Privacy Policy

Privacy Policy

This privacy notice was last updated: December 2024

This privacy notice tells you what to expect when Heathrow Airport Limited (“Heathrow”) collects personal information about you when you use any Commercial Service offered by Heathrow, these include (but are not limited to):

  • The Reserve & Collect Service; 

  • The Personal Shopper Service; 

  • The Collect on Return Service; 

  • The Returns Promise Service; 

  • The Terminal Shopping Transfer Service; 

  • The Home Delivery Service; 

(collectively known as the “Retail Services”)

  • Official Heathrow Parking; 

  • Heathrow Fast Track; 

  • Heathrow Meet & Assist; 

  • Heathrow Porters and Airport Lounges; 

  • Heathrow VIP; 

  • Heathrow Rewards Loyalty Programme; 

  • Heathrow Terminal Drop-Off Charge; 

  • Heathrow Customer Service Centre (if you wish to make an enquiry to our Customer Service Team, click and follow this link:  https://www.heathrow.com/contact-us/send-usyour-feedback);  

  • Heathrow Wi-Fi service; and 

  • Heathrow Photo and Video Asset Library

  • The Heathrow app

  • My Heathrow Account

Heathrow is committed to protecting your personal information when you use the Commercial Services. Whenever you provide such information, we are legally obliged to use your information in line with all applicable laws concerning the protection of personal data, including the UK General Data Protection Regulation (“UK GDPR”). Your information will be kept in a secure environment and access to it will be restricted according to the “need to know” principle.

What information will we collect about you?

Depending on the Commercial Service you use, we may collect the following information about you:

  • Title and salutation; 

  • Name (and the name of your guests, if applicable for VIP services); 

  • Guardian full name, email address and phone numbers (if applicable); 

  • Status (diplomatic status or organisation status and category if applicable for VIP services); 

  • Address and postcode; 

  • Email address; 

  • Gender; 

  • Nationality; 

  • Country; 

  • Preferred language; 

  • Date of birth (note that you must be over 18 years of age to participate in the Heathrow Rewards Loyalty Programme); 

  • Phone number (in respect of the Heathrow Rewards service, we will only contact you by phone if we have a query with your account); 

  • Date of travel and reason for travel; 

  • Flight number, flight time, travel class and destination; 

  • Special assistance requirements (for example, if you state that you require a wheelchair for the Personal Shopper and Terminal Transfer Shopping Services); 

  • Payment Details, including a billing address when you use our VIP service (payment details are only stored if you request it on your account and this is via Mastercard Payment Gateway/Hosted Checkout); 

  • Staff ID number (if you are a Heathrow staff member); 

  • Employer (if you are a Heathrow staff member); 

  • Information of products purchased or reserved; 

  • Heathrow Rewards customer loyalty number; 

  • Heathrow Marketing preference; 

  • Proof of Purchase when using the Returns Promise service; 

  • Passport and ID (including the expiry date of your passport); when you use our VIP service); 

  • We may process your prescription and or doctors’ letters when you chose to provide to us in order to fulfil the VIP service. We rely on your consent to do this.

  • Transaction data; 

  • Heathrow Rewards login credentials (if you are a Heathrow Rewards member); 

  • Any additional details you provide in relation to a customer service enquiry, this could include (but not limited to) vehicle registration number, flight details, proof of ID, booking references, card details, redacted bank statement (where relevant) or other account details. Please note, this differs depending on your enquiry.

  • Vehicle registration number when you use the Heathrow Terminal Drop-Off Charge service. Please note, Heathrow will only collect the first name, last name, and email address of users who consent to their details being used for marketing purposes. This information will be collected by APCOA on our behalf and transferred to our marketing agents (see details below)

  • Details of the order such as product information, quantity, and status of the order

  • Payment information which is processed by Stripe, for more information on how Stripe process your data please see the privacy policy: https://stripe.com/gb/privacy  

Heathrow collects information about how you use the Website and the Commercial Services via the Website and the device(s) you use to access the Commercial Services. This includes collecting unique online identifiers such as IP addresses, which are numbers that uniquely identify a specific computer or other network device on the internet. For more information, see our section on ‘cookies’ below.

How will Heathrow use the information it collects about me?

Heathrow will use your personal data for a number of purposes including the following:

Use of data

Purpose

Justification

To provide the Retail Services to you

Contract

We collect information to provide the Reserve & Collect Service to enable you to reserve products listed on the Website and to enable the delivery of the reserved products to you at either a retailer’s store at Heathrow Airport or to a Heathrow operated collection desk at Heathrow Airport for purchase from third party retailers and collection. For each third-party retailer who concludes a sale of a reserved product at a Heathrow operated collection desk only (and has no physical retail store at Heathrow Airport), more information on each such retailer’s privacy policy can be found here: https://boutique.heathrow.com/en/retailer-privacy-policy.html.

We collect information to provide you with the Reserve and Collect (payment in advance) service. This is to enable you to reserve and pay for products online and collect at the airport. While we handle the fulfilment and service, your purchases with the Retailer will be processed by the relevant retailer.

For more information on how the retailers and Stripe process your data as controllers please see the following privacy notices:

  • https://boutique.heathrow.com/en/retailer-privacy-policy.html.

  • https://stripe.com/gb/privacy

    We collect information to provide the Personal Shopper Service to enable you to pre-book this service on the Website and to enable you to use this service in person in the designated lounges at Heathrow Airport to reserve products and services for purchase from third party retailers. For more information: 

    https://boutique.heathrow.com/en/personal-shopper

    We collect information to provide the Collect on Return service to enable you to store your purchases with us and collect on your return journey back to Heathrow. For more information:https://www.heathrow.com/at-theairport/shopping/collect-on-return

    We collect information to provide the Returns Promise service to enable you to return faulty or unwanted good on behalf of Heathrow retailers within 60 days of purchase and subject to the terms and conditions. The Heathrow Returns Promise operates in parallel with the Retailers’ own existing returns policy. For more information: 

    https://www.heathrow.com/at-the-airport/shopping/returnspromise/returns-policy

    We collect information to provide the Terminal Shopping Transfer service to enable you to book and shop at brands located in terminals which are not in your departing terminal accompanied by Operator personnel for the express purpose of shopping. For more information: https://www.heathrow.com/at-theairport/shopping/terminal-shopping-transfer

    We collect information to provide the Home Delivery service to enable you to shop in Heathrow’s retailers and request for your purchases to be delivered to your UK home address.

    For more information: 

    https://www.heathrow.com/at-the-airport/shopping/home-delivery

  • To provide the Heathrow Rewards Loyalty Programme to you

    Contract/ Consent 

    This includes providing updates and information as well as logging your activities within Heathrow Rewards. Approved third parties may process the data in certain circumstances, for example, refunds of Heathrow Rewards points when a purchase has been returned.  As the refund process is managed separately from the till/transaction location, in order to process the deduction of points after a refund has been made, Heathrow uses the third party to manage the process on our behalf. The lawful justification for collecting and using your personal data for implementation of the rewards scheme is that it is necessary for providing the Heathrow Rewards loyalty programme which you contractually enter into. 

    We collect your data from the information you voluntarily provide us with when you enter a prize draw or competition via our Heathrow Rewards scheme. This will only be used for the purposes of administering and managing the prize draw or competition, including contacting the prize draw or competition winners. The lawful justification for collecting this data is consent for the purposes of facilitating the prize draw or competition.

    To provide you with the Heathrow Wi-Fi service

    Contract

    We will be unable to form a contract and provide you with Heathrow’s Wi-Fi Services without collecting and using your personal data.

    To follow up your enquiry or request via our Customer Service Team, to keep a record of any actions and engagement of our responses.

    Legitimate
    Interest/
    Consent

    Heathrow has a legitimate interest for processing your personal data in order to respond to any customer service enquiries.  

    Where you give us your consent, we will use sensitive data to investigate any concerns in relation to assistance or safety enquiries.

    Where you have provided us with a Customer Service Survey (CSAT) response we will process your results accordingly.

    We may utilise Einstein GPT to aid customer service agents in addressing your enquires, for more information: https://www.salesforce.com/company/legal/privacy/

    We use a variety of contact channels such as webforms, telephone, letters, live chat, WhatsApp and social media platforms such as Twitter, Facebook and Instagram. We may use these channels to respond to your enquiry, depending on how you have chosen to interact with us.

    To provide the Terminal Drop-Off Charge service

    Contract/
    Legitimate
    Interest/
    Consent

    To provide the Terminal Drop-Off Charge service, Heathrow will collect your VRM via Automatic Number Plate Recognition (“ANPR”) and CCTV. This information will then be passed on to APCOA, who manage the process of forecourt access including the enforcement of the program. 

    Heathrow will only collect first name, last name, and email address of users who consent to their details being used for marketing purposes, this information will be collected by APCOA on our behalf and transferred to our marketing agents. 

    The lawful basis for our processing of your vehicle registration data is based on it being necessary to perform our contract with you permitting the use of a vehicle at Heathrow Airport for use of the forecourt. Heathrow also relies upon legitimate interests in connection with data processed in connection with TDOC. The terms and conditions are set out on the signage located around site and online: 

    https://www.heathrow.com/terms-and-conditions/terminal-drop-offcharge-terms-and-conditions

    To provide the Heathrow Parking, Fast Track, Meet & Assist, Porters and Airport Lounges Services.

    Contract
    We will be unable to form a contract and provide you with Heathrow Services without collecting and using your personal data. This information is also required to provide you with service information and to respond adequately to potential enquiries in relation to your booking.
    Heathrow collects information on your usage of the Heathrow Photo
    Contract and Legitimate

    The lawful justification for collecting and using your personal data is that it is necessary for the performance of the Heathrow Photo and Video Asset Library which you contractually enter into.

    To provide the Heathrow VIP Service to you
    Contract

    Heathrow has a legitimate interest to ensure that the content is being used correctly.

    We collect your personal information when you use our VIP service. The lawful basis we rely on is contract to ensure we are able to fulfil the service, provide you with service information and to respond adequately to potential enquiries in relation to your booking.

    To send you marketing communications about the Website, the Commercial Services, and any other Heathrow products and services, as well as information.
    Consent and/or
    Legitimate
    Interest

    When you purchase a Heathrow product or use of our services, we will use legitimate interest or where you have consented to send you marketing communications. We will inform you about the latest airport updates including exclusive offers and new services where we have your consent or legitimate business interest to send you marketing to improve your travel experience. We have conducted an assessment to make sure that the benefits to you are equal to the benefits to us.

    Where we have your consent or legitimate business interest we may match the data we collect with other data that we hold about you if you have used Heathrow products and services or where you have provided a Heathrow Rewards number when purchasing products and services from out retail partners.

    We may also analyse marketing communications for campaign and engagement effectiveness. We do this to build up a picture of your personal preferences and understand how you use Heathrow and our retail partners products and services. This enables us to send you relevant and personalised content and ensures we only send relevant communications to you, making your journey smoother and more enjoyable. We have conducted an assessment to make sure that the benefits to you are equal to the benefits to us.

    We may share your name and email address with selected partners at Heathrow Airport, including World Duty Free, who will use personal data to send marketing communications to you. We will only do this where you give us clear consent to do so.
    Consent

    You are always in control of how we use your personal data. If you don't want to receive marketing communications from us, you can change your marketing preferences at any time by contacting privacy@heathrow.com, by clicking  'Unsubscribe' on the footer of a Heathrow Commercial Services marketing email or by logging in to your account and updating your preferences.

    We may share your name and email address with selected partners at Heathrow Airport, including World Duty Free, who will use personal data to send marketing communications to you. We will only do this where you give us clear consent to do so. For more information please see their privacy notice here

    To provide you with the Heathrow App.
    Consent and/or
    Legitimate
    Interest

    Where you input your flight details/scan your boarding pass, we have a legitimate interest to process this information and provide you with up-to-date flight and operational information. Where you sign into your reward account on the app, we would process your email alongside your first and last name. To provide you with the opportunity to book and use our Heathrow Commercial Services we would process your personal data in relation to the bespoke service. For more information, please see the commercial services outlined above. To provide you with navigation via our wayfinding feature. Where we have your consent to do so we would process your location and Bluetooth to navigate you to your destination. Where you have provided us with your consent to use your location, to send push notifications and to send you marketing communications we will send you push notifications by capturing your IP address, Device ID and other similar online identifiers to send you personalised content based on your location. This includes promotional material and will only be sent if we have your consent to do so. Other push notification communications include service messaging to make you aware of any disruption to our services. We use affiliate tracking links to ensure you are referred to the right place by analysing referral traffic from our third parties that provide the commercial services. We only do this where we have your consent, if you would prefer not to be part of this you can opt out at any time on the Heathrow App via settings. You are always in control of how we use your personal data. If you don't want to receive marketing communications from us, you can change your marketing preferences at any time by contacting privacy@heathrow.com. Alternatively, you can manage or update your consent via the settings on the app at any time.

    To provide the My Heathrow platform
    Contract

    My Heathrow online account provides seamless access to all Heathrow services. We process your data to enable a single sign-on with multi-factor authentication and security, ensuring access to your My Heathrow account dashboard which displays your orders/bookings, account history and other account details.

    You are always in control of how we use your personal data and can opt out of marketing communications during and after the booking process. You can change your marketing preferences at any time or unsubscribe from Heathrow marketing communications by visiting ‘My Account’ or by clicking ‘Unsubscribe’ on the footer of a Heathrow Commercial Services marketing email. You have the right to object to this processing which you can exercise by contacting privacy@heathrow.com. Please note that if you object, this may affect our ability to send personalised marketing communications to you.

    Your information may be stored, handled, managed and/or used by the following recipients in order to deliver the Commercial Services:

    • Our shopping fulfilment partner who:  

    • (i) provide customer service agents who work on behalf of Heathrow to provide fulfilment and customer assistance services with respect to the Commercial 

    • Services;  

    • (ii) provide payment administration services on behalf of individual retailers to take payments from customers either pursuant to the Reserve and Collect Service and Reserve and Collect Payment in Advance service where the collection is from a Heathrow operated collection desk or for purchase of reserved products and services by customers using the Personal Shopper 

    • Service; 

    • (iii) assist in providing the Returns Promise service working with the retailers and their payment partners in order to facilitate the Returns Promise; 

    • (iv) process refunds of Heathrow Reward points when a purchase has been returned; 

    • (v) fulfil Heathrow Meet & Assist and Porter Services; and 

    • (vi) deliver the Heathrow VIP Personal Shopper Service; 

    • Our loyalty scheme partner who administer the Heathrow Loyalty Programme platform;  

    • Heathrow agents, who provide a service for our marketing requirements such as loyalty program administrators, agents who process our marketing database, loyalty partners (including airline frequent flyer programs) and agents who print personalised stationary for our loyalty scheme. 

    • Our media management partner, who assist with delivering the Heathrow Photo and Video Asset Library Service;  

    • Our trusted data partner(s), who deal with marketing support for our Customer Relationship Management (“CRM”) Platform 

    • APCOA, who manage (a) the CCTV coverage in Heathrow car parks and forecourts, and (b) parking and Terminal Drop-Off Charge services on Heathrow’s behalf (for more information on how APCOA processes data, please see the following link: https://heathrowdropoff.apcoa.com/privacy);   

    • Payment Gateway Partner, who administer the Heathrow VIP hosted checkout payment; 

    • Passenger support suppliers who deliver the Heathrow VIP client chauffeur and gate security service; 

    • Hospitality service partners who deliver the Heathrow VIP hospitality function; 

    • Our trusted lounge partners who assist when a lounge booking has been made;  

    • Airlines to co-ordinate the boarding and/or dis-embarkment of the aircraft for Heathrow VIP service users: 

    • Embassies to verify exemption status and fulfil special passenger requests for Heathrow VIP service users; 

    • Our trusted customer service agents, who work on behalf of Heathrow; 

    • Suppliers of payment processing services who take payment on behalf of individual retailers offering products and services for sale using the Commercial Services;

    • Retailers from whom you purchase reserved products using the Commercial Services; 

    • Heathrow Staff delivering the Heathrow App Service

    • Our trusted third parties who provide the My Heathrow platform

    • Suppliers of technical services delivering the technical administration of the Commercial Services, including (a) third-party IT systems that manage our IT platforms, and (b) IT providers who supply Heathrow with CCTV/APNR technology c) our trusted Wi-fi providers who deliver the Heathrow Wi-Fi service.

    We will not transfer or disclose your personal information, other than as identified in this privacy notice or otherwise except to our trusted third-party partners, to the police, tribunals, courts, regulators, or other authorities to assist them with their investigations or requests or for us to report security incidents or suspected or actual unlawful acts and/or as may be otherwise required by law.

    All information identified in this privacy notice is processed in the UK and the EEA in exception to your information relating to the Heathrow Wi-Fi service which is processed in the United States of America. In addition, some of our trusted partners (i.e. airline frequent flyer programmes) may transfer your information overseas to fulfil your Heathrow Rewards points conversion to the corresponding currency. Where we are responsible for your personal data, we always ensure that your information remains protected and secure when being transferred. 

    How long will Heathrow keep my information?

    Your account information in respect of all Commercial services other than the listed below will be retained for a period of three years from the date of your last interaction after which your personal data will be anonymised.

    Your Heathrow Wi-Fi account information will be retained for a period of 15 days from the date of your last Wi-Fi login at which point all of your personal details are removed from our systems.

    Heathrow will retain information in relation to CCTV/ANPR data for a period of 31 days from the date of your drop off after which point it will be deleted.

    What rights do I have over my personal data?

    Under the UK General Data Protection Regulation, you have the right to:

    • Be informed as to how your data is being processed; 

    • Access your personal data by making a subject access request; 

    • Rectification, erasure or restriction of your information where this is justified; 

    • Object to the processing of your information where this is justified; 

    • Where applicable, you have rights in relation to data portability; and 

    • Where applicable, you have rights in relation to automated decision making.

    To exercise your rights, please contact the Heathrow data protection officer using the following contact details:

    Data Protection Officer

    Heathrow Airport Limited

    The Compass Centre

    Nelson Road

    Hounslow

    Middlesex

    TW6 2GW

    Email:privacy@heathrow.com

    Heathrow will retain information in relation to CCTV/ANPR data for a period of 31 days from the date of your drop off after which point it will be deleted.

    What if I find your response unsatisfactory?

    Should you find our response unsatisfactory, you have the right to lodge a complaint with the supervisory authority – the Information Commissioner’s Office (“ICO”). You can find more information on the ICO website at https://ico.org.uk/concerns/ regarding the complaints process.

    EU Representative Contact Details

    A new era has begun for the UK and EU now that the Brexit transition period is over. From time to time, we may process personal data from EU residents. Whenever applicable, we have appointed an EU Representative to ensure that we continuously process your personal data in compliance with applicable laws and without undermining your statutory rights. You can contact our EU Representative at HeathrowEURepresentative@eversheds-sutherland.com and write EU Representative as subject matter. You may also contact our EU Representative per post mail at:

    Eversheds Sutherland Netherlands B.V.

    Attn. EU Representative Heathrow Airport

    Fascinatio Boulevard 212

    Floor 2A

    3065 WB Rotterdam 

    Privacy & Cookies

    Cookies are small text files which are stored on your computer when you visit certain web pages. At Heathrow we use cookies to understand how our sites are used which helps us to improve your overall online experience. Some of the cookies we use are necessary for some of our sites to work whilst other cookies are used to provide tailored advertising by trusted third parties. To find out more about cookies, visit www.aboutcookies.org.

    Heathrow uses the following types of cookies on our websites:

    Strictly necessary - These cookies are essential for our websites to work and without these cookies some services you have asked for cannot be provided. 

    Performance - These cookies are used to collect anonymous information about how you use our websites. This information is used to help us continually improve our websites and understand how effective our adverts are. You can opt out of these cookies by managing your preferences above.  

    Functionality - These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. You can opt out of these cookies by managing your preferences above.  

    Targeting and Advertising - These cookies are used by trusted third parties to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advert as well as help measure the effectiveness of the advertising campaign. You can opt out of these cookies by managing your preferences above.  

    Personalisation - These cookies help us to show you the most relevant content based on your interaction with our website. You can opt out of these cookies by managing your preferences above.  

    Managing cookies:

    You can manage your cookies preferences and opt out of non-essential cookies on our website, to do this:  

    1) Click on the  Commercial Services privacy notice

    2) Scroll down and click on the Privacy and Cookies tab 

    You will find a ‘Manage cookies preferences’ button (as shown in the image below), click on this and you will be able to manage cookies by moving the on/off toggles.

    Privacy and Cookies description

    Alternatively, you can set your browser to restrict, block or delete cookies from Heathrow and our third-party advertisers, or any other website. Each browser is different, so check the 'Help' menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies, we cannot guarantee the performance of our websites and some features may not work as expected.

    Links to other websites - This privacy notice does not cover the links within this site to third-party websites. We encourage you to read the privacy statements on the other websites you visit.

    Changes to this privacy notice - We will keep this privacy notice under regular review, and we will place any updates here.

    At the start of this privacy notice, we will tell you when it was last updated.