Privacy Notice
PRIVACY NOTICE
AIA AirPortal Service - Web Content Display
Athens International Airport S.A. (AIA) acknowledges and respects the importance of your privacy. This Notice provides you with useful information on the purpose and the means of AIA’s data processing in compliance with applicable data protection legislation. AIA commits:
(i) to process the limited amount and type of personal data necessary for each defined process activity and required service;
(ii) not to process your personal data for purposes other than those disclosed to you herein;
(iii) to safeguard the integrity and confidentiality of your data whilst at our disposal.
To this effect, we wish to inform you on the following:
1. Data Controller
“Athens International Airport S.A.”, with corporate seat at Administration Building (B17), Spata Attica, postal code 190 19, is the Data Controller for this process, as defined in EU Regulation 2016/679 and holds all rights and obligations reserved for such capacity under the Law.
2. Data Protection Officer
For any query, or request, related to the processing of your personal data, you may contact AIA’s assigned Data Protection Officer, as follows:
a. Through AIA’s website:https://www.aia.gr/privacy
b. Through email at this mail address: privacy@aia.gr
c. By correspondence at the following postal address:
“Manager, Data Protection & Compliance Dept.”
Athens International Airport S.A.
Administration Building (B17)
190 19 Spata, Attica”
3. Type of personal data processed
As integral part for the provision of connection to AirPortal service, the system automatically manages your connected device(s) with the respective identification & logging process of airport companies' employees having access to the following applications (user accounts may be impersonal for shift positions):
3.1 Onelogin Single Sign On (SSO):1. First Name, 2. Last Name, 3. Email address on the athensairport.gr domain, 4. Personal email address used to send the invitation for first-time sign in (password setting & answering security questions), 5. Onelogin logs the IP address used by the user when accessing the application
3.2 Google GMail: 1. First Name, 2. Last Name, 3. Email address on the athensairport.gr domain, 4. Google logs the IP address used by the user when accessing the application 5. Email Subject, timestamp and recipient/sender of e-mail messages and involved mail servers IPs
3.3 Airportal: 1. First Name, 2. Last Name, 3. IP Address, 4. Airportal access (login/logout) timestamps
Purpose / legal basis on which your data are being processed
Your personal data are processed in order to provide you access to AirPortal Service:
- Access (authentication/authorization) on Gmail/G-Suite application and the provision of the Mail service
- Access (authentication/authorization) on the applications that use OneLogin for SSO.
Such processing follows the respective legal and regulatory framework:
- National Information Security Regulation No 165 by ADAE
- Law 3917/2011 (Art.6 regulating retention of electronic communication data affecting the Gmail service.
4. Third party processing – transfer of personal data
Data regarding the connection to the AirPortal service through OneLogin SSO and Google Gmail may also be processed by DoIT Hellas SA as the integrator for the Extranet Gmail/Gsuite and OneLogin SSO applications which provides the solution support & maintenance for AIA.
- The link of the OneLogin privacy notice is shown below:
https://www.onelogin.com/privacy - The link of the Google privacy notice is shown below:
https://policies.google.com/privacy
Such data may be transferred to a non-European Economic Area (EEA) located entity or processor under Google’s EU model contract clauses for G Suite and OneLogin Data Processing Amendment.
Printec S.A. authorized personnel also processes, on behalf of AIA, Gmail data through the management of the related search data logs archiving process.
5. Personal Data Retention Period
Airportal, Google and OneLogin cookies are always stored only in the user's device browser.
OneLogin SSO logs the IP address (section 3.1 item 5 above) used by the user when accessing the OneLogin application with a retention period for the lifespan of AIA's subscription to the Onelogin SSO service
Google logs the IP address (section 3.2 item 4 above) used by the user when accessing the Google (Gmail, etc) applications with a retention period of 6 months
Retention period of Google Gmail search data logs (section 3.2 item 5 above) is set to at least 12 months pursuant to Law 3917/2011 (automated retention period is 30 days, manual archiving extends the retentions period to at least 12 months).
The remaining personal data is stored for the period that the user's account exists in the systems.
6. Your rights to access and manage your personal data
Personal data legislation in force gives you the right to be able to affirm that your personal data is being processed lawfully (“subject access rights”). You have the following rights:
- Right to access the data kept by AIA
- Right to request the rectification of inaccurate data
- Right to request the erasure of your data
- Right to object the processing of your personal data
- Right to restrict the processing of your personal data, under specific conditions
- Right to request the transfer of the data kept by AIA to any other data controller without undue hindrance (Right to portability)
Any such request must be made following communication with our Authorized Representatives, indicated under para. (1) above, or through the office of our Data Protection Officer indicated above under para. (2) above.
Note: The exercise of any of your above rights is subject to applicable regulatory, or operational restrictions
7. Right to lodge a complaint with the competent Data Protection Authority:
You are hereby informed of your right to lodge a complaint against AIA, as regard to the processing of your personal data before the competent Hellenic Data Protection Authority (DPA) at their website “www.dpa.gr” or any other co-competent Authority as per GDPR.