Fraport Greece Data Protection Statement

Fraport Greece Data Protection Statement

The General Data Protection Regulation (Regulation (EU) 2016/679, or “GDPR”) is a regulation of the European Union laying down the rules on the processing of personal data by private companies and public authorities across the EU. The aim is not only to safeguard the protection of personal data within the European Union, but also to ensure the free movement of data within the European single market.

The GDPR replaces Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the national data protection acts which transposed the 1995 Directive into national law.

General information

Protection and security of personal data is of great importance to us. Below you will find the information required under the GDPR regarding the processing of personal data in connection to different categories of data subjects.

This Data Protection Statement is aimed at outlining the principles relevant to the processing of your personal data in accordance with our corporate Privacy and Data Protection Policy. It is our goal to provide you with exactly the right amount of information regarding the processing of personal data relating to you.

Who is responsible for data processing?

The Controller within the meaning of the GDPR is:

For Cluster A airports and websites:

Fraport Regional Airports of Greece A S.A.
10 Germanikis Scholis Athinon, GR-15123 Maroussi, Greece
E-Mail: [email protected]  
and
Fraport Regional Airports of Greece Management Company S.A.
10 Germanikis Scholis Athinon, GR-15123 Maroussi, Greece
E-Mail: [email protected]

For Cluster B airports and websites:

Fraport Regional Airports of Greece B S.A.
10 Germanikis Scholis Athinon, GR-15123 Maroussi, Greece
E-Mail: [email protected]  
and
Fraport Regional Airports of Greece Management Company S.A.
10 Germanikis Scholis Athinon, GR-15123 Maroussi, Greece
E-Mail: [email protected]

For this www.fraport-greece.com website, the Controller within the meaning of the GDPR is:

Fraport Regional Airports of Greece Management Company S.A.
10 Germanikis Scholis Athinon, GR-15123 Maroussi, Greece
E-Mail: [email protected]

How do I get in touch with the data protection officer?

For further questions or suggestions concerning data protection and for making use of your individual rights as data subject please contact the data protection officer of Fraport Greece in the following ways:

To which rights am I entitled under GDPR?

You have the right to access your personal data which we are processing and, if your personal data is inaccurate or incomplete, to request the rectification or erasure of your personal data. If you require further information in relation to your privacy rights or would like to exercise any of these rights, please contact our Data Protection Officer as per the above contact details.

Your rights as data subjects vis-à-vis the Controller are outlined in the GDPR. Below we explain the essential content of the most important relevant rules. For a more complete overview of your rights, read in particular Articles 7, 15 to 22 and 77 to 80 of the GDPR. The GDPR is available in all official languages of the European Union on the following website: http://eur-lex.europa.eu/eli/reg/2016/679/oj

1.1 Right to object at any time, Art. 21 GDPR

For reasons that relate to your particular situation, you have the right at any time to object the processing of personal data concerning you which is based on point (e) or (f) of Article 6 GDPR. Personal data will then no longer be processed by the Controller unless it can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms.

1.2 Right of access and information, Art. 15 GDPR

You have the right to request from the Controller to confirm whether personal data relating to you is being processed. You can also request access to the personal data. Upon your request, the Controller must also provide you with further information about the processing of such personal data, as specified in Art. 15 GDPR.

1.3 Right to rectification of personal data, Art. 16 GDPR

You have the right to obtain from the Controller without undue delay the rectification of inaccurate personal data and/or the completion of incomplete personal data concerning you.

1.4 Right to erase personal data, Art. 17 GDPR

You have the right to obtain from the Controller the erasure of personal data concerning you without undue delay if such personal data are no longer necessary in relation to the purposes pursued. Art. 17 GDPR also provides for other reasons which entitle you to request deletion.

1.5 Right to restriction of processing, Art. 18 GDPR

Art. 18 GDPR outlines several reasons entitling you to obtain restriction of processing upon your request. This applies in particular in the event that you object to the processing of personal data relating to you pending the verification of any overriding legitimate grounds. During our assessment of your request for data erasure (cf. sec. 1.4 hereof), you may exercise your right to restrict data processing in accordance with Art. 18 GDPR.

1.6 Right to data portability, Art. 20 GDPR

Under the conditions of Art. 20 GDPR, you have the right to data portability. This includes the right to receive personal data that you might have provided to us, in a structured, commonly used and machine-readable format and the right to submit that data to other persons without hindrance. If technically feasible, you may also request that the data be transmitted directly to another controller.

1.7 Right to withdraw consent, Art. 7 GDPR

If the data processing is based on your consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

1.8 Right to complain to a supervisory authority, Art. 77 GDPR

If you believe that the processing of the personal data relating to you infringes the GDPR, you have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

Data Protection Statement for Website Visitors

1. Validity of this Privacy Statement

This Privacy Statement applies to the following websites:

Furthermore, we may link to or integrate websites from third party providers. Separate privacy notices, statements, or terms of use may apply to these websites. Fraport Greece is not responsible for third party websites and privacy policies.

2. General information on data collection and use when using our services

2.1 General information

Personal data is all information that can be attributed to a specific person (e.g., name, address, telephone number, e-mail address). When you visit our websites, we may automatically collect user information, such as the IP address assigned to you by your ISP, the website from which you visit us, the web pages that you may visit with us, your browser type (including version and language), your device type and related information (e.g., monitor resolution), as well as details of your operating system, date and duration of your visit as well as further information on the successful use of our services (e.g., search queries, viewed pages, click behavior).

Collection of these data is required to ensure the smooth operation of our websites and to be able to create a good user experience. Your data will be used, processed and utilised as well as stored for a limited period of time and, subject to the further descriptions in this Data Protection Statement, do not allow us to infer any natural person. Storage of your IP address is necessary to help us timely detect -and properly respond to- potential cybersecurity attacks, thus safeguarding our legitimate interest in terms of security.

The collection and processing of the personal data is either based on your documented consent or is necessary for the protection of legitimate interests pursued by us in order to ensure the functionality and security of our information technology systems and to optimize the website. In all cases, the lawfulness of processing is ensured in accordance with the GDPR.

You can visit or use our services without having to register or identify yourself.

All personal data obtained through our websites are processed by our business partners who are committed to adhere to the strictest data privacy standards in accordance with the GDPR. Where needed, we maintain appropriate data processing agreements or terms with such partners to ensure that any personal data transfers are in compliance with GDPR requirements and based on relevant adequacy decisions of the European Commission or appropriate guarantees.

2.2 Cookies and Internet technologies

Cookies are small text files stored locally in the cache of the site visitor's Internet browser. To improve usability, we use temporary cookies that are stored on your device for a specific period of time. These cookies enable, among other things, the recognition of the internet browser, so that data already entered will not be lost during the interruption of a usage process (e.g., interruption of the internet connection) or the change to another service within our offer.

Additionally, we use cookies to statistically record the use of our website and to optimize our offerings. These cookies are automatically deleted after a defined time.

You have the option to prevent the storage of cookies on your device by appropriate browser setting. In most browsers, the option to disable cookies can be found under the Settings (or Tools) menu  Privacy options. For detailed instructions, check the support website for your browser.

The use of appropriate technologies takes place either for purposes of our compliance with any applicable ePrivacy rules or for the protection of our legitimate interests (point (f) of Article 6(1) GDPR), in particular to safeguard the functionality and security our information technology systems and to tailor advertising according to your interests.

2.3 Use of analysis and tracking tools

Our websites use the Google Analytics, Google DoubleClick for Publishers (DFP) and/or New Relic analysis tools. Processing of the data collected by these tools takes place for optimization purposes of our websites, to ensure the smooth functionality of our webpages and to allow us to provide you with a satisfactory user experience.

2.4 Contact and contact form

When contacting us (by contact form or e-mail) the information of the user is necessary in order for us to be able to process the contact request in the most satisfactory and efficient manner. We delete the requests if they are no longer required, subject to any applicable statutory retention requirements.

In some cases, requests, queries or complaints submitted through our contact form may include special categories of personal data, such as information concerning health (for instance, in the case of disabled passengers or passengers with reduced mobility), to allow us to address your particular needs.

2.5 Voluntary safety report form

It is possible to submit, on a voluntary basis, comments and reports on safety-related issues through the specially dedicated “Voluntary Safety Report” form on our website. This allows us to improve the timely information on, and be able to look into, any safety related matters arising at the airports and to notify, where appropriate or necessary, our relevant corporate (safety) department and/or competent authorities accordingly. When contacting us through this form, the information of the user is necessary in order for us to be able to process the comments being submitted in the most satisfactory and efficient manner and for communication purposes. We delete the comments if they are no longer relevant or necessary, subject to any applicable statutory retention requirements.

2.6 Online CV submission

Our webpage provides you with the opportunity to submit your biographical information through our Careers webpage section. When you do so, your personal information is being submitted based on your documented consent. Biographical information (curriculum vitae) may sometimes include photographs, which are not processed by us through any technical means. All personal data channeled through our online CV submission platform are processed in strict accordance with our corporate privacy and data protection policy and are kept for a maximum retention period of two (2) years, subject to any request by you for earlier deletion.

2.7 Flight tracker

Our airport webpages provide you with the ability to find and track flight information (arrivals-departures). To use this service, no additional personal data are collected other than those described in section 2.1 (General Information) of this Data Protection Statement.

2.8 Data security

Our websites use the widely used SSL (Secure Socket Layer) method in combination with the highest encryption level supported by your browser (usually 256bit encryption). Whether contents of our website are encrypted is indicated by the fact that a key or lock symbol is displayed in the top address bar of your browser, which is marked with a key symbol.

We also use appropriate technical and organizational security measures to prevent accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties as far as possible. We adapt these measures according to the technological development continuously.