Pursuant to current privacy legislation (European Regulation 2016/679 "GDPR" and Legislative Decree no. 196/03 and subsequent amendments and additions) the following information is provided in relation to services connected to the website www.adr.it.

This information does not cover the use of cookies, for which please refer to the relevant page Cookie policy - Aeroporti di Roma (adr.it).

1. DATA CONTROLLER

Aeroporti di Roma S.p.A. (hereinafter also referred to as "ADR" or "the Holder") with registered office in via Pier Paolo Racchetti 1 - 00054 Fiumicino (Rome).

2. DATA PROTECTION OFFICER

ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

This notice concerns personal data processing activities carried out for the following purposes:

• enable the user to navigate the website www.adr.it
• enable the user to register on the website www.adr.it
• enable the user to activate the flight tracking service (enter the e-mail address to receive status update messages on the selected flight).

In relation to the above-mentioned services, Aeroporti di Roma processes the data provided by the data subject for the pursuit of the above-mentioned purposes pursuant to art. 6, letter b, GDPR, in order to guarantee the performance of the services requested/activated on-line by the user.

The provision of data is necessary for the pursuit of the above-mentioned purposes; in the event of a refusal to process the data, it will not be possible to provide the services requested online.

Moreover, Aeroporti di Roma, may process personal data for GDPR direct marketing purposes, subject to the user's express , free and specific consent, pursuant to art. 6, lett. 6 of the GDPR, in order to send newsletters, commercial information and surveys/surveys by Aeroporti di Roma concerning discounts, promotions, airport news and institutional initiatives.

If consent to processing is not given, the user will not receive the aforementioned information content by e-mail and will not be affected in any way as regards the possibility of using the other services accessible from ADR's website. The user may revoke consent at any time via the appropriate link accessible from the e-mail communications received.

4. TYPES OF DATA PROCESSED

The data processed by Aeroporti di Roma S.p.A. include personal information such as:

• first name, surname and e-mail address for registration on the website, as well as log-in and log-out data from the user's personal area and the IP address relating to navigation;
• the only e-mail address for the activation of the flight tracking service.

5. PROCESSING METHODS

The data are processed in compliance with the regulations in force by means of IT and electronic tools, with logic strictly associated with the purposes specified, in order to guarantee the security and confidentiality of the data.

6. DATA RETENTION PERIOD

Your Personal Data will only be kept for as long as necessary for the purposes for which they are collected in compliance with the principle of minimisation ex art. 5.1, lett. c GDPR, in particular in case of registration to the ADR website your data will be kept for the entire period of use and deleted in case of prolonged non-access for 5 years to your personal area.

Concerning the sending of commercial and promotional communications, personal data will be processed for as long as the user uses the services, except in the event of withdrawal of consent and/or opposition to processing (opt-out) in the manner indicated in paragraph 9 below.

Lastly, we reserve the right to keep the data of cc.d. log-in and log-out from the personal area for a longer period, if this is strictly necessary to monitor and sterilise possible crimes or other illegal behaviour committed through the App (e.g. hacking activities, etc.)

7. DATA RECIPIENTS

Within ADR S.p.A., only the subjects appointed by the Data Controller and authorised to carry out processing operations on the activities above may become aware of the personal data you have provided. Moreover, your data may be processed only by third party companies to which ADR may entrust specific activities and services related to the management of the website.

In particular, your data may be processed by the entities the Data Controller uses to maintain and manage the systems used in its capacity as External Manager (i.e. ADR TEL S.p.A.) and the Sub-Managers it uses.

In addition, ADR makes use of cloud-based services in order to optimise the performance of www.adr.it. ADR signed a special Enterprise Agreement with Amazon Web Service EMEA SARL (https://aws.amazon.com/), selecting sites available within the European Economic Area for the storage of its content. In any case, the provider in question does not access users' personal data acquired on the ADR site/app, limiting itself to using the information essential to provide and maintain the cloud services.

The data may be communicated to the competent public authorities in fulfilment of legal obligations.

In any case, your personal data will not be disseminated.

8. NON-EU DATA TRANSFER

Data will not be disclosed and/or communicated to third parties located outside of the European Economic Area.

9. RIGHTS OF THE DATA SUBJECTS

Lastly, please be informed that Articles 15-22 of the GDPR ggive data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.

Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.

The aforementioned rights may be exercised either by accessing one's personal profile on www.adr.it, or by withdrawing consent to receive commercial and promotional information via the link available at the bottom of the e-mails received (opt-out), or by making a request addressed without formalities to the Data Protection Officer (DPO) at dpo@adr.it.

The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected.

The Data Controller reserves the right to update this policy.

Date of last update

26/04/2022