WEBSITE PRIVACY NOTICE

(Issue Date: April 15, 2019)

Athens International Airport S.A. (AIA) acknowledges the importance of privacy of your personal data.
This Privacy Notice sets out the principles followed by on AIA in processing your personal data through the services provided by this Website, in compliance with applicable data protection regulatory framework and AIA’s Privacy Policy.

  1. Website Layout – Structure of www.aia.gr

Our Website (the “Site”) is an integrated information and services hub for both our business partners and the public; a gateway to services and easements we provide to passengers, visitors and tourists who seek to obtain first-hand information for the Airport, services offered by our Company, Public Services or business partners, and for the City of Athens as a destination.

We must point out that third-party websites, that you may visit by following links provided on our Website, are outside of our sphere of control and are governed by different terms of use and different Privacy Policies for the management of personal data. For these policies, our Company does not take any responsibility.

  1. Data Controller:

Athens International Airport S.A. (AIA)
Administration Building (B17)
P.C. 19019, Spata Attica
Greece
Holds all rights and obligations reserved for such capacity under the General Data Protection Regulation (GDPR 2016/679) for processing personal data through the Website.

  1. AIA’s Data Protection Officer:

Manager, Data Protection and Compliance
Athens International Airport S.A. (AIA)
Administration Building (B17)
P.C. 19019, Spata Attica
Greece
Email address: privacy@aia.gr

  1. Categories of Data Processing

Information about you is collected through the following means:

  1. When navigating through our Website, your browser cookies and similar technologies, as demonstrated in our Cookies Policy.
  2. When filling our contact form www.aia.gr/traveler/contact/ to post a comment or require further information, in order for us to be able to look into your inquiry/ investigate your comment and reply.
  3. When using our "flight tracker" service www.aia.gr/en/traveler/flight-info/flight-tracker/ and you wish to receive an email notification every time there is a significant update in your flight status.
  4. When using our "e-parking" platform www.aia.gr/traveler/parking/e-parking/parking-fee-calculator to book a vehicle parking space at the Airport’s Car Park Lots, in order to conclude a contract and provide you with the requested service subscribe to newsletter in order to receive targeted offers and promotionals.
  5. When accessing our "iGate" and "Auto-Pilot" pages www.aia.gr/igate/ and www.aia.gr/autopilot/ (as a registered business partner user), in order to be able to access specialized content and tools for the aviation professionals.
  6. When using our environmental issues contact form www.aia.gr/company-and-business/environment/e-Noise-complaint-form/ to raise or report an environmental issue or inquire to receive further information, in order for us to look into your inquiry and reply.
  7. When you participate in competitions, surveys or other interactive modules of our Website.
  8. When you subscribe to AIA’s Newsletters and accept to receive informative/ promotional material for our Airport Business Partners, as well.
  1. Categories of personal data collected

Depending on the purpose of your visit and the service you wish to receive from our Website, the type of personal data we collect may include name, address, email address, telephone number, vehicle license plate, as well as additional information, such as airline and flight no. Credit card details are currently processed exclusively through an external website of an AIA business partner.

In some cases, we may also need to process special categories of personal data such as information concerning medical conditions, disabilities and special requirements, as to be able to address your particular needs (e.g. when you post a comment or inquiry on the Website).

On all such occasions, you are in absolute control of the personal information with which you provide us, as such information is explicitly received with your documented consent for specific purposes. Our Website operates a consent mechanism that records your clear, affirmative action, per area of data processing. Moreover, there are modules that enable you to revoke your prior preferences and set new ones.

You acknowledge, however, that certain services (e.g. Flight Tracker, e-Parking or iGATE), cannot be efficiently provided or concluded, unless the appropriate data is made available to us.

  1. Website Security

Every effort is made to protect your information, while accessing our website. We use appropriate technical, organizational and administrative measures to protect any personal information we process about our visitors, our customers and their end users. AIA utilises a valid trusted certificate that is used to encrypt the communication exchanged between your device and the hosting server, all information is encrypted prior to being transmitted over the Internet, through HTTP over TLS (Transport Layer Security). However, please note that no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, anti-virus and anti-spyware software, and similar technologies to protect yourself online.

Any payment transaction is encrypted using SSL technology and is processed by a trusted merchant (third party).

We record your personalized preferences and we apply double opt in mechanism with confirmation e-mail messages where applicable.

You are responsible for keeping passwords that are provided to you or you have chosen yourself, so to access certain restricted portions of our Website. Passwords are secret and are provided to you solely, we therefore kindly ask you to not share your password with anyone else. AIA will not contact you directly or indirectly asking for your password.

  1. Data Retention

The data retention limits are set by our respective corporate policy and depend on the purpose of service you wish to obtain from our Site and its respective modules and is clearly demonstrated therein:

  • Personal data provided in the comments/contact section is retained for a maximum of five (5) years from our reply or the dispatch of your comment to the relevant companies and entities operating at Athens International Airport as per our corporate passenger comment management procedure.
  • Data provided in the "Flight Tracker" module is automatically deleted upon completion of the requested service.
  • Data provided in the "e-Parking” is retained for a maximum of five (5) years from the booking date.
  • Email addresses provided for subscription purposes to our newsletters are kept until an unsubscribe request has been received by you.
  • Emails or other contact details provided for competitions, surveys or other interactive features of our Site are automatically deleted upon the conclusion of the respective activity.
  1. Third Party Processing

Personal data are also processed by our affiliated companies, which are committed to comply with the GDPR while, for the purposes of IT hosting and maintenance, information is located within the European Union. In particular:

  • “DOPE STUDIO", Mesogeion 451, 153 43, Ag. Paraskevi, Attica (hello@wearedope.com) is the developer of the website processing data on our behalf,
  • "E-parking" module data are is also processed by the developer of the platform, Chauntry Ltd, New Century House, Cordwallis Street, Maidenhead, Berkshire SL6 7BE (enquire@chauntry.com), and the parking operator, Cityzen Parking and Services SA, Kifissias Ave 294 & Tzouna 1, 145 63 Kifissia Attica (customerservice@cityzen.com.gr).
  • Grammedia LTD (ContactPigeon), Leof. Pentelis Str. 74, Chalandri 15234 (help@contactpigeon.com) undertakes the email marketing campaigns on our behalf and Mindshare Media Company, 350 Kifisias & Chr.Lada Chalandri GR 15233, runs our digital advertising campaigns.
  1. Transfer of personal data

We share your personal data with competent authorities and companies within Airport Community, following your consent and in relevance with the scope of each processing activity.

  1. Your rights to access and manage your personal data

Personal data legislation in force gives you the right to ensure that your personal data is being processed lawfully. You may exercise your rights to access, rectify, delete, transfer your data, restrict or object the data processing by communicating your request to AIA’s Data Protection Officer as indicated above under point (3). More information on the data subject rights are presented in our Privacy Policy.

  1. Complaint to competent Data Protection Authority

You may exercise your right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr), if you consider that AIA’s processing of your personal data infringes GDPR. Furthermore, you have the right to judicial remedy, in case you believe that your rights under the GDPR have been infringed as a result of AIA’s data processing.

  1. Revisions of Website Privacy Notice

This Website Privacy Notice may be subject to future amendment. The applicable version will be always presented on our Website.