Content

Pursuant to Regulation EU 2016/679 on the protection of natural persons with regard to the processing of personal data.

Processing of data relating to legal entities does not fall within the scope of the data protection rules of the Regulation. For the purposes of clarity and transparency towards its suppliers, Toscana Aeroporti S.p.A. also provides this policy to legal entities, describing the methods and purposes of all processing operations that the company performs or is entitled to perform on personal data. In fact, data of natural persons (employees, partners, collaborators) of customer companies and suppliers may be processed within the framework of professional relationships by our data processors.

Introduction

Pursuant to Article 13 of Regulation EU 2016/679, Toscana Aeroporti S.p.A. (hereinafter ‘the Company’), with registered office in Via del Termine 11, Florence, which may be contacted to exercise the rights granted under applicable legislation either at the registered office address or via email at privacy@toscana-aeroporti.com, data controller responsible for processing the data previously provided, as well as any data that may be provided in the future and from which personal information is or may be collected, hereby informs you that your data may be processed, in compliance with the applicable legislation, by the Company in connection with the contractual relationships established with you or that may be established in the future.


1) Source of personal data

Personal data, already acquired or which will be acquired, in connection with the contractual relationship, are collected directly from the person concerned. All the personal data collected are processed in compliance with current legislation and, in any case, with all due confidentiality.


2) Nature of the collection

For the stipulation and performance of the contractual relationship, the collection of personal data is also mandatory, as it is necessary to fulfil legal and tax obligations; failure to provide such data will prevent the initiation of any relationship with the Company. The relevant processing does not require the consent of the data subject.

3) Purpose of the processing and legal basis for the processing

The collection and processing of personal data are solely intended to ensure the proper execution of activities related to the Company’s business operations, and specifically for the following purposes:

  1. the performance of pre-contractual activities and acquisition of preliminary information for the purpose of stipulating the contract;
  2. the handling of the contractual relationship and all the administrative, operational, management and accounting activities concerning the contract (order management, billing, checks on supplier reliability);
  3. the handling of litigation, contractual violations, injunctions, settlements, arbitrations, judicial disputes;
  4. the fulfilment of the obligations required by law, regulations, community legislation and provisions issued by authorities.

The processing is carried out in order to fulfil the contractual/pre-contractual and legal obligations related to your relationship with the Company.

4) Nature of the provision and consequences for refusal

The provision of personal data to the Company is mandatory only when required by legal or contractual obligations, or when necessary to obtain pre-contractual information requested by the data subject. In the event of a refusal to provide these ‘mandatory’ personal data, it may not be possible to perform the contract. Refusing to provide personal data that is not mandatory but essential for fulfilling contractual obligations will generally not affect existing relationships. However, it may prevent certain operations related to that data or the establishment of new relationships. Refusing to provide personal data on the performance of additional activities, that do not strictly affect the fulfilment of contractual obligations, may only prevent the performance of these additional activities without other consequences.

5) Processing method

The data processing method will be carried out in a lawful and correct manner, in compliance with the above-mentioned regulation, using suitable tools to guarantee their security and confidentiality. It may also be carried out using IT tools for storing, managing and transmitting said data.
The processing will primarily be carried out by the company’s internal organisation under the direction and control of the relevant company departments and for the purposes indicated above, also by group companies or third parties, as identified in point 8 below.
Data will be stored in a manner that allows the identification of the data subject only for as long as necessary to fulfil the purposes for which it was collected and processed.

6) Duration of the processing

Personal data will be retained only for as long as is strictly necessary to fulfil the contractual relationship and, subsequently, to comply with any legal obligations related to or arising from the contract you have entered into with the Company.

7) Recipients of the personal data

Without prejudice to disclosures required by law, regulation, or EU legislation, as well as intra-group communications, your personal data may be shared, whether by access or availability, with the following parties:

  1. entities, supervisory bodies, authorities or public institutions;
  2. subsidiaries or affiliates of our Company, located in Italy or abroad;
  3. natural persons or legal entities providing specific services: data processing, logistics and postal services, customer satisfaction surveys, legal, administrative, tax and/or accounting consultancy, organisation of trade fairs and communication events;
  4. commercial intermediaries, banks and credit institutions, financial intermediaries, natural persons or legal entities in charge of credit recovery, auditing and/or certification of financial statements and quality systems, independent collaborators of the Company, agents and business introducers, insurers and brokers;
  5. natural persons and/or legal entities requesting references/data for the purpose of participating in public tenders, or in the context of the execution of supply contracts with their customers by Toscana Aeroporti S.p.A.

The parties under points a), d) and e) act as autonomous data controllers.

We assure you, however, that only personal data that are necessary and relevant to the purposes of the processing will be shared with the aforementioned parties, unless the data are provided in an aggregated and anonymous form.
The list of third parties will be constantly updated and accessible to you upon request to the Company. Due to the existence of connections via electronic, IT, or correspondence methods, personal data may be transferred abroad, including to countries outside the EU, provided that appropriate authorisations are in place or based on standard contractual clauses.
Personal data will not, however, be disseminated.

8) Data subject’s rights

This is without prejudice to your right to exercise the rights of access to your personal data included in Article 15 of EU Regulation 2016/679 and the rights included in Articles 16, 17, 18, 21 of EU Regulation 2016/679 regarding rectification, erasure, restriction of processing and the right to object, as set out in Article 12 of EU Regulation 2016/679. The Data Protection Officer (DPO) can be contacted at the company’s head office and at the email address: privacy@toscana-aeroporti.com.

9) Right to lodge a complaint pursuant to Article 77 of the EU Regulation with the Supervisory Authority

If our Company does not provide you with feedback within the timeframes laid down by the regulation or you deem the response to the exercise your rights to be inadequate, you can lodge a complaint with the Supervisory Authority for the protection of personal data.


Contact details:
Supervisory Authority for the protection of personal data
www.garanteprivacy.it
Email: garante@gpdp.it 
Fax: +39 06 696773785
Telephone switchboard: +39 06 696771

Ordinamento
1