Cookies Policy

(Last updated: December 2025)

Purpose
This Cookies Policy explains how Athens International Airport S.A. (AIA, we, us, or our) uses cookies and similar technologies on our websites and digital platforms, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

Data Controller
The controller responsible for the use of cookies and processing of personal data through our Website is Athens International Airport S.A. (AIA), Attiki Odos, Spata, Attica, 19019, Greece.

For any questions related to the processing of your personal data or the exercise of your rights, you may contact our Data Protection Officer (DPO) at privacy@aia.gr.

What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone or tablet) when you visit a website. They enable the website to recognize your device and remember your actions and preferences.

We also use pixels, also known as tags or web beacons, which are small invisible images embedded in web pages or emails that help us understand how users interact with our content and campaigns.

You can at any time change or withdraw your consent by visiting the Cookies Settings section on our website.

Where We Use Cookies
Cookies and similar technologies are used across AIA’s digital platforms (Websites):

www.aia.gr
AIA Interactive Communication Platform (AI Chatbot)
Corporate online platforms

Why We Use Cookies
We use cookies to:

enable core website functionality and improve your browsing experience
enhance security and prevent fraudulent activity
analyze website performance and usage to optimize our services
remember user preferences such as language and accessibility settings
provide personalized advertising and promotional content relevant to your interests

Types of Cookies
Cookies differ by duration and purpose.

By Duration

Session Cookies: Deleted automatically when you close your browser.
Persistent Cookies: Remain stored until expiry or manual deletion.

By Purpose

Essential Cookies – Required for the secure and correct operation of our websites and applications. They include authentication and session management cookies, load balancing and security tokens. These cookies do not store personal information and are always active.
Preferences Cookies – Allow the website to remember your selections and settings, such as preferred language, accessibility adjustments or whether certain banners or dialogs have been shown. They enhance usability and user experience across sessions.
Statistics Cookies – Collect aggregated, anonymized information about how visitors use our website. They help us understand how users interact with the site, identify errors, and improve functionality.
Marketing Cookies – Used to deliver relevant advertisements and promotions, measure the effectiveness of campaigns and limit ad repetition. These may include third-party cookies from platforms such as Google, YouTube or Facebook.

If a cookie is used for Marketing or Preference purposes, it is categorized as Marketing/Preferences. This allows us to apply the highest level of consent required for multi-purpose cookies.

Ownership of Cookies

First-Party Cookies: Set and controlled by AIA.
Third-Party Cookies: Set by external providers (e.g., Google, Facebook, YouTube) to support analytics, advertising or embedded content.

Third parties placing cookies on our Website act as independent data controllers for their processing activities.

Local Storage
We also use the browser’s Local Storage to enable certain functionalities (such as AI chatbot sessions). Non-personal session information is stored temporarily and may be retained for up to two months. Certain persistent identifiers or consent preferences may be stored for longer periods to maintain user settings, improve functionality, or demonstrate compliance with GDPR requirements. These persistent data items are not used for advertising or tracking purposes beyond what is necessary for service functionality.

Legal Basis for Processing

Strictly necessary cookies are processed based on Article 6(1)(f) GDPR (legitimate interests) or Article 6(1)(b) GDPR (performance of a contract).
All other cookies are used only with your explicit consent under Article 6(1)(a) GDPR.

Non-essential cookies are not activated until you have provided your explicit consent through our Cookies Settings panel. You may modify your choices at any time.

Managing Your Cookies Preferences
When visiting our website, you can select or reject non-essential cookies through our Cookies Banner. Your preferences are stored for 180 days, after which you will be asked to reconfirm them. Our Cookies consent management platform records your consent status and preferences (date, time and type of consent) to demonstrate compliance with GDPR requirements.

You can also manage cookies via your browser settings. Please note that disabling essential cookies may affect the proper functioning of the website.

Third-Party Recipients
Some cookies involve processing by third parties (e.g. Google, Meta, Microsoft). These parties may process data outside the EEA under appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs). You can learn more about how these providers process your data by reviewing their respective privacy or cookies policies.

Data Retention
Personal data collected through cookies is retained only for as long as necessary for the purposes stated and in accordance with the cookies’ expiry period shown in the table. Once the period expires, data is either deleted or anonymized.

Your Rights
You have the right to request access to your personal data, rectification, erasure (“right to be forgotten”), restriction of processing, data portability and to object to processing, in accordance with Articles 15–22 of the GDPR.

You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may exercise these rights by contacting our DPO at privacy@aia.gr

You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr

Updates to This Policy
We may amend this Policy from time to time. Any updates will be published on this page with a revised “Last updated” date.

Essentials

Cookie Name

Description

Type

Expiry

First/Third Party

ApplicationGatewayAffinity

Load-balancing cookie used by Azure Application Gateway to maintain session affinity.

HTTP

Session

First-party

visid_incap_*

Security cookie set by Incapsula to protect the website against malicious traffic.

HTTPS

1 year

Imperva Incapsula (Third-party)

pcms_cookie_bot_2fee

This cookie is used to store user cookie preferences.

HTTP

1 year

First-party

x-ms-cpim-trans

Microsoft Identity cookie used for transaction management and state.

HTTP

Session

First-party

__Secure-ROLLOUT_TOKEN

Stores rollout information for server-side updates and feature deployment.

HTTP

Session

First-party

AIA.Authentication*

Used for managing user authentication, allowing the site to recognize logged-in users and maintain their authenticated session.

HTTPS

Session

First-party

igate*

Session-based cookie for managing user authentication within the IGATE application.

HTTP

Session

First-party

x-ms-cpim-csrf

Anti-CSRF token cookie used in Microsoft authentication flows.

HTTP

Session

First-party

ApplicationGatewayAffinityCORS

Maintains session affinity for CORS requests via Azure Application Gateway.

HTTP

Session

First-party

ai_session

Used by Microsoft Application Insights to collect statistical usage and telemetry information.

HTTPS

Session

First-party

ai_user

Used by Microsoft Application Insights to collect statistical usage and telemetry information.

HTTPS

1 year

First-party

_vfp

Used to remember that user has voted in Vote for Parthenon page.

HTTP

400 days

First-party

concessionaires*

Stores partner-specific user preferences or selections.

HTTP

Session

First-party

TS01*

Security cookie used by the server to maintain session integrity and detect malicious activity.

HTTP

Session

First-party

x-ms-cpim-cache

Microsoft Identity cookie used to store session cache data.

HTTP

Session

First-party

x-ms-gateway-slice

Microsoft cookie used for load balancing across server gateways.

HTTP

Session

First-party

_GRECAPTCHA

This cookie is set by Google reCAPTCHA and is used to validate that the website user is human and not a bot.

HTTP

Session

Google (Third-party)

incap_ses_*

This is an Incapsula DDoS Protection and Web Application Firewall cookie that is used to relate HTTP requests to a certain session.

HTTP

Session

First-party

aia_session_cookie

Authentication session cookie used to validate secure logins.

HTTP

Session

First-party

.AspNetCore.Correlation.*

Correlation cookie used to link authentication requests and responses securely.

HTTPS

Session

First-party

.AspNetCore.Antiforgery.*

This cookie is used by ASP.NET Core to validate that form submissions originate from the authenticated user and the legitimate site.

HTTP

Session

First-party

Identity.External*

Stores external identity authentication information for third-party login.

HTTPS

Session

First-party

_track_flight_*

Used to remember the flights that a user tracks or follows on the website.

HTTP

24 hours

First-party

__RequestVerificationToken

Set by web applications built with ASP.NET MVC. This cookie is used to prevent Cross-Site Request Forgery (CSRF) attacks by verifying that requests made to the server are legitimate and originate from the current user.

HTTP

Session

First-party

.AspNetCore.OpenIdConnect.Nonce.*

This cookie is set by ASP.NET Core applications when using OpenID Connect for user authentication.

HTTPS

Session

First-party

TS42ca1e71027

Security-related cookie set by the website’s infrastructure provider. Used to maintain session integrity and protect against malicious activity.

HTTP

Session

First-party

AIA.BCE

Temporary cookie used during the parking reservation process. Stores selection data such as location or timeslot to ensure completion of the booking flow.

HTTPS

Session

First-party

ASP.NET_SessionId

Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.

HTTP

Session

First-party

Marketing/Preferences

Cookie Name	Description	Type	Expiry	First/Third Party
VISITOR_PRIVACY_METADATA	YouTube sets this cookie to store the user's cookie consent state for the current domain.	HTTP	Persistent cookie	YouTube (Third-party)
yt-remote-cast-installed	Indicates whether the YouTube Cast feature is installed on the device.	HTTP	Persistent cookie	YouTube (Third-party)
yt.innertube::nextId	Stores the next request ID in YouTube’s internal request queue.	HTTP	Session	YouTube (Third-party)
__Secure-YEC	YouTube cookie used for personalized tracking and ad delivery.	HTTPS	Persistent cookie	YouTube (Third-party)
fbp	Facebook Pixel cookie used to deliver advertising and measure ad performance.	HTTPS	90 days	Facebook (Third-party)
_gcl_au	Used by Google AdSense to store and track conversions across websites, measuring ad performance and user interactions with ads.	HTTP	90 days	Google (Third-party)
_fbp	Set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.	HTTP	3 months	Facebook (Third-party)
VISITOR_INFO1_LIVE	Set by YouTube to measure a user’s bandwidth and determine whether they receive the new or old player interface.	HTTP	180 days	YouTube (Third-party)
yt-remote-connected-devices	Tracks connected remote devices associated with a user’s YouTube session.	HTTP	Persistent cookie	YouTube (Third-party)
ytidb::LAST_RESULT_ENTRY_KEY	Stores the ID of the last clicked search result in embedded YouTube components. Used for maintaining session-specific video navigation data.	HTTPS	Persistent cookie	YouTube (Third-party)
YSC	YouTube cookie used to track video playback sessions.	HTTP	Session	YouTube (Third-party)
_gclxxxx	Google Ads conversion tracking cookie used for measuring advertising performance.	HTTP	90 days	Google (Third-party)
_gcl_gs	This cookie is set by Google Ads and is part of the Google Conversion Linker functionality. It helps track ad clicks and conversions across domains.	HTTP	90 days	Google (Third-party)
yt-remote-fast-check-period	Facilitates fast connectivity checks for YouTube remote sessions.	HTTP	Session	YouTube (Third-party)
yt-remote-session-name	Maintains the name of the current YouTube remote session.	HTTP	Session	YouTube (Third-party)
yt.innertube::requests	Internal cookie used by YouTube for managing API requests.	HTTP	Session	YouTube (Third-party)
_gac_UA-*	This cookie is set by Google Ads in combination with Google Analytics and stores campaign information in order to provide better attribution of ad clicks and conversion tracking when Google Ads and Google Analytics are linked.	HTTP	90 days	Google (Third-party)
yt-remote-device-id	Identifies the user's remote device for YouTube remote playback functionality.	HTTP	Persistent cookie	YouTube (Third-party)
yt-remote-session-app	Stores the state of the YouTube remote session application.	HTTP	Session	YouTube (Third-party)
_gcl_aw	Used by Google Ads to provide ad delivery or retargeting.	HTTP	90 days	Google (Third-party)

Statistics

Cookie Name	Description	Type	Expiry	First/Third Party
rc::c	reCAPTCHA cookie that tracks user interaction for bot detection purposes.	HTTP	Session	Google (Third-party)
_gid	Google Analytics cookie used to distinguish users within 24 hours.	HTTP	24 hours	Google (Third-party)
_ga*	Google Analytics cookie used to distinguish unique users across sessions.	HTTP	24 hours	Google (Third-party)
_ga	Google Analytics cookie used for identifying unique users and tracking website analytics.	HTTP	2 years	Google (Third-party)
rc::a	reCAPTCHA cookie used to distinguish human users from automated bots.	HTTP	Session	Google (Third-party)