Air Trending logo simple
Meet Us
Free Strategy Call
Client Data Handling Guide — Air Trending

Air Trending

Client Data Handling Guide

A practical, plain language guide to how we handle the personal data inside your accounts when we run your marketing and sales, and what your responsibilities are as the data controller.

Last Updated: June 2026

1. Purpose of This Guide

When you engage Air Trending to manage your marketing and sales, we work inside accounts and tools that hold personal data about your prospects, leads and customers. This guide explains, in plain language, how we handle that data, how we access your accounts, and what you need to do as the owner of the data. It complements our Data Processing Agreement, which is the binding document. If anything here differs from the DPA, the DPA prevails.

2. Who Is Controller and Who Is Processor

For the data inside your campaigns and CRM, you are the data controller. You decide whose data is collected and why. We are your data processor. We handle that data only to deliver the services you have engaged us for, and only on your instructions. This split matters: as controller, you are responsible for the lawfulness of the data and for the rights of the people in it.

3. What Data We Handle for You

Depending on your services, we may handle contact and identification data such as names, emails and phone numbers, marketing engagement data such as opens and clicks, message content and metadata for campaigns we run, scheduling and booking details, and basic device and log data. We do not need, and you should not place into these tools, sensitive data such as financial account numbers, government IDs or health information.

4. How We Access Your Accounts

To build and run your marketing, we need access to relevant platforms, for example your CRM, advertising accounts and website.

  • During onboarding and setup, our team keeps ongoing access to your accounts as needed to configure, build and launch your services.
  • After setup, we access your accounts on an ongoing basis only where your plan includes managed services. Where it does not, we access them at your request, for example to make a change, fix an issue or provide support, and not otherwise.
  • Access is limited to the team members delivering your services, on a least privilege basis, and account activity is logged within the relevant platforms.

5. Your Data Stays Yours

We never sell or share your data, and we never mix one client's data with another's. The data in your accounts is processed only to deliver your services, and it remains yours. On request, and subject to settlement of any amounts due, we hand back access and help you export your data.

6. Your Responsibilities as Controller

As controller, you are responsible for:

  • Having a lawful basis for the personal data you provide or ask us to process.
  • Giving the people in your data the privacy notices required by law.
  • Obtaining the consents you need, in particular marketing and messaging consent for the contacts in your lists.
  • Keeping your data accurate and not loading sensitive categories of data into the tools.
  • Managing who on your side has access, and keeping your own credentials secure.

7. Marketing and Communications Compliance

When we run email, SMS, voice or messaging campaigns for you, you are responsible for the lawfulness of the lists and the consent behind them. We will follow good practice, including honoring unsubscribe and STOP requests and not contacting people who have opted out, but the underlying consent and list hygiene are yours to provide. Different regions have different rules, for example the GDPR and the Spanish LSSI-CE in Europe, and laws such as the TCPA and CAN-SPAM elsewhere. Tell us about any specific constraints on your audiences.

8. Tools and Sub-processors We Use

We deliver your services using trusted platforms, including the Air Lift platform for CRM and automation, advertising and analytics platforms, a consent management tool for our website, and a payment tool. Each is engaged under data protection terms, and the current list is on our Sub-processors page. You may object to a new sub-processor on reasonable data protection grounds, as set out in the DPA.

9. International Transfers

Some of the platforms we use are based outside the EEA, the UK or Switzerland, including in the United States. Where data is transferred to them, we rely on an appropriate safeguard, in most cases the Standard Contractual Clauses with the UK Addendum and Swiss adaptations as relevant.

10. How We Protect Your Data

We apply least privilege access, secure credential handling, vetted platforms, logging of account activity, personnel confidentiality, and a documented incident response process. A fuller summary is in our Security & Compliance Overview.

11. Requests From Your Contacts

If one of your contacts asks to access, correct or delete their data, that request is yours to handle as controller. If a contact contacts us directly, we will pass the request to you and not act on it except on your instructions or as required by law. We will assist you in responding, as set out in the DPA.

12. Retention, Return and Deletion

We keep your data only for as long as we need it to deliver your services, and as your settings and our agreement provide. On termination, and on your request, we delete or return the personal data we process for you, except where the law requires retention.

13. If Something Goes Wrong

If we become aware of a personal data breach affecting the data we process for you, we will notify you without undue delay and give you the information you need to meet your own obligations. If you ever believe an account or credential has been compromised, tell us immediately so we can help contain it.

14. Getting Help

For any question about how we handle your data, or to make a request, contact us at gdpr@air-trending.com.

Company
Resources
Air Lift
Discover
Log In
© 2026 Air Trending. All rights reserved. Enhancing your presence in the aviation industry.