Privacy Feedback - AEROPORTI DI ROMA
Pursuant to current privacy legislation (European "GDPR” Regulation 2016/679 and Italian Legislative Decree no. 196/03 and subsequent amendments and additions) the following information is provided in relation to the service for requests for information, suggestions and complaints on the services provided at the airport.
1. DATA CONTROLLER
Aeroporti di Roma S.p.A. (ADR) with registered office at Via Pier Paolo Racchetti, 1 - 00054 Fiumicino (Rome).
2. DATA PROTECTION OFFICER
ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it.
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
ADR will process your personal data for the sole purpose of responding to complaints, information requests, suggestions, thanks, flight attestations, lost property, received from you.
The data you enter will be processed in order to respond to your request and provide you with the requested service (GDPR Art. 6 para. 1b).
The provision of data is necessary for the pursuit of the above-mentioned purpose; in the event of your refusal to process the data, it will not be possible to provide you with the requested services.
This online form does not require the entry of data belonging to special categories (e.g. health data). The form to be filled out only requires the input of common personal data. If, as part of your request to ADR, you voluntarily and freely enter, within the blank field for the description, data relating to the special categories set out in GDPR Art. 9, ADR will process the latter on the basis of your free consent (GDPR Art. 6, para. 1a) and in accordance with GDPR Art. 9, para. 1a.
If the request is entered on behalf of the data subject by an appointed third party, ADR will collect the data from such parties in accordance with GDPR Art. 14. By acknowledging this Information Notice, the person making the request by means of this form hereby declares: (i) to undertake to duly inform the persons concerned about the communication of data to ADR for the request in question and to inform them about the content of this notice;
(ii) to expressly indemnify ADR from any liability deriving from the unlawful communication of said data.
4. TYPES OF DATA PROCESSED
The data processed by ADR include common personal data such as first name, surname and e-mail address information. Telephone number, address, postcode and city are optional data, as is all other personal information that you voluntarily provide when filling in your report.
5. PROCESSING METHODS
The data are processed in compliance with the regulations in force by means of manual, IT and electronic tools, with logic strictly related to the above-mentioned purpose, so as to guarantee the security and confidentiality of the data.
6. DATA RETENTION PERIOD
Your Personal Data will only be kept for as long as necessary for the purposes for which they are collected and for the subsequent applicable prescriptive period in compliance with the principle of minimisation pursuant to GDPR Art. 5.1.c). In particular, the personal data contained in your request will be retained for a period of 5 years after its entry, unless further retention is necessary for the purposes of any litigation/complaint.
7. DATA RECIPIENTS
Within ADR S.p.A., only the persons assigned to data processing by the Data Controller and authorised to carry out processing operations to meet the purposes set out in point 3 may be made aware of the data you have provided.
Moreover, your data may be processed only by third party companies to which ADR may entrust specific activities and services related to the management of the website.
In particular, your data may be processed by the entities the Data Controller uses to maintain and manage the systems used in its capacity as External Manager (i.e. ADR TEL S.p.A.) and the Sub-Managers it uses. For a complete list, please contact the Controller at any time.
In addition, your data may be processed by authorised officers of Group companies only, from whom ADR staff may request information in order to provide you with comprehensive feedback. If necessary for the purpose of responding to your request, your data may be communicated to other companies operating at the airport (Carriers, handlers, shops, catering outlets), acting as autonomous data controllers.
The data may be communicated to the competent public authorities in order to comply with legal obligations. In any case, your personal data will not be disseminated.
8. NON-EU DATA TRANSFER
Data will not be disclosed and/or communicated to third parties located outside of the European Economic Area.
9. RIGHTS OF THE DATA SUBJECTS
Lastly, please be informed that Articles 15-22 of the GDPR ggive data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.
Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.
The above rights may be exercised with a request sent without formalities to the Data Protection Officer (DPO) at email@example.com.
The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77 , GDPR remains unaffected.
The Data Controller reserves the right to update this policy.
Date of last update