Social Media Privacy Policy

Pursuant to Regulation (EU) 2016/679 (hereinafter the "Regulation"), this page describes how Aeroporti di Roma processes the personal data of users consulting/interacting with Aeroporti di Roma on social media channels and instant messaging services used for institutional communication purposes:

• LinkedIn 
• Facebook 
• Instagram 
• Twitter 
• YouTube 
• Spotify 
• WeChat

1. DATA CONTROLLER

Aeroporti di Roma S.p.A. (hereinafter also referred to as "ADR" or "the Holder") with registered office in via Pier Paolo Racchetti 1 - 00054 Fiumicino (Rome).

2. DATA PROTECTION OFFICER

ADR has appointed a Data Protection Officer. The contact details of the Data Protection Officer are available at www.adr.it.

3. PURPOSE AND LEGAL BASIS OF THE PROCESSING

The policies defined by the network operators (e.g.  LinkedIn, Facebook, Instagram, Twitter, YouTube, Spotify, WeChat), who act as data controllers in accordance with Articles 4 and 24, GDPR, govern the logics of registration and use of social media.

At the same time, this notice concerns the personal data processing activities carried out by Aeroporti di Roma when using social channels. In particular, Aeroporti di Roma processes the personal data provided by users through the pages of social media platforms/instant messaging services, within the scope of its own institutional purposes, exclusively to manage interactions with users (comments, public posts, requests for information, etc.) and in compliance with current legislation.

Aeroporti di Roma processes the data provided by users for the pursuit of the above-mentioned purpose pursuant to art. 6, letter b, GDPR, in order to provide a service to users (e.g. ensuring the user can follow Aeroporti di Roma channels and be updated on the activities/initiatives published, guaranteeing the user the execution of any requests, providing answers to requests for information received from the user) as well as for its own institutional purposes.

The provision of data is necessary for the pursuit of the above-mentioned purpose; in the event of a refusal to process the data, it will not be possible to guarantee the user the above-mentioned.

4. TYPES OF DATA PROCESSED

The data processed by Aeroporti di Roma S.p.A. include personal information such as those shared optionally, explicitly and voluntarily in messages to Aeroporti di Roma addresses/chats/social pages and in general on social networks. Private messages sent by users to institutional social media profiles/pages (where this possibility is provided for) entail the acquisition of the sender's contact data (i.e. data relating to the user's personal social profile), which are necessary to reply, as well as any personal data voluntarily included in the communication.

With regard to the processing of personal data carried out by the managers of social media platforms/instant messaging services used by Aeroporti di Roma, please refer to the information provided by the managers through their respective privacy policies.

5. PROCESSING METHODS

The data are processed in compliance with the regulations in force by means of IT and electronic tools, with logic strictly associated with the purposes specified, in order to guarantee the security and confidentiality of the data.

6. DATA RETENTION PERIOD

Please refer to what is defined by the operators of the social media/instant messaging services and the information provided by them through their respective privacy policies.

7. DATA RECIPIENTS

Within ADR S.p.A., only the subjects appointed by the Data Controller and authorised to carry out processing operations on the activities above may become aware of the personal data you have provided. Moreover, your data may only be processed by third party companies to which ADR may entrust specific activities and services related to the management of its social media channels.

The data may be communicated to the competent public authorities in fulfilment of legal obligations.

In any case, your personal data will not be disseminated.

8. NON-EU DATA TRANSFER

Please refer to what is defined by the operators of the social media/instant messaging services and the information provided by them through their respective privacy policies.

9. RIGHTS OF THE DATA SUBJECTS

Lastly, please be informed that Articles 15-22 of the GDPR ggive data subjects the possibility to exercise specific rights under certain conditions; data subjects can obtain, from the Data Controller: access, rectification, deleting, limitation of processing, withdrawal of consent as well as the portability of data concerning them.

Data subjects also have the right to object to the processing. In the event that the right to object is exercised, the Data Controller reserves the right not to proceed with the request and, therefore, to continue the processing, in the event that there are compelling legitimate reasons to proceed with the processing that prevail over the interests, rights and freedom of the data subject.

The above rights may be exercised without formalities by making a request to the Data Protection Officer (DPO) at the following address dpo@adr.it.

It is understood that with regard to the exercise of rights by data subjects vis-à-vis the operators of social media/instant messaging services, reference should be made to the provisions defined by the operators and the information provided by the latter through their respective privacy policies.

The data subjects right to file a complaint with the Italian Data Protection Authority pursuant to Article 77, GDPR remains unaffected.

The Data Controller reserves the right to update this policy.