1. Scope
We, 1ST Airport Taxis Ltd (“1ST Airport Taxis”, “we”, “us”, “our”), take the protection of your personal data seriously and handle all processing activities in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations (PECR), and with respect to recognised privacy principles applicable in the Gulf Cooperation Council (GCC).
This Privacy Policy explains how we process personal data when you:
- Visit and browse our websites (including www.1stairporttaxis.co.uk)
- Use our mobile applications (if applicable)
- Contact us by phone, WhatsApp, email, live chat, or social media
- Register an account
- Request a quote, make a booking, modify a booking, or cancel a booking
- Receive service notifications, digital receipts, or marketing messages
These activities are collectively referred to as the 1ST Airport Taxis Services.
Our services are not intended for minors under the age of 16.
2. Name and Contact Information of the Controller
The data controller responsible for processing your personal data is:
1ST Airport Taxis Ltd
Company No: 10466856
Aw House, 6-8 Stuart Street
Luton, Bedfordshire, LU1 2SJ, United Kingdom
Website: www.1stairporttaxis.co.uk
Email: info@1stairporttaxis.co.uk
Email: gcc@1stairporttaxis.co.uk
Further legal information is available in our “Legal Notice” or "Terms and Conditions".
3. Contact Information for the Data Protection Lead
We have appointed an internal contact to oversee privacy compliance ("Data Protection Lead").
You may contact them confidentially by writing to our registered office (marked "FAO: Data Protection") or by using the privacy email address listed above.
If we appoint a formal Data Protection Officer (DPO) in the future, this Privacy Policy will be updated accordingly.
3. Contact Information for the Data Protection Lead
1ST Airport Taxis implements appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, destruction, and misuse. These include.
- TLS/HTTPS encrypted connections
- Secure servers and encrypted databases
- Access control and authentication mechanisms
- Network and system monitoring
- Fraud detection technologies
- Routine backups and disaster-recovery measures
- Employee confidentiality requirements
Email communications may not always be fully secure. For highly sensitive information, we recommend contacting us by phone or post.
5. Provision of the Website and Apps
When you visit our website or use our apps without registering, certain data (“surf data”) is automatically collected:
- IP address
- Browser type and version
- Device information (manufacturer, model, OS)
- Date and time of server requests
- Visited pages and referring URLs
- Status codes and file transfer details
- Error diagnostics
- Performance and analytics information
Surf data is stored in log files and used for:
- Establishing and maintaining technical connectivity
- Ensuring system security and stability
- Detecting misuse, fraudulent activity, cyberattacks
- Improving our services (pseudonymised/anonymised analysis)
Log files are erased or anonymised when no longer needed, unless retention is required by law or by your consent.
Legal Basis
Art. 6(1)(f) UK GDPR - Legitimate interest
Art. 6(1)(b) UK GDPR - Performance of contract (for registered users)
Art. 6(1)(a) UK GDPR - Consent (where applicable)
6. Cookies, Pixels and Similar Technologies
We use cookies, pixels, tags, and similar technologies when you access our website or apps.
Cookies may be:
- Session cookies (deleted when the browser closes)
- Persistent cookies (stored for ongoing functionality)
- First-party cookies (set by us)
- Third-party cookies (set by integrated service providers)
6.1 Purpose of Cookies
We use cookies for:
- Essential functions (login status, booking engine, preferences)
- Fraud prevention and security
- Analytics and performance
- Personalisation
- Marketing, measurement, and retargeting
6.2 Consent Management
We use a Consent Management Platform (CMP) to record your cookie preferences. You may:
- Give or withdraw consent at any time
- Change settings in the CMP
- Adjust browser settings to block or delete cookies
Blocking cookies may limit certain functionalities.
6.3 Legal Basis
- Art. 6(1)(a) UK GDPR - Consent (analytics, marketing, personalisation)
- Art. 6(1)(f) UK GDPR - Legitimate interest (strictly necessary cookies)
A separate Cookie Policy lists all cookies, third-party providers, and storage durations.
7. Special Features for the 1ST Airport Taxis Mobile Apps
We use cookies, pixels, tags, and similar technologies when you access our website or apps.
- Device name, manufacturer, model
- Operating system and app version
- Unique device identifiers
- Crash logs and performance insights
Push Notifications
We send push notifications for:
- Driver arrival updates
- Journey updates
- Booking confirmations
- Service alerts
Push notifications are sent only if you have permitted this on your device.
Legal Basis:
- Art. 6(1)(a) UK GDPR - Consent
- Art. 6(1)(b) UK GDPR - Contractual necessity (essential trip updates)
8. Social Media / Social Networks
8.1 Official Social Media Presence
We operate official pages on platforms such as:
- Facebook / Meta
- X (Twitter)
These platforms operate independently and process your data according to their own privacy policies.
8.2 Social Messaging
If you contact us via social media (e.g., Facebook Messenger, Instagram DM), the data you submit will be processed to respond to your enquiry.
9. Data Processing During Registered Use and Booking Rides
When you register or make a booking, we process your customer data, including:
9.1 Personal Master Data
- Name
- Title
- Company (if applicable)
- Address (where provided)
- Email address
- Phone number (UK or GCC)
9.2 Contract Data
- Account credentials (securely encrypted)
- Registration information
- Loyalty/benefit program data (if applicable)
9.3 Ride-Related Data
- Pickup and drop-off addresses
- Dates and times
- Flight numbers (including UK - GCC flights)
- Luggage details
- Passenger count
- Child seat requirements
- Special instructions for the journey
9.4 Billing & Payment Data
- Limited card information (last 4 digits)
- Billing address
- VAT/company information
- Transaction records
Data Sharing with Drivers / Partners
We share minimal necessary data with:
- Our drivers
- Licensed private hire subcontractors
- Fleet partners (UK & GCC)
Legal Basis
- Art. 6(1)(b) UK GDPR - Performance of contract
- Art. 6(1)(a) UK GDPR - Consent (optional details)
- Art. 6(1)(f) UK GDPR - Legitimate interest (fraud prevention, service improvement)
10. Payment & Fraud Prevention
10.1 Payment
We use certified payment processors (e.g., Stripe) compliant with PCI DSS standards. We do not store full card data.
Legal Basis: Art. 6(1)(b) UK GDPR.
10.2 Fraud Prevention
We may transmit IP addresses, email addresses, device information, and payment details to fraud detection services to prevent:
- Identity fraud
- Payment misuse
- Chargeback abuse
Legal Basis: Art. 6(1)(f) UK GDPR - Legitimate interest.
11. Communication with 1ST Airport Taxis
If you contact us through phone, WhatsApp, email, live chat, or social media:
We process your contact details and message content to respond to your enquiry.
Call Recordings
Calls may be recorded for:
- Quality assurance
- Training
- Compliance
- Dispute resolution
Legal Basis: Art. 6(1)(b), Art. 6(1)(f) UK GDPR.
12. Email Advertising & Newsletter
If you give consent or where legally permitted, we may send.
- Marketing emails
- Service updates
- Newsletters
- Offers and promotions
You may unsubscribe at any time.
Emails may contain tracking pixels to analyse performance.
Legal Basis:
- Art. 6(1)(a) — Consent
- PECR + legitimate interest for existing customers
13. Involvement of Data Processors
We engage trusted third-party processors for:
- Cloud hosting
- Email/SMS delivery
- Payment processing
- Analytics
- Security
- Customer support
- App functionality
All processors operate under GDPR-compliant agreements.
Transfers outside the UK/GCC are safeguarded by:
- Adequacy Regulations
- Standard Contractual Clauses (SCCs)
- Additional technical measures
14. Rights of Data Subjects
For UK Customers (UK GDPR Rights)
- Right of access
- Right to rectification
- Right to erasure
- Right to restriction
- Right to portability
- Right to object
- Right to withdraw consent
- Right to complain to the ICO
For GCC Customers
While data protection laws vary between GCC countries, we voluntarily extend equivalent rights, including:
- Transparency
- Access
- Correction
- Deletion (where legally feasible)
- Objection to marketing
- Withdrawal of consent
Requests can be submitted to our privacy contact.
15. Automated Decisions
We do not subject customers to automated decision-making producing legal effects.
If implemented in the future (e.g., fraud checks), you will be informed and given the right to human review.
16. Data Erasure and Storage Duration
We erase or anonymise personal data when it is no longer required unless:
- Legal retention periods apply
- Data is required for tax/accounting
- Data is needed to resolve disputes
- Data must be retained for fraud prevention
Typical retention periods:
- Booking & invoice records: up to 6 years
- Communications: stored as needed
- Marketing data: until you unsubscribe
17. Amendment or Update of This Privacy Policy
We reserve the right to update this Privacy Policy at any time due to:
- Legal or regulatory changes
- Industry best practices
- Technical developments
- Service enhancements
The latest version will always be published on our website.
18. Privacy Notice to Call Attendees
When calling 1ST Airport Taxis:
- Caller ID, call duration, and time may be captured
- Calls may be recorded (training, quality, dispute resolution)
- Recordings are stored securely and deleted when no longer needed