Regulation (EU) 2016/679 (General Data Protection Regulation) replacing the 1998 (DPA) Data Protection Act. The regulation enhances and introduces new rules to ensure we have more rights over our personal information and that organisations have legal obligations surrounding the processing and storage of your information.
ARL is registered with the Information Commissioner’s Office as a data controller and our number is Z2690150.

For the purpose of this policy we are acting as a data controller with respect to the personal data to deliver our services.

We committed to safeguarding privacy of any personal data we collect. These include physical, electronic and managerial procedures to safeguard and secure your personal information. We will never sell, distribute or lease your personal information to third parties. The only times we pass your information to third parties is with your permission or are required by law to do so. For example if you enter your Heathrow Rewards membership number, we’ll need to pass it to Heathrow Rewards to credit your account.

Purpose of the Policy

We at ARL Services (UK) Ltd are committed to ensuring that your privacy is safe. We only collect your personal information; we require providing you with services and any improvements to the services.

Processing personal data fairly and lawfully

It means that we:

Our web based services allow you to enter your personal information to enable us to deliver any services you require. When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to fulfil our side of the contract we need to process this information you give us. Some of this information may be personal information. We may use it in order to:

We may under legal obligation to aggregate this information to provide class information, with respect to a particular service we provide to Heathrow Airport Ltd. When we use your information for this purpose, we anonymise it so you as an individual will not be personally identifiable.

Processing personal data for specified purposes

We only process the information you give to us, for the specific reason. In practice, this data protection principle means that we must:

If we ask for your consent it is a clear, affirmative action.

Where you provide your consent to us to process information that may be personal information and where you would expect us to process your data, and consider it reasonable to do so basis there is a legitimate purposes for the processing.

Where you have ‘’consented” our organisation to use your information for a specific purpose, through certain actions when contractual relationship between us, such as when you peruse our website or ask us to provide you more information about our services including purchasing of our products and services.

Wherever possible, we aim to obtain your explicit consent to process this information, for example, by asking you to agree to our services Terms & Conditions.

Sending a message to our support team:

When you contact us by phone, through our website or by e-mail, we collect this information to enable us to answer your queries.

We record all phone calls for training and security purposes. We do not record your financial information.

All requests and queries are logged to help us improve our service to you. Where possible this information is anonymised.

The amount of personal data we may hold

We collect the minimum amount of information needed to provide a service or product to you. As an organisation we have always followed the ‘data minimization’.

Keeping personal data accurate and up to date

We have to take steps to keep the information we hold about you as accurate as possible. You need to let us know of any changes in your personal information to carry out the services. We have the processes to update your information promptly.

Retaining personal data

We want to hold your personal data for as short a time as possible. Whilst we’re custodians of your data we’re also responsible! Our general rule is to keep data for as long as there is a potential for dispute. Once that period has passed all personal information is destroyed.

But… we do have legal obligations to various legal and regulatory authorities and bodies that take precedence over GDPR.

In practice, it means that we:

The rights of individuals

The main benefit of GDPR is that you have better rights over your data.
These include

Removing your name from the database

Requests for your information to be removed from our database should be made in writing to: ARL Services (UK) Limited, Heathrow Cube, 09 Arkwright Road, Colnbrook, and Berkshire, SL3 0HJ. Alternatively, by email using with the subject title: unsubscribe.

Information security

We take the security of your personal information and Information security frameworks have been developed. We know security is an ongoing concern so we regularly test all our security systems. The whole lifecycle of your data has been audited and scrutinized to ensure the security and integrity of your information. From collection, to processing, storing, transmitting to finally destruction. Monitoring

If you communicate with us electronically, including e-mail, telephone or fax, these communications may be monitored and / or recorded to protect the interests of our business, our employees, support network and customers. Any such information will be performed for one or more of the following purposes:

We use a Customer Relationship Management (CRM) system to store information collected.

Sending personal data outside the European Economic Area

Your information is not transferred to a country or territory outside the EEA unless that country or territory ensures an adequate level of protection for your rights and freedoms in relation to the processing of personal data.


A Cookie is a piece of text that attaches to your hard drive and from which it can store and sometimes track information on how you make use of a web-site.

We do not store any kind of cookies on our online booking system.

Google Analytics

We use Google Analytics to analyse the use of our website and help us create a more useful and easy to use site. This is a web analytics service provided by Google. Google Analytics uses “cookies”, which are text files placed on your computer, to collect information such as visitor numbers and the most popular pages.

Policy Review

ARL Service (UK) Limited reserves the right to change this privacy policy as we deem necessary from time to time or as may be required by law. Any policy changes, either due to business reasons or future changes in legislation. This policy was last updated 24th May 2018.