privacy notice

AIA AirPortal Service - Web Content Display
 

Athens International Airport S.A. (AIA) acknowledges and respects the importance of data privacy, in compliance with the provisions of the General Data Protection Regulation 679/2016. AIA commits:
(i) to process the limited amount and type of personal data necessary for the service provision;
(ii) not to process your personal data for additional purposes;
(iii) to safeguard the integrity and confidentiality of your data whilst at our disposal.

1. Data Controller: “Athens International Airport S.A. (AIA)”, is the Data Controller holding all rights and obligations reserved for such capacity under the Law. AIA's assigned representative, accountable for the subject data processing may be contacted at the email address: AIAExtranet@aia.gr .

2. Data Protection Officer: For any query, or request, related to the processing activity, you may contact AIA’s Data Protection Officer through:

• AIA’s website: https://www.aia.gr/privacy ,
• email at privacy@aia.gr, or
• by correspondence at the following postal address:                   

         Manager, Data Protection & Compliance Dept.
         Athens International Airport S.A.- Administration Building (B17)
         190 19 Spata, Attica, GREECE

3. Purpose / Legal basis for processing: Personal data are processed to provide access to subject services. In particular:

• Access (authentication/authorization) on Gmail/G-Suite application and the provision of the Mail service.
• Access (authentication/authorization) on the applications that use OneLogin SSO.
• Emai addresses as to notify on updates or other information uploaded on AirPortal.

Data processing is necessary for the purposes of AIA's legitimate interest to effectively communicate and network with Airport Community stakeholders, in compliance with the legal and regulatory framework of electronic communications:

• National Information Security Regulation No 165 by ADAE
• Law 3917/2011 (art.6).

4. Type of personal data: Connected devices are automatically managed with the respective identification and logging process, for Airport Community stakeholders having access to the following applications (user accounts may be impersonal for shift positions):

• For Onelogin SSO: First and last name, email address on the athensairport.gr domain, personal email address used to send the invitation for first-time sign in (password setting & answering security questions), IP address when accessing the application.
• For Google GMail: First and last name, email address on the athensairport.gr domain, IP address when accessing the application, email subject, timestamp and recipient/sender of e-mail messages and involved mail servers IPs.
• For Airportal Service: First and last, IP address, Airportal access (login/logout) timestamps.

5. Third party processing: Personal data are processed, on behalf of AIA, by the companies: 

• “DoIT Hellas S.A.” as the integrator for the Extranet Gmail/Gsuite and OneLogin SSO applications provides solution support & maintenance for AirPortal Service.
• “Printec S.A.” manages the related search Gmail data logs archiving process. 

Data may be transferred to a non-European Economic Area (EEA) located entity or processor under Google’s EU model contract clauses for G Suite and OneLogin Data Processing Amendment (OneLogin privacy notice: https://www.onelogin.com/privacy & Google privacy notice: https://policies.google.com/privacy).

6. Data Retention: AirPortal, Google and OneLogin cookies are always stored only on the user's device browser. 

• OneLogin SSO logs the IP address are retained for the lifespan of AIA's subscription to the Onelogin SSO Service.
• Google logs the IP address are retained for 6 months.
• Google Gmail search data logs is set to at least 12 months pursuant to Law 3917/2011.
• Remaining personal data is retained for the period that the user's account exists in the applications.

7. Data subject rights: Data legislation provides for the right to be able to affirm that your personal data is being processed lawfully and furthermore to:
(i) access your data,
(ii) request the rectification of inaccurate data,
(iii) request the data deletion and
(iv) request the restriction of processing. Any request must be addressed to AIA’s Data Protection Officer.

The exercise of any of the above rights is subject to applicable regulatory, or operational restrictions.

If you consider that AIA infringes the law provisions for the protection of your personal data, you may communicate with Hellenic Data Protection Authority (www.dpa.gr), or order a judicial remedy.