Privacy Policy Assistance to Passenger with Reduced Mobility (PRM)
Pursuant to articles 13 and 14, GDPR (Regulation (EU) 2016/679 "GDPR") the following information is provided in relation to the service provided by ADR Assistance at Fiumicino and Ciampino airports aimed at ensuring assistance to persons with disabilities and reduced mobility.
1. DATA CONTROLLER
ADR Assistance s.r.l. with registered office in Via Pier Paolo Racchetti, 1 - 00054 Fiumicino (Rome), a subsidiary company of the airport Operator Aeroporti di Roma S.p.A., hereinafter also referred to as ADR Assistance or "the Controller".
2. DATA PROTECTION OFFICER
ADR Assistance has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it .
3. PURPOSE AND LEGAL BASIS OF THE PROCESSING
ADR Assistance processes personal data [1] for the purpose of providing an adequate and personalized service to satisfy the needs of the individual for whom assistance is requested.
The processing of personal data (including any information ascribable to the special categories referred to in article 9, GDPR) is carried out in order to manage and provide the request for assistance in compliance with the provisions of current legislation (including Regulation EC No. 1107/2006) pursuant to article 6.1, letter c, and article 9.2, letter b., GDPR.
In case of refusal by the data subject to the data processing, it will not be possible to provide the requested assistance service.
4. TYPES OF DATA PROCESSED
Pursuant to art. 14 GDPR, ADR Assistance informs that it may receive the request for assistance directly from the data subject and/or his/her companion at the airport or from the airline company from which the data subject has requested the service.
Personal data processed by ADR Assistance in order to manage the assistance include personal data referable to the person to whom assistance is provided (potentially also minors at the request of the holder of parental responsibility) such as: first name, surname, contact details (e.g. telephone number and e-mail address) date and flight number, assistance code belonging to the IATA classification of airport assistance services.
ADR Assistance only provides assistance service to PRMs and does not require the data subject to prove his/her condition or disability status (e.g. through a medical certificate). Furthermore, ADR Assistance does not receive information that could reveal the health condition of the data subject from airline companies.
At the same time, ADR Assistance would like to inform you that, as part of the provision of assistance service, its employees may accidentally process data that could reveal the health condition of the data subject ascribable to the special data categories referred to in article 9, GDPR.
Such data will be necessary for ADR Assistance to be able to organise and provide the requested assistance service. For such data, ADR Assistance shall guarantee special care to ensure maximum confidentiality.
ADR Assistance also informs you that, in order to manage the request for assistance, it may also need to process personal data/contact details of third parties (e.g. family members, companions of the person, also the holder of parental responsibility in the case of minors).
5. PROCESSING METHODS
Data are processed in compliance with the regulations in force by means of manual, IT and electronic tools, with logic strictly associated with the purpose above mentioned, in order to guarantee the security and confidentiality of the data.
6. DATA RETENTION PERIOD
Personal data are retained only for the time necessary for the purposes for which they are collected in compliance with the principle of minimisation pursuant to art. 5.1, letter c GDPR and for the additional prescriptive period applicable, except for the possibility of retaining them for a further period in the event of disputes and/or litigation.
ADR Assistance does not retain data ascribable to the special categories referred to in article 9, GDPR.
7. DATA RECIPIENTS
For the pursuing of the purposes above mentioned, only employees and collaborators of the Data Controller authorised to carry out processing operations to meet the purposes set out in point 3 and who will act as authorised to the processing, may become aware of the data provided by the data subject.
In compliance with possible legal obligations, personal data may also be communicated by the Controller to the competent Public Authorities, which will act as (autonomous) data controllers.
Under no circumstances will your personal data be disseminated.
8. NON – EU DATA TRANSFER
Personal Data are not disclosed and/or communicated to third parties located outside of the European Economic Area.
9. RIGHTS OF THE DATA SUBJECTS
Lastly, please be informed that articles 15-22 of the GDPR give data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, erasure, restriction of processing, withdrawal of consent as well as the portability of data concerning them.
Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.
The aforementioned rights may be exercised by making a request addressed without formalities to the Data Protection Officer (DPO) at dpo@adr.it.
The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected.
The Data Controller reserves the right to update this policy.
Date of last update August 2023
____________________________
[1] Personal data shall be understood under the GDPR as: “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
The GDPR defines special categories of personal data as those capable of revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, [..] genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation”.