QPass privacy policy
 

Pursuant to current privacy legislation (European “GDPR” Regulation 2016/679 and Italian Legislative Decree no. 196/03 and subsequent amendments and additions) the following information is provided in relation to the service for requests to use the security gate booked at Fiumicino Airport through the "QPASS" channel.


1. DATA CONTROLLER

Aeroporti di Roma S.p.A. (ADR) with registered office at Via Pier Paolo Racchetti, 1 - 00054 Fiumicino (Rome).
 

2. DATA PROTECTION OFFICER

ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at  www.adr.it 
 

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

ADR will process your personal data in order to allow you to book a time slot for subsequent access to dedicated security checkpoints at Fiumicino airport (Q-Pass service).

The data you enter will be processed for the purpose of providing you with the requested service (GDPR Art. 6, para. 1, lett. b) and requesting feedback regarding your satisfaction with the service used.

The provision of data is necessary for the pursuit of the above-mentioned purpose; in the event of your refusal to process the data, it will not be possible to provide you with the requested service.

Moreover, Aeroporti di Roma, may process personal data for marketing purposes, subject to the user's express , free and specific consent, pursuant to art. 6, lett. a of the GDPR, in order to send newsletters, commercial information and surveys/surveys by Aeroporti di Roma concerning discounts, promotions, airport news and institutional initiatives.

Failure to consent to the processing will not allow the marketing activity, but will not prejudice the Data Subject in any way with regard to the possibility of using the Q-Pass service.

 

 

4. TYPES OF DATA PROCESSED

The data processed by ADR include common personal data such as your e-mail address and additional information such as flight number, flight date, airline company and number of passengers/accompanying persons you entered in the form.

With regard to the data processing activities in the context of the security checks performed, please refer to https://www.adr.it/la-privacy-nei-controlli-di-sicurezza.

 

5. PROCESSING METHODS
The data are processed in compliance with the regulations in force by means of manual, IT and electronic tools, with logic strictly related to the above-mentioned purpose, so as to guarantee the security and confidentiality of the data.



6. DATA RETENTION PERIOD

Your Personal Data will be kept only for the time necessary for the purposes for which they are collected in compliance with the principle of minimisation ex art. 5.1, lett. c of the GDPR. In particular, the data entered for the Q-Pass service will be kept from the moment of booking and up to 72 hours after use of the service.

With reference to promotional and marketing purposes, personal data will be processed as long as the user uses the services, except in the event of withdrawal of consent and/or opposition to processing (opt-out) in the manner indicated in paragraph 9 below.


7. DATA RECIPIENTS

Within ADR S.p.A., only the persons assigned to data processing by the Data Controller and authorised to carry out processing operations to meet the purposes set out in point 3 may be made aware of the data you have provided.

Moreover, your data may be processed only by third party companies to which ADR may entrust specific activities and services related to the management of the booking.

In particular, your data may be processed by the entities the Data Controller uses to maintain and manage the systems used in its capacity as External Manager (i.e. Copenhagen Optimization) and the Sub-Managers it uses. For a complete list of Managers and Sub-Managers, please contact the Controller at any time.

The data may be communicated to the competent public authorities in order to comply with legal obligations. In any case, your personal data will not be disseminated.

 

8. NON-EU DATA TRANSFER

Data will not be disclosed and/or communicated to third parties located outside of the European Economic Area.

 

9. RIGHTS OF THE DATA SUBJECTS

Lastly, please be informed that Articles 15-22 of the GDPR give data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.

Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.

The aforementioned rights may be exercised by accessing your reservation which can be found in the e-mail received, or by revoking your consent to receive commercial and promotional information via the link available at the bottom of the e-mails received (opt-out), or by making a request addressed without formalities to the Data Protection Officer (DPO) at dpo@adr.it.

The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected.

 

The Data Controller reserves the right to update this policy.

 

Date of last update

May 2023