performance monitoring and business development.
Lawful basis: legitimate interests, consent where required for certain cookies.

6.10 To Protect Rights, Enforce Agreements and Resolve Disputes
We may use personal data to enforce our Terms & Conditions, recover debts, handle complaints, manage disputes, protect our rights, respond to claims, prevent fraud and cooperate with lawful requests.
Lawful basis: legitimate interests, legal obligation, establishment, exercise or defence of legal claims.

7. Lawful Bases Explained
Under UK data protection law, we must have a lawful basis to process personal data. The lawful bases we may rely on include:

Performance of contract: where processing is necessary to perform a contract with you or take steps before entering into a contract.

Legitimate interests: where processing is necessary for our business interests or those of a third party, provided your rights and interests do not override those interests.

Legal obligation: where processing is necessary to comply with a legal or regulatory obligation.

Consent: where you have given consent, such as for certain marketing or non-essential cookies. You may withdraw consent at any time.

Vital interests: where processing is necessary to protect someone’s life or safety.

Substantial public interest or explicit consent: where required for certain special category data.

8. Who We Share Personal Data With
We may share personal data with the following categories of recipients where necessary and lawful:

aircraft operators and charter providers;
helicopter operators;
yacht owners, operators, managers, captains and central agents;
vehicle hire, chauffeur and transport providers;
cargo carriers, logistics providers, couriers and freight agents;
hotels, restaurants, venues, clubs, event providers and concierge partners;
airports, fixed-base operators, handlers, ports, marinas and ground handling providers;
customs, immigration, border control, police, security, aviation, maritime, tax and regulatory authorities;
payment processors, banks and financial institutions;
compliance, fraud prevention, sanctions screening and identity verification providers;
IT, hosting, analytics, CRM, email, SMS, WhatsApp, cloud storage and communication providers;
advertising and marketing platforms where permitted;
insurers, legal advisers, accountants, auditors and professional advisers;
debt recovery providers or dispute resolution bodies;
prospective buyers, investors or advisers in the event of a business sale, merger, restructuring or investment;
any other party where required by law, court order, regulation or lawful authority request.

We require service providers acting on our behalf to respect the security of personal data and only process it for specified purposes and in accordance with our instructions, unless they act as independent controllers under their own legal obligations.

9. International Transfers
Because Velari arranges international private aviation, yachts, vehicles, cargo, logistics and concierge services, your personal data may be transferred outside the United Kingdom.
This may include transfers to operators, suppliers, airports, handlers, hotels, venues, customs authorities, immigration authorities, logistics providers, technology providers or payment providers in other countries.
Where required by law, we will use appropriate safeguards for international transfers, which may include:

adequacy regulations or adequacy decisions;
international data transfer agreements;
standard contractual clauses;
transfer risk assessments;
contractual protections with suppliers or processors;
reliance on derogations where necessary for the performance of a contract, travel arrangements, legal claims or important public interest reasons.

You may contact us for further information about the safeguards used for international transfers.

10. Cookies and Similar Technologies
Our website may use cookies, pixels, tags, analytics tools and similar technologies.
Cookies help us:

operate the website;
remember preferences;
understand how visitors use the website;
improve website performance;
measure marketing effectiveness;
deliver relevant advertising where permitted.

Types of cookies we may use include:
Strictly necessary cookies: required for the website to function.
Functional cookies: remember choices and preferences.
Analytics or performance cookies: help us understand website usage and improve performance.
Marketing or advertising cookies: may be used to deliver or measure advertising.
You can manage cookies through your browser settings and, where applicable, through our cookie banner or consent management tool.
Disabling cookies may affect website functionality.
Velari should maintain a separate Cookie Policy or cookie banner setting out the specific cookies, analytics tools and advertising technologies used on the website.

11. Marketing Communications
You may receive marketing communications from us if you have requested information, made a booking, become a member, used our services, provided your details at an event, subscribed to updates or otherwise expressed interest in Velari, and you have not opted out.
You can opt out of marketing at any time by:

clicking an unsubscribe link in an email;
replying STOP where SMS marketing is used;
contacting us directly;
updating your preferences where a preference centre is available.

Opting out of marketing does not stop us from sending service, booking, payment, legal, security or operational communications.
We will not sell your personal data.
Where we use third-party marketing or advertising platforms, we will do so in accordance with applicable law.

12. SMS, WhatsApp and Mobile Messaging
Where you provide a mobile number, we may use it to contact you about enquiries, quotes, bookings, flight updates, vehicle updates, yacht updates, membership, payment, concierge services, customer support and, where permitted, marketing.
Mobile messages may be sent by SMS, WhatsApp or other messaging platforms.
Message frequency will vary depending on your interaction with Velari. Your mobile provider may charge message or data rates.
You may opt out of marketing messages at any time. Operational or booking-related messages may still be sent where necessary to perform services or communicate important information.
We will not share SMS or mobile messaging opt-in data with third parties for their own marketing purposes unless required by law or expressly authorised by you.
Third-party messaging platforms may process your data under their own terms and privacy policies.

13. Data Security
We use appropriate technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, misuse, alteration, disclosure or destruction.
These measures may include:

access controls;
password protection;
secure cloud systems;
encryption where appropriate;
staff confidentiality obligations;
limited access on a need-to-know basis;
supplier due diligence where appropriate;
data breach response procedures.

No website, communication system or storage system is completely secure. You should take care when sending sensitive information by email, WhatsApp or other electronic communications.
Where we are legally required to notify you or a regulator of a personal data breach, we will do so.

14. Data Retention
We keep personal data only for as long as reasonably necessary for the purposes for which it was collected, including to provide services, manage bookings, handle enquiries, comply with legal obligations, resolve disputes, enforce agreements, maintain business records and protect legal rights.
Retention periods may vary depending on the type of data and purpose.
Examples:

enquiry data may be kept for a reasonable period to manage follow-ups, client relationships and service records;
booking, payment, invoice and transaction data may be kept for at least six years for tax, accounting and legal purposes;
passenger, travel, passport, cargo or compliance data may be kept as required for legal, supplier, aviation, immigration, customs, security or dispute purposes;
marketing data may be kept until you opt out or until we no longer have a valid reason to retain it;
complaint, dispute, debt recovery or legal claim data may be kept for the period necessary to handle or defend the matter.

We may anonymise personal data so that it can no longer identify you. Anonymised data may be used indefinitely for analytics, statistics, business planning and service improvement.

15. If You Do Not Provide Personal Data
Where we need personal data to provide a quote, confirm a booking, arrange a service, comply with law, perform compliance checks or satisfy supplier requirements, failure to provide that data may mean we cannot provide the requested service.
For example, we may be unable to arrange a flight, yacht booking, vehicle hire, cargo movement, hotel booking, membership service or concierge request if required identity, passenger, payment, compliance, passport, customs or supplier information is not provided.

16. Automated Decision-Making and Profiling
Velari does not currently make decisions that have legal or similarly significant effects based solely on automated processing.
We may use limited profiling or preference analysis to understand client interests, personalise communications, improve services, identify relevant offers, assess enquiry quality, prevent fraud or support compliance checks.
You may object to profiling used for direct marketing at any time.

17. Your Legal Rights
Under UK data protection law, you may have the following rights in relation to your personal data:
Right of access: to request a copy of the personal data we hold about you.
Right to rectification: to request correction of inaccurate or incomplete personal data.
Right to erasure: to request deletion of your personal data in certain circumstances.
Right to restrict processing: to request that we limit how we use your personal data in certain circumstances.
Right to data portability: to request transfer of certain personal data to you or another organisation in a structured, commonly used, machine-readable format.
Right to object: to object to processing based on legitimate interests or direct marketing.
Right to withdraw consent: where we rely on consent, you may withdraw it at any time. This does not affect processing carried out before withdrawal.
Right to complain: to complain to the ICO or another relevant data protection authority.
These rights are not absolute and may be subject to legal limitations.

18. Direct Marketing Objection
You have an absolute right to object to the use of your personal data for direct marketing.
If you object to direct marketing, we will stop using your personal data for that purpose.
You can object by using unsubscribe links, replying STOP where applicable, or contacting us directly.

19. How to Exercise Your Rights
To exercise your rights, contact us using the details in Section 2.
We may need to verify your identity before responding. This is to ensure that personal data is not disclosed to someone who is not entitled to receive it.
You will not usually have to pay a fee. However, we may charge a reasonable fee or refuse to comply where a request is clearly unfounded, repetitive or excessive.
We aim to respond to valid requests within one month. If your request is complex or you have made multiple requests, we may extend the response period where permitted by law and will let you know.

20. Third-Party Links and Platforms
Our website, emails or communications may contain links to third-party websites, apps, platforms, payment portals, supplier websites, booking platforms or social media pages.
We do not control those third parties and are not responsible for their privacy policies, security or data practices. You should review the privacy policy of any third-party website or platform you use.

21. Social Media and Public Content
If you interact with Velari on social media, submit public comments, tag Velari, share content with us, or post content relating to Velari, the relevant social media platform may process your personal data under its own terms and privacy policy.
Where you provide testimonials, images, reviews, videos or other content to Velari, we may use that content for the purposes agreed with you or where otherwise lawful.

22. Business Transfers
If Velari is involved in a merger, acquisition, investment, restructuring, sale of assets, sale of business, insolvency process or group reorganisation, personal data may be shared with potential buyers, investors, advisers or successors.
Where this happens, we will seek to ensure that personal data remains protected in accordance with applicable law.

23. Changes to This Privacy Policy
We may update this Privacy Policy from time to time.
The latest version will be published on our website. Where changes are significant, we may notify you by email, website notice or another appropriate method.
It is important that the personal data we hold about you is accurate and current. Please tell us if your personal data changes during your relationship with Velari.

24. Contact Us
For questions about this Privacy Policy or how we handle personal data, contact:
Velari Group Limited
Email: [Insert privacy/contact email]
Website: [Insert website URL]

what personal data we collect;

how we collect it;

why we use it;

the lawful bases we rely on;

who we share it with;

how long we keep it;

how we protect it;

your legal rights;

how to contact us.

first name;

last name;

title;

company name;

job title;

date of birth;

gender where required for travel or supplier purposes;

nationality;

passport details;

driving licence details;

government identification details;

photographs or ID copies where required for booking, compliance, supplier or legal purposes.

4.2 Contact Data This may include:

email address;

phone number;

WhatsApp number;

billing address;

residential address;

business address;

emergency contact details;

assistant, PA, family office or representative contact details.

4.3 Booking, Travel and Service Data This may include:

enquiry details;

flight, yacht, vehicle, helicopter, cargo, logistics or concierge requests;

passenger names;

guest names;

itinerary details;

departure and arrival locations;

dates, times and routes;

baggage details;

cargo details;

pet or animal details;

hotel, restaurant, venue or lifestyle preferences;

special requests;

communications relating to quotations, bookings and service delivery.

4.4 Financial, Payment and Transaction Data This may include:

payment status;

invoice details;

bank transfer details;

payment references;

billing details;

card payment details where processed through a payment processor;

transaction history;

credit balances, deposits, retainers or membership balances;

refunds, chargebacks or payment disputes.

We do not intentionally store full payment card numbers unless this is necessary and lawful. Card payments are normally handled by third-party payment processors. 4.5 Compliance and Due Diligence Data This may include:

identity verification information;

source of funds information;

company ownership or beneficial ownership information;

sanctions screening results;

politically exposed person checks where relevant;

fraud prevention data;

anti-money laundering and compliance records;

legal, regulatory or risk assessment notes.

4.6 Technical Data This may include:

IP address;

browser type and version;

device type;

operating system;

time zone setting;

approximate location derived from IP address;

website usage information;

cookie identifiers;

analytics data;

referral source;

pages viewed and interactions with our website.

4.7 Marketing and Communications Data This may include:

your marketing preferences;

email engagement;

SMS or WhatsApp preferences;

enquiry source;

4.2 Contact Data
This may include:

4.3 Booking, Travel and Service Data
This may include:

4.4 Financial, Payment and Transaction Data
This may include:

We do not intentionally store full payment card numbers unless this is necessary and lawful. Card payments are normally handled by third-party payment processors.

4.5 Compliance and Due Diligence Data
This may include:

4.6 Technical Data
This may include:

4.7 Marketing and Communications Data
This may include:

5.2 From Representatives or Third Parties Acting for You
We may receive personal data from:

5.3 From Suppliers and Partners
We may receive personal data from: