Privacy notice

Updated 27th of September, 2023

What is a Privacy Notice?

Xiphera is committed to comply with relevant privacy laws and regulations. This Privacy Notice describes how Xiphera processes the personal data we collect when you access or use our website or services. This will also provide information on how we work and protect your personal data.

What is personal data?

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

You are not required to provide the personal data that we have requested, but, if you choose not to do so, in many cases we will not be able to provide you with our products or services or respond to any queries you may have.

Xiphera’s data protection and privacy measures are governed by the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time.

For the purposes of Data Protection Legislation, we Xiphera collects personal data such as contact details for the purpose of providing services or sending marketing communications, Xiphera will be the data controller. Where Xiphera are provided with information from a third party or a customer relating to a passenger that we are arranging a charter for we are data processors and will only process such data in accordance with the customer’s instructions.

What personal data will Xiphera collect about me?

When you use an Xiphera to purchase a service, purchase a product, contact us or complete an online form, we may collect a variety of information, including, but not limited to; your name, job title, mailing address, telephone number, or email address.

Where you use the website (“Website”), we may collect technical data such as IP addresses and cookie ID. For more information around how we use cookies please see our Cookie Policy.

How is my personal data collected?

You may directly provide your personal data to us, or we may collect your personal data from third parties, such as customers providing your passenger details for the purpose of arranging a charter. We may also collect information from publicly available sources.

What is Xiphera’s basis for processing my personal data?

Xiphera collects and processes your Personal Data on the basis of different legal grounds, depending on the nature of the Personal Data being provided and the type of processing involved.

Performance of a Contract

Some of the Personal Data is processed on the basis that it is necessary for the performance of our agreement with you, or in order to take steps at the request of the user prior to entering such an agreement. To register you as a new customer and verify your identity.

Legitimate Interest

A ground relied upon for processing your Personal Data is legitimate interests, where we believe you have a reasonable expectation that we will perform a particular type of processing on your behalf, or where such processing is strictly necessary for fraud detection and prevention. An example would be where we respond to your queries and enquiries.


A ground relied upon in order to collect and process certain types of Personal or Sensitive information, or where appropriate to keep you informed by telephone, SMS or email, about us and our business partners content, products and services, events and special offers. You can withdraw your consent, as detailed in this Privacy Notice where applicable, or by sending an email to info(at)

Compliance with a Legal Obligation

A ground relied upon for certain types of processing is that it is necessary in order to allow compliance with a legal obligation. An example of this would be to retain business records for fixed periods of time in order to comply with local legal requirements.

When will Xiphera contact me?

In relation to any service, activity or online content you have signed up for in order to ensure that Xiphera can deliver, e.g. to ensure payment of your charter, offer other charter related services or upgrades, or to enquire whether you’re in need of our services.

In relation to any correspondence we receive from you or any comment or complaint you make about Xiphera.

To invite you to participate in voluntary surveys about the Xiphera.

To update you on any material changes to the Xiphera’s policies and practices.

To keep you informed periodically on relevant products and services that we think may be of interest to you. Types of communication include quarterly newsletter updates, Cloud magazine, Xiphera Flyer or emails such as empty legs and passenger/cargo charter availability.

If you wish to adjust what information we use or choose to opt out, you can do so at any time by contacting us to update your preferences.

How long will Xiphera keep my personal data?

We retain your personal data as long as it is necessary and relevant for our operations. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. In addition, we may retain personal data relating to previous booking activity to comply with national laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, and take other actions permitted or required by applicable national laws. After it is no longer necessary for us to retain your personal data, we anonymise part of the data for analytical purposes and dispose of the rest in a secure manner. If you have any questions in relation to our retention periods, please contact us at info(at)

Who will Xiphera share my personal data with?

Our service providers

This includes external third-party service providers, such as an airline for when you book a flight; accountants, auditors, experts, lawyers and other outside professional advisors; IT systems, support and hosting service providers; printing, advertising, marketing and market research and analysis service providers; document and records management providers; technical engineers; data storage and cloud providers and similar third-party vendors and outsourced service providers that assist us in carrying out business activities.

Governmental authorities and third parties involved in fraud prevention and law enforcement

Xiphera may share Personal Information with governmental or other public authorities (including, but not limited to, courts, law enforcement, tax authorities and criminal investigations agencies); and third-party civil legal process participants and their accountants, auditors, lawyers and other advisors and representatives as we believe to be necessary or appropriate: (a) to comply with applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our group companies; (f) to protect our rights, privacy, safety or property, and that of our group companies, you or others; and (g) to allow us to pursue available remedies or limit our damages.

Is my personal data secure?

Xiphera is committed to keeping your personal data safe and secure from unauthorised access to or unauthorised alterations, disclosure or destruction of information that we hold. Our security measures include:

Encryption of our services and data;

Review our information collection, storage and processing practices, including physical security measures;

Access control restrictions for personal information;

Contractual confidentiality and processing agreements for employees and/or third parties who may require access to personal data; and internal policies setting out our data security procedures and training for employees.

What rights do I have in relation to my personal data?

Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal data. These include the right to:

– Request access to your personal data;

– Request correction of your personal data;

– Request erasure of your personal data;

– Object to processing of your personal data;

– Request restriction of processing your personal data;

– Request transfer of your personal data;

– Right to withdraw consent.

– Can I delete my data?

Yes, in some cases you will be able to. To make a deletion request please contact our Data Protection team at info(at)

How do I contact Xiphera?

For any queries or comments about this Privacy Notice or updates, amendments and corrections to yourrecords, or for personal data requests, please contact info(at) or by post to: Data Protection Team, Xiphera, Tekniikantie 12, 02150 Espoo, Finland

If you wish to make a complaint about how we use your information, please contact our Data Protection team. You can also contact the local data protection authority.

Changes to Privacy Notice

We will occasionally update this Privacy Notice in accordance with business and legal requirements. We will post a notice of any material changes on our website, and where appropriate, notify you using the contact details we hold for you for this purpose. We encourage you to periodically review this Privacy Notice to be informed of how we use your information.