PRIVACY POLICY
 
When is this Privacy Policy applicable?

This Privacy Policy sets out in what way the personal data will be processed in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR) (further: RODO). Privacy Policy refers to personal data which is processed during and in relation to our activity and airport management tasks. We declare that we attach particular importance and care to privacy protection of data accumulated about persons who we deal with, and in particular to information identifying a person (“personal data”).

Who processes your personal data?

The administrator of your personal data is ‘Polish Airports’ (“Porty lotnicze”) State Enterprise with its registered seat in Warsaw (00-906), at ul. Żwirki i Wigury 1, registered in the register of entrepreneurs maintained by the District Court for the Capital City of Warsaw, XIII Commercial Division of the National Court Register under KRS no. 0000008194,  NIP: 5250000239 (further: „we” or „PPL”). Our contact data are: e-mail: kontakt@polish-airports.com, phone: 22 650 11 11.

What are the contact data of our Personal Data Protection Inspector?

Our appointed personal data protection inspector can be contacted in cases regarding your personal data protection by means of the contact form on the website  www. Lotnisko-chopina.pl, by e-mail IODO@polish-airports.com, phone: 22 650 30 47 or in writing to our registered address indicated above.

How do we accumulate your personal data?

We accumulate personal data using various communication forms, depending on situations and needs. This may occur in particular in the following situations:
- during email or phone contact, while you use the contact form on our websites,
- while considering your individual case, for instance as a result of submitted motion, enquiry, claim, complaint, which may, for instance, refer to luggage control performed by our personnel,
 - during correspondence between us, for instance in order to consider your request, application, claim, while responding to your enquiry or request,
- during your visit at the Warsaw Chopin Airport or Zielona Góra-Babimost Airport, for instance your image registered by CCTV cameras located within the airport area,
- while using wireless connection in the Board seat in Warsaw, at ul. Komitetu Obrony Robotników 49, within the area of the Warsaw Chopin Airport or Zielona Góra-Babimost Airport,
- while viewing our website or websites of airports we manage, i.e.  the Warsaw Chopin Airport or Zielona Góra-Babimost Airport,
- while using services we provide and establishing a business relationship with us,
- while seeking employment with us.

Personal data which allow us to identify the specific person or contact this person are accumulated when they are provided willingly, as well as when the requirement of data provision is statutory, contractual or it is a condition necessary to conclude an agreement. For instance, we may accumulate such information to provide services to your benefit (e.g. provide trainings, rent premises, provide VIP Line services, parking services) or respond to questions and applications. In order to acquire the authorization to enter the restricted area of the airport, we need, among others, your ID or passport data.

In some situations, the obligation to provide specific data results directly from legal regulations, such as the act from 3 July 2002, Aviation Law and the regulation of the Minister of Transport, Construction and the Maritime Economy from 31 July 2012 regarding national civil aviation security programme. In case your personal data is not provided, we usually won’t be able to provide requested service or maintain business relations. We also accumulate data in the form of recordings of phone conversations, billings; we control the access to restricted zones. We also accumulate personal data when persons start relations with us, for instance when looking for a job, offering their services or becoming our clients or debtors.

Data accumulated by means of the website:

We also accumulate data by means of our websites.

By means of our website we can accumulate personal data when you ask us to place your data in our mailing list or when you place an enquiry by means of the contact form. Our website can accumulate general information, including the internet protocol address and the type of browser used to gain access. None of this information is used to identify an individual user. We use it to monitor and improve IT services. We can also use “cookies” (small files used to manage web viewing sessions), which may show us whether your device was used to visit our site earlier. Many web browsers allow controlling the method of using “cookies.” If the “cookies” are switched off, it may not be possible to use all functions of our website.

CCTV Monitoring

The area of airports we manage and the Board seat are subject to CCTV supervision, which allows us to record images in the form of a silhouette, image of persons, numbers of registration plates and vehicle make. The monitoring recordings are deleted automatically after 30 days from the day they are acquired, unless there is a specific reason to maintain them. For instance, law enforcement authorities may ask us to retain recordings showing the suspicion of committing the crime or causing an accident. If you use our parking services, we may accumulate data regarding your vehicle registration number.

Other methods of personal data accumulation

If you enter into an interaction with us by means of one of our social media, we can accumulate details of this interaction and the social media account or user name which is used.

More information about accumulation and usage of data by Facebook or Twitter and about privacy protection can be found on the websites below:

Data protection / advice about privacy issued by Facebook:https://www.facebook.com/policy.php
Data protection / advice about privacy issued by Twitter:https://twitter.com/privacy

Special information

We may accumulate information regarding your health when it is necessary to provide services such as wheelchair or if in the area of airports we manage an accident or an aviation incident occurred. Such data will only be accumulated subject to your approval. Before issuing the authorization to enter the restricted zones unescorted we may also accumulate special information, including information from criminal records.

Why do we process your personal data?

We process your personal data only for the reasons they were provided to us and with purposes directly related to our activity.
Main aims for which we can use your personal data are:

• to assure safety and security of airports we manage;
• to verify operational activities / operational correctness of airports we manage, which is based upon control whether the airports are used in way in accordance with the legal regulations,
• to implement the National Civil Aviation Security Programme and the National Quality Control Programme, which is equivalent to implementation of civil aviation security and ensuring that civil aviation protection regulations are adhered to effectively, which includes enabling authorized organs to execute the security audit and quality check with regards to civil aviation.
• to issue an entry pass, authorizations to enter restricted zones,
• to perform a contract, properly provide services and settle accounts,
• to organize and maintain the system of fire protection of airports we manage included in the national rescue system, prepare the action plan in emergency situations,
• to provide necessary medical support within the area of airports we manage - to consider and manage claims, complaints, requests and applications.

What is the legal basis for processing your personal data?


 


Your personal data, for the above purposes, may be processed on the basis of art. 6 clause 1:  a) i.e. your agreement, or b) i.e. the contractual agreements between us, or c) i.e. legal obligations we need to comply with, or f) our legally justified cause, such as, for instance, proper consideration of your claim,

or 9 clause 2 a) (i.e. your consent) the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (RODO).

Who can we disclose your personal data to?

Our data can be disclosed only to three groups of entities:

• persons authorized by us - our employees, co-workers who need access to the data to perform their professional duties,
• processing entities - who we request to perform activities requiring data processing, for instance our business partners, subcontractors, to whom we will have to disclose your data to properly consider your claim or complaints,
• entities entitled to receive data on the basis of currently binding law, such as courts or law enforcement authorities.

Do we send your personal data outside Europe?

We may transfer your personal information to other countries, including countries outside the European Economic Area (EEA), where the data protection regulations may differ from those binding in Poland. In case of transferring your personal data to countries outside the EEA we shall undertake adequate measures to cover your personal data with the same level of protection as set out in this privacy policy and RODO regulations.

How long are we going to process your personal data?

We store your personal data for the period necessary to execute goals set out in this privacy policy, unless a longer storage period is necessary or legally valid. We respect the principles and periods accepted by us in the personal data retention policy. The maximum period of storage may differ depending on the kind of data and the purpose of data processing.

What are your rights regarding your personal data?

In accordance with legal regulations in force, you have the right to access  and the right to rectify the data, to complete incomplete information, the right to erasure, the right to restrict processing, the right to data portability and the right to object to personal data processing. In case the request is explicitly unjustified or excessive, in particular due to its repetitive nature, we can charge a fee, taking into account administrative costs of disclosing the information, managing the communication or perform requested actions, or decline performing the actions.

If you want to exercise your rights, it is necessary to contact our personal data protection inspector, using the contact data above. In case it is found out that your personal data processing is not compliant with RODO regulations, you are also entitled to file a complaint to the Officer for the Personal Data Protection.

If the data processing is executed on the basis of your consent, you are entitled to withdraw the consent at any time. The withdrawal does not impact the compliance with the right of data processing which PPL performed before the consent was withdrawn.
Detailed information about your entitlements can be found here.

Is it obligatory to provide your personal data?

In most cases you are not obliged to provide us with your personal data. In some situations, the obligation to provide specific data results directly from legal regulations, such as the act from 3 July 2002, Aviation Law and the regulation of the Minister of Transport, Construction and the Maritime Economy from 31 July 2012 regarding national civil aviation security programme. The lack of providing the data may result in impossibility to conclude an agreement, ensure the proper level of services or to approve the application to issue an authorization or entry pass.

How do we secure your personal data?

We apply technical and organizational means to protect your personal data against accidental or intended loss, damage or access of unauthorized persons. In case of sending personal data, the information is transmitted in a deciphered form in order to prevent abuse by unauthorized persons. The security means we apply are updated regularly and adjusted to technological development.