ATHENS INTERNATIONAL AIRPORT S.A (AIA)
Administration Building (B17)
P.C. 19019, Spata Attica
Holds all rights and obligations reserved for such capacity under the General Data Protection Regulation (GDPR 2016/679) for processing personal data through the Website.
Data Protection Officer:
Manager, Data Protection & Compliance
Athens International Airport S.A.
Administration Building (B17), P.C. 190 19 Spata, Attica
Email address: email@example.com
AIA has created a robust information governance system as to process personal data in the course of airport operational and corporate activities, remaining at the forefront of information security and data privacy developments, diligently adhering to prevailing laws and regulations, policies and procedures. Appropriate technical and organizational measures have been implemented to mitigate, to the extent possible, the risk left unattained, taking into consideration privacy risk and data protection impact assessments. All personal data are:
Privacy culture is promoted through learning and awareness sessions within AIA and towards business stakeholders.
SECURITY OF AIRPORT FACILITY AND OPERATIONS
SUPPORT OF AIRPORT OPERATIONS – SERVICE PROVISION
AIA processes the required and relevant personal data, per case of processing, as to:
Within each context of processing, AIA informs the involved physical persons for the entire personal data lifecycle.
Personal data is collected from various sources:
AIA acknowledges and respects the importance of data subject’s privacy and commits to safeguard the availability, integrity and confidentiality of the personal data, under processing. The objective is to protect data against unauthorized access, unlawful processing, misuse, alteration, accidental loss, destruction or damage. To this extent, a series of corporate policies and procedures provide specific guidance and promote the security awareness across all operational and corporate processes.
Organizational and technical measures have been implemented to safeguard all databases physically and electronically. All data are classified and retained for predefined time periods, as set by the corporate documents and records retention policy. Our staff is properly trained on their data processing accountabilities while there is restricted access to physical storage. Technical measures may include firewalls, intrusion detection and prevention systems, unique and complex passwords, and encryption.
We share personal data with selected business partners who process data jointly or on our behalf providing sufficient guarantees – within the scope of data processing agreements – to implement appropriate technical and organizational measures in such a manner that processing meets the GDPR requirements and ensure the protection of rights of the data subjects. In certain cases, mainly for cloud storage purposes, data may be transferred to countries outside the EU, based on contractual clauses that ensure that this takes place in accordance with the relevant GDPR requirements.
AIA provides to data subjects the choice to revoke their initially provided consent, for AIA’s marketing activities by changing their preferences for receiving airport advertising and promotional correspondence. Moreover, in cases where data subjects create personal accounts for managing the information provided to AIA (e.g. CV submission), AIA offers the ability to access their information and make updates or delete their data and their account, accordingly.
Data subjects willing to exercise their rights, as provided by the GDPR, are requested to contact AIA’s Data Protection Officer – as presented above in this Policy – who diligently will handle each request.
Refers to access to data subject’s personal data and the following information:
Refers to correction/amendment of inaccurate/ incomplete data.
Applies in one of the following cases:
Applies in one of the following cases:
Applies under certain circumstances and solely where technically feasible and refers to the personal data transmission to another Data Controller in a structured, commonly used and machine-readable format.
Applies on grounds of each request, in particular.
The exercise of any of the above rights is subject to applicable regulatory or operational restrictions that AIA may confront.
Data subjects have the right to lodge a complaint with the Hellenic Data Protection Authority (DPA) at www.dpa.gr, if they consider that AIA’s processing of their personal data infringes the GDPR. Furthermore, data subjects have the right to an effective judicial remedy, in case they believe that their rights under the GDPR have been infringed as a result of AIA’s data processing.