31st March 2026

Privacy Policy

AACS Ltd
Website: https://aacsltd.co.uk

Effective Date: 20/02/2026

1. Introduction

AACS Ltd (“AACS”, “we”, “us”, or “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, process, store, and protect personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR)
  • The Data Protection Act 2018
  • The Privacy and Electronic Communications Regulations 2003 (PECR)

For the purposes of data protection law, AACS Ltd is the Data Controller.

2. Data Controller Details

AACS Ltd
Website: https://aacsltd.co.uk

If you have any questions regarding this policy or wish to exercise your legal rights, please contact us using the contact details published on our website.

3. Lawful Basis for Processing

Under Article 6 of the UK GDPR, we rely on the following lawful bases for processing personal data:

  • Consent – where you have given clear permission (e.g., optional cookies).
  • Contract – where processing is necessary to perform a contract or respond to a pre-contract enquiry.
  • Legitimate Interests – for purposes such as website security, spam prevention, and improving our services, provided those interests are not overridden by your rights.
  • Legal Obligation – where processing is required to comply with applicable laws or regulatory obligations.

4. Personal Data We Collect

We may collect and process the following categories of personal data:

4.1 Information You Provide

  • Name
  • Email address
  • Telephone number (if submitted)
  • Company name (if submitted)
  • Any information contained within enquiry messages or comment submissions

This data is collected when you:

  • Submit a contact form
  • Leave a comment
  • Register for an account (if applicable)
  • Communicate with us directly

4.2 Technical and Usage Data

When you visit our website, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Time zone setting
  • Pages visited
  • Referring website
  • Interaction data

This information is used for:

  • Website security
  • Fraud and spam prevention
  • Performance monitoring
  • Analytics and service improvement

5. Comments

When visitors leave comments on the site, we collect:

  • Data shown in the comments form
  • IP address
  • Browser user agent string

This is necessary for spam detection and site security (legitimate interests).

An anonymised hash of your email address may be sent to the Gravatar service to determine if you are using it. The Gravatar privacy policy is available at: https://automattic.com/privacy/. Once approved, your profile image may be publicly visible with your comment.

Comments and associated metadata are retained indefinitely unless removal is requested and legally permissible.

6. Media Uploads

If you upload images to our website, you should avoid uploading images containing embedded location data (EXIF GPS). Visitors may download and extract location data from publicly accessible images.

7. Contact Forms and Enquiries

When you contact us via our website:

We process your data in order to:

  • Respond to enquiries
  • Provide requested services
  • Maintain records of communications
  • Protect against misuse or abuse

Lawful basis:

  • Pre-contractual steps (Article 6(1)(b))
  • Legitimate interests (Article 6(1)(f))

We do not use enquiry data for unsolicited marketing.

8. Cookies

Our website uses cookies in compliance with PECR.

8.1 Essential Cookies

These cookies are necessary for website functionality (e.g., login sessions). They do not require consent.

8.2 Functional Cookies

If you leave a comment, you may opt-in to saving your name, email address, and website in cookies for convenience. These last for one year.

8.3 Login Cookies

If you log in to the site:

  • Temporary cookie to test browser acceptance (deleted when browser closes)
  • Login cookies (2 days)
  • “Remember Me” option (2 weeks)
  • Screen display cookies (1 year)

8.4 Analytics Cookies

We may use analytics tools to monitor website performance and visitor interaction. Where required, consent will be obtained before placing non-essential cookies.

You can manage cookie preferences via your browser settings or our cookie banner.

9. Embedded Content from Third Parties

Our website may include embedded content (e.g., videos, articles, images).

Embedded content behaves as if you visited the originating website. Those websites may:

  • Collect data about you
  • Use cookies
  • Embed additional tracking
  • Monitor your interactions

We recommend reviewing their respective privacy policies.

10. Data Sharing

We do not sell, rent, or trade personal data.

We may share data only where necessary with:

  • IT service providers
  • Website hosting providers
  • Spam detection services
  • Professional advisers (where legally required)

All third-party processors are required to process data in accordance with UK GDPR and appropriate contractual safeguards.

11. International Transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTAs)
  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)

12. Data Retention

We retain personal data only as long as necessary for:

  • The purpose for which it was collected
  • Compliance with legal obligations
  • Resolution of disputes
  • Enforcement of agreements

Comments may be retained indefinitely for administrative efficiency unless deletion is requested and permitted.

Enquiry data is retained only as long as reasonably necessary for business and legal purposes.

13. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • SSL encryption
  • Secure hosting environments
  • Access controls
  • Regular security monitoring

However, no system can guarantee absolute security.

14. Your Rights Under UK GDPR

You have the following rights:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (“right to be forgotten”) (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)
  • Rights relating to automated decision-making (Article 22)

To exercise any of these rights, please contact us via the website.

We may request proof of identity before responding.

15. Complaints

If you believe your data protection rights have been breached, you have the right to lodge a complaint with the UK supervisory authority:

Information Commissioner’s Office (ICO)
Website: https://ico.org.uk

We encourage you to contact us first so we can resolve any concerns directly.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or operational changes. The latest version will always be available on our website.

You may have missed

pexels-manfred-irmer-184952-587063

Aviation Startup Consulting

AACSLTD 23rd March 2026
IMG_4264

The Benefits of an Aviation Safety Management System

AACSLTD 19th March 2026
citation copy

Integrating ISO 9001, 14001, and 45001 for Holistic Business Excellence

AACSLTD 13th March 2026
verticallimit-simulator-2313002_1920

Navigating Complexity in Modern Aviation: Why Independent Expertise Matters More Than Ever.

AACSLTD 13th March 2026