Privacy Policy

Air Uganda (U7) collects Customer Data from you in order to provide you with a safe, smooth, efficient and customized experience with U7. The collection and processing of Customer Data enables U7 to provide services and products that are most likely to meet your needs and requirements. As such, this Privacy Policy (which is divided into three Parts – A, B & C) outlines U7’s policy and responsibility in relation to the collection, processing and disclosure of your Customer Data.

 At a glance

  • Part A: General customer data privacy policy statement
  • Part B: Privacy policy statement for customer data collected through our websites and our mobile services facility
  • Part C: Google analytics disclaimer

Part A: General customer data privacy policy statement

1. Types of Customer Data

The types of Customer Data that U7 collects depends on the circumstances of collection and on the nature of the service requested or transaction undertaken.

There are two broad categories of Customer Data that we collect at U7:

  • Individual Customer Data which is personal information that links back to an individual e.g., name, address, phone number and email address etc.; and
  • Statistical Data e.g., number of passengers flown, hits to website. This is stored purely for analytical purposes, and is entirely anonymous. This information will not be stored to your customer record, and will only be aggregated for statistical analysis so that we can better understand U7 customer profile and improve U7 service offering.

For purposes of this policy statement, the phrase Customer Data includes individual and statistical data.

2. Purpose for collection, processing and disclosure


Generally, U7 collects Customer Data in order to fulfill the following purposes:

  • Providing services to you such as processing a transaction e.g. making a booking and registering for U7 frequent flyer programme;
  • Marketing and communicating with you in relation to products and services offered by U7, our airline and service partners, as well as our appointed agents; and
  • Safety, security and legal compliance.

Processing and disclosure 

U7 may process and disclose your Customer Data with and to third parties, such as our travel and freight service providers or travel-related businesses, partner airlines, airport management, security personnel and other carriers for the purpose of processing your travel arrangements.

U7 shall use its best endeavours to ensure that its employees, officers, agents, consultants, contractors and such other third parties mentioned above who are involved in the collection, processing and disclosure of Customer Data will observe and adhere to the terms of this Privacy Policy.

U7 may disclose your Customer Data to law enforcement agencies and government for security, customs and immigration purposes. For example, U7 and other airlines are required by laws in the Uganda and other countries to provide border control agencies with access to your booking information or flight itinerary. Accordingly, relevant Customer Data (known as Passenger Name Record (PNR) or Advance Passenger Information (API)) may be disclosed to the appropriate customs and immigration authorities as required by law. Please be informed that the initial recipients of such information may share your PNR and API data with other government agencies or enforcement authorities.

In addition, U7 may disclose Customer Data to our lawyers and legal advisors for establishing, exercising or defending our legal rights, or as otherwise authorised or required by law. U7 will also reserve the right to share your Customer Data as is necessary to prevent a threat to the life, health or security of individual or corporate entities such as U7. Further, U7 may disclose Customer Data, as is necessary, to investigate suspected unlawful activities including but not limited to fraud, intellectual property infringement or privacy.

3. Transfer of information overseas

The U7 Head Office is based in Uganda. Customer Data may be transmitted to data storage facilities where we keep our central records. Your Customer Data is transferred for U7 to perform our contract with you. The Customer Data may also be transferred to our offices and appointed agents in other countries in connection with our performance of the contract with you.

4. Consent

Generally, in the course of U7 performing servicing functions such as making a flight booking or accepting a meal preference, Customer Data will, by nature of the task or transaction, be provided by our customers and passengers to U7. In such instances, consent will necessarily be implied from the Customer that they are agreeable to providing Customer Data in order for U7 to provide the requested or necessary service and/or product to them.

However, where required by law, U7 will adopt an ‘opt-in' policy for attaining customer consent, in which event, express written consent will be sought from you when collecting your Customer Data e.g., signing a form or checking a box.

In addition, you are able to withdraw your express consent at any time by contacting U7 (see Section 10) or amending your Customer Data by logging on to your website account. (Note: this service only applies to Celestar frequent flyer members and customers who have registered through our 'website').

U7 will not seek consent for Statistical Data as this is not linked to a customer record. For more information on collection and usage of Customer Data obtained from our ‘website' and through our ‘call centre’, please refer to Part B.

5. Access

U7 may, upon your written request to our Customer Affairs Department (see Section 10), allow you to view your stored individual Customer Data. U7 reserves the right to charge a reasonable administrative fee for this service. In exceptional circumstances, U7 reserves the right to deny you access to your personal Customer Data and may provide an explanation as required by applicable laws.

Exceptional circumstances include where:

  • An investigating authority or government institution objects to U7 complying with a customer’s request,
  • The information may, in the exercise of U7 reasonable discretion and/or assessment, affect the life or security of an individual, and
  • Data is collected in connection with an investigation of a breach of contract, suspicion of fraudulent activities or contravention of law.

6. Retention

U7 will retain your Customer Data for as long as it is necessary to fulfill the purpose for which it was collected, or as required by relevant laws.

7. Accuracy

U7 needs your assistance to ensure that your Customer Data is current, complete and accurate. As such, please inform U7 of changes to your Customer Data by contacting U7 and submitting your updated particulars to U7 in writing (see Section 10). If you are a Celestar frequent flyer member.

U7 may also request Customer Data updates from you from time to time. As detailed in Section 2 above under the “Processing and Disclosure” sub-section, your booking information or flight itinerary may be disclosed to the appropriate customs and immigration authorities as required by law. As such, it is important to ensure that the Customer Data contained in your booking information or flight itinerary is current, complete and accurate.

8. Security safeguards

U7 takes the security and protection of your Customer Data very seriously. As such, U7 uses procedural and technical safeguards to protect your Customer Data against loss or theft as well as unauthorised access and undue disclosure.
As an example of a procedural safeguard, U7 has implemented various authentication procedures internally and with our external service providers that will involve U7 requesting various personal particulars from you in order to verify your identity (or that of your duly authorised agent) before U7 process your request for a particular service, product or transaction.

Examples of technical safeguards include encryption, “firewalls” and Secure Socket Layer (SSL). Further details of these technical safeguards for Customer Data collected through our websites and our Call centre are set out at Part B below.

If, however, a customer does not take reasonable care to ensure the continued confidentiality and accuracy of their Customer Data, U7 will not be liable for any consequential misuse and/or fraud. If you have any concerns about security, you should contact U7 (see Section 10).

9. Updates to the privacy policy

U7 will amend this Privacy Policy from time to time and the updated versions will be posted on our website and date stamped so that you are aware of when the Privacy Policy was last updated. Subject to applicable laws, the prevailing language of the Privacy Policy will be English. In the event of any inconsistency in interpretation between the English version and any translation of the Privacy Policy, this Privacy Policy statement in English will prevail.

10. Contact us

If you have comments or questions about this Privacy Policy statement, please contact U7 in writing at the address below referencing ‘Privacy Policy':

Head Office
Housing Finance Bank Building,
Second Floor,
Lower Kololo Terrace
Tel: +256(0)414258262/4
P.O. Box 36591-Kampala, Uganda

Or email  referencing: Privacy 

Part B: Privacy policy statement for customer data collected through our website and our Call centre

1. Security safeguards

U7 takes the protection of your Customer Data collected on our ‘website’ and through our ‘Call centre’ very seriously. All Customer Data collected through our ‘website', e.g., and through our ‘Call centre’ are protected by a secure server. In addition, SSL (Secure Socket Layer) ensures secure transmission of data from the internet to our systems.

For example, when you transmit sensitive information such as credit card details through our ‘website’, such information will be automatically converted into codes before being securely dispatched over the internet.

To further secure the integrity of your internet transactions on our website, U7 also employs relevant software programs to monitor network traffic with a view to identifying unauthorised attempts to upload or change Customer Data, perpetuate fraudulent or illegal activities or otherwise cause damage. If such monitoring reveals evidence of possible abuse or criminal activities, such evidence may be provided to appropriate law enforcement authorities or agencies without notice to you.

As an additional security feature, U7 has implemented a time stamp showing the time you have been on our website and the last time you logged out. If you detect any anomalies you should inform U7 immediately (see Section 10 of Part A). U7 has also provided a lock out feature in the event you fail to log in successfully after a number of attempts. Also, if you leave our Website idle for a period of time, we will give you a ‘warning' dialogue box giving you the option to end your session.

2. Cookies

Most websites like ours use cookies to enhance your online experience. Cookies are alphanumeric identifiers that are transferred to your computer's hard drive from your web browser to recognise your preferences and to tailor content to you. The cookies do not contain your Customer Data but only Statistical Data which is entirely anonymous. Please refer to your browsers documentation to check if cookies have been enabled on your computer or to request not to receive cookies.

Information and procedures regarding cookie handling are provided by the respective browsers documentation within the browser itself by clicking on ‘help' and performing a search on ‘cookies'.

3. Clickstream data

In order to improve your online experience, U7 may track online behaviour or click stream data to advance your use of our web pages and track referrals from other websites. Such data will not be stored to your customer record, and will only be aggregated for statistical analysis.

4. Links to other websites

U7 provides you with links to other websites for your convenience and information.  Whilst U7 will protect your Customer Data on U7 website, U7 cannot control the policies of other sites we may link to, or the use of any Customer Data you may share with them.  Please note that U7 Privacy Policy does not cover these other websites, and U7 would recommend that you are apprised of their specific policies.

5. Minors

U7 cannot distinguish the age of persons who access and use its website. If a minor (according to applicable laws) has provided U7 with Customer Data without parental or guardian consent, the parent or guardian should contact U7 (see Section 10 of Part A) to remove the relevant Customer Data.

Part C: Google Analytics disclaimer

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses cookies which are text files stored on your computer to help analyse your use of the website. The information generated by the cookie about your use of this website (including your IP address) will be transmitted to a Google server in the USA and stored there. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activities for website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where this is required by law or insofar as third parties process this data on behalf of Google. Google will never associate your IP address with any other data held by Google. You may refuse the installation of cookies by selecting the appropriate settings on your browser; however please note that if you do so you may not be able to use the full functionality of this website.

By using this website you consent to the processing by Google of data relating to you in the manner and for the purposes mentioned above. As a user of this website you hereby acknowledge that the operator of this website, their vicarious agents, their representatives, associated companies, chief executives, managerial staff, employees and their shareholders accept no liability in connection with the obtaining, transmission, processing and analysis of the above-mentioned data for which reason no claims for compensation can be asserted against these natural persons and legal entities.