Privacy notice

Content of Privacy Notice

Introduction
Who is NATS Holdings Limited?
When do we collect your personal information?
What personal information do we collect?
Lawful bases for collecting and using your personal information
How we protect your personal information
How long do we keep your personal information for?
Who do we share your personal information with?
Where is your personal information processed?
Your rights regarding your personal information
Complaints
Questions
Cifas

1. Introduction

When you use the NATS website or our services, you trust us with your personal information. This notice explains how we protect and manage that information, including what you share with us and what we learn from your use of our website. It also sets out how we use your data, who we may share it with, and your privacy rights.

NATS is committed to:

Keeping your personal information safe and secure.
Using or sharing your information only as described in this privacy notice.
Providing you with access to your personal information whenever you request it.

Our goal is to ensure you are fully informed about your rights and how we handle your data. We hope this notice answers your questions, but if you need further information, please contact us at the DataProtectionOfficer@nats.co.uk.

2. Who is NATS Holdings Limited?

NATS means any of the companies which is within the NATS Holdings Limited group.

NATS Holdings Limited is made up of a number of related businesses that provides air traffic control (ATC) services through NATS” refers to any company within the NATS Holdings Limited group. The group consists of several related businesses, primarily through two main subsidiaries:

NATS (En Route) plc – Our regulated business that operates under agreement with the UK Government.
NATS (Services) Limited – This subsidiary delivers defence services to the UK Ministry of Defence through Aquila, a joint venture with Thales. It also provides design and data services to airlines and airspace users, as well as international services to customers in regions such as Asia Pacific and the Middle East.

3. When do we collect your personal information?

We may collect personal information from you in the following situations.

You visit our website.
You register your CV with us for recruitment purposes.
You make an enquiry regarding an apprenticeship / Future Minds STEM opportunity.
You register an account with us to use our products or services.
You engage with us through the use of social media or webchat services.
You download or install one of our apps.
You contact us by any means with queries, complaints, or requests.
You comment on a story on our website.
You enter a competition.
You fill in forms, e.g., flight planning.
You fill in surveys.
You engage with us through webchat services.
You attend an event which NATS is hosting or in attendance at

4. What personal information do we collect?

We may collect the following categories of personal information.

Personal details such as your full name, date of birth, and contact information (home or work address, depending on the services requested), telephone numbers, email addresses, and financial details (e.g., payment information).
Equality and diversity data (special category information).
Cookie data, including details of your visits to our website or apps, and any interactions with us through online forms or other communication channels, in line with our Cookie Policy.
Digital identifiers, such as your social media username (if you engage with us via social platforms, enabling us to respond to your comments, questions, or feedback), as well as technical details like your internet connection, browser type, country, and telephone code.
Images and recordings, including photos or videos taken when you attend NATS sites or events hosted or attended by NATS.
CCTV footage and vehicle registration details if you visit one of our sites.
Location data when using one of our apps.
Recruitment information, such as details provided during the application process (e.g., your CV).
Information from third-party providers who support our services to you.

5. Lawful bases for collecting and using your personal information

Under UK GDPR, NATS will only collect and process your personal data where we have a lawful basis to do so. We may use your information for the following purposes:

With your consent, and in certain cases, your explicit consent when processing special category data.
To provide the information or services you request and to fulfil any contractual obligations.
To deliver apprenticeships or courses of study you have enrolled in.
To monitor your progress and performance on the apprenticeship or Future Minds programme.
To comply with legal and regulatory requirements.
To share information that is in the public interest.
Where it is in our legitimate interests, including:
- Ensuring you have the best possible experience when using our website, products, or services.
- Supporting NATS’ role in monitoring and promoting aviation safety.
- Measuring and improving the effectiveness of our website and communications, including troubleshooting, data analysis, testing, research, and statistical purposes.
- Managing and auditing our business operations, including accounting.
- Recording and monitoring communications with you.
- Conducting market research, analysis, and developing statistics.
- Providing information about tools and services similar to those you have purchased or enquired about.
- Notifying you about changes to our website, tools, or services.
- Sending direct marketing communications and related profiling to offer relevant products and services. Marketing may be sent via SMS, email, phone, post, social media, and other digital channels.
- Providing insights and analysis to business partners (with appropriate controls) to improve products, services, and business operations.
- Conducting profiling and other automated decision-making activities.
- Authoring articles and promoting our services through online media, news broadcasters, or other reporting channels.
- Enabling other NATS Group companies to carry out any of the above purposes
Under recognised legitimate interests, allowing NATS to,
- Responding to requests from public bodies: We may provide information to public authorities (or bodies performing public tasks) without assessing whether they need the data, provided they confirm it is necessary for their public function.
- National security, public security, and defence: We may use personal information when necessary to:
  - Safeguard national security.
  - Protect public security.
  - Support defence purposes.
- Emergencies: We may process personal information when required to respond to an emergency, as defined under Part 2 of the Civil Contingencies Act 2004.
- Crime prevention and enforcement: We may use personal information when necessary for:
  - Detecting, investigating, or preventing crime.
- Safeguarding vulnerable individuals: We may process personal information when necessary to protect a vulnerable individual.

6. How we protect your personal information

Protecting the personal information, you entrust to us is a top priority for NATS. We use a range of security measures and technologies to safeguard our Business Data Networks, Operational Systems, and websites. Our systems are continuously monitored for vulnerabilities and potential attacks, and we conduct independent penetration testing to strengthen our security infrastructure.

All information you provide is stored on secure servers. Any payment transactions are encrypted using Secure Sockets Layer (SSL) technology.

We also maintain:

Policies and procedures to prevent accidental loss, unauthorised access, use, destruction, or disclosure of information.
Business Continuity and Disaster Recovery plans to ensure service continuity and protect people and assets.
Access controls to restrict who can view personal information.
Monitoring and physical security measures for safe storage and transfer of data.
Data Privacy Impact Assessments in line with legal requirements and business policies.
Regular employee and contractor training on privacy, information security, and related topics.
Vendor risk management processes.
- Security and contractual reviews for third-party vendors and service providers.

7. How long do we keep your personal information for?

We will only keep your personal information as long as is necessary for the purpose for which it was collected.

When you provide personal information for us to deliver a service, we will retain it for a defined period to meet legal and regulatory requirements.

Once it is no longer necessary to keep your data, we will either delete it securely or anonymise it. For example, anonymised data may be used for statistical analysis where it is no longer personally identifiable.

8. Who do we share your personal information with?

We may share your personal information with other companies within the NATS Group and a limited number of carefully selected third parties, including:

The Civil Aviation Authority (CAA) for regulatory functions and other government bodies and agencies.
The Department for Education in relation to apprenticeship provision and audits.
Business partners, suppliers, and sub-contractors for the performance of a contract, recruitment or to provide services to you.
- Legal and other professional advisors.
- Credit reference agencies for the purpose of assessing your credit score and is required as a condition of entering into a contract with NATS.
- IT companies and search engine providers who support our website and other business systems.
- Police, Courts, or other enforcement agencies, in the UK or in other European Member States, to meet our legal requirements or upon a valid request to do so. These types of requests will be dealt with on a case-by-case basis and take the privacy of you as an individual into consideration.

9. Where is your personal information processed?

In some cases, NATS may process or store your personal information outside the UK or the European Economic Area (EEA). This may involve NATS operations or trusted suppliers, and third-party contractors located in regions such as Asia Pacific or the Middle East.

Whenever your data is transferred outside the UK or EEA, we apply strict safeguards to ensure it remains protected. This includes using Standard Contractual Clauses approved by the UK and the European Commission, which guarantee that your rights and protections travel with your data.

If you would like more details about these safeguards or request a copy of the relevant clauses, please contact us at the DataProtectionsOfficer@nats.co.uk.

10. Your rights over your personal information

We value the trust you place in us and are committed to helping you manage the privacy and security of your personal information. Under the UK General Data Protection Regulation (GDPR), you have the following rights:

Right to be informed – To know how your personal data is collected and used.
Right of access – To request and receive copies of your personal data.
Right to rectification – To have inaccurate or incomplete data corrected.
Right to erasure – To request deletion of your data when consent is withdrawn, or it is no longer needed.
Right to restrict processing – To ask us to limit how we use your data.
Right to data portability – To obtain and reuse your data across different services.
Right to object – To object to processing based on legitimate interests. We will stop unless we have overriding grounds to continue, in which case we will inform you.
Rights related to automated decision-making and profiling – To challenge decisions made solely by automated processes.

If you would like a copy of the personal information we hold about you, you can request this at any time by contacting our Data Protection Officer at DataProtectionOfficer@nats.co.uk.

Checking your identity

To ensure personal information is only shared with the correct individual, we will always ask you to verify your identity before processing any request.

If you have authorised a third party to act on your behalf, we will require proof that they have the appropriate permissions before taking any action.

11. Complaints

You have the right to expect that NATS will handle your personal information responsibly, in line with best practice and the requirements of the UK General Data Protection Regulation (GDPR).

If you have any concerns or wish to complain about how NATS is managing your personal data, please contact our Data Protection Officer immediately, via DataProtectionOfficer@nats.co.uk.

If you are not satisfied with our response, you can escalate your concern to the Information Commissioner’s Office (ICO) by calling 0303 123 1113 or visiting their website at www.ico.org.uk/concerns.

12. Questions

This privacy notice explains how we manage your personal information and the controls we have in place to protect it. We hope you have found it helpful.

If you have any questions that haven’t been covered, or need further information, please contact our Data Protection Officer, who will be happy to assist you: Email us at DataProtectionOfficer@nats.co.uk.

12. Cifas

GENERAL

1. We will check your details against the Cifas databases established for the purpose of allowing organisations to record and share data on their fraud cases, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct (“Relevant Conduct”) carried out by their staff and potential staff. “Staff” means an individual engaged as an employee, director, trainee, homeworker, consultant, contractor, temporary or agency worker, or self-employed individual, whether full or part time or for a fixed term.

2. The personal data you have provided, we have collected from you, or we have received from third parties will be used to prevent fraud and other relevant conduct and to verify your identity.

3. Details of the personal information that will be processed include name, address, date of birth, any maiden or previous name, contact details, document references, National Insurance Number, and nationality. Where relevant, other data including employment details will also be processed.

4. We and Cifas may also enable law enforcement agencies to access and use your personal data to detect, investigate, and prevent crime.

5. We process your personal data on the basis that we have a legitimate interest in preventing fraud and other Relevant Conduct, and to verify identity, in order to protect our business and customers and to comply with laws that apply to us. This processing of your personal data is also a requirement of your engagement with us.

6. Cifas will hold your personal data for up to six years if you are considered to pose a fraud or Relevant Conduct risk.

CONSEQUENCES OF PROCESSING

7. Should our investigations identify fraud or any other Relevant Conduct by you when applying for or during the course of your engagement with us, your new engagement may be refused, or your existing engagement may be terminated, or other disciplinary action taken (subject to your rights under your existing contract and under employment law generally).

8. A record of any fraudulent or other Relevant Conduct by you will be retained by Cifas and may result in others refusing to employ you. If you have any questions about this, please contact us using the details provided.

DATA TRANSFERS

9. Cifas may allow the transfer of your personal data outside of the UK. This may be to a country where the UK Government has decided that your data will be protected to UK standards, but if the transfer is to another type of country, then Cifas will ensure your data continues to be protected by ensuring appropriate safeguards are in place.

YOUR RIGHTS

10. Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data, request that your personal data is erased or corrected, and request access to your personal data.

11. For more information or to exercise your data protection rights, please contact us using the contact details provided.

12. You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data

This privacy notice was last updated 5 January 2026

News

January air traffic soars into 2026

17.02.2026

Twitter

Follow @NATS on X

Currently available in English only

Home
Site information
Privacy notice

January air traffic soars into 2026

NATS Assumes Air Traffic Control And Engineering Services At Birmingham Airport Following Successful Transition

Ballet in the sky — planning, resilience and what lies ahead for summer 2026

My Experience as an Engineering Apprentice at NATS

Planning for Summer 2026

Edition 11: Analytics Awakened - How Data is Transforming Aviation

January air traffic soars into 2026

Final two weeks to share views on airspace change in Scotland

Pre-Christmas getaways drive increase in air traffic

ATC Explained: What are Standard Terminal Arrival Routes?

Inside the process of airspace change

Planning for Summer 2026

NATS unveils digital-twin platform for air traffic controller recruitment

Final two weeks to share views on airspace change in Scotland

NATS launches new digital stand management tool to transform airport operations

Off the Beaten Track: How Aer Lingus and NATS are cutting fuel burn and CO₂ over the North Atlantic

ATC Explained: Flight Progress Strips

Why predictability is the new performance for the world’s airports

NATS recognised among world’s top climate leaders for third consecutive year

NATS Swanwick marks one year of solar success

Off the Beaten Track: How Aer Lingus and NATS are cutting fuel burn and CO₂ over the North Atlantic

From concept to consultation

Flying Smarter: How tech is driving cleaner, more efficient airspace

Navigating the Storm

My Experience as an Engineering Apprentice at NATS

Connecting young talent: NATS young professionals take flight at the Dubai Airshow

Leading the Way in the Aviation Industry for Menopause Support

Learning at Work Week 2025

A Day in the Life of a Duty Engineering Officer

Engineering the Future of Flight

January air traffic soars into 2026

Pre-Christmas getaways drive increase in air traffic

Winter Sun Seekers Increase Number of UK Flights in October

ATC performance stays on track as summer comes to an end

Busiest day since pandemic for UK flights

Flights increase as summer hots up

January air traffic soars into 2026

NATS Assumes Air Traffic Control And Engineering Services At Birmingham Airport Following Successful Transition

Ballet in the sky — planning, resilience and what lies ahead for summer 2026

My Experience as an Engineering Apprentice at NATS

Planning for Summer 2026

Edition 11: Analytics Awakened - How Data is Transforming Aviation

Privacy notice

Content of Privacy Notice

1. Introduction

2. Who is NATS Holdings Limited?

3. When do we collect your personal information?

4. What personal information do we collect?

5. Lawful bases for collecting and using your personal information

6. How we protect your personal information

7. How long do we keep your personal information for?

8. Who do we share your personal information with?

9. Where is your personal information processed?

10. Your rights over your personal information

11. Complaints

12. Questions

12. Cifas

News

January air traffic soars into 2026

Twitter

UK Flights

Press releases

January air traffic soars into 2026 17 Feb 2026

NATS Assumes Air Traffic Control And Engineering Services At Birmingham Airport Following Successful Transition 16 Feb 2026

December flight figures spotlight record-breaking Christmas Day 06 Feb 2026

Consultation to modernise Scotland’s skies draws to a close 04 Feb 2026

Reports & downloads

Related websites

Help & support

January air traffic soars into 2026
17 Feb 2026

NATS Assumes Air Traffic Control And Engineering Services At Birmingham Airport Following Successful Transition
16 Feb 2026

December flight figures spotlight record-breaking Christmas Day
06 Feb 2026

Consultation to modernise Scotland’s skies draws to a close
04 Feb 2026