Pursuant to current privacy legislation (European Regulation 2016/679 "GDPR" and Legislative Decree no. 196/03 and subsequent amendments and additions) the following information is provided in relation to registration on the website
www.adr.it.
1. DATA CONTROLLERAeroporti di Roma S.p.A. (hereinafter also referred to as "ADR" or "The Holder") with registered office in via Pier Paolo Racchetti 1 - 00054 Fiumicino (Rome).
2. DATA PROTECTION OFFICERADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at
www.adr.it.
3. PURPOSE AND LEGAL BASIS OF THE PROCESSINGThis notice concerns the personal data processing activities carried out within the scope of the services accessible through navigation on this website, in particular for the following purposes:
- enable the user to register on the website www.adr.it
In relation to the above-mentioned services, Aeroporti di Roma processes the data provided by the data subject for the pursuit of the above-mentioned purposes pursuant to art. 6, letter b, GDPR, in order to guarantee the performance of the services requested/activated on-line by the user.
The provision of data is necessary for the pursuit of the above-mentioned purposes; in the event of a refusal to process the data, it will not be possible to provide the services requested online.
Moreover, Aeroporti di Roma, may process personal data for GDPR direct marketing purposes, subject to the user's express , free and specific consent, pursuant to art. 6, lett. 6 of the GDPR, in order to send newsletters, commercial information and surveys/surveys by Aeroporti di Roma concerning discounts, promotions, airport news and institutional initiatives.
If consent to processing is not given, the user will not receive the aforementioned information content by e-mail and will not be affected in any way as regards the possibility of using the other services accessible from ADR's S.p.A. website. The user may revoke consent at any time via the appropriate link accessible from the e-mail communications received.
4. TYPES OF DATA PROCESSEDThe data processed by Aeroporti di Roma S.p.A. include personal information such as:
- first name, surname and e-mail address for registering on the website, as well as log-in and log-out data from the user's personal area and the relevant browsing IP address.
5. PROCESSING METHODSThe data are processed in compliance with the regulations in force by means of IT and electronic tools, with logic strictly associated with the purposes specified, in order to guarantee the security and confidentiality of the data.
6. DATA RETENTION PERIODYour Personal Data will only be kept for as long as necessary for the purposes for which they are collected in compliance with the principle of minimisation ex art. 5.1, lett. c GDPR, in particular in case of registration to the ADR website your data will be kept for the entire period of use and deleted in case of prolonged non-access for 5 years.
With regard to the sending of commercial and promotional communications, the Data will be processed as long as the user uses the services, except in the event of withdrawal of consent and/or opposition to processing (opt-out) in the manner indicated in paragraph 9 below.
7. DATA RECIPIENTSWithin ADR S.p.A., only the subjects appointed by the Data Controller and authorised to carry out processing operations on the activities above may become aware of the personal data you have provided. Moreover, your data may be processed only by third party companies to which ADR may entrust specific activities and services related to the management of the website.
In particular, your data may be processed by the entities the Data Controller uses to maintain and manage the systems used in its capacity as External Manager (i.e. ADR TEL) and the Sub-Directors it uses.
In addition, ADR makes use of cloud-based services in order to optimise the performance of www.adr.it. ADR signed a special Enterprise Agreement with Amazon Web Service EMEA SARL (https://aws.amazon.com/), selecting sites available within the European Economic Area for the storage of its content. In any case, the provider in question does not access users' personal data acquired on the ADR site/app, limiting itself to using the information essential to provide and maintain the cloud services.
The data may be communicated to the competent public authorities in fulfilment of legal obligations.
In any case, your personal data will not be disseminated.
8. NON-EU DATA TRANSFERData will not be disclosed and/or communicated to third parties located outside of the European Economic Area.
9. RIGHTS OF THE DATA SUBJECTSLastly, please be informed that Articles 15-22 of the GDPR ggive data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.
Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.
The aforementioned rights may be exercised either by accessing one's personal profile on
www.adr.it, or by withdrawing consent to receive commercial and promotional information via the link available at the bottom of the e-mails received (opt-out), or by making a request addressed without formalities to the Data Protection Officer (DPO) at
dpo@adr.it.
The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected.
The Data Controller reserves the right to update this policy.
Date of last update
26/04/2022