Effective Date: May 7, 2026

Introduction

Sky Chefs, LLC and its affiliated companies (“Sky Chefs,” “we,” “us,” or “our”) respect your privacy and are committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data in the course of our global airline catering and aviation services business. We adhere to applicable data protection laws, including U.S. federal and state privacy laws such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), and we align our practices with global privacy principles (for example, those reflected in the EU’s General Data Protection Regulation, GDPR). By using our websites or services, you acknowledge and agree to the practices described in this Privacy Policy.

Scope and Applicability

This Privacy Policy applies to personal data we handle in connection with our business operations worldwide. It covers various categories of individuals and interactions, including:

Website Visitors

Individuals who visit or interact with our websites or digital platforms.

Business Customers and Airline Clients

Representatives and contact persons of our airline customers, corporate clients, and others who use our catering, hospitality, or aviation services.

Vendors, Partners, and Service Providers

Individuals associated with suppliers, subcontractors, joint venture partners, and other third parties we work with.

Job Applicants and Candidates

Individuals who apply for employment or contract opportunities with Sky Chefs.

Event Participants and Communication Subscribers

Individuals who register for or attend our events, or who subscribe to our marketing communications, newsletters, or updates.

This policy does not generally cover personal data relating to Sky Chefs employees or contractors in their employment context, which may be addressed in separate internal notices.

Personal Data We Collect

We collect various types of personal data about individuals, depending on our relationship or interaction with them. This may include:

Identifiers and Contact Information

Such as your full name, email address, postal address, phone number, and other unique identifiers or account information that can identify you. For example, website visitors may provide their name, email, and phone when submitting inquiries or forms. Business clients’ and vendors’ contacts may provide identifiers and professional details (e.g. job title, company name, work email/phone).

Business and Employment Details

Professional or business contact data like job titles, employer/organization, department, and other information relevant to a corporate or client relationship. For job applicants, this can include résumés/CVs, educational and employment history, qualifications, references, and similar recruitment-related details. For vendors and service providers, we may collect contact information of your personnel and relevant financial or contract information for managing our business relationship.

Website Usage and Technical Information

Information automatically collected when you interact with our websites or online services, such as your device type, browser and operating system, Internet Protocol (IP) address, unique device identifiers, cookies, log files, and browsing data (e.g. pages viewed, links clicked, dates/times of visits, previous page visited). We also collect general geolocation or site usage analytics via cookies or similar tracking technologies to understand how our sites are used.

Cookies and Tracking Data

Data collected through cookies, web beacons, pixels, and similar technologies on our sites or in our emails. This may include information about your browsing behaviors, preferences, site navigation, and interaction with our content. (See Cookies and Tracking Technologies below for more details.)

Transactional and Contractual Information

Details about services or products we provide or receive, business transactions, and agreements. This might include records of orders or catering services, account information, transactional history, billing and payment information, and any relevant contractual details between you (or your company) and Sky Chefs.

Communication and Inquiry Details

Content of communications you send us, such as inquiries, feedback, or requests (via online forms, email, phone, or other channels), along with associated contact details and records of our responses. For event participants or newsletter subscribers, personal data may include registration information, areas of interest, and communication preferences.

We may also maintain aggregated or de-identified data derived from personal data (which cannot reasonably identify any individual) for analytics, research, or business planning. This type of information is not considered personal data under this Policy.

How We Collect Personal Data

We collect personal data from several sources and methods:

Directly from You

Most personal information we collect comes directly from you. For example, you provide data when you fill out website forms (such as contact or registration forms), contact us via email or phone, create an account or profile, place an order, sign a contract, or otherwise communicate or interact with us in the course of our business. Job applicants provide personal data (like résumés and contact details) when applying through our careers website or recruitment process.

Automatically Through Our Websites and Systems

When you visit our websites or use our online services, we automatically collect technical data and usage information via cookies, server logs, and similar technologies (as described above). This can occur without you actively submitting information and helps us operate and improve our online services.

From Business Partners or Third Parties

In some cases, we receive personal data about you from third parties. For example, if you are a representative or employee of one of our airline customers, vendors, or partners, they may provide your contact details to us as a point of contact. We may also receive personal information from industry partners, public databases, marketing or event organizers, travel or hospitality partners, or recruitment firms and background-check providers (in the context of job applications or contracting). We collect such information only as needed for our business purposes and in accordance with applicable laws.

Through Recruiting, Onboarding, and Contracting Processes

If you apply for a job or contract role with Sky Chefs, we collect personal data during recruitment and onboarding (e.g. application forms, interviews, reference checks, or background screenings, as allowed by law). During customer or vendor contracting processes, we gather necessary information to establish business accounts and perform due diligence (such as financial, insurance, or compliance-related data for vendor qualification).

Purposes for Processing Personal Data

We use personal data for legitimate business purposes consistent with applicable law. Key purposes for which Sky Chefs may process your personal information include:

Business Operations and Service Delivery

To provide our airline catering, hospitality, and related services to clients, fulfill contractual obligations, and ensure high-quality service delivery. This involves using personal data of customers, partners, and their representatives (e.g. managing orders, logistics, and daily operations).

Contract Management and Communications

To manage our business relationships and contracts, communicate with clients, vendors, and partners, respond to inquiries, provide customer support, send service-related notifications or updates, and otherwise facilitate business communications.

Recruitment and Talent Management

To process job applications, evaluate and contact candidates, conduct interviews and background checks, facilitate hiring or contract engagement, and manage onboarding for new hires or contractors.

Website Functionality and User Experience

To operate, maintain, and improve our websites and online services. This includes using technical and usage data to troubleshoot issues, ensure site security and performance, personalize content, remember user preferences, and enhance the overall user experience on our online platforms.

Analytics and Business Insights

To analyze how our services and websites are used, measure audience engagement and campaign effectiveness, and gather business insights to improve our offerings, develop new products or services, optimize our processes, and make informed business decisions.

Marketing and Events

To send newsletters or other marketing communications about our services, events, or industry updates if you have subscribed or otherwise given consent (where required by law). To manage our events or promotions, including registration, attendance, and post-event follow-ups, and to send relevant information about our offerings or industry news (you may opt out of marketing communications at any time).

Legal, Regulatory, and Compliance Obligations

To comply with applicable laws, regulations, legal processes, and lawful governmental requests. This includes using and disclosing personal data as required for safety and security (e.g. airport security or food safety regulations), customs and border requirements, recordkeeping, financial and tax compliance, audits, or to respond to lawful subpoenas and similar orders.

Protection of Rights and Interests

To protect our customers, partners, employees, and company’s rights, safety, security, property, or operations. For instance, we may process personal data to detect and prevent fraud, misuse of our services, or security incidents; to enforce our agreements or policies; or to investigate or defend against legal claims.

Other Purposes with Consent

If we intend to process personal data for additional purposes not described above, we will do so only with your consent or as otherwise permitted or required by law.

Legal Bases for Processing (for Applicable Jurisdictions)

In certain jurisdictions (such as the European Economic Area, United Kingdom, and others), we are required to inform you of the legal grounds we rely on to process your personal data. Depending on the context, one or more of the following legal bases may apply:

Performance of a Contract

We process personal data as necessary to enter into or fulfill our contractual obligations with you or your organization. For example, when we deliver catering services to a client or hire a new employee, processing relevant personal information is necessary to perform that contract.

Legitimate Business Interests

We process personal data as needed for our legitimate interests in conducting and improving our business and services, or those of third parties, balanced against individuals’ rights and expectations. This can include uses such as ensuring the security of our systems, improving our operations and customer service, or communicating with business clients. We will rely on legitimate interests only when these are not overridden by the privacy rights of individuals.

Legal Obligations

In some cases, we must process personal data to comply with a legal or regulatory obligation to which we are subject. Examples include retaining certain business records for legal compliance, verifying identity to meet security or compliance requirements, or disclosing information to authorities as required by law.

Consent

Where required by law (or in specific situations where we choose to), we will obtain your consent before collecting or using your personal data. For instance, we may seek consent for sending marketing communications to individuals or for using certain cookies and tracking technologies in jurisdictions that require it. When we rely on consent, you have the right to withdraw your consent at any time, though this will not affect any processing already performed.

Sharing and Disclosure of Personal Data

Sky Chefs respects the confidentiality of your personal information. We do not sell or rent your personal data to third parties for their own marketing or commercial use. However, we may share personal data with third parties in the following circumstances, always in accordance with applicable law and for the purposes described in this Policy:

Affiliates and Group Companies

We may share personal data within the Sky Chefs, family of companies and our parent, subsidiaries, or affiliates on a need-to-know basis for the purposes outlined in this Policy. For example, information may be shared with our regional offices or other business units to coordinate service delivery, customer support, finance, or other internal administrative functions. All such entities follow this Privacy Policy or have equivalent privacy safeguards.

Service Providers and Vendors

We engage trusted third-party service providers to perform certain business operations or services on our behalf, such as IT and cloud hosting services, data analytics, payment processing, marketing support, customer relationship management, background check and recruitment services, transportation logistics, or other professional services. We only provide these service providers the personal data necessary for them to perform their specific services for us, and we contractually require them to protect and use personal data only for our specified purposes and consistent with this Privacy Policy.

Airline Clients and Business Partners

In the course of providing catering and related services, we may share relevant personal data with our airline customers or other business partners when necessary to fulfill our services or contractual obligations. For example, we might share information about an event participant with an event co-sponsor, or share personal data of a mutual customer or employee with an airline partner as needed to coordinate service delivery. In such cases, we ensure any data sharing is done securely and in line with applicable privacy requirements.

Legal and Regulatory Disclosures

We may disclose personal data to government authorities, regulators, law enforcement, or other third parties if required or permitted by law – for example, to meet national security or law enforcement requirements, to respond to a court order, subpoena, or other legal process, or to report compliance with safety regulations. We may also disclose personal data as necessary to enforce our agreements or to protect the rights, safety, or property of our company, our customers, our partners, or others (for instance, to investigate fraud or a security incident).

Corporate Transactions

If we undertake a business transaction such as a merger, acquisition, reorganization, joint venture, or sale of company assets, personal data may be transferred to or shared with the relevant third parties as part of that transaction. We will ensure such parties are bound to protect the information consistent with this Policy.

With Your Consent or At Your Direction

We may share personal data with other third parties if you request or direct us to do so, or if you consent to such sharing. For example, if you choose to engage with Sky Chefs on social media or other platforms, information you provide may be visible to others based on your settings and those platforms’ policies. We will also share personal data for any other purpose made clear to you at the time of obtaining your consent.

Except for the situations above, Sky Chefs does not disclose your personal information to third parties for their own direct marketing purposes without your consent, and we do not sell or exchange personal data for monetary gain or other valuable consideration. In the past 12 months, we have not sold personal information about consumers, and we have not shared personal information for cross-context behavioral advertising as defined by applicable law.

International Data Transfers

Sky Chefs operates globally, which means your personal data may be transferred to and processed in countries other than your own, including the United States and other jurisdictions where we, our affiliates, or our service providers maintain facilities or operations. These countries may have privacy and data protection laws that differ from those in your home jurisdiction. Regardless of where your data is processed, we will protect it in accordance with this Privacy Policy and applicable law. When we transfer personal data across national borders, we take appropriate steps to ensure it remains safeguarded. For example, for transfers from jurisdictions with data transfer restrictions (such as the European Economic Area), we implement relevant legal mechanisms like Standard Contractual Clauses or other lawful data transfer agreements to ensure an adequate level of data protection. We also ensure that recipients of your personal data (such as our affiliates or service providers) are bound to safeguard it with appropriate measures. By using our services or providing us with personal data, you understand that your information may be transferred internationally as necessary for our operations, and we will handle it securely and lawfully.

Data Retention

We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, as outlined in this Policy, and as required or permitted by law. The specific duration for which we keep information can vary depending on the type of data and the reasons we have for collection. For example, we keep business transaction records for as long as needed to carry out services or manage our contracts with customers. We may also retain certain information to comply with legal obligations (such as maintaining employment records or financial reports), to resolve disputes, enforce our agreements, or for other legitimate business or legal purposes. Once personal data is no longer needed, we will either delete it or anonymize it so it can no longer be associated with an identifiable individual, unless a longer retention period is required by law or permitted for our legitimate interests.

Data Security

We use administrative, technical, and physical security measures to protect personal data against unauthorized access, loss, misuse, or alteration. These measures are designed to provide a level of security appropriate to the sensitivity of the information. They include, for example, access controls to limit who can access personal data, network and system security measures (such as encryption, firewalls, and intrusion detection systems), secure data storage facilities, and employee training on data protection. However, please note that no method of transmitting or storing data is completely secure, and we cannot guarantee absolute security. You share information with us at your own risk. If we become aware of a data breach or security incident affecting your personal data, we will take appropriate steps to notify you and any applicable authorities as required by law.

Your Privacy Rights and Choices

Depending on your jurisdiction and the nature of our interactions with you, you may have certain rights regarding your personal data. We honor individual privacy rights as required by applicable laws (such as GDPR, CCPA/CPRA, and other national or state laws). These rights may include:

Right to Access

You have the right to request confirmation of whether we hold personal data about you, and to access or receive a copy of the personal data we maintain about you.

Right to Correction (Rectification)

You have the right to request that we correct or update any inaccurate or incomplete personal information about you.

Right to Deletion

You can ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent (where applicable) or object to certain processing and we have no overriding legitimate grounds to continue. Note there may be legal or contractual reasons we need to retain certain data (we will inform you if so).

Right to Restrict Processing

In certain cases, you have the right to request that we restrict or temporarily suspend processing of your personal data (for example, if you contest the accuracy of your data or object to our processing, until we address your request).

Right to Object

Where we rely on legitimate interests to process your data, you have the right to object to that processing on grounds relating to your particular situation. If you object, we will stop processing your data for that purpose unless we have a compelling legitimate reason or another exception applies. You also have an unconditional right to object to the processing of your personal data for direct marketing purposes, and if you do so we will cease such marketing.

Right to Data Portability

In certain situations (e.g., under GDPR), you may have the right to request a copy of certain personal data you provided to us in a structured, commonly used, machine-readable format, and to have that information transmitted to another organization where feasible.

Right to Withdraw Consent

If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time. This will not affect processing already done but will apply going forward.

To exercise your rights, please contact us using the information in the Contact Us section below. We may need to verify your identity before fulfilling certain requests (for example, by asking you to provide information to confirm it’s you). We will respond to valid requests within the timeframe required by law. Note that these rights are subject to various exceptions and limitations under applicable laws; we will explain if any such exceptions apply in responding to your request.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). These rights are in addition to those listed above and may overlap in some areas. In summary, California residents have the right to:

Know/Access

You may request that we disclose the categories and specific pieces of personal information we have collected about you, as well as information about our data practices, including the categories of sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.

Delete

You may request that we delete personal information we have collected from you, subject to certain exceptions (such as if the information is required to complete a transaction, detect security incidents, comply with legal obligations, etc.).

Correct

You may request that we correct inaccurate personal information we maintain about you.

Opt Out of “Sale” or “Sharing” of Personal Information

California law grants the right to opt out of the sale or sharing of personal information (where “sharing” refers to disclosing data for targeted advertising purposes). However, as noted above, Sky Chefs does not sell or share personal information as defined under the CCPA/CPRA. In the unlikely event this practice changes, we will update this Policy and provide the required “Do Not Sell or Share My Personal Information” mechanism.

Limit Use of Sensitive Personal Information

If we collect any sensitive personal information (as defined by CPRA; e.g., precise geolocation, certain financial or health information) for purposes not exempted by the law, you have the right to direct us to limit the use and disclosure of your sensitive personal information to those uses authorized by law. (Sky Chefs does not use sensitive personal information for purposes beyond what is allowed under CPRA).

Non-Discrimination

You have the right to not receive discriminatory treatment from us for exercising any of your CCPA/CPRA rights. We will not deny goods or services, charge different prices, or provide a different quality of service because you exercised these rights, except as permitted by law (for example, if you voluntarily participate in a data-for-discount program, which we do not currently offer).

How to Exercise California Rights

If you are a California resident and wish to exercise any of these rights, please contact us (see Contact Us below). We will verify your identity and process your request in accordance with California law. If you designate an authorized agent to make a request on your behalf, we may require the agent to provide proof of their authority and your written permission.

Cookies and Tracking Technologies

Our websites use cookies and similar tracking technologies (such as web beacons, pixels, and device identifiers) to provide and enhance our online services. Cookies are small text files placed on your device when you visit a website. We use cookies for various purposes, including to enable site functionality, remember your preferences, analyze website traffic, and improve user experience. For example, cookies help us understand which pages are popular, so we can optimize our content, and they allow certain features (like login sessions or language preferences) to work properly. We may use both session cookies (which expire when you close your browser) and persistent cookies (which remain until they expire or you delete them). Some cookies may be served by third-party analytics providers or embedded content (e.g., an airline partner’s content or social media plugin), which may use their own cookies subject to their privacy policies.

Your Choices

You can control or limit how cookies and similar technologies are used. Most web browsers allow you to refuse or delete cookies through settings. You can set your browser to notify you when cookies are being set or to block most cookies. You can also typically delete cookies that have already been placed. Please note, however, that if you disable certain categories of cookies (especially “strictly necessary” cookies), parts of our website may not function correctly. For more information about cookies and how to manage them, check your browser’s help documentation. Where required by law, our website will present a cookie consent banner or settings tool to allow you to manage your preferences for certain types of cookies (such as analytics or advertising cookies).

Children’s Privacy

Our websites, products, and services are not directed to children under the age of 13 (and in certain jurisdictions, under 16). We do not knowingly collect personal information from individuals under these ages without appropriate consent or as permitted by law. If you are under the applicable minimum age, please do not provide any personal data to us. If a parent or guardian becomes aware that a child under the relevant age has provided us with personal information without their consent, please contact us, and we will take steps to delete the information and, if applicable, terminate the child’s account or registration. We adhere to the U.S. Children’s Online Privacy Protection Act (COPPA) and similar laws, and will obtain verifiable parental consent before knowingly collecting personal data from children where required.

Updates to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post any revised Privacy Policy on our website with a new “Effective Date” indicated at the top. If we make material changes to the way we handle your personal data or to the Policy’s terms, we will take appropriate measures to notify you (for example, by posting a prominent notice on our website or, if we have your contact details, by email). We encourage you to review this Privacy Policy periodically to stay informed about our data practices. Your continued use of our websites or services after any updated Privacy Policy is posted will constitute your acknowledgment of the changes.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact the Sky Chefs Privacy Office at:

Email: privacy@lsgskychefs.com

Mailing Address: Privacy Office, Sky Chefs (Attn: Privacy Inquiry), 5040 Riverside Drive, Building 1, Suite 200, Irving, Texas 75039, USA

We will respond to your inquiry as soon as reasonably possible and in accordance with applicable law. If you are located in certain jurisdictions (such as the EU/EEA or UK) and have unresolved concerns about your personal data, you may also have the right to lodge a complaint with your national data protection authority or other supervisory authority. Sky Chefs takes privacy seriously and strives to maintain a high standard of data protection and transparency. We value the trust you place in us to handle your personal information responsibly.