THE ROYAL AIR FORCE CHARITABLE TRUST ENTERPRISES 2025 – PRIVACY STATEMENT
Last modified on 29th April 2025
First of all, we are delighted that you are interested in this application (the 'Application'). We do our utmost to ensure that your Personal Data is protected when you are using the Application. This privacy policy describes how we use the Personal Data you provide us with whilst using the Application.
We may ask you to share certain Personal Data with us, including but not limited to your first name, last name, and e-mail address (identification data). For certain specific obligations, you may be required to provide us with additional data, such as billing or payment data. For this purpose, we base ourselves on the processing grounds of the agreement, the legal obligation, our legitimate interest, and in some cases, your consent (see also section 2).
If you do not wish to share any Personal Data with us, you will not be able to use the Application, and we suggest you uninstall it on your mobile device. The processing of your Personal Data is subject to this privacy statement. If you have questions or remarks concerning this policy, we ask you to contact us at marketing@rafcte.com. By providing your Personal Data, you are deemed to have acknowledged the use of your Personal Data in accordance with this privacy policy.
DEFINITIONS
Affiliated Company; means a company that is affiliated to Royal Air Force Charitable Trust Enterprises (RAFCTE) insofar as it meets the conditions for an “affiliated company” as defined in the UK Companies Act, such as, for example, but not limited to, its subsidiary companies.
Application; means the “RIAT” application that is developed for mobile devices for iOS- and Android-operating systems, customised and operated by Appmiral, which acts as a Processor in this respect.
RAFCTE; means the Royal Air Force Charitable Trust Enterprises, a not-for-profit organisation that raises money via events such as The Royal International Air Tattoo (RIAT) and products and services for their parent charity the Royal Air Force Charitable Trust (RAFCT), a registered charity in England and Wales (registered charity number 117605). The registered address is Douglas Bader House, Horcott Hill, Fairford, GL7 4RB.
Controller; has the meaning as defined in the General Data Protection Regulation 2016/679. The Organiser will be qualified as the Controller concerning the processing of Personal Data within the framework of the Application which determines the purposes and means of the processing of Personal Data.
Organiser; means the company (RAFCTE) that hosts the event for which the Application is used.
Personal Data; has the meaning as defined in the General Data Protection Regulation 2016/679, which is any information relating to an identified or identifiable natural person (also referred to as “data subject”).
Processor; has the meaning as defined in the General Data Protection Regulation 2016/679, which is the entity or the person that processes Personal Data on behalf of the Controller.
PURPOSES AND LEGAL GROUNDS
CUSTOMER DATA
Within the framework of the Application, we collect and process the identification and contact data of our customers. The data may be processed for the purposes of execution of the agreement with our customers, customer management, accounting, and direct marketing activities such as sending promotional or commercial information. The legal grounds for this processing are the execution of the agreement, compliance with a legal obligation to which we are subject, our legitimate interest, and in some cases, your consent.
Specifically, we may use the Personal Data we collect for the following purposes:
• to allow you to make use of the Application and the Application’s functionalities, features, and services (for example blogs, forums, and discussion pages);
• to provide you with information about our products and services (via e.g. push notifications, SMS text messages, email and/or other channels), when you subscribe to this;
• to process and respond to any complaints or requests;
• to locate you in order, when you consent to share your location with us;
• to help us in evaluating, correcting, and improving the Application and any related products or services;
• for direct marketing purposes;
• for internal reasons, including business administration and filing purposes.
THE CONFIDENTIALITY OF YOUR PERSONAL DATA
Every time you as a user submit Personal Data, we shall handle this information in accordance with the stipulations of this privacy policy and the legal obligations within the scope of the processing of Personal Data, including the General Data Protection Regulation (GDPR) 2016/679.
We establish reasonable measures and procedures to secure and protect the Personal Data we collect via the Application or via electronic correspondence. This way, we undertake, as far as can reasonably be expected, to prevent illegal processing of Personal Data and unintentional loss or removal of your Personal Data.
We seek to optimise the security of your Personal Data by limiting the access to your Personal Data to persons on a “need-to-know” basis (for example only our employees, associates, Affiliated Companies, or subcontractors who need your Personal Data for the purposes as described in section 2 shall receive permission to access the data).
HOW DO WE COLLECT YOUR PERSONAL DATA AND FOR HOW LONG IS IT KEPT?
Collection of data
We collect your Personal Data – without being exhaustive – in the following cases:
• when you fill in the registration form customised by us to register to the Application;
• when you register to the Application through your social media account (Facebook);
• when you use the Application as a result whereof we will detect your location when you consent to this;
• when you file a complaint or ask for information;
• when you call, email, or correspond with us in another way than via the Application.
We avoid the collection of Personal Data that is not relevant for the purposes as set out in section 2.
We can combine the Personal Data we collect via the Application with information that you provide us in another way or which third parties deliver to us.
Retention of data
Personal Data will be stored and processed by us for the duration that is required in relation to the purposes of the processing.
Customer data will be removed from our systems one year after the last time you log in to the Application, except for the Personal Data that we have to store for a longer duration based on specific legal obligations or in case of pending litigation(s).
We avoid the collection of Personal Data that are not relevant for the purposes set out in section 2.
Transfer of Personal Data?
We will not transfer your Personal Data to third parties outside the European Economic Area, unless we have Standard Contractual Clauses as provided by the European Commission, in place.
Furthermore, we will not transfer your Personal Data to third parties inside the European Economic Area without your permission, except:
• when such transfer is necessary to permit Affiliated Companies, associates, agents, subcontractors, suppliers, or commercial partners to provide a service or accomplish a task in our name (including providing marketing support, accomplish market research, or providing customer services);
• if it is required by law.
Any transfer of Personal Data to one of the third parties mentioned in the list above is in accordance with the stipulations of the General Data Protection Regulation (GDPR) 2016/679.
We ensure that measures are taken to make sure that third parties cannot use your Personal Data for other purposes than and according to the purposes mentioned in section 2, and that these third parties have taken the necessary technical and organisational measures to protect the data involved.
We will have data processing agreements in place with the aforementioned third parties and, if applicable, Standard Contractual Clauses as provided by the European Commission, in order to ensure the security of the Personal Data.
We shall take all necessary precautionary measures to assure that our employees and associates who have access to Personal Data will process these Personal Data exclusively in accordance with this privacy policy and our obligations under the General Data Protection Regulation 2016/679.
Rights of the data subject
By virtue of both UK and European legislation concerning data protection, you have the following rights. If you want to exercise the hereafter mentioned rights to your Personal Data, you have to send us a written request and provide a copy of the front side of your ID card to marketing@rafcte.com.
We will provide you with information within one month of receipt of the request on the action that will be taken. We can extend this one-month period to a maximum of three months, in which case you will be informed about the reasons for such delay within one month of the original request.
The right of access to Personal Data
You have the right to instruct us to provide you with any Personal Data we hold about you, providing the rights of other data subjects are not affected.
The right to rectification of Personal Data
We kindly ask you to help to make sure that the Personal Data in our records are as accurate and up-to-date as possible. If you believe that the Personal Data submitted to us are incorrect or incomplete, please notify us as described above. We will correct or adapt your Personal Data as soon as possible.
The right to erasure of Personal Data
In some circumstances, you have the right to the erasure of your Personal Data without undue delay.
Those circumstances include:
• the unnecessity to hold the Personal Data any longer in relation to the purposes for which they were collected or otherwise processed;
• the withdrawing of the consent to consent-based processing;
• the processing that is for direct marketing purposes;
• in case the Personal Data has been unlawfully processed.
However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary:
• for exercising the right of freedom of expression and information;
• for compliance with a legal obligation; or
• for the establishment, exercise or defence of legal claims.
The right to restrict the processing of Personal Data
In the following circumstances you have the right to restrict the processing of your Personal Data:
• for contesting the accuracy of the Personal Data;
• when the processing is unlawful but you don't want the Personal Data to be erased; or
• when you objected to processing, pending the verification of that objection.
Where processing has been restricted on this basis, we may continue to store your Personal Data. However, we will only process it with your explicit consent, for the establishment, exercise or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest.
The right to object to the processing of Personal Data
You have the right to object to our processing of your Personal Data, under the following circumstances:
• when we process your Personal Data for direct marketing purposes (including profiling for these purposes) based on our legitimate interest; and
• on grounds relating to your particular situation (special personal circumstances).
The right to data portability
If you wish to exercise your right to data portability, we will send the Personal Data in a structured, commonly used and machine-readable format to a data controller of your choice.
The right to withdraw consent
To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. However, the withdrawal will not affect the lawfulness of processing before the withdrawal.
The right to complain to a supervisory authority
Any complaints about our adherence to the practices described in this Statement shall be addressed to as described above. Various data protection laws (including General Data Protection Regulation (GDPR) and Data Protection Act (DPA) in the EU and the UK provide you the right to lodge a formal complaint with a data protection authority which in the UK is the ICO, whose contact is: https://ico.org.uk/make-a-complaint/
GEOLOCALISATION
Your Personal Data is used for detecting your location while using the Application. We will store such information for the limited duration of 36 months maximum. We will only use your Personal Data for this purpose if you have explicitly agreed to this by opting in. You have an unconditional right to opt-out at any time you want by sending an e-mail to marketing@rafcte.com or by turning the 'geolocalisation' button in the Application.
THIRD-PARTY LINKS
The Application may contain links to other websites that are not controlled by us. Although we will do our utmost to make sure that the links in the Application lead exclusively to websites that have corresponding security and confidentiality standards, we are not responsible for the protection and confidentiality of data, among which Personal Data, which you submit on other websites after you have left the Application.
---
Before submitting personal information on other sites we recommend that you proceed carefully and consult the privacy statement which applies on the website concerned before submitting Personal Data.
Amendments
We have the right to change this privacy policy at any time by publishing a new version on the Application. We recommend consulting the Application on a regular basis in order to verify that you agree to any changes made to this privacy policy. In any event, you will be informed of any changes to this privacy policy by e-mail.