Privacy Policies
Executive Lounges and Aspire Lounges Privacy Notice
Effective date: March 2026
1. About this Privacy Notice
Executive Lounges or Aspire Lounges (the “Lounges”) are operated by Swissport International AG and its affiliates and subsidiaries (“Swissport”, “we”, “us” or “our”). In this Privacy Notice your personal data means any information which Swissport processes about you from which you can be directly or indirectly personally identified (“Personal Data”).
This Privacy Notice applies to Personal Data that we collect and process in the course of our Lounges business, including your interactions on our website, our loyalty programme and in connection with your access to one of our Lounges (the “Lounge Access”). For further information on Lounge Access, please refer to our terms and conditions of access.
The data controller in respect of Lounge Access depends on where you are, and which Lounge you are using. In the UK, this is Swissport GB Limited. If you are in the EU, this is Swissport International AG. For information on who your controller is, please contact [email protected]. If you are a State of California, USA, resident, California law may provide you with additional rights regarding Swissport’s collection and use of your personal information. To learn more, visit here.
If your Lounge Access was booked on your behalf by a third party, Swissport only acts as a data processor and the third party is the data controller. This means that Swissport processes personal data on behalf of that third party and not on its own behalf. This Privacy Notice does not cover that processing activity. For further information about that processing activity and how to exercise your rights, we encourage you to review the third party’s privacy notice.
Swissport is a global company with customers and offices all around the world. As such, our approach to privacy compliance is a global one. No matter where you are located, we remain committed to abiding by all applicable data privacy laws. As part of this global approach, we endeavour to adopt consistent approaches to our processing of Personal Data to the extent possible. Depending on the region in which you are located, you may be entitled to exercise rights in respect of your Personal Data, which are outlined in further detail below.
If you have any questions on this Privacy Notice or if you require access to this Privacy Notice in an alternative format, please contact our Privacy Team at [email protected].
2. How We Collect Your Personal Data
We collect your Personal Data in three ways:
a) Information you provide to us
We will collect and store any information you provide to us when you:
i. use our website, phone line or walk-in desk to book Lounge Access;
ii. utilise Wi-Fi services that we may make available to you during your Lounge Access;
iii. send us an email, complaint or otherwise correspond with us;
iv. complete a survey or questionnaire;
v. opt-in to marketing campaigns; and
vi. voluntarily provide information during your Lounge Access.
b) Information provided by third parties
We may collect information about you that is provided by third parties in circumstances where a third party provides certain services on Swissport’s behalf, for example in-lounge Wi-Fi access.
c) Other Information we collect
i. when you visit one of our Lounges this may be captured on CCTV.
3. Categories of Personal Data Processed
The table below details the categories of Personal Data that we may process in connection with Lounge Access. Swissport acts as a data controller with respect to this Personal Data.
|
When you book Lounge Access in advance (by telephone or through our website) |
||
|
Category of Personal Data |
Personal Data We Process |
Description |
|
Device/IP Data |
IP address, Operating system and browser used to access our website, Internet Service Provider, and External website from which the user is directed to the website. |
This information is collected through the settings on our website. For further information, please see our Cookies Policy.
|
|
Contact Data |
First and last name of lead guest Email address. |
This information is collected to process your booking for Lounge Access and to send you a booking confirmation. Where you book Lounge Access for a group of individuals, we will only collect the contact information of the lead guest. |
|
Identifier(s) |
Passenger Name Record. |
The Passenger Name Record is a code comprising six numbers and letters that allows airline passengers to check-in online and manage bookings. We process Passenger Name Record so that we can confirm that you are an airline passenger at the airport in question on the day of your Lounge Access. |
|
Payment Information |
Payment card details. |
This information is processed when you pay for Lounge Access. Card details are not visible to or stored by Swissport. |
|
When you book Lounge Access as a walk-in guest |
||
|
Category of Personal Data |
Personal Data We Process |
Description |
|
Contact Data |
First and last name Email address (if a receipt is requested). |
This information is collected to process your booking for Lounge Access and to send you a booking confirmation. |
|
Identifier(s) |
Passenger Name Record, Flight information and frequent flyer number (where applicable). |
The Passenger Name Record is a code comprising six numbers and letters that allows airline passengers to check-in online and manage bookings. We process Passenger Name Record so that we can confirm that you are an airline passenger at the airport in question on the day of your Lounge Access. |
|
Payment Information |
Card number, Card expiry date. |
This information is processed when you pay for Lounge Access. Swissport does not access or store information processed in the course of processing payments. |
|
Information that may be collected when using our Loyalty App |
||
|
Category of Personal Data |
Personal Data We Process |
Description |
|
Contact Data |
First and last name, Address, Date of birth, Phone Number, Gender, Email address (if a receipt is requested). |
This information is collected to manage our loyalty app (i.e. to send you a booking confirmation or receipts). |
|
Identifier(s) |
Passenger Name Record, Flight information, frequent flyer number (where applicable). |
The Passenger Name Record is a code comprising six numbers and letters that allows airline passengers to check-in online and manage bookings. We process Passenger Name Record so that we can confirm that you are an airline passenger at the airport in question on the day of your Lounge Access. |
|
Contact Details (Marketing) |
First and last name, Date of birth, Email address, Last Swissport lounge visited and date of visit, Individual Preferences. |
We process this information when you agree to receive marketing communications from us. |
|
Information that may be collected during your Lounge Access |
||
|
Category of Personal Data |
Personal Data We Process |
Description |
|
CCTV |
Video recordings of your Lounge Access. |
We deploy CCTV at certain of our Lounges for security purposes. For further information please consult the CCTV signage at your Lounge, ask a member of staff or contact us at [email protected]. |
|
Emergency Information |
Miscellaneous. |
When an emergency situation arises in connection with Lounge Access, we may process additional information in response to the emergency. |
|
Information that you may voluntarily provide in the course of your Lounge Access |
||
|
Category of Personal Data |
Personal Data We Process |
Description |
|
Contact Details (Marketing) |
First and last name, Date of birth, Email address, Last Swissport lounge visited Individual Preferences. |
We process this information when you agree to receive marketing communications from us. |
|
Customer Request |
Miscellaneous. |
When placing customer requests, the information provided to Swissport is on a voluntary basis. |
We will tell you when it is mandatory for you to provide us with personal data to obtain Lounge Access – if you do not provide us with such personal data, you may be denied Lounge Access.
4. Purposes for Processing Personal Data
If you are from a jurisdiction that requires a legal basis for processing your Personal Data (such as the EU or the UK), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it. We will only process your Personal Data if we have a lawful basis for doing so.
In certain jurisdictions, such as Canada, the only legal basis that can be relied upon for processing Personal Data in many circumstances is ‘consent’. In those jurisdictions, we will make appropriate adjustments to our data processing practices to ensure that we obtain consent for all processing undertaken as necessary. The lawful bases are explained below:
- Performance of a Contract: When it is necessary for Swissport or a third party to process your Personal Data to: Comply with obligations under a contract with you. This includes our obligations under the terms and conditions for Lounge Access, or to verify information before entering into a contract with you.
- Legitimate Interest: Where Swissport or a third party has an interest in using your Personal Data in a certain way, which is necessary and proportionate in light of any possible risks to you and other Swissport customers.
- Consent: When Swissport asks you to actively indicate your agreement to Swissport’s use of your Personal Data for a certain purpose.
- Compliance with Legal Obligations: When Swissport must process your Personal Data to comply with a law.
The table below details how Swissport will use your Personal Data for our commercial or business purpose (“Purpose”) and the accompanying lawful basis, where applicable.
|
Purpose |
Lawful Basis |
Categories of Personal Data Processed |
|
Lounge Access To provide Lounge Access in accordance with our contract with you. For example, when we use your Personal Data to:
|
Performance of a Contract. |
Contact Data, Identifier(s). |
|
Payment Processing To process your payment for Lounge Access.
|
Performance of a Contract. |
Payment Information. |
|
Marketing For marketing, promotion and advertising purposes where the law requires us to collect your consent.
For example, when the law requires consent for email marketing.
|
Consent. |
Contact Details (Marketing). |
|
Information Provided on a Voluntary Basis To provide certain voluntary services as part of your Lounge experience. When this is the case, we will ask for your consent.
For example, when we use your Personal Data to:
|
Consent,
Legitimate Interest including to improve our service provision. |
Customer Request. |
|
Breach of Swissport Terms and Conditions To take appropriate action when our policies or terms and conditions are infringed. For example, when our terms and conditions for Lounge Access are breached.
|
Legitimate Interest including to protect the safety of our customers and improve our service provision.
|
Contact Data. |
|
Legal claims To established, exercise or defend legal claims.
For example, if we are involved in litigation and we must provide information to our lawyers in relation to that legal issue. |
Legitimate Interest including to seek legal advice and to protect ourselves, our customers or others in legal proceedings. |
Device/IP Data, Contact Data, Identifier(s), Payment Information, Flight Information, CCTV, Emergency Information, Contact Details (Marketing), Customer Request.
|
|
Research and surveys To conduct research and surveys.
For example, when we contact our customers to ask for feedback on your experience.
|
Consent,
Legitimate Interest including to improve our service provision. |
Customer Request. |
|
Compliance with legal obligations To comply with legal obligations we are subject to. For example:
|
Compliance with Legal Obligations,
Legitimate Interest including compliance with international legal requirements. |
Device/IP Data, Contact Data, Identifier(s), Payment Information, Flight Information, CCTV, Emergency Information, Contact Details (Marketing), Customer Request.
|
|
Compliance with law enforcement requests To comply with a request from law enforcement, courts, or other competent authorities.
|
Compliance with Legal Obligations,
Legitimate Interest, including to assist law enforcement authorities with prevention or detection of serious crime. |
Device/IP Data, Contact Data, Identifier(s), Payment Information, Flight Information, CCTV, Emergency Information, Contact Details (Marketing), Customer Request. |
|
Managing our Loyalty App To administer Aspire Lounges Loyalty Scheme and for internal operations. |
Performance of a Contract, Legitimate Interest including to improve our service provision. |
Contact Data, Identifier(s), Contact Details (Marketing), Payment Information, Flight Information, Customer Request. |
Where required by applicable data privacy laws, we will only use your Personal Data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for any other reasonable purposes in connection with our engagement with you, the Purpose and legal basis for any further processing will be notified in advance from time to time.
5) How We Share Your Personal Data
We disclose your Personal Data to service providers and other parties listed in this section.
Service Providers and Affiliates
We will share Personal Data with our service providers and affiliates so that they can provide services to us. Our service providers help us to provide the website, Lounge Access, and loyalty programme to you. Third party service providers include:
- Marketing and advertising companies and media agencies for marketing and research purposes, and to provide promotion services (i.e. Campaign Monitor and Salesforce Marketing Cloud);
- Lounge check in and service desk providers (i.e. Salesforce Service Cloud);
- CCTV providers (i.e. Media Ace); and
- Lounge website providers (aspirelounges.com).
We carefully select our service providers and we take corresponding measures to protect your Personal Data when service providers are engaged.
Emergency Services
We will share Personal Data with emergency services acting as data controllers for the purposes of providing emergency assistance to Swissport. These parties help us to protect our customers and their safety.
Law Enforcement Authorities
We may share any Personal Data where this is required by law or regulation, or court or administrative order having force of law, or where required by any of Swissport’s regulators.
Business Transfers
Your Personal Data may be transferred to a different entity, and our legal or other advisors, if we undergo, or evaluate, a merger, acquisition, bankruptcy or other transaction (or proposed transaction) in which that entity assumes control of our business or assets of our business (in whole or in part).
Transfers of Personal Data
Because of the global nature of our business, your Personal Data may be transferred to Swissport group companies, subcontractors and partners located in countries across the world. We will always take steps to ensure that any international transfer Personal Data is carefully managed to protect your rights and interests.
Many of the countries will be within the EEA or will be ones which the European Commission has approved as providing an adequate level of data protection and will have data privacy laws which are the same as or broadly equivalent to those in the European Union. However, some transfers may be to countries which do not have equivalent protections, and for those transfers, and where required by applicable law, Swissport implements appropriate transfer mechanisms, including the EU’s Standard Contractual Clauses (or similar local equivalents) for transfers of Personal Data.
You have the right to ask us for more information about the safeguards we have put in place (including a copy of relevant contractual commitments) as mentioned above. Contact us as if you would like to receive further information or to request a copy of the relevant safeguard (which may be redacted to ensure confidentiality).
6. Data Security and Retention
We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that Personal Data. Where we rely upon use of third parties for processing and/or storage, we confirm that we have carried out appropriate due diligence to ensure the appropriate security measures implemented, are in accordance with our own security standards.
All employees, agents, contractors, or other parties working on behalf of Swissport shall be made fully aware of both their individual and Swissport's responsibilities in relation to the handling of your personal data and will be appropriately trained to do so. Access to personal data will be limited to where strictly necessary and all personal data held by Swissport shall be reviewed periodically as set out in Swissport's Retention Policy. For further information regarding the security of your personal data, please contact us directly using the contact details below.
We retain Personal Data about you for as long as necessary to provide you Lounge Access. In some cases, we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations or is otherwise required by applicable law, rule or regulation. In general, Swissport (or its service providers on its behalf) will hold this information for as long as it has a legitimate interest to retain for the purpose of responding to billing queries after you cease to interact with us, unless we are obliged to hold it for a longer period under law or applicable regulations.
Any Personal Data is deleted as soon as the purpose of storage no longer applies in accordance Swissport's Retention Policy, unless there is a necessity for the continued storage of the data for the conclusion of a contract or the fulfilment of a contract. If you would like further details of how your information is retained by us, please contact us directly using the contact details below.
7. Automated Decisions
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved. Swissport does not make automated decisions in relation to you or to your Personal Data.
8. Personal Data of Children
We generally do not process Personal Data of children. If we need to process Personal Data of children we will only do so where we obtain the consent of their parent(s) or guardian(s) or, in exceptional circumstances, where necessary for compliance with a legal obligation in emergency situations.
9. Your Rights in relation to Personal Data
Under applicable privacy laws, you may have rights over your Personal Data as a data subject. We set out below data subject rights under GDPR, which apply to guests at any Lounges located within the EU.
Certain jurisdictions grant data subjects rights that are substantially equivalent to those under GDPR, such as the United Kingdom. Data subjects who are guests at Lounges in those jurisdictions can exercise any of the rights that are set out below.
Other jurisdictions only provide some of the data subject rights provided under GDPR. Data subjects who are guests at Lounges in those jurisdictions can only exercise the rights below to the extent that the right in question has been implemented under the local law of the jurisdiction that they are present in. For further information on whether you can exercise any of the rights below in your jurisdiction, please contact us at: [email protected].
Depending on the jurisdiction that you have Lounge Access in, you may be entitled to a right to:
- Request access to your Personal Data. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation, which makes you want to object to processing on this ground.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data to another party.
- Withdraw your consent at any time if your Personal Data is processed on the basis of consent. If you withdraw your consent, this will not affect the lawfulness of how we used your Personal Data before you withdrew consent.
- Lodge a complaint with a supervisory authority if you consider that the processing of your Personal Data infringes applicable law. We request that you contact us in the first instance so that we can respond to your complaint. If you are in the EU, the contact details are available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are in the UK, the contract details are Make a complaint | ICO.
You can request to exercise the rights above by contacting us using the details below (with the exception of the right to lodge a complaint with a supervisory authority). Your rights will in each case be subject to the restrictions set out in applicable data protection laws. Further information on these rights, and the circumstances in which they may arise in connection with our processing of your Personal Data, can be obtained by contacting us at [email protected]
10.Changes to this Privacy Notice
We constantly try to improve our services, so we may need to change this Privacy Notice from time to time to reflect changes in technology, law, business operations or any other reason we determine is necessary or appropriate. If we make important changes to our Privacy Notice, we will inform you that such changes have taken place.
11. Contact Information
If you have any questions or queries about this Privacy Notice, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at:
-
Email: [email protected]
Last Updated: March 2026