EU Regulation 2016/679 (General Regulations on Data Protection, "Regulation") and the Italian legislation in force, including Legislative Decree no. 196 of 30 June 2003 as amended (Personal Data Protection Code), (together "Applicable Regulations") establish the right of anyone to protection of personal data concerning him/her. The applicable regulations therefore require that personal data is processed in compliance with fundamental rights and freedoms and the dignity of the user, with specific reference to right to the confidentiality and protection of personal data.
Società per azioni Esercizi Aeroportuali S.E.A., having its registered office in Segrate (Milan) - 20090 - at the Milan-Linate Airport, ("Company") in the provision of services (including, for example, flight tracking, search for information on services available at individual airports, travel planning service to and from airports, etc.) which can be used through browsing and registration on the portals www.milanomalpensacargo.eu, www.milanolinate-airport.com, www.milanomalpensa-airport.com, www.milanairports.com, and wifi.seamilano.eu ("Service(s)"), processes the personal data provided freely by users in accordance with the Applicable Regulations.
Pursuant to art. 4, paragraph 1, no, 2) of the Regulation, processing of personal data means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, even if not recorded in a database, such as collection, registration, organization, structuring, storage, processing, selection, blocking, adaptation or modification, retrieval, consultation, use, communication by transmission, circulation or making available in any other form, comparison or interconnection, restriction, erasure or destruction.
The Company will perform the processing, therefore, in accordance with the Applicable Regulations, for the purposes listed below, with automated systems suitable for storing and managing the data in compliance with the above-mentioned purposes and in such a way as to guarantee their security and confidentiality.
1. Purpose and legal basis of the processing
The data are acquired and processed in compliance with the rules set out in the Applicable Regulations for the following purposes, with an indication of the relevant legal basis:
2. Disclosure and circulation of personal data to pursue the purpose of processing.
The data will not be circulated, that is personal data will not be disclosed to the public or, in any case, to an indeterminate number of parties.
3. Mandatory or optional provision of data for pursuit of the purposes of processing
3.1. Use of the Site
The Company will process your personal data in order to allow you to access the Site and use all the features, including the possibility to create an account and register on the Site.
In addition, the Company will process your personal data to fulfill the legal obligations required of it.
The provision of personal data for these purposes is mandatory and a refusal to provide the data may make it impossible for the Company to carry out the purpose for which the personal data is collected. Failure, partial or incorrect provision of the data marked with an asterisk (*) in the registration form will make it impossible to register and to use the Services. The failure, partial or incorrect provision of data not marked with an asterisk will not prevent the registration or its use.
3.2. Travel Planning Service
The Company will process the user's personal data related to geolocation only and exclusively if the user makes use of the "GPS coordinates retrieval" function integrated in the travel planning service to and from Milano Linate/Malpensa airports (https://www.milanairports.com/en/our-airports/how-to-reach-the-airports) and only with the user’s consent, which is collected through the browser according to the methods described below.
Personal data are collected and processed by the Company for purposes related and/or connected to the provision of the travel planning service through the user’s geolocation function. Personal data are processed on the basis of the user's free, specific, informed and unequivocal consent released through the browser. In particular, the consent is collected by means of a "pop up" message with which the browser asks the user for the relative and possible authorization to geolocalize the device used by the user, for the purposes of the service. This message appears the first time the user consults the web page dedicated to the service and, in case of authorization to the respective geolocation, this message will no longer be visible in case of subsequent consultations of the page performed by the user with the same device used for the first access. In any case, it should be noted that the user is free to revoke the consent given at any time by accessing the browser settings and deactivating the function that allows geolocation.
We also specify that the provision of personal data for these purposes is optional. Therefore, should the user not give his/her consent to the processing of such data for the purposes in question, there would be no prejudicial effect on obtaining the travel planning service provided by the Company. In fact, the user can also use the travel planning service by manually filling in the fields to enter the address of the chosen place. In this case, there will be no processing of any user’s personal data.
The Company will process the Users’ Personal Data for a few seconds from the collection of the consent required from them for the purpose of their geolocation. After viewing the information requested and related to the Travel Planning Service, Personal Data will be permanently deleted by the Company.
3.3. Using the wi-fi network
The Company provides the user with a free wi-fi network, which can be accessed without registration.
The computer systems and software procedures used to operate the wi-fi service acquire, during their normal operation and at the time of connection by the user, the mac address of the device used. By connecting to wi-fi the user will be redirected to the Welcome Page of the wi-fi service where he/she must accept the terms and conditions of the service in order to use it.
The Company will detect the mac address of the device that will be used to enable web browsing. In addition to the mac address, the Company will also save the information about the browsing start time and its duration, measured at the end of browsing. This data is never used for user profiling, but may be communicated to the competent authorities if an offense is committed, in order to identify the user.
The provision of such personal data for these purposes is mandatory and a refusal to provide the data may make it impossible for the Company to carry out the purpose for which the personal data is collected.
3.4. Profiling purposes
The Company, with the user's consent, will process his/her personal data for the performance of profiling activities, based on the information provided at the time of registration, which is understood in accordance with Article 4, paragraph 1, no. (4) of the Regulations: "any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements".
Where the user does not intend to give consent for profiling purposes, the consequence will be the impossibility for the Company to proceed with the relevant processing. Failure to give consent will not cause any interference and/or consequence on any other negotiation, contractual or other types of relationship with the user.
3.5. Marketing Purposes
The Company, with the user's consent, will process his/her personal data for the periodic sending of e-mail messages containing advertising, communications relating to airport information, new initiatives and promotional material, as well as Company services, carried out through automated contact systems (SMS and/or e-mail).
Where the user does not intend to give consent for marketing purposes, the consequence will be the impossibility for the Company to proceed with the relevant processing. Failure to give consent will not cause any interference and/or consequence on any other negotiation, contractual or other types of relationship with the user.
4. Transfer of personal data to countries outside the European Union.
The data collected and processed are not transferred to companies or other parties outside the EU territory.
5. Data retention times
With reference to the personal data processed for the pursuit of the purposes referred to in sections 3.1 and 3.3, they will be stored in compliance with the principle of proportionality and until the purposes of the processing have been achieved.
In any case, with reference to the data referred to in paragraph 3.1, these will be stored for a period not exceeding 2 years, it being understood that, in case of interaction with the Site through login, this storage period will start from the latter interaction. In order to revoke consent, the procedures set out in paragraph 7 below apply.
With reference to the profiling and marketing purposes referred to in points 3.4 and 3.5., the data will be retained for a period of 12 months and 24 months respectively.
6. Data controller
The identification details of the data controller company are as follows:
Società per azioni Esercizi Aeroportuali S.E.A., with registered office in Segrate (Milan) - 20090 - at Milan-Linate Airport.
7. Data Protection Officer (DPO)
You can contact the Data Protection Officer, also to exercise your rights pursuant to articles 15-22 of the Regulation, by sending an email to: firstname.lastname@example.org.
8. User rights
In relation to the processing of data, you are entitled to exercise the rights set out in Articles 15 to 22 of the Regulation. Specifically, you have the right to:
(a) access and request a copy;
(b) request rectification;
(c) request cancellation;
(d) obtain restriction of processing;
(e) oppose processing;
(f) receive such data in a structured, commonly used and machine-readable format and transmit such data without hindrance to another controller, where technically feasible.
To exercise your rights and to withdraw consent, you may send a notification to the Data Protection Manager, in the manner indicated in paragraph 7 above, indicating in the subject "Withdrawal of consent to data processing".
You have the right to file a complaint or report with a supervisory authority, in particular in the Member State where you habitually reside, work or where the alleged breach has occurred. In the event that you wish to refer the matter to the Data Protection Supervisory Authority, you may do so by:
a) registered letter with return receipt addressed to the Garante per la protezione dei dati personali, Piazza Venezia, 11, 00187 Roma;
b) e-mail to: email@example.com, or firstname.lastname@example.org;
(c) fax number: 06/69677.3785.
Exercising of such rights is not subject to any formal restriction and is free of charge.