Privacy and Cookies

Who we are

Just Flight (London) Ltd is a UK-based company (Reg No. 09888150) and is a publisher, developer and retailer of simulation software. We operate two websites – justflight.com and justtrains.net

Our correspondence address is:

Just Flight
St. George’s House
George Street
Huntingdon
PE29 3GH
United Kingdom



Privacy overview

This is our Privacy Policy and tells you what data we collect, why we collect and what we do with it. Our company has always met the conditions of the Data Protection Act (1998) and our policy complies with the recommended ways to handle data enshrined in the 2018 General Data Protection Regulation (GDPR). We will not hold sensitive information about you or transfer information about you to third parties without your permission, and you may request at any time a copy of all the information we hold about you. We reserve the right, under GDPR, to charge a fee for any request that is manifestly unfounded, excessive or repetitive. For details of how to obtain this information, see below under ‘Access to personal information’.


Lawful basis

The new regulations require that we have a Lawful Basis for collecting, processing and storing your data. In our case this is:

  1. Consent. You have given us clear consent to process your personal data for a specific purpose – in this case the purchase and use of our software and/or for us to keep you appraised of new products and offers from Just Flight or Just Trains.
  2. Contract. By purchasing from us and our supply of a product, we have entered into a contract. For example, we handle personal data on this basis to create your account and provide our Services.
  3. Legal obligation. The processing is necessary for us to comply with the law (not including contractual obligations). For example, we need to know a customer’s country of residence in order to comply with VAT regulations.


The process

During our online ordering process, the checkout system will automatically create an account for you using the details that you provide to us. By default, the permissions we require to send you promotional emails are disabled. If you want to receive information from us by email you must tick the appropriate box or choose to subscribe to give us the authority to do so. You can unsubscribe from this service at any time by following the unsubscribe link in our emails or by unsubscribing at www.justtrains.net/unsubscribe.

We no longer send any marketing material by post and we don’t do any form of telephone marketing.

Please note that this website may contain links to sites operated by other people or companies. If you follow a link to an external website, our security and privacy policies will no longer apply. We encourage you to read the privacy statements on the other websites you visit.

We use Facebook, Twitter, YouTube and other similar services to provide you with a way to ‘follow’ us and get information such as offers and new releases. As these services are provided on external third-party websites, any links to or from them, and their usage and policies are fully the responsibility of those third-party websites.

We have taken all reasonable steps to ensure that our website is secure and that all sensitive information transmitted through it is sent securely and held confidentially. Any third parties or agents that we may use to process this sensitive information on our behalf have also taken all reasonable security steps. The only exceptions to the above are where we may take appropriate and reasonable steps in the prevention of criminal and fraudulent activity.


The Data we collect and keep

When you make a purchase at Just Flight or Just Trains we collect the minimum amount of data necessary to complete the transaction. This is your Title (which may or may not indicate your gender), name, address, email address, IP address and telephone number. This information is used by our payment providers (such as PayPal or Braintree) to verify your payment details.

The payment systems we use are all PCI DSS (Payment Card Industry Data Security Standard) compliant and, where they are based outside the European Union, they are obliged to confirm that they also comply with GDPR.

When we have collected the data outlined above, it is stored securely and encrypted using industry-standard systems. We have no access to your password or credit card or other payment details. When you select a payment option your payment details are collected directly by our payment providers and so our servers never see or store any of your payment information. Instead, we receive a single-use token from our payment provider to process the charge on your card that results in us receiving either an authorisation code or a failure message.

An account is created for you during the checkout process and this is used to store details of your purchases and provide a link to re-download any files or access any activation keys.
You can request we close your account at any time, but we need to retain details of transactions for the statutory period requested by HMRC.

After that period, we will delete the data in any account that has been closed or has remained dormant throughout that period.


Cookies, analytical services and social media

Our website uses Internet technology to track the patterns of behaviour of visitors to our site. This can include using a ‘cookie’, which is a small piece of information sent by a Web server to a Web browser. It enables the server to collect information back from the browser. We use cookies for a number of reasons, such as keeping track of your purchases and basket contents so as you can move between pages; those are created by our website and contain no identifiable information, either financial or personal. If you disable cookies, you may find that our website will not function correctly and you will not be able to purchase products from our website. You can find details of how to disable cookies in your web browser’s help section.

We work with a number of trusted third parties, all of which may use cookies, web beacons and other internet technologies (collectively ‘cookies’) as part of their service, including:

Google Analytics; this is a statistical and analytics service used widely across the web by a large number of sites. The service allows us to see aggregate information on statistics such as how many visitors we are getting to the website, where in the world they are located (based on Google’s understanding of where your internet connection may be – we cannot see exact location details), what pages are most visited, referring sites, and other reporting information that helps us analyse the usage of our website and services. You can opt out of Google Analytics (on all websites, not just ours) by using their currently available opt out options.

Google Adwords; offers us the ability to place advertising on relevant search results and other third party websites to advertise our products and services to internet users. We utilise a Remarketing feature which sets a random unique identifier when you browse pages on our website – this allows us to create remarketing audiences which we can then target or exclude users from seeing our advertising, which can appear on third party websites/ad services based on your previous visits. This helps us to ensure we’re advertising to people who are interested in our products and services. You can opt out of Google's use of cookies (on all websites, not just ours) by visiting Google's Ads Settings.

Facebook; provides us with a conversion tracking and remarketing pixel, which sets a random unique identifier cookie so we can know the effectiveness our usage of Facebook and to allow us to advertise to users on Facebook based on their previous visits to our website via means of the advertising features in Facebook. We can also use this custom audience information to exclude visitors from our advertising in order to reach new users who have not previously visited our site in a recent period of time. You can find instructions on how to opt out of targeted advertising via Facebook (on all websites, not just ours) on the www.aboutads.info/choices website.

Twitter; provides us with a conversion tracking and remarketing pixel, which sets a random unique identifier cookie so we can know the effectiveness our usage of Twitter and to allow us to advertise to users on Twitter based on their previous visits to our website via means of the remarketing feature in Twitter. We can also use this custom audience information to exclude visitors from our advertising in order to reach new users who have not previously visited our site in a recent period of time. You can find instructions on how to opt out of Twitter's collection of remarketing data (on all websites, not just ours) here.

Optimizely; offers a range of website analytics services for A/B and multivariate testing purposes, as a way for us to better understand how our website is used, allowing us to continuously improve it by ensuring aspects such as the user experience and visual appearance of the website is working effectively. You can opt out (on all websites, not just ours) on the Optimizely website.

Smartlook; This is a screen recording device that tracks how visitors interact with our website pages. It doesn’t log any personal information. You can read Smartlook’s privacy policy here.

All of these services allow us to continue providing our products and services to you in an efficient manner. We are unable to get any personally identifiable information from these services, and the only way we can get such information is if you supply it to us.


Contacting you

We will never contact you unless we have received your express consent to do so. This has always been our policy at Just Flight and Just Trains. If we send you an e-mail it will be because:

  1. You opted in to receive news and information during the checkout process.
  2. You signed up to the ‘Get our Newsletter and e-shots’ option on the front page of our site.
  3. We are contacting you regarding a purchase you have made – to provide you with a receipt, for example or details about an update or change to the product you’ve bought. This is usually called a ‘transactional email’.
  4. You have contacted us to request technical support, which, by definition, implies that you are consenting to us replying.

We have never had any automatic ‘opt in’ functions. If we contact you, it is because you have given us your permission.

You can unsubscribe at any time by following the link at the bottom of every email we send or going direct to the ‘Unsubscribe’ page.

We use a third party provider, Campaign Monitor, to deliver our monthly e-newsletters and email about new products or sales promotions. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Campaign Monitor’s Privacy Policy here.

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.


Customer support

When we receive a support request (or ‘ticket’) from a customer, we make up a file containing the details of the query. This normally contains the customer’s account number and/or order number.

We will only use the personal information we collect to process the query and to check on the level of service we provide.

We will keep personal information contained in support for two years from closure of the ‘ticket’. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.


Access to personal information

Individuals can find out if we hold any personal information on them by making a ‘subject access request’ under the Data Protection Act 1998. In most cases, the information we hold is, as outlined above, your name, address, email address, phone number, IP address and order history and is available to view, securely, in your Just Flight account. This follows the GDPR recommendation that if we hold information about you we should:

  • Give you a description of it
  • Say why we are holding it and who it could be disclosed to
  • Give you access to a copy of the information

GDPR includes a best practice recommendation that, where possible, organisations should be able to provide remote access to a secure self-service system which would provide the individual with direct access to his or her information (Recital 63). We have been advised that our account system falls into this category.

The only exception to the above would be for employees and ex-employees of Just Flight (London) Ltd who can make a ‘subject access request’ to the address below.


Please check back frequently to see any updates or changes to our privacy policy.

If you have any questions regarding our privacy or security policies, we will be glad to answer your questions. Please write to us at the following address:

Data Protection
Just Flight (London) Limited,
St. George’s House,
George Street,
Huntingdon, PE29 3GH, UK


Please ensure that you have read and understand our Terms and Conditions.

Last updated May 2018