Chatbot terms and conditions
Privacy Policy for booking spaces in the Open building
Privacy Policy for booking spaces in the Open building
Information Notice on the Processing of Personal Data pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 ("GDPR").
1. DATA CONTROLLER
Aeroporti di Roma S.p.A. (hereinafter also referred to as "ADR" or "the Holder") with registered office in via Pier Paolo Racchetti 1 - 00054 Fiumicino (Rome).
2. DATA PROTECTION OFFICER
ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it.
3. TYPES OF DATA PROCESSED
For the purpose of managing proper registration on the digital platforms used and ensuring access to and use of the pay-per-use services made available within Palazzina Open, the Data Controller processes the following personal data relating to company representatives and individuals designated by them: first name, last name and email address. Personal data are processed in compliance with applicable laws and regulations through electronic, telematic and manual means, using procedures and logic strictly related to the purposes set out above, in such a way as to ensure the security and confidentiality of the data.
The IT protocols underlying the operation of the digital areas used, including the development and operational logic of the App, are managed by supplier EFM S.p.A. in its capacity as an independent Data Controller.
4. PURPOSE AND LEGAL BASIS OF THE PROCESSING
The Data Controller processes users' personal data as necessary to ensure the proper provision of the services, the management of booking activities, and the use of meeting rooms within Palazzina OPEN.
With reference to the above purposes, the processing of personal data is based on the lawful basis set out in Article 6(1)(b) of the GDPR, as it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract, as well as for the fulfilment of obligations arising from the contractual relationship between the parties and for purposes strictly related and ancillary thereto.
5. DATA RECIPIENTS
Personal data may be accessed by individuals duly authorised to process personal data pursuant to Articles 4 and 29 of the GDPR and Article 2-quaterdecies of the Italian Privacy Code. Within the scope of the activities described in this Privacy Notice, personal data may also be processed by specialised providers of technical, IT and maintenance services acting as Data Processors and/or Sub-processors, duly appointed pursuant to Article 28 of Regulation (EU) 2016/679 (GDPR).
6. NON-EU DATA TRANSFER
Personal data may be disclosed to the competent public authorities where required by law or in order to comply with legal obligations. In any event, personal data will not be disclosed to the public or otherwise made publicly available.
7. DATA RETENTION PERIOD
Personal data are retained only for as long as necessary to achieve the purposes for which they were collected, in accordance with the data minimisation principle set out in Article 5(1)(c) of the GDPR.
In particular, the following retention periods apply to the different services used:
- user accounts/access credentials assigned to the company representatives responsible for the relevant activities, as well as to the individuals designated by them, are automatically deactivated upon termination of the sub-concession relationship;
- personal data relating to the booking of meeting rooms through the Mobile App are retained for the time necessary to manage the relevant booking request;
- log-in and log-out data generated through the Mobile App are retained for a period of 90 days.
Notwithstanding the above, the Data Controller may retain personal data for longer periods where required by applicable law, regulatory obligations, or where such retention is necessary for the establishment, exercise or defence of legal claims.
8. RIGHTS OF THE DATA SUBJECTS
Data subjects may, at any time and where the relevant legal conditions are met, exercise the rights provided for under Articles 15 et seq. of the GDPR, including the right to access their personal data, request the rectification of inaccurate data, obtain data portability, request the erasure of their personal data, restrict processing, and object to the processing of their personal data. Where the right to object is exercised, the Data Controller reserves the right to continue the processing where compelling legitimate grounds for the processing exist which override the interests, rights and freedoms of the data subject, or where the processing is necessary for the establishment, exercise or defence of legal claims. The above rights may be exercised by contacting the Data Protection Officer at the following email address: dpo@adr.it, or by writing to the attention of the Data Protection Officer at the following address: Via Pier Paolo Racchetti, 1 00054 Fiumicino (RM). Data subjects also have the right to lodge a complaint with the competent supervisory authority, including the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the GDPR.
The Data Controller reserves the right to amend and update this Privacy Notice from time to time.