Legal & Policies

Data Protection & Security

UK GDPR compliant. Defence-grade information-security controls on every transaction.

Data Protection & Security Policy

Policy Statement

UK Avionics Ltd is committed to protecting personal data, commercially sensitive information, intellectual property and defence-related information. This Policy establishes a UK GDPR-compliant information governance framework with defence-grade security controls proportionate to the Company's operations. It applies to all employees, contractors, consultants, suppliers and third parties acting on behalf of UK Avionics Ltd.

1. Legal & Regulatory Compliance

UK GDPR, Data Protection Act 2018, PECR, Computer Misuse Act 1990, contractual security obligations, and applicable defence procurement requirements.

2. Information Governance

Information is classified as Public, Internal, Confidential or Restricted. Access is granted on a least-privilege and need-to-know basis with periodic access reviews.

3. Defence-Grade Information Security Controls

  • Multi-Factor Authentication (MFA) for privileged and remote access.
  • Strong password policy and secure credential management.
  • Encryption of data in transit and, where appropriate, at rest.
  • Secure cloud services with access logging.
  • Endpoint protection, anti-malware and vulnerability management.
  • Timely security patching of critical vulnerabilities.
  • Network segmentation where appropriate.
  • Secure backup and recovery procedures.
  • Security incident response and customer notification procedures.
  • Supplier due diligence for information security risks.

4. Data Protection Principles

Personal data is processed lawfully, fairly and transparently; collected for specified purposes; minimised; kept accurate; retained only as necessary; and protected by appropriate technical and organisational measures.

5. Data Subject Rights

Individuals may request access, rectification, erasure, restriction, objection and portability where applicable under UK GDPR.

6. Data Sharing & International Transfers

Information is shared only where there is a lawful basis, appropriate contractual safeguards and suitable security controls. International transfers are managed in accordance with UK GDPR requirements.

7. Business Continuity & Cyber Resilience

Critical information is backed up, recovery procedures are maintained and tested, and cyber incidents are managed through documented escalation and response processes.

8. Training

Security and data protection awareness training is provided to personnel, with additional guidance for staff handling sensitive or export-controlled information.

9. Compliance & Audit

Compliance is monitored through management review, internal checks, supplier oversight and continual improvement.

10. Approval

Approved by: S Zaman Khan
Director, UK Avionics Ltd

Exercise Your Rights

Contact our team to access, correct or request deletion of your personal data.

Contact Us
24/7 Support +44 075 9956 9957 Office +44 20 3603 1643