Skip to main content
Vector Point Aviation
Legal

GDPR Policy

Last updated: 1 May 2025

Our commitment

Vector Point Aviation Ltd is committed to processing personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains how we meet those obligations across our business operations and client relationships.

Data controller

Vector Point Aviation Ltd acts as the data controller for personal data collected through our website, client engagements, and business operations.

Vector Point Aviation Ltd

Registered in England & Wales

Email: hello@vectorpointaviation.com

Lawful bases for processing

We only process personal data where we have a valid lawful basis:

Contract

Where processing is necessary to enter into or perform a contract — managing engagement correspondence, issuing invoices, and delivering consultancy outputs.

Legitimate interests

Where we have a genuine business reason that does not override your rights — responding to unsolicited enquiries, maintaining business records, or securing our systems.

Legal obligation

Where we are required to process data by law — financial reporting, anti-money laundering checks, or regulatory requests.

Consent

Where you have given clear, specific, and freely given consent — for example, opting into marketing communications. You may withdraw consent at any time.

Data minimisation

We collect only the personal data that is necessary for the specific purpose for which it is being processed. We do not collect data speculatively or retain it beyond the period for which it serves a legitimate purpose.

Retention periods

  • Website enquiries — up to 2 years from the date of last contact.
  • Client engagement records — up to 7 years following the end of an engagement, in line with UK financial and legal requirements.
  • Marketing preferences — until you withdraw consent or opt out.
  • Website analytics — aggregated data retained indefinitely; identifiable session data purged within 26 months.

Data subject rights

Under UK GDPR, individuals have the right to: access their data, have it corrected or erased, restrict or object to processing, port it to another controller, and withdraw consent at any time.

To exercise any of these rights, contact us at hello@vectorpointaviation.com. If unsatisfied with our response, you may complain to the ICO.

Data security

We implement appropriate technical and organisational measures including encrypted data transmission (HTTPS), access controls, use of GDPR-compliant processors, and regular review of our data handling practices.

Data breaches

In the event of a personal data breach likely to result in risk to individuals, we will notify the ICO within 72 hours and affected individuals without undue delay where required by UK GDPR.

International transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses (SCCs) approved by the UK ICO, or transfers to countries with an adequacy decision.

Third-party processors

Third-party service providers who process data on our behalf are subject to data processing agreements, permitted only to act on our documented instructions, and contractually required to implement adequate security measures.

Policy review

This policy is reviewed at least annually. For further information, see our Privacy Policy and Cookie Policy.