Alitalia – Società Aerea Italiana S.p.A. in extraordinary administration wishes to inform you, pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and Council concerning the protection of individuals with regard to the processing of personal data (hereafter “European Regulation”), that it needs to process your personal data that has been collected automatically or provided by you through navigation or use of the website https://www.amministrazionestraordinariaalitaliasairefunds.com/ (hereinafter “Website”)

 

1. THE DATA CONTROLLER
2. DATA PROTECTION OFFICER
3. DEFINITION AND TYPE OF PERSONAL DATA PROCESSED
4. PURPOSE OF THE PROCESSING AND LEGAL BASIS
   
5. PERSONAL DATA STORAGE PERIOD
   
6. CATEGORIES OF SUBJECTS RECEIVING THE DATA
7. TRANSFER OF PERSONAL DATA TO THIRD-PARTY COUNTRIES AND FOR IMMIGRATION CONTROL AND COUNTER-TERRORISM
8. NATURE OF THE CONFERMENT
9. RIGHTS OF THE PARTY CONCERNED

 

1.     DATA CONTROLLER

The Data Controller is Alitalia – Società Aerea Italiana S.p.A. in extraordinary administration, in the person of its legal representative, domiciled at the registered office in Piazza Almerico da Schio n 3, Bravo Building, 00054 Fiumicino (RM)(hereinafter referred to as “Alitalia in e.a.” or “Data Controller”).

2.     DATA PROTECTION OFFICER

Considering the data processing activities performed by Alitalia in e.a., the Data Controller has deemed it necessary to appoint, pursuant to art. 37 of the European Regulation, a Data Protection Officer who you may contact at the following address: Alitalia - Società Aerea Italiana S.p.A. in amministrazione straordinaria, Data Protection Officer, Piazza Almerico da Schio n 3, Bravo Building, 00054 Fiumicino (RM), or by sending an email to the address dpo@amministrazionestraordinariaalitaliasai.com.

 

3.      DEFINITION AND TYPE OF PERSONAL DATA PROCESSED

To allow you to use any services related to the refund of Alitalia in e.a. air tickets and voucher refunds and complaint management, the Data Controller needs to know and process some of your personal data.

The term "personal data" designates information that concerns a natural person who is either identified or identifiable, such as, for example, name, contact information and/or data related to the booking.

In order to manage the above-mentioned service, the data processed will be first name, last name, telephone number, email address, information about the journey purchased, and payment-related details, copy of an identity document, bank details. In order to provide the above services, the data processed will be name, surname, telephone number, e-mail address, information relating to the trip purchased, and data relating to payment, copy of an identity document, bank details.

As far as data that are processed to merely browse the Website, the dedicated informative notice on “cookies” are specified below.

Browsing data

The IT systems and software procedures that carry out Alitalia in e.a. operations do not acquire, during their normal performance, personal data whose transmission is implicit when Web communication protocols are used.

 

Cookie Policy

Please find below the type of cookies used on this Website.

 

Technical cookies

This Website makes only use of the so-called “technical cookies”, small rows of text containing a certain quantity of information that is exchanged between the Website and its terminal (or between the browser and its terminal) to ensure correct function and use of the Website.
No profiling cookies are collected.

Customer Center

Telephone calls made from the Customer Centre of Alitalia in e.a. may involve the processing of the user's personal data in order to provide the services requested by the user, such as, but not limited to: refunds, after-sales assistance, flight certificates. Finalization of electronic transactions may also entail acquisition of the client's credit card details, which will be processed with all the necessary precautions established by the legislation for this sector. Alitalia in e.a. may also make use of third-party call centres that operate as Data Manager on behalf of the Data Controller, always in total compliance with the privacy policy and with a dedicated service agreement, pursuant to art. 28 of the European Regulation. In case third-party call centres process data for which Alitalia in e.a. is the Data Controller outside the EU, Alitalia in e.a. requires its suppliers to comply with the warrantees laid down by art. 46 of the European Regulation, when making use of foreign call centres based outside the European Union, in compliance with the legislation in force, Alitalia in e.a. will inform its clients about the foreign country where the operator is physically located, offering its clients/users the option of requesting that the service be rendered by an operator located in the user's country.

4.       PURPOSE OF DATA PROCESSING AND LEGAL BASIS

The personal data held by the Data Controller are exclusively those provided by you when browsing and/or when using our services.  Therefore, the personal data will be processed to enable the use of our refunds and complaints service.

In order to allow you to access services related to the refunds of air transport tickets issued by Alitalia in e.a. and vouchers, as well as for the management of complaints, the Data Controller needs to collect and process certain personal data of yours, as specified in the previous paragraph 3.

Such data are necessary to process ticket or voucher refunds, handle complaints, or provide post-sale assistance. The processing of personal data is required to comply with legal obligations incumbent upon Alitalia in e.a.

5.      PERSONAL DATA STORAGE PERIOD

The Data Controller commits from this moment and in any case to process your personal data in compliance with the principles of appropriateness, relevance and minimization of data, as required by the European Regulation, regularly verifying the need to store them. Hence, once the purposes for which they were collected and processed have been achieved, we shall remove them from our systems and logs and/or we shall adopt the appropriate measures required to ensure their anonymity in order to prevent your identification.

This will be applied unless we need to maintain said data to fulfil legal obligations or to ascertain, exercise or defend our rights during legal proceedings.

In this regard, please note that your personal data collected for the management of the refund service will be retained for 10 years, specifically to ascertain, exercise, or defend our rights in legal proceedings and to allow accounting, tax, and other regulatory audits conducted by supervisory bodies overseeing the activities of Alitalia in e.a.

6. CATEGORIES OF DATA SUBJECT

The data processed will not be disclosed to third parties.  However, they may become aware of your data, in relation to the processing purposes previously set out:

•        Our employees, provided that they are previously designated as Data Coordinator, System Administrator, or as a person acting under the authority of the Data Controller or the Data Processor, provided that they are previously instructed to do so by the Data Controller;
•        Third parties such as law firms and public authorities to which we turn to ensure that the stipulated contract is respected or applied and to safeguard all our other legitimate interests;
•        Third parties such as police and national authorities to protect our rights, property or safety of you, staff and our assets and resources;
•        Public authorities and law enforcement agencies following a validly made request;
•        Persons who carry out, in complete autonomy, as separate Data Controllers, or as Data Processors appointed by Alitalia in e.a. for this purpose, companies that offer IT infrastructures and IT assistance and consultancy services, including those who provide and manage customer service. Any communication of personal data will take place in full compliance with the legal provisions of the European Regulation and the technical and organizational measures prepared by the Data Controller in order to ensure an adequate level of security.

 

7.      TRANSFER OF PERSONAL DATA TO THIRD-PARTY COUNTRIES AND FOR IMMIGRATION CONTROL AND COUNTER-TERRORISM

Alitalia in e.a. has ceased flight operations but may receive requests for information from the police and/or immigration authorities.

In case of trasfer of personal data of the parties outside the European Union, we commit to:

•       include standard data protection contractual clauses approved by the European Commission for the transfer of personal information outside the EEA in our contracts with those third parties (these are clauses approved under Article 46.2 of the General Data Protection Regulation ("GDPR"); or
•       ensure that the country where the personal information will be managed is deemed “appropriate” by the European Commission, pursuant to art. 45 of the GDPR; or
•       (if applicable, in the event that we transfer the personal information of the interested parties to a recipient in the United States) make sure that the recipient is part of the Data Privacy Framework, which requires that such recipient to provide protection similar to any personal information shared between Europe and the United States.

For more information on data transfer rules outside the EEA, including the mechanisms on which we rely, please see the European Commission's website here.

 

8.      NATURE OF THE CONFERMENT

The conferment of your personal data for the purposes stated in sections 4 is mandatory because your refusal, if any, to provide the personal data requested would make it impossible for Alitalia in e.a. to provide the requested service.

 

9.  THE RIGHTS OF THE PARTY CONCERNED
Regarding the processing of your personal data, pursuant to the European Regulation, the party concerned is entitled to:

•        Ask the Data Controller access to personal data, as established by art. 15 of the European Regulation
•       Obtain, from the Data Controller, the correction and integration of personal data that is deemed inaccurate, even providing a simple integrative statement, as established by art. 16 of the European Regulation;
•        Obtain, from the Data Controller, the deletion of personal data if even just one of the reasons established by art. 17 of the European Regulation is present, for all further data processing that might not be necessary to execute the service agreement,
•        Obtain from the Data Controller the limitation of personal data processing, if even one of the cases theorized in art. 18 of the European Regulation is present, for all further data processing that might not be necessary to execute the service agreement
•        Receive, from the Data Controller, the personal data that concern you, in a structured format widely used and legible by an automatic device; you are entitled to transmit these
         data to another Data Controller, as established by art. 20 of the European Regulation
•        Object at any moment, for reasons associated with your particular situation, to the processing of personal data carried out in compliance with art. 6, section 1, letters e) or f), including profiling based on these provisions, as established by art. 21 of the European Regulation
•        Not to be subjected to decisions solely based on automated data processing, including profiling, which produce legal effects concerning you, unless you have previously and explicitly consented, as established by art. 22 of the European Regulation; by way of a non-exhaustive example, this category includes any form of automated personal data processing intended to either analyze or foresee aspects that concern consumption and purchase choices, the economic situation, interests, reliability and behavior;
•       Submit a complaint to the control authorities if you deem that the processing of your data violates the European Regulation. The complaint can be submitted in the Member State where you habitually reside or work or in the place where a presumed violation occurred, as established by art. 77 of the European Regulation.
  
  

To exercise each of your rights, you may contact the Data Controller, in the person of the legal representative, by contacting the registered office at Piazza Almerico da Schio n 3, Bravo Building, 00054 Fiumicino (RM) or by sending an email to SegreteriaAmministrazioneStraordinaria@amministrazionestraordinariaalitaliasai.com.

Alternatively, you can contact the Data Protection Officer by sending a communication to Alitalia Società Aerea Italiana S.p.A. in amministrazione straordinaria, Data Protection Officer, Piazza Almerico da Schio no. 3, Bravo Building, 00054 Fiumicino (RM), or by sending an email to: dpo@amministrazionestraordinariaalitaliasai.com