Skip to main content

Who we are

Centreline Aviation Medical Services Ltd, Centreline, is a UK based provider of aviation medical examinations and related services for pilots, air traffic controllers, cabin crew and other aviation personnel. Our website address is: https://centrelineaviationmedicalservices.co.uk

Centreline is part of the wider Latus Group of companies, Latus Group. We take our data protection obligations very seriously, and this notice explains how we collect, use and protect personal data in connection with our aviation medical services and our website.

Unless stated otherwise in this notice, Centreline is the Data Controller for the personal data it holds locally, and the Civil Aviation Authority, CAA, is the Data Controller for aviation medical records held in the CAA medical record system, Cellma.

Centreline as Data Controller and Data Processor

Centreline is committed to protecting your privacy and to maintaining the security of any personal information received from you. We strictly adhere to the requirements of the UK General Data Protection Regulation, UK GDPR, and the Data Protection Act 2018.

Because of the regulatory nature of aviation medicine, Centreline has different roles depending on the system and purpose of processing.

  • For aviation medical records held in the CAA Cellma system, the CAA is the Data Controller. Centreline and its Aviation Medical Examiners act under the authority of the CAA and process personal data in line with CAA rules and processes.
  • For local records that Centreline holds itself, for example appointment and administrative records, local clinical documentation and correspondence, Centreline is the Data Controller.
  • When we share fitness outcomes or limited information with an airline or employer, that organisation becomes a separate Data Controller for the information it holds in its own systems.

This notice explains how we handle personal data in all of these contexts.

Processing activities covered

This notice applies to the processing of personal data collected by Centreline when you:

  • Attend, or are booked to attend, an aviation medical assessment
  • Are assessed for an initial or renewal aviation medical certificate, or other regulatory medical assessment
  • Are referred to Centreline by an airline, employer, training organisation or other referring body
  • Contact us by phone, email or through our website with an enquiry, complaint or request
  • Visit our website or social media pages
  • Visit our clinic locations
  • Receive communications from us, for example appointment reminders or follow up letters
  • Are an applicant to work with us as an employee or an associate, including where appropriate relevant checks
  • Make a payment to us by any means

This list is not exhaustive but gives an indication of the processing activities we undertake.

Personal data we collect

We collect personal data directly from you in the course of providing our services, which may include:

Identification and contact details

  • Full name, date of birth, gender, nationality
  • Address, email address, contact telephone numbers
  • Identification numbers such as passport or licence number where required
  • Next of kin or emergency contact details

Employment and licence details

  • Current role, employer name, work location
  • Licence details, for example licence number, state of licence issue, licence type and category
  • Information about your flying or controlling activity where relevant to the medical assessment

Health and clinical information, special category data

  • Medical history and information about your physical and mental health
  • Medications, clinical observations and examination findings
  • Results of tests carried out as part of your assessment, for example vision tests, hearing tests, cardiovascular investigations, respiratory tests or other clinical measurements
  • Information from any health questionnaires you complete
  • Information about lifestyle factors where relevant to the assessment of medical fitness

Administrative and financial information

  • Appointment records and attendance details
  • Correspondence between you and Centreline
  • Information required to process payments and invoices, for example billing contact details

Personal data we collect from other sources

We may also receive personal data about you from other sources, where lawful and necessary, including:

  • Your airline, employer, training organisation or sponsor, for example referral details or confirmation of your role and entitlement to an assessment
  • The CAA or other aviation authorities, where we need to view or update existing records in their systems
  • Your general practitioner or specialist, where we request medical information to support fitness to fly decisions, in line with professional and legal rules
  • Other health professionals and services, where they provide information or reports relevant to your assessment
  • Recruitment agencies, where you apply to work with Centreline through an agency

Data from your device and usage of our website

When you access our website, we use tools such as cookies and similar technologies to automatically collect certain information which may contain personal data. This may include:

  • Internet protocol, IP, address
  • Browser type and version, operating system
  • Pages viewed, files accessed and links followed
  • Date, time and duration of your visit

We use this information to help us understand how people use our site, to maintain and improve the website, to keep it secure and to support the delivery of our services. Some cookies are essential for the website to function. Others are used for analytics and performance. More information can be found in our cookies information on the website.

Our website may contain links to other organisations websites. We are not responsible for those sites, how they operate or their privacy practices. We recommend that you review the privacy notices on those sites if you have any questions.

Purposes for processing and legal bases we rely on

We collect and process personal data for several purposes, and we rely on different legal bases depending on the context.

Aviation medical assessments and certification

We use your personal data in order to:

  • Confirm your identity and eligibility for an aviation medical assessment
  • Assess your medical fitness to hold an aviation licence or certificate
  • Record clinical information and test results
  • Submit information and supporting documentation to the CAA through Cellma, or to other aviation authorities where required
  • Issue, renew or revalidate medical certificates within our scope of authority, or refer your case to the CAA where decision making is reserved to them

Our legal bases include:

  • Performance of a task carried out in the public interest and in the exercise of official authority in relation to aviation safety
  • Compliance with legal obligations placed on the CAA and on Aviation Medical Examiners
  • For special category health data, the conditions for health care and assessment of your working capacity, and substantial public interest in ensuring aviation safety, as set out in the UK GDPR and the Data Protection Act 2018

Communication and administration

We process your personal data to:

  • Manage bookings, send appointment confirmations and reminders, including reminders of expiry dates where appropriate
  • Respond to enquiries, complaints or requests
  • Manage payments and financial records

Our legal bases include:

  • Performance of a contract, where we are providing services that you or your employer have requested
  • Our legitimate interests in running an efficient service and maintaining appropriate records, where this does not conflict with your rights and freedoms

Governance, audit and quality improvement

We may use your personal data to:

  • Undertake internal audits and clinical governance activities
  • Review and improve the quality and safety of our services
  • Handle incidents, complaints and insurance or legal claims

Our legal bases include:

  • Compliance with legal and regulatory obligations placed on Centreline and our clinicians
  • Our legitimate interests in maintaining professional, clinical and regulatory standards
  • For special category data, the conditions relating to health care, occupational health and substantial public interest

Marketing and information

We may send very limited service information or updates, for example information about service changes or general information about aviation medical services. Where marketing communications go beyond what is necessary to deliver our services, we will only send those where lawful, and you can opt out at any time.

Recruitment and associates

If you apply for a role with Centreline, we will process your personal data in order to manage the recruitment process, assess your suitability for the role, take up references, carry out checks where appropriate and make an offer of engagement or employment.

Our legal bases include:

  • Taking steps at your request prior to entering into a contract
  • Our legitimate interests in recruiting staff and associates
  • Legal obligations in relation to employment and professional regulation

Who we share your personal data with

We only share personal data where we are lawfully permitted to do so and where it is necessary and proportionate. Depending on the service, this may include sharing with:

  • The Civil Aviation Authority, via the Cellma system, for all regulatory aviation medical examinations and associated documentation
  • Other aviation authorities, where your state of licence issue lies outside the UK and where reporting is required
  • Your airline, employer or training organisation, usually limited to a fitness outcome or recommendations, and not detailed clinical records, unless required by law or regulation or where there is another lawful basis
  • Your general practitioner or specialist, where we need additional information to assess your fitness or where we must provide information in accordance with clinical and legal duties
  • Other health professionals working with you in connection with our assessment, for example where a referral is required
  • Our trusted service providers, for example IT support, secure hosting providers, practice management systems, communication and document storage providers, who act as Data Processors under written contracts
  • Professional advisers, for example insurers and legal advisers, where needed to manage claims, complaints or regulatory matters
  • Regulatory bodies, law enforcement or public authorities, where we are required by law to share information or where it is necessary to protect your vital interests or those of another person

We do not sell your personal data.

How long we keep your data

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, and to meet legal, regulatory, tax, accounting or reporting requirements.

For aviation medical records held in Cellma, the CAA sets and controls the retention periods in its Medical Department Records Retention Schedule and privacy information. The CAA may retain aviation medical records for extended periods in order to meet its statutory duties and for aviation safety and research purposes. Requests about retention or deletion of data held in Cellma should be directed to the CAA.

For records that Centreline holds as Data Controller, for example local administrative records and supporting clinical documents, we apply retention periods that reflect:

  • Professional and regulatory guidance
  • Legal limitation periods for claims
  • The need to respond to future queries or complaints

Once we no longer need your data, we will either securely delete it or anonymise it so that it can no longer be linked to you. If you would like more detail about specific retention periods for particular record types, please contact us.

International transfers

Our systems and those of our key service providers are located in the United Kingdom or the European Economic Area wherever possible. If we do need to transfer personal data outside the UK or EEA, we will ensure that appropriate safeguards are in place, for example an adequacy decision or standard contractual clauses, in line with data protection law.

Your rights

Under data protection legislation, you have several rights in relation to your personal data.

These include:

  • The right to be informed about how your data is used
  • The right of access to the personal data we hold about you
  • The right to request correction of inaccurate or incomplete data
  • The right to request erasure of your data in certain circumstances
  • The right to request restriction of processing in certain circumstances
  • The right to object to some types of processing, for example direct marketing
  • The right to data portability in limited cases
  • Rights in relation to automated decision making, where this applies

Some of these rights are limited where data is processed for regulatory and public interest purposes, for example aviation safety. In particular, the CAA may need to retain aviation medical records even if you ask for erasure, in order to fulfil its statutory duties.

For personal data held in the CAA Cellma system you should exercise your rights directly with the CAA, using the contact and rights information in the CAA privacy notices.

For personal data for which Centreline is the Data Controller you can exercise your rights by contacting us or by contacting the Latus Group Data Protection Officer at:

DPO@latusgroup.co.uk

Group Data Protection Officer
Latus Group
16 Carolina Way
Salford
Greater Manchester
M50 2ZY

We may need to verify your identity before responding. We will respond within the time limits set by law and will explain if we cannot fully comply with your request, for example where we must retain data for legal or regulatory reasons.

You also have the right to make a complaint to the Information Commissioners Office, ICO, if you are unhappy with how we handle your personal data. We would always encourage you to contact us first so that we can try to resolve any concerns.

Security of personal data

We take the security of your information very seriously and use appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, disclosure or damage. These measures include:

  • Role based access controls, so that only authorised staff and clinicians can access records necessary for their role
  • Authentication measures for our systems, for example strong passwords and multi factor authentication for key services
  • Secure networks and encryption where appropriate
  • Policies and procedures covering information security, confidentiality and acceptable use of systems
  • Training for staff and associates in confidentiality, data protection and information security
  • Procedures for incident detection, reporting, investigation and breach notification where required

No method of storage or transmission can be guaranteed to be completely secure, but we take reasonable and proportionate steps to protect personal data.

Complaints and queries

We take our data protection obligations seriously and aim to meet high standards in the way we collect and use personal information. If you have any questions about this notice or how we handle your data, or if you would like to exercise any of your rights, please contact us or the Latus Group Data Protection Officer at DPO@latusgroup.co.uk.

If you are not satisfied with our response, you can contact the Information Commissioners Office at www.ico.org.uk.

Changes to this privacy notice

We keep this privacy notice under regular review and may update it from time to time, for example if our services change or if there are changes in law or guidance. The latest version will always be available on our website, and previous versions are available on request.

Stay Informed, Stay Cleared to Fly

Get expert tips, CAA updates, and exclusive booking reminders—direct to your inbox.