QPass privacy policy



Pursuant to current privacy legislation (European "GDPR" Regulation 2016/679 and Italian Legislative Decree no. 196/03 and subsequent amendments and additions) the following information is provided in relation to the service for requests to use the security pass booked at Fiumicino Airport through the "QPASS" channel.


1. DATA CONTROLLER

Aeroporti di Roma S.p.A. (ADR) with registered office at Via Pier Paolo Racchetti, 1 - 00054 Fiumicino (Rome).
 

2. DATA PROTECTION OFFICER

ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it.
 

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

ADR will process your personal data for the purpose of allowing you to book and subsequently access the dedicated security gate at Fiumicino airport.

The data you enter will be processed for the purpose of providing you with the requested service (GDPR Art. 6, para. 1, lett. b) and requesting feedback regarding your satisfaction with the service used.

The provision of data is necessary for the pursuit of the above-mentioned purpose; in the event of your refusal to process the data, it will not be possible to provide you with the requested service.
 

4. TYPES OF DATA PROCESSED

The data processed by ADR include common personal data such as your e-mail address and additional information such as flight number, flight date, airline company and number of passengers/accompanying persons you entered in the form.

With regard to the data processing activities in the context of the security checks performed, please refer to https://www.adr.it/la-privacy-nei-controlli-di-sicurezza.
 

5. PROCESSING METHODS

The data are processed in compliance with the regulations in force by means of manual, IT and electronic tools, with logic strictly related to the above-mentioned purpose, so as to guarantee the security and confidentiality of the data.


6. DATA RETENTION PERIOD

Your Personal Data will only be kept for as long as is necessary for the purposes for which they are collected in compliance with the principle of minimisation pursuant to GDPR Art. 5.1, lett. c, for a period of 72 hours from the time you book the service.


7. DATA RECIPIENTS

Within ADR S.p.A., only the persons assigned to data processing by the Data Controller and authorised to carry out processing operations to meet the purposes set out in point 3 may be made aware of the data you have provided.

Moreover, your data may be processed only by third party companies to which ADR may entrust specific activities and services related to the management of the booking.

In particular, your data may be processed by the entities the Data Controller uses to maintain and manage the systems used in its capacity as External Manager (i.e. Whyline, Inc.) and the Sub-Managers it uses. For a complete list of Managers and Sub-Managers, please contact the Controller at any time.

The data may be communicated to the competent public authorities in order to comply with legal obligations. In any case, your personal data will not be disseminated.
 

8. NON-EU DATA TRANSFER

Data may be transferred to countries belonging to the European Economic Area or third countries outside the EEA within the limits of and in compliance with Chapter V of the GDPR on transferring personal data to third countries.
 

9. RIGHTS OF THE DATA SUBJECTS

Lastly, please be informed that Articles 15-22 of the GDPR ggive data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.

Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.

The above rights, including the request to no longer receive the newsletter (opt-out), may be exercised by making a request to the Data Protection Officer (DPO) at dpo@adr.it.

The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to GDPR Article 77 remains unaffected.

The Data Controller reserves the right to update this policy.

 

Date of last update

December 2022