In providing its services, SEA will necessarily come into possession of personal information and data: We therefore ask you to read carefully the policy statement pursuant to Article 13 of Legislative Decree 196/03, which you will find on all the forms requesting personal data.
Specifically, to access the services offered on its sites, SEA will ask you for information such as e-mail address, last name, first name, country of residence and P.O. code. SEA may also ask you for additional data required to keep you informed about new services or to notify you of changes and updates.
If you provide your consent, SEA will also use the personal data for the following purposes:
a) send airport information, promotional and/or commercial messages regarding the services of SEA and its partners, by regular mail, e-mail, SMS and/or MMS;
b) prepare an electronic profile of the customer that SEA may use to improve the quality of the services offered, knowledge of its customers, and for statistical and market survey purposes, to better understand the requirements of users and offer better service.
The set of data provided constitute the personal profiles of users, which they can update, correct, supplement or delete.
The personal data are processed with automatic instruments (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data were collected. Specific security measures are in place to prevent the loss or the illegal or improper use of the data and unauthorized access to them, in conformity with the provisions of Legislative Decree 196/03.
The personal data provided by users when enrolling with the services, or collected thereafter when the services are used, including those related to web traffic, will be processed by SEA to provide the services (and any other related service requested) and for the maintenance and technical assistance to the services, for the management of any complaints or litigation and for preventing/repressing fraud and any other illicit activity. They may also be processed, of course, to fulfil any legal, regulatory or EU obligations.
The Data Processing Controller is SEA. The Data Processing Manager, the individual responsible for processing of the data is the Director of IT Systems SEA. Persons in Charge of data processing have been appointed within the company.
The personal data provided voluntarily by users shall not be divulged and may be transmitted only to certain parties, such as other companies to which SEA may entrust specific activities or services related to administration of the web site, to customer care, or to the sending of promotional-advertising messages.
The data may also be transmitted to the competent public authorities to meet legal obligations.
Regarding the processing of the collected data, data subjects shall be entitled to exercise the right to access, update, correct, supplement or cancel them, and all the rights set forth in Article 7 of Legislative Decree 196/2003, by directly accessing their personal page on the site (if registered) or by sending a request by regular mail to the person in charge of exercising personal data access rights, i.e. the director of Legal and Corporate Affairs of SEA – Società S.p.A. Esercizi Aeroportuali – 20090 Segrate, Milano Linate Airport, or to the e-mail address firstname.lastname@example.org.
Article 7. Right of access to the personal data and other rights
1. Data subjects shall have the right to obtain confirmation as to whether or not personal data concerning them exist, even if the data have not yet been recorded, and communication of such data in intelligible form.
2. Data subjects shall have the right to information on:
a) the source of the personal data;
b) the purposes and modes of processing;
c) the logic applied when the data is processed with the use of electronic instruments;
d) the identity of the data controller, data processing officers and the representative designated pursuant to Article 5.2;
e) the entities or categories of entities to which the personal data can be transferred or which can gain knowledge of them as designated representatives of the state, data processing officers, or data processors.
3. Data subjects shall have the right to obtain:
a) the updating, correction or, should they be interested, additions to the data;
b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed;
c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.
4. Data subjects shall have the right to oppose, wholly or in part:
a) for legitimate reasons, the processing of their personal data even when it pertains to the purpose of collection;
b) the processing of their personal data for the purpose of sending advertising or direct marketing material or to conduct market research or commercial communication surveys.