Web policy – RomeAirports website

Pursuant to current privacy legislation (European Regulation 2016/679 "GDPR" and Legislative Decree no. 196/03 and subsequent amendments and additions) the following policy is provided, in relation to the navigation on https://www.romeairports.com/fiumicino_en/ website. 

This policy does not concern the use of the so-called cookies, for which please refer to the specific cookie policy 

  1. DATA CONTROLLER

Aeroporti di Roma S.p.A. (hereinafter also defined as “ADR” or “the Controller”) with registered office in via Pier Paolo Racchetti 1 - 00054 Fiumicino (Rome). 

  1. DATA PROTECTION OFFICER

ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer can be found at https://www.adr.it/web/aeroporti-di-roma-en/ 

  1. PURPOSE AND LEGAL BASIS OF THE PROCESSING

This policy concerns the personal data processing activities carried out for the purpose of allowing the user to navigate the https://www.romeairports.com/fiumicino_en/ website. 

In relation to the aforementioned service, Aeroporti di Roma processes the data provided by the data subject for the pursuit of the aforementioned purpose in accordance with Article 6, letter b), GDPR, in order to guarantee the performance of the service requested by the user. 

  1. TYPES OF DATA PROCESSED

The data processed by ADR includes information which - although it does not allow ADR to trace it back to an identified and/or identifiable natural person - the IT systems and procedures used to operate this website acquire, in the course of their normal operation. The transmission of such data is implicit in the use of Internet communication protocols. 

This type of data may include IP addresses, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. 

  1. PROCESSING METHODS

Data are processed in compliance with the regulations in force by means of IT and electronic tools, with logic strictly associated with the purpose above mentioned, in order to guarantee the security and confidentiality of the data. 

  1. DATA RETENTION PERIODS

Information is stored by the systems for the time necessary for the purposes for which it is collected in compliance with the principle of minimisation pursuant to Art. 5.1, letter c) GDPR. 

The Rome Airports website receives visitors' IPs, which are retained as navigation data for 3 months and saved for IT security logics for a period of 6 months. 

 

  1. DATA RECIPIENTS

Within ADR, only the persons appointed for processing by the Data Controller and authorised to carry out the processing operations on the aforementioned activities may become aware of the personal data provided. Moreover, your data may be processed only by third party companies to which ADR may entrust with specific activities and services related to the management of the website. 

In particular, the data may be processed by the entities the Data Controller uses to maintain and manage the systems employed, in their capacity as external Data Processor and the Sub-Processors the latter uses. 

Furthermore, ADR makes use of cloud services in order to optimise the performance of the www.adr.it site. ADR has signed a special Enterprise Agreement with Amazon Web Service EMEA SARL (https://aws.amazon.com/), selecting sites available within the European Economic Area for storing its content. In any case, the supplier in question does not access the personal data of users acquired on the https://www.romeairports.com/fiumicino_en/ ADR website, limiting itself to using the essential information to deliver and keep active the cloud services. 

Data may be communicated to the competent Public Authorities in fulfilment of legal obligations. 

In any case, personal data will not be disseminated. 

  1. DATA TRANSFER OUTSIDE THE EU

Personal Data are not disclosed and/or communicated to third parties located outside of the European Economic Area. 

  1. RIGHTS OF THE DATA SUBJECTS

Lastly, we inform you that articles 15-22 of the GDPR give data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, erasure, restriction of processing, as well as the portability of data concerning them. 

Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject. 

The aforementioned rights may be exercised by making a request addressed without formalities to the Data Protection Officer (DPO) at dpo@adr.it. 

The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected. 

The Data Controller reserves the right to update this policy. 

Date of last update April 2024