AIL Logo Triangles
white-triangles
Airways International Limited AIL logo white

Privacy statement

double triangles_blue

Privacy statement

This Privacy Statement was last updated on 6 May 2026

  1. About this Privacy Statement
    1. This privacy statement explains how Airways collects, stores and uses your personal information. In this Privacy Statement, “Airways”, “we”, “us”, and “our” refers to the relevant Airways entity, as applicable.
    2. Openness and transparency are important to us. The Privacy Act 2020 (“the Act”) requires us, like any other New Zealand agency, to tell you certain things about the personal information we need in order to carry out our functions.
    3. As we take our obligations under the Act seriously, we would like to explain what personal information we collect and how we use or share it. We will also explain about the way we store and protect personal information, your rights to access and correct it, and how each of our Airways entity websites (each a Website) process personal information.
    4. As at the date of this Privacy Statement, the Airways entities (Airways entities) include Airways Corporation of New Zealand (Airways Corporation), Airways International Limited (AIL), AIL trading as Aeropath, and Airshare Limited (AirShare).
  2. Changes to this Privacy Statement
    1. We may amend the terms of this Privacy Statement from time to time by uploading a revised policy onto the applicable Website. Any changes will apply from the date that we upload the revised policy. It is your responsibility to review any updated Privacy Statement.
    2. If we update this Privacy Statement, your continued engagement with us (including procuring our products) or continued access to or use of our services (including our Websites or apps) (together, the Services) constitutes acceptance of those changes. If you do not agree with the updated Privacy Statement, you must cease procuring our products and using our Services.
  3. Summary of this Privacy Statement
    1. A high-level summary of key points in this Privacy Statement is:
      1. We collect personal information where it is reasonably necessary in order to carry out our functions, which may include security validation that we use to protect you and Airways from malicious actors or malware.
      2. We may collect personal information about you either directly from you or from other people or agencies, and we may generate personal information about you when we carry out our functions.
      3. We store all our data (including your personal information) in secured facilities that are protected with all reasonable technical and process controls appropriate to the data being stored (see more information on this below).
      4. You can ask us for a copy of your personal information at any time. We will be as open as we can with you and ensure that we meet our obligations.
      5. We will only use and share personal information where necessary to carry out the functions for which we collected it, or if required to do so by law.
      6. If you cannot find the information you need, or you have concerns about the way we are managing your personal information, then please contact us at any time using the contact methods set out at section 11 (Your privacy rights and how to contact us).
  4. How we collect personal information

    Direct collection from you
    1. Most of the personal information we collect is provided directly by you, or your authorised representative, when you engage with us. You do not have to provide your personal information to us. However, we may not be able to provide you with our products or Services if you do not provide us with the information we need.
    2. Personal information we may collect from you directly may include:
      1. your name;
      2. your location;
      3. your contact details, including your address, email address or phone number;
      4. information about your authorised representative (if you have one);
      5. any documents or other information you provide to us or agree for us to gather in order to receive our Services;
      6. correspondence from you sent to us;
      7. billing or purchase information;
      8. the information set out at clause 7.1 if your employer or organisation has engaged us to provide training Services to you; or
      9. data that we use to assess the security of the transaction with you such as the operating system you use, type of browser and similar information that allows us to protect you and Airways.
    3. In the course of providing you with Services, we may generate personal information about you. The personal information we may generate about you may include:
      1. correspondence (such as letters and emails), including between our staff or with the staff of other agencies;
      2. file notes, memoranda, meeting minutes or other records of actions taken; and
      3. legal views or opinions.


      4. Collection from third parties
    4. We may also collect your personal information from third parties where you have authorised this or the information is publicly available. Where we collect personal information from a third party, then (to the extent required by the Information Privacy Principle 3A of the Privacy Act) we will take reasonable steps to ensure that you are aware of the collection, and if not already covered by this Privacy Statement:
      1. the purpose for which it is being collected, the intended recipients, and our contact details;
      2. the legal basis upon which we are authorised or required to undertake the collection; and
      3. your rights to access and correct the personal information.


      5. Information collected from use of our Websites
    5. When you use our Websites, you may provide various personal details such as your name and email address. This information, and any other information provided by you or collected / generated by us may be used by us so that we can communicate with you and provide Services to you. In addition to the details you provide, the server will record the specific transactions you perform when visiting our Websites. This information will primarily be used for statistical purposes but also for security purposes.
    6. Web server logs are also kept for the purposes of generating Website usage statistics and performing security auditing. The logs record information every time you request a page from the server. This information will not be used to identify you except in the event of irregularities in the use of the Website. The information logged may include:
      1. the time of each page request;
      2. the pages you requested;
      3. what web browser you are using;
      4. your client IP address;
      5. what site you came to the relevant Website from; and
      6. other security specific data we need to ensure the ongoing security of the transactions with you and others who use our Website.
    7. Cookies are small pieces of information that a website can store on your computer through your web browser. Each Website uses cookies only for maintaining your user session – the cookies will not be stored to your hard disk. You may disable cookies by changing the settings on your browser, although this may mean that you cannot use a Website or some or all of its features. 
  5. How we use personal information
    1. We may use personal information in order to:
      1. provide our products or Services;
      2. answer queries or respond to communications from you, including a complaint;
      3. verify your identity;
      4. contact you about our products or Services;
      5. improve the Services that we provide to you;
      6. undertake credit checks of you (if necessary);
      7. bill you and to collect money that you owe us;
      8. conduct research and statistical analysis (on an anonymised basis);
      9. market our products or Services to you, including contacting you electronically (e.g. by text or email for this purpose). You can opt out of further marketing communications by using the unsubscribe function located in the footer of our email or by emailing us to advise that you wish to be removed from these marketing communications;
      10. if you use Aeropath’s Services, contact you from time-to-time with important safety information, in accordance with section 6(b)(iii) of the Unsolicited Electronic Messages Act 2007. For example, we may contact you to notify you of any delay in the distribution of an amendment to the Aeronautical Information Publication (AIP). You cannot opt out of safety-related communications;
      11. protect and/or enforce our legal rights and interests, including defending any claim; and
      12. for any other purpose authorised by you or the Act.
    2. We may keep a record of all the products and Services you have purchased from us for quality control, training and record keeping.
  6. How we disclose personal information
    1. We may disclose your personal information to:
      1. one or more other Airways entities where this is necessary to provide you with products or Services. For example, one Airways entity may perform accounts and billing functions on behalf of another Airways entity;
      2. a third party provider or data processor, including our payment services provider and any person that hosts or maintains any underlying IT system or data centre that we use to provide the Websites or other Services and products;
      3. a credit reference agency for the purpose of credit checking you;
      4. third party providers or data processors to assist us to deliver products and Services (for example, we pass your contact details on to our fulfilment agent in order to pack and deliver the products you have purchased from our online store);
      5. other third parties to generate anonymised statistical information;
      6. any person or entity authorised by, or who can lawfully require disclosure under the Act or any other applicable law (e.g. a regulatory authority);
      7. authorised contractors and third parties (such as data analysis or information security providers) engaged to support our operations, including maintaining cyber security standards (as described at clause 8.6); and
      8. any other person authorised by you.
    2. If you use the AirShare Services in the AirShare mobile app, data is used solely within the app and is not shared or disclosed to any third parties except to the extent necessary to provide the AirShare Services.
  7. Additional policy terms for training Services
    1. If your employer or organisation has engaged us to provide training Services to you, we will need to collect some personal information from you in addition to the above. This includes your:
      1. name;
      2. contact information;
      3. aviation experience, qualifications and certifications; and
      4. performance during the course of our training.
    2. We collect this information in order to provide you and your employer or organisation the training Services, and to confirm whether or not you have successfully completed the training. Providing this information is optional. However, if you choose not to provide this information, you will not be able to participate in our training Services.
    3. If you ask us to, we will also confirm whether or not you successfully completed the training to other organisations (for example, future employers).
  8. Storage, retention and security
    1. We will take reasonable steps to keep your personal information safe from loss, unauthorised activity, or other misuse. While we take reasonable steps to maintain secure internet connections, if you provide us with personal information over the internet, the provision of that information is at your own risk.
    2. Each Airways entity maintains robust internal processes to ensure that any personal information it receives from another Airways entity is protected to at least the same standard that the receiving entity applies to its own information.
    3. Your user details and password are stored in a secure database. Passwords are hashed before being stored. When your user details or password are transmitted between our servers and your browser, that information is protected using Secure Sockets Layer (SSL).
    4. We use cloud-based services to store and process your personal information. We primarily rely on Microsoft Azure data centres, which are predominantly located in Australia. However, some services may store data in other jurisdictions, or within Airways’ own data centres. We assess the security and appropriateness of all offshore data facilities against applicable Department of Internal Affairs guidance.
    5. Where personal information is stored or processed offshore, we will only transfer your personal information outside New Zealand in accordance with the requirements of the Act, including if we have your permission, or if we have reasonable grounds to believe that:
      1. the recipient is subject to New Zealand privacy laws;
      2. the recipient is subject to privacy laws in their country that offer similar protections to those under New Zealand privacy laws; or
      3. the recipient agrees contractually to protect the information in a way that provides similar protections to those under New Zealand privacy laws.
    6. To help ensure compliance with the law and maintain cyber security standards, we and our authorised contractors may monitor the use of and interaction with our information systems (including email traffic and web browsing). This monitoring may include activity logging and analysis, and occasional formal audit. Information gathered through such monitoring (regardless of whether it relates to or is connected with your involvement in any malicious or illegal activity) may be:
      1. used to prevent and resolve unauthorised access to or attacks on our information systems; and
      2. provided to others (such as data analysis companies, information security providers, the police and/or other government agencies) to comply with New Zealand or overseas laws, improve cyber security, and/or assist us to decide what is needed in order to comply with such laws or improve cyber security.
  9. Privacy Policies of third parties
    1. We may engage specialist third party providers or data processors to assist us to deliver products and Services, including security assessments. For example:
      1. AirShare uses Google Maps to deliver its services. Please review Google’s Privacy Statement (available at https://policies.google.com/privacy, as amended from time to time) on how Google handles your personal information.
      2. Your credit card information is sent directly to our payment processor to process your payments, and is protected in accordance with their security methods. If you subscribe to MarketPlace, please review the Privacy Statement of Payment Express (https://xdlworldwide.com/privacy-policy/) on how Payment Express handles your personal information.
    2. We have used reasonable care in selecting our third party providers and data processors. However (to the extent permissible by law) we disclaim any responsibility for their actions.
    3. In addition, our Services and Websites may contain links to third party services that are not under our control, and which may not follow the same privacy practices as us. We do not endorse or make any representations about the third party services (including but not limited to their accuracy or completeness) and will not be responsible for their content, privacy practices or terms of use. Your disclosure of personal information to third party services is at your own risk, and we recommend that you check any relevant privacy policies before providing your personal information to any third party.
  10. Access to and correction of personal information
    1. Subject to certain grounds for refusal under the Act, you have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected (by way of correction, deletion, or addition) if you think it is wrong.
    2. If you’d like to ask for a copy of your information, or to have it corrected, please contact us using the details below.
    3. In respect of a request for correction, if we agree with the correction and we are reasonably able to change the personal information, we will make the correction. If we do not make the correction, we will take reasonable steps to attach a statement of correction in relation to the relevant personal information.
    4. If you request deletion of your personal information, we will consider the request in accordance with the Act. Where the information is no longer required for a lawful purpose, we will take reasonable steps to delete or de-identify the information as soon as practicable. However, we may retain personal information where required or permitted by law, or where the information is still required for a purpose set out in this Privacy Statement.
    5. We may charge you our reasonable costs of providing to you copies of your personal information or correcting that information, in accordance with the Act.
  11. Your privacy rights and how to contact us
    1. Should you have an enquiry relating to this Privacy Statement, an access or correction request, or any privacy-related concern, please contact us at Privacy.Officer@airways.co.nz.
    2. When contacting us, please explain and, where required, provide evidence of who you are, and include details of your request.
  12. Privacy Commissioner
    1. If you are not satisfied with our response to any privacy-related concern you may have, you can contact the Office of the Privacy Commissioner online at www.privacy.org.nz, or:

      Office of the Privacy Commissioner
      PO Box 10-094
      Wellington 6143

      Enquiries Line: 0800 803 909