Privacy TVCC


Video surveillance at the airport. Aspects of passenger privacy protection

In accordance with the current legislation concerning privacy (European regulation 2016/679 "GDPR" and Italian Leg. Decree 196/03 and subsequent amendments and additions) the following information is provided about processing personal data collected through the video surveillance system at the airports Fiumicino "Leonardo da Vinci" and "Ciampino Giovan Battista Pastine".


Aeroporti di Roma S.p.A., with registered office at via Pier Paolo Racchetti, 1  - 00054 Fiumicino (Rome), is the independent Data Controller with regard to the data processed using the video surveillance systems installed for their own purposes of safety and defending the company assets; certain systems were installed at the express request of Law Enforcement Agencies, such as the State Police (Polaria di Fiumicino), Financial Police [Guardia di Finanza], National Police [Carabinieri] and SVAD (Anti-fraud Customs Vigilance Service) for the purposes of protecting safety and public order. In regard to these systems, the aforementioned authorities are Independent Controllers of the processing, determining the methods and purposes for processing. 

The video surveillance system is divided into several installations located in the different airport areas and consists of over 4,000 cameras to ensure the most complete security and highest standard of control. The data collected through these systems are processed by ADR S.p.A. as the Independent Data Controlled, but the processing methods are limited to only remote instantaneous viewing by agents.



The data processed by ADR S.p.A. consist of images collected through the surveillance system, partially stored in a special database. The images can also refer to your particular (formerly sensitive) data.



The data collected are processed by the Controller ADR S.p.A. by virtue of its legitimate interest in the integrity of the company's assets for the purposes of safety and security, logistics and the related applicable operating regulations. 



The data are processed in compliance with current regulations using computer and telematic tools, in a logic strictly related to the purposes indicated, so as to ensure the security and confidentiality of the data.



The data collected through the surveillance system and processed by ADR S.p.A. for its own purposes may be disclosed to the Public Authorities to fulfil legal obligations. Data solely for purposes related to mobility may also be processed by the representatives authorised by ADR Mobility. For purposes related to security by the agents of ADR Security. The table below shows the data recipients for each type of system.

In the context of the processing activities carried out by ADR S.p.A. only the parties appointed for this purpose and authorised for processing will have access to the images. In any case, your data will not be disclosed.



The images can be accessed be ADR Security S.r.l. operators on CCTV for 24 hours, after which they are automatically deleted. The systems retain the file only for access by the State police for a period of 7 days. The table below shows the retention times for each type of installation.



We also inform you that Articles 15-22 GDPR provide data subjects the opportunity to exercise specific rights; the data subject may obtain from the data Controller: access, correction, deletion, limitation of processing.

The data subjects also has the right to object to the processing. In the event of exercising the right to object, the Controller reserves the option not to proceed with the request, and thus to continue the processing if there are compelling legitimate reasons for proceeding with the processing that prevail in the data subjects, rights and freedoms of the data subject.

The abovementioned rights may be exercised with a request addressed without formalities to the Data protection officer (DPO) at the following address Contact information of the Data Protection Officer are available at

In the event of ADR refuse to follow up to your request to exercise your rights as provided for by the GDPR shall provide you with the reason underpinning said refusal. If need be, you have the right to lodge a complaint directly before the Supervisory authority under art. 77 GDPR.