1. Introduction

Airport Dimensions, a Collinson Group Ltd company (hereinafter referred to as "we", “our” and “us”) is committed to protecting and respecting your personal data. This privacy notice (“Privacy Notice”) explains how we handle any personal data that we collect and process when you use our website, services or products.

2. Individuals covered by this Privacy Notice

This Privacy Notice aims to inform you about how we collect, store, use and disclose information about you when you:

• interact or use our websites; or
• use any of our products, Services or applications (collectively the “Services”) in any manner.

3. Who is responsible for your personal data?

Airport Dimensions Holdings Limited is a company registered in England and Wales with company number 11291574 and office in 3 More London Riverside, 5th Floor, London, SE1 2AQ, United Kingdom.

For the purposes of data protection legislation, we are the controllers of the personal data processed under this Privacy Notice. This means that Airport Dimensions determines the purposes for which, and the manner in which, your personal data is collected, used and handled when you interact with our websites, digital platforms, products, or Services.

The contact details for our Data Protection Team and information on your rights are set out in the ‘Your rights’ section below.

4. Categories of personal data we process or collect

We collect and process the personal data that you provide when interacting with us, either online or via email, mobile, phone or post. Such personal data may include the following:

• First name and surname;
• Postal and/or email address;
• Country of residence and/or nationality;
• Unique identifier information (e.g. your customer username or number and password); and
• Payment details
• Cookie identifiers
• Membership, entitlement and programme participation information (including membership number, benefit eligibility, lounge usage history and travel-related benefit activation);
• Travel-related information where relevant to the Services (including itinerary details, flight information and travel dates);
• Transaction and validation data received from your card issuer or programme partner;
• Customer service communications and correspondence;
• Fraud prevention and risk assessment information;
• Marketing preferences and communication consents;
• Technical usage data including browsing behaviour, interaction data and analytics information;

5. Source of personal data

• We may receive your personal data from the following sources:
• Your payment card issuer (such as a bank), employer or other programme partner;
• You directly when you interact with us;
• Service providers who assist in delivering our Services;
• Fraud prevention agencies and regulatory bodies;
• Publicly available sources where necessary for fraud prevention or compliance purposes.

6. Purposes and legal basis for processing

We must have a legal basis in order to process your personal data. In most cases, that will be for us to provide the contracted Service. The table below sets out the purposes for which we use your personal data and our legal basis for doing so:

7. Personal data sharing and international transfers

7.1. We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:

• Another member of our group of companies where they help provide our Services to you;
• Our Service providers and subcontractors, where they help us provide our Services to you;
• To a regulating body or other authority where we need to comply with a regulatory or legal obligation; and
• Fraud prevention or debt collection organisations when required to protect our legitimate interests.

7.2. Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country after ensuring an equivalent level of protection of your rights and freedoms, or you have given us your consent to do so. Personal data collected and processed in accordance with this Privacy Notice is stored on secure servers currently located in the European Economic Area.

7.3. Where personal data is transferred outside the United Kingdom or European Economic Area, including to countries that are not recognised by the European Commission or United Kingdom Government as providing an adequate level of data protection, we implement appropriate safeguards to ensure the level of protection given to your personal data is not adversely affected by such transfers including at least one of the following:

• UK International Data Transfer Agreements (IDTA);
• European Commission Standard Contractual Clauses including, where applicable, the UK Addendum; or
• Other legally recognised transfer mechanisms.

You can obtain copies of these documents by emailing our Data Protection Team at the email address provided in Section 10 (‘Your Rights’) below.

8. Cookies and similar technologies

8.1. We use a consent management platform to enable you to manage your cookie preferences. Strictly necessary cookies are used to provide core website functionality. All other cookies, including analytics and advertising cookies, are deployed only with your consent in accordance with applicable electronic marketing laws.

8.2. We use cookies as identifiers on our website in order to improve your user experience by enabling our website to 'remember' you, either for the duration of your visit (using a 'session cookie') or for repeat visits (using a 'persistent cookie'). We may also use cookies to enable us to tailor our Services or products based, for example, on your location and/or browsing habits or to provide the website service to enable you to purchase our products. With your consent, we use third party identifier cookies to help tailor adverts to you by sharing with advertisers.

8.3. You can block or opt-out of non-essential cookies either using our cookie management tool or using your browser.

8.4. Please click here to read our Cookie Policy which explains what we do and how you can alter your cookie settings.

8.5. Strictly necessary cookies are used on the basis of our legitimate interests or to perform a contract.

8.6. All other cookies, including analytics, are used only with your consent.

8.7. You can manage or withdraw your consent at any time via our cookie banner or the settings link in the website footer.

9. Data retention

9.1. We will only keep your personal data for as long as it is needed for the purposes for which it was collected, and we will remove from our systems all personal data which is no longer required.

9.2. Retention periods vary depending on the type of Service provided. For example:

• Membership and programme data is retained for the duration of your membership and for a defined period thereafter;
• Claims and insurance-related data may be retained in accordance with applicable financial services regulations;
• Fraud investigation data may be retained where necessary to prevent misuse;
• Marketing suppression records are retained to ensure compliance with opt-out requests.

10. Your rights

If you would like to request access, review, update, rectify, or delete any personal data we hold about you, or exercise any other data subject right you can email us at dataprotectionteam@collinsongroup.com. Our Data Protection team will review your request and respond to you as quickly as possible.

Please note that we may still use any aggregated or anonymised data that does not identify any individual. We may also retain and use your information as necessary, for example, to comply with our legal obligations, resolve disputes, and enforce our agreements.

We respect all applicable local laws as they apply to data subject rights. For example, under the CCPA, California residents have certain rights regarding the personal data that businesses have about them. This includes the rights to request access or deletion of your personal data, as well as the right to direct a business to stop selling your personal data.

You also have the right to lodge a complaint with the relevant data protection Supervisory Authority. If residing in the UK, you can contact the Information Commissioner’s Office, if you believe your rights have not been respected. The contact details for the ICO are:

Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 Email: icocasework@ico.org.uk.

11. Links to other websites

We may have links to other sites promoting our partners and clients. These links may take you to other companies who have their own privacy notice and our privacy notice will not cover their use of data. We encourage you to review the Privacy Notice of any linked site you visit.

12. Business transfers

We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we, or our assets, are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.

13. Security

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.

14. Information pertaining to children

Some of our Services may involve the processing of personal data relating to dependants or family members in connection with membership benefits. Where required by law, we rely on consent provided by a parent or legal guardian. If you are under 18, please do not attempt to register for our Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible.

15. Automated decision making or profiling

We may use automated tools to assist in fraud detection, eligibility validation and risk monitoring. However, we do not make decisions based solely on automated processing which produce legal or similarly significant effects without human review.

16. Changes to our Privacy Notice

We keep our Privacy Notice under regular review, and we will make new versions available on our Privacy Notice page on our website. This Privacy Notice was last updated on 7 April 2026.

1. Introduction

Airport Dimensions, a Collinson Group Ltd company (hereinafter referred to as "we", “our” and “us”) is committed to protecting and respecting your personal data. This privacy notice (“Privacy Notice”) explains how we handle any personal data that we collect and process when you use our website, services or products.

2. Individuals covered by this Privacy Notice

This Privacy Notice aims to inform you about how we collect, store, use and disclose information about you when you:

• interact or use our websites; or
• use any of our products, Services or applications (collectively the “Services”) in any manner.

3. Who is responsible for your personal data?

Airport Dimensions Holdings Limited is a company registered in England and Wales with company number 11291574 and office in 3 More London Riverside, 5th Floor, London, SE1 2AQ, United Kingdom.

For the purposes of data protection legislation, we are the controllers of the personal data processed under this Privacy Notice. This means that Airport Dimensions determines the purposes for which, and the manner in which, your personal data is collected, used and handled when you interact with our websites, digital platforms, products, or Services.

The contact details for our Data Protection Team and information on your rights are set out in the ‘Your rights’ section below.

4. Categories of personal data we process or collect

We collect and process the personal data that you provide when interacting with us, either online or via email, mobile, phone or post. Such personal data may include the following:

• First name and surname;
• Postal and/or email address;
• Country of residence and/or nationality;
• Unique identifier information (e.g. your customer username or number and password); and
• Payment details
• Cookie identifiers
• Membership, entitlement and programme participation information (including membership number, benefit eligibility, lounge usage history and travel-related benefit activation);
• Travel-related information where relevant to the Services (including itinerary details, flight information and travel dates);
• Transaction and validation data received from your card issuer or programme partner;
• Customer service communications and correspondence;
• Fraud prevention and risk assessment information;
• Marketing preferences and communication consents;
• Technical usage data including browsing behaviour, interaction data and analytics information;

5. Source of personal data

• We may receive your personal data from the following sources:
• Your payment card issuer (such as a bank), employer or other programme partner;
• You directly when you interact with us;
• Service providers who assist in delivering our Services;
• Fraud prevention agencies and regulatory bodies;
• Publicly available sources where necessary for fraud prevention or compliance purposes.

6. Purposes and legal basis for processing

We must have a legal basis in order to process your personal data. In most cases, that will be for us to provide the contracted Service. The table below sets out the purposes for which we use your personal data and our legal basis for doing so:

7. Personal data sharing and international transfers

7.1. We will not share your personal data with anyone else unless you agree to this, or such sharing is necessary to fulfil our contract with you, or we are legally allowed or required to do so. Moreover, your personal data will only be shared with selected organisations which comply with our security procedures and policies. Organisations we may share your personal data with include:

• Another member of our group of companies where they help provide our Services to you;
• Our Service providers and subcontractors, where they help us provide our Services to you;
• To a regulating body or other authority where we need to comply with a regulatory or legal obligation; and
• Fraud prevention or debt collection organisations when required to protect our legitimate interests.

7.2. Some of those organisations may be based in a country outside the European Economic Area or where different data privacy laws apply. We will only transfer your personal data to that country after ensuring an equivalent level of protection of your rights and freedoms, or you have given us your consent to do so. Personal data collected and processed in accordance with this Privacy Notice is stored on secure servers currently located in the European Economic Area.

7.3. Where personal data is transferred outside the United Kingdom or European Economic Area, including to countries that are not recognised by the European Commission or United Kingdom Government as providing an adequate level of data protection, we implement appropriate safeguards to ensure the level of protection given to your personal data is not adversely affected by such transfers including at least one of the following:

• UK International Data Transfer Agreements (IDTA);
• European Commission Standard Contractual Clauses including, where applicable, the UK Addendum; or
• Other legally recognised transfer mechanisms.

You can obtain copies of these documents by emailing our Data Protection Team at the email address provided in Section 10 (‘Your Rights’) below.

8. Cookies and similar technologies

8.1. We use a consent management platform to enable you to manage your cookie preferences. Strictly necessary cookies are used to provide core website functionality. All other cookies, including analytics and advertising cookies, are deployed only with your consent in accordance with applicable electronic marketing laws.

8.2. We use cookies as identifiers on our website in order to improve your user experience by enabling our website to 'remember' you, either for the duration of your visit (using a 'session cookie') or for repeat visits (using a 'persistent cookie'). We may also use cookies to enable us to tailor our Services or products based, for example, on your location and/or browsing habits or to provide the website service to enable you to purchase our products. With your consent, we use third party identifier cookies to help tailor adverts to you by sharing with advertisers.

8.3. You can block or opt-out of non-essential cookies either using our cookie management tool or using your browser.

8.4. Please click here to read our Cookie Policy which explains what we do and how you can alter your cookie settings.

8.5. Strictly necessary cookies are used on the basis of our legitimate interests or to perform a contract.

8.6. All other cookies, including analytics, are used only with your consent.

8.7. You can manage or withdraw your consent at any time via our cookie banner or the settings link in the website footer.

9. Data retention

9.1. We will only keep your personal data for as long as it is needed for the purposes for which it was collected, and we will remove from our systems all personal data which is no longer required.

9.2. Retention periods vary depending on the type of Service provided. For example:

• Membership and programme data is retained for the duration of your membership and for a defined period thereafter;
• Claims and insurance-related data may be retained in accordance with applicable financial services regulations;
• Fraud investigation data may be retained where necessary to prevent misuse;
• Marketing suppression records are retained to ensure compliance with opt-out requests.

10. Your rights

If you would like to request access, review, update, rectify, or delete any personal data we hold about you, or exercise any other data subject right you can email us at dataprotectionteam@collinsongroup.com. Our Data Protection team will review your request and respond to you as quickly as possible.

Please note that we may still use any aggregated or anonymised data that does not identify any individual. We may also retain and use your information as necessary, for example, to comply with our legal obligations, resolve disputes, and enforce our agreements.

We respect all applicable local laws as they apply to data subject rights. For example, under the CCPA, California residents have certain rights regarding the personal data that businesses have about them. This includes the rights to request access or deletion of your personal data, as well as the right to direct a business to stop selling your personal data.

You also have the right to lodge a complaint with the relevant data protection Supervisory Authority. If residing in the UK, you can contact the Information Commissioner’s Office, if you believe your rights have not been respected. The contact details for the ICO are:

Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Tel: 0303 123 1113 Email: icocasework@ico.org.uk.

11. Links to other websites

We may have links to other sites promoting our partners and clients. These links may take you to other companies who have their own privacy notice and our privacy notice will not cover their use of data. We encourage you to review the Privacy Notice of any linked site you visit.

12. Business transfers

We may choose to buy or sell assets and may share or transfer customer information in connection with the evaluation of these transactions. Also, if we, or our assets, are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal data could be one of the assets transferred to or acquired by a third party.

13. Security

We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. We have written procedures and policies which are regularly audited, and the audits are reviewed at senior level.

14. Information pertaining to children

Some of our Services may involve the processing of personal data relating to dependants or family members in connection with membership benefits. Where required by law, we rely on consent provided by a parent or legal guardian. If you are under 18, please do not attempt to register for our Services or send any personal data about yourself to us. If we learn that we have collected personal data from a child under age 18, we will delete that information as quickly as possible.

15. Automated decision making or profiling

We may use automated tools to assist in fraud detection, eligibility validation and risk monitoring. However, we do not make decisions based solely on automated processing which produce legal or similarly significant effects without human review.

16. Changes to our Privacy Notice

We keep our Privacy Notice under regular review, and we will make new versions available on our Privacy Notice page on our website. This Privacy Notice was last updated on 7 April 2026.