Airport-Service.co.uk is an independent booking service and is not affiliated with any airport, airline, or government authority.
Airport-Service.co.uk

Privacy Policy

Last updated: 13/05/2026

1. Data controller

The data controller is Airport-service, Arnhemseweg 2, 3817CH Amersfoort, The Netherlands (registration number 91007933). For any privacy question, data request, or complaint contact info@airport-service.co.uk. We aim to respond to all privacy requests within 30 days.

2. Data we collect

When you make a booking we collect your name, email address, vehicle registration (drop-off only), travel date and time, the airport you are using, and payment details. Payment card details are entered directly into our PCI-DSS compliant payment provider (Cardinity) and are never stored on our own servers — we only receive a tokenised reference and the outcome of the transaction. We also collect limited technical information from your browser (IP address, user agent, referring page) to operate the site securely and to detect fraud.

3. How we use your data

We use your data to: (a) process your booking and submit your vehicle registration to the relevant airport drop-off system; (b) send you booking confirmations, reminders and receipts by email; (c) handle the fine guarantee described in our Terms; (d) comply with UK and EU legal, accounting and tax obligations; (e) respond to support enquiries; and (f) prevent and investigate fraud. We do not sell your data and we do not use it for third-party advertising.

4. Legal bases (UK & EU GDPR)

We rely on the following legal bases: performance of a contract (to deliver the booking you purchased), legal obligation (to retain accounting records and respond to lawful requests), and legitimate interests (to keep the service secure, prevent fraud, and improve the product). Where we use non-essential analytics cookies we rely on your consent, which you can withdraw at any time.

5. Sharing

We share booking details with the relevant airport operator solely to fulfil your booking, and with payment providers (Cardinity) to process transactions. We use Lovable Cloud for hosting and database services and Google (Google Tag / Ads) to measure conversion of our advertising. Each of these providers acts as a processor under written data processing agreements. We may also disclose data where required by law, court order, or to protect our legal rights.

6. International transfers

Some of our processors are based outside the UK and the EEA (for example in the United States). Where that is the case, transfers are protected by the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or an equivalent safeguard recognised under UK GDPR.

7. Retention

Booking and transaction records are retained for 7 years to meet UK and Dutch accounting and tax obligations. Support emails are kept for up to 3 years. Server and security logs are kept for up to 12 months. You can request earlier deletion of marketing data at any time; data we are legally required to keep will be retained until the statutory period expires.

8. Your rights

Under UK and EU GDPR you have the right to access your data, to correct inaccurate data, to request deletion, to restrict or object to processing, to data portability, and to withdraw consent where processing is based on consent. Email info@airport-service.co.uk to exercise these rights. You also have the right to complain to a supervisory authority — in the UK the Information Commissioner's Office (ico.org.uk), or in the Netherlands the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl).

9. Cookies & analytics

We use a small number of strictly necessary cookies to operate the site (session, security, fraud prevention). We also use Google Tag / Google Ads to measure the effectiveness of our advertising; this tag fires once per page load and records anonymised conversion events. No advertising or cross-site tracking cookies are placed beyond what Google requires for conversion measurement. You can disable cookies in your browser at any time without losing access to bookings.

10. Security

We use TLS encryption in transit, encrypted storage at rest, role-based access control, and continuous monitoring of our infrastructure. Payment details are handled by a PCI-DSS Level 1 provider and never touch our servers. If a personal data breach is likely to result in a risk to your rights, we will notify you and the relevant authority within 72 hours.

11. Children

Our service is intended for adults aged 18 or over. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy as our service evolves or as the law changes. The "Last updated" date at the top of the page reflects the latest version. Material changes will be communicated by email where appropriate.