Privacy

Privacy policy

Last updated: June 10, 2026 · Star Air Alliance

This page is provided for transparency. It doesn’t replace individual correspondence — if your situation isn’t covered here, contact info@starairalliance.co.uk or 02081783806.

Who we are

Star Air Alliance (“we”) is the data controller for personal information processed when you use our website, telephone lines, or email addresses ending in our domain. Our postal address is 128, City Road, London, United Kingdom, EC1V 2NX.

This policy explains what personal data we collect, why we use it, how long we keep it, and what rights you have under UK data protection law (including the UK GDPR and the Data Protection Act 2018).

Data we collect

  • Contact & identity: name, email, phone number, postal address, and — where you provide it — copies of ID for fraud checks required by suppliers.
  • Booking & travel details: passenger names, dates of birth, nationality, passport or national ID numbers when required for ticketing, frequent-flyer numbers, meal or assistance requests, and itinerary preferences.
  • Payment data: card type, partial card number, billing address, and payment status. Full card numbers are handled by PCI-compliant payment processors where card payments are taken — we do not store complete card details on our own servers.
  • Technical & usage: IP address, browser type, approximate location derived from IP, pages viewed, referring URLs, and cookie identifiers as described in our cookie policy.
  • Call recordings (if any): where we record calls for training or dispute resolution, we will tell you at the start of the call where this applies.

How we use your data

  • Contract: to search fares, hold reservations, issue tickets, rebook after disruption, and answer questions about your trip.
  • Legal obligation: anti-fraud checks, accounting records, tax reporting, and responding to court orders or regulator requests.
  • Legitimate interests: improving our website, measuring marketing performance, securing systems, and defending legal claims — balanced against your rights.
  • Consent: where required for optional marketing emails or non-essential cookies — you may withdraw consent at any time without affecting the lawfulness of earlier processing.

Automated decisions & profiling

We do not make solely automated decisions that produce legal effects about you (such as refusing service based only on an algorithmic score). Fare search ranking is a technical sort of supplier results, not a judgment about you personally.

Children

Our services are directed at adults making travel arrangements. We process children’s data only when supplied by parents or guardians for a booking. We do not knowingly market to children under 13 without parental involvement.

Legal basis (summary)

We process data because it is necessary to perform our contract with you, to comply with law, because we have a legitimate interest that is not outweighed by your privacy rights, or because you have given consent — depending on the specific activity.

Sharing & recipients

We share data with airlines, global distribution systems, consolidators, payment processors, IT hosting providers, email delivery services, and professional advisers (lawyers, accountants) where they need limited access to serve us. Some recipients act as independent controllers (particularly airlines) with their own privacy policies.

We do not sell your personal information to data brokers.

International transfers

Suppliers and cloud services may process data outside the UK. Where required, we use appropriate safeguards — such as the UK International Data Transfer Agreement / Addendum or EU Commission standard contractual clauses — supplemented by transfer risk assessments where appropriate.

Retention

We retain booking, payment, and communications records for at least as long as UK tax, company, and consumer law require — often six or seven years for financial records — and longer where an unresolved dispute or investigation exists. Marketing suppression lists may be kept indefinitely to honour unsubscribe requests.

Your rights

Subject to legal exceptions, you may request:

  • Access to the personal data we hold about you.
  • Correction of inaccurate data (passenger names may require airline-mediated changes once ticketed).
  • Erasure where there is no overriding legitimate ground to continue processing.
  • Restriction of processing in specific circumstances.
  • Portability of data you provided that we process by automated means under contract or consent.
  • Objection to processing based on legitimate interests or to direct marketing.

You may lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk. We appreciate the chance to resolve issues first: info@starairalliance.co.uk.

Security

We implement technical and organizational measures appropriate to the risk — including access controls, staff training, malware protection on office systems, and secure transmission for online payments. No system is perfectly secure; please protect your own devices and passwords.

Third-party sites

Our site may link to airlines, government travel advice, or payment pages. Those sites have their own privacy policies — please read them before submitting personal data.

Updates

We may update this policy when our practices or the law change. The “last updated” line at the top of this page reflects the latest version. Material changes may also be communicated by email where we have consent or a continuing booking relationship with you.