How we collect, use, and protect your personal data in accordance with GDPR
Last updated: 1 January 2025
SkyVolo Ltd is the data controller for personal data collected through our website and services. We are registered in England and Wales. Our Data Protection Officer can be contacted at privacy@skyvolo.com. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We collect the following categories of personal data: contact information (name, email address, phone number, postal address); flight booking details (booking reference, flight number, travel dates, airline); payment details (for processing our success fee — we do not store card numbers); claim correspondence (emails, airline responses, court documents); and technical data (IP address, browser type, usage data via cookies).
We process your data for the following purposes: to assess your claim eligibility and pursue your compensation claim (legal basis: contract performance); to correspond with airlines and enforcement bodies on your behalf (legal basis: contract performance and legitimate interests); to comply with legal and regulatory obligations (legal basis: legal obligation); and to communicate service updates and relevant information (legal basis: legitimate interests).
We share your data only as necessary for your claim: with the relevant airline(s) as part of the claim process; with national enforcement bodies and courts where escalation is required; with our legal partners and solicitors who assist with enforcement; with payment processors for our success fee; and with cloud service providers who host our systems under appropriate data processing agreements. We do not sell your data to third parties.
We retain your claim data for 7 years after the claim is closed, in line with legal limitation periods and financial record-keeping requirements. Marketing communications data is retained until you unsubscribe. Technical logs are retained for 12 months. After the retention period, data is securely deleted.
Under UK GDPR, you have the right to: access a copy of your personal data; correct inaccurate data; request deletion of your data (where no legal obligation to retain applies); restrict processing in certain circumstances; object to processing based on legitimate interests; data portability for data you provided to us. To exercise any of these rights, email privacy@skyvolo.com. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
Your data may be transferred to countries outside the UK and EEA where our service providers operate. We ensure appropriate safeguards are in place for all international transfers, including standard contractual clauses approved by the ICO or equivalent competent authorities.
We implement appropriate technical and organisational security measures including encryption of data in transit and at rest, access controls, regular security assessments, and staff training. In the event of a data breach affecting your rights, we will notify you and the ICO in accordance with our legal obligations.
We will notify you of material changes to this policy by email or website notice before they take effect. The 'last updated' date at the top of this policy indicates when it was last revised.
If you have any questions about this policy or your rights, our team is here to help.
Contact us →