The Civil Aviation Authority (CAA) processes personal information to
enable it to carry out its regulatory functions which may include the
consideration and investigation of complaints, policy development, licensing
and approval issues, enforcement action, providing advice and information,
research, maintaining its own accounts and records, supporting and managing its
employees, general administration and all activities which the CAA is required
to carry out as a data controller, including the use of CCTV systems for crime
prevention in each of its office locations.
This Privacy Notice provides general guidelines on what to expect when
the CAA collects personal information. It applies to information we collect
through a number of services, such as:
The CAA website has areas where we capture the details of our users to
enable the website service to operate.
This service allows users to set-up an account on the CAA website so that an email can be sent to them when a new or amended publication has been added to one or more subscription categories that are of interest to a user. Users are able to manage their account at any time and the user's password is not known to the CAA.
When you download and install our app to your mobile, you will also need to sign up and create an account so that alerts can be pushed to your mobile phone. As with the Publication subscription service, users are able to manage their account and their password is not known to the CAA.
We have a number of on-line systems or forms which capture the personal information of applicants according to the service they are applying for. More information on this is available under 'People who apply to us for a service'.
When you call the CAA we may ask for personal details for verification purposes. We use this information to make sure that we are talking to the right person and to help us locate your information. If you are making a general enquiry we may collect personal details to return your call or to pass on information related to your case/application.
Any email sent to us, including any attachments, may be monitored by the CAA for reasons of security and/or monitoring compliance with CAA policies. Email monitoring or blocking software may also be used. Please be aware that it is your responsibility to ensure that any email you send to us is not in breach of any law or regulation.
To make an enquiry, please contact the relevant department or use our feedback page.
When we receive a complaint or report from a person we may create a record containing the identity of the complainant and any other individuals involved.
We will use the personal information we collect to process the complaint or report and to check on the level of service we provide. We do compile reports for internal management oversight, but minimal information is used. We will also publish, in our Annual Report, statistics showing information such as the number of complaints we receive, but not in a form which identifies anyone.
We usually disclose the identity of the complainant to the CAA manager in the area related to the complaint or report. This is necessary where, for example, the accuracy of a person's record is in dispute or a report directly relates to the complainant and an investigation is required. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in files in line with our retention policies. This means that information will be retained for varied amounts of time from closure depending on the type of complaint or report. It will be retained in a secure environment and access to it will be restricted according to the 'need to know' principle.
Similarly, where enquiries are submitted to us, we will use the information supplied to us to deal with the enquiry, compile internal reports and to check on the level of service we provide.
As the CAA also has a number of other specific complaints policies relevant to different CAA functions, you may wish to take a look at our Making Reports and Complaints web page.
We have to hold the personal details of the people who have requested a service in order to provide the service. We keep records of the services provided, such as the issue of a pilot's licence, for the duration of the licence holder's aviation career and/or in accordance with applicable regulations. We are required to keep medical records for specified time periods, according to the class of medical certificate held.
The CAA offers various services to the aviation industry and we sometimes use third parties to assist the CAA in providing those services (see more below). However, these third parties are only permitted to use information from applicants to complete those particular services, such as passenger claims handling or passenger repatriation services.
The CAA is required by law to 'notify' certain specified information to the Information Commissioner (ICO). The ICO compiles this information into a Data Protection Register which it is required by law to publish. The CAA's notification to the ICO can be found here.
When individuals apply to work at the CAA, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example, where we want to take up a reference or obtain a 'disclosure' from the Disclosure and Barring Service (DBS) we will not do so without informing the applicant beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held until after the recruitment exercise has been completed. It will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities or for equality and diversity purposes, but no individuals are identifiable from that data.
Once a person has taken up employment with the CAA, we will compile a file relating to their employment. The information contained in this file will be kept secure and will only be used for purposes directly relevant to that person's employment. Once their employment with the CAA has ended, we will retain the file in accordance with the requirements of our retention policy and then delete it. Look here for further information on careers and recruitment.
Unless we are automatically required to share your information by law, or have in place an agreement/contract with a third party service provider to process information on our behalf or assist the CAA in providing services, we will normally let you know if we need to share or release your information.
Information is only disclosed by the CAA for regulatory purposes to third parties who may include, but are not limited to, administrative workers and IT professionals who, in the course of their professional duties, are assisting the CAA with its regulatory functions. The CAA takes the security of your personal information very seriously. Information is only disclosed to third parties who are subject to a duty of confidentiality and who have sufficient security measures in place to protect personal data. If you do not consent to the disclosure of information to third parties as described in this Privacy Notice, you may make representations to firstname.lastname@example.org
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we may need to share personal information with the organisation concerned and with other relevant bodies. There are many factors to consider when the CAA decides whether information should be disclosed. You can email email@example.com for further information about:
The CAA applies the highest standards when collecting and using personal information. We therefore take any complaints we receive about the processing of personal information very seriously. We encourage people to bring issues to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our information management procedures.
This Privacy Notice does not provide exhaustive detail of all aspects of the CAA's collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Please email firstname.lastname@example.org or write to the address below for further information.
The CAA tries to be as open as possible in giving people access to information. Individuals can find out if we hold any personal information about them by making a 'subject access request' under the Data Protection Act 1998. If we do hold information about you, we will provide it to you subject to certain exemptions, such as withholding information which relates to other people.
To make a request to the CAA for details of any personal information about you which we may hold, please put the request in writing to the address below or follow this link to use our standard form.
We keep our Privacy Notice under regular review. This Privacy Notice was
last updated on 27 May 2013.
information we hold about you, you can email us or write to:
Head of External Information Services
Civil Aviation Authority
Gatwick Airport South
Read more in our guide to
Free assistance at UK airports is available to anyone with a hidden disability, which inc dementia, autism, hearing… https://t.co/RqNv8jk1cR
Pilots and aircraft owners can now apply for funding to fit new 8.33kHz radios, more here https://t.co/62Mhkxg6Du
2 days ago
@pablogodofredoHi. easyJet use an Alternative Dispute Resolution service CEDR, who handle disputed complaints. Info: https://t.co/txOo1lIo0O
6 days ago
Read all @UK_CAA
CAA statement on sky's the limit campaign
2 December, 2016
CAA sets out expectations to Heathrow Airport for delivering a new runway
25 October, 2016
Amazon UK Services Ltd ordered to pay £65,000 for breaching dangerous goods regulations
23 September, 2016
Read all News
How we're changing the CAA
15 April, 2016
Read All Blogs