OUR PRIVACY POLICY

Personal Data

Under the UK and EU’s General Data Protection Regulation (GDPR) personal data is defined as information that relates to an identified or an identifiable individual. What identifies an individual could be as simple as a name or a number. Even if an individual is identified or identifiable from the data processed, it is not personal data unless it ‘relates to’ the individual.

How We Use Your Information

We collect and use your personal data for the purposes of performing aeromedical examinations and assessments on your behalf, and providing you with aviation medical services.

Data Processor vs Data Controller

In relation to aeromedical data, we are the data processor. For UK CAA applications, the UK CAA is the data controller. For EASA applications, the EASA Authority to which the application is made is the data controller.

Why We Collect and Store Personal Data

We need to collect your personal data for the purposes of undertaking aeromedical examinations and assessments on your behalf. We are committed to ensuring that the information we collect and use is appropriate for this purpose and does not constitute an invasion of your privacy. We would obtain additional consent from you if we needed to contact you for marketing purposes.

When You Can expect us to contact you

Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.

Find out what data we hold about you

At your request, we can confirm what information we hold about you and how it is processed. If we do hold personal data about you, you can request the following information:

  • The identity and the contact details of the person or organisation that has determined how and why to process your data.

  • The contact details of the data protection officer, where applicable.

  • The purpose of the processing of your data as well as the legal basis for processing.

  • If the processing of your data is a based on the legitimate interests of a third party, information about those interests.

  • The categories of personal data collected, stored and processed.

  • The recipient(s) or categories of recipients that the data is/will be disclosed too.

  • If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.

  • How long the data will be stored.

  • Details of your rights to correct, erase, restrict or object to such processing

  • Information about your right to withdraw consent at any time.

  • How to lodge a complaint with the supervisory authority.

  • Whether the provision of personal data is s statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

  • The source of the personal data if it wasn’t collected directly from you.

  • Any details and information of automated decision making, such as profiling and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

Proof of ID

In order to find out about the data we hold on file for you, we will require you to provide a valid passport or a UK photocard driving licence as confirmation of your identify.

Aeromedical Mobile App (iOS)

This section applies specifically to the Aeromedical app available on the Apple App Store, published by ISM Services Ltd (company number 13631073), trading as Aeromedical Consulting UK.

Data we collect through the app

Account & contact: name, email address, phone number, account identifier.

Health information: responses to the Mental Health Questionnaire and the EASA medical history form (questions 101-179), medication details, prior medical certificate details, and any free-text notes you provide.

Booking data: service type, clinic location, appointment date and time, booking reference, price.

Payment information: we do not store card details. Payments are processed by Square Inc. (PCI DSS Level 1 compliant).

Diagnostic data: anonymous crash reports and basic product interaction events, used solely to improve the app.

Where your data is stored and processed

Supabase Inc. - secure database and authentication.

Acuity Scheduling (Squarespace Inc.) - appointment scheduling.

Square Inc. - payment processing.

Resend Inc. - transactional email delivery.

Apple Inc. - APNs for push notifications.

We do not share your data with any other third parties.

How long we keep your data

We retain booking and medical data for the minimum period required by UK aviation medical regulation (typically 5 years from the date of the examination, longer where mandated by the UK CAA or EASA). Account data is retained for the lifetime of your account; you can delete it at any time.

Your rights (UK GDPR)

You can export your full data set at any time from within the app (Profile → Export my data - Article 15). You can permanently delete your account and all associated data from within the app (Profile → Delete my account - Article 17). For all other data subject requests, contact our Data Protection Officer at admin@aeromedicalconsulting.co.uk.

Children's data

The Aeromedical app is intended for use by aviation medical applicants aged 16 and over. We do not knowingly collect personal data from anyone under 16.

Data Protection Officer

Dr Michael Fonso, Aeromedical Consulting UK, Forward House, Rooms 18,19 & 22, Birmingham International Airport, Cargo Terminal, Birmingham B26 3QT

EMAIL: admin@aeromedicalconsulting.co.uk

Last updated: 8 June 2026