Alitalia – Società Aerea Italiana S.p.A. in extraordinary administration wishes to inform you, pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and Council concerning the protection of individuals with regard to the processing of personal data (hereafter “European Regulation”), that it needs to process your personal data that has been collected automatically or provided by you through navigation or use of the website (hereinafter “Website”)




The Data Controller is Alitalia – Società Aerea Italiana S.p.A. in amministrazione straordinaria, in the person of its legal representative, domiciled at the registered office in Piazza Almerico da Schio n 3, Palazzina Bravo, 00054 Fiumicino (RM)(hereinafter referred to as “Alitalia in a.s.” or “Data Controller”).


Considering the data processing activities performed by Alitalia in a.s., the Data Controller has deemed it necessary to appoint, pursuant to art. 37 of the European Regulation, a Data Manager who you may contact at the following address: Alitalia - Società Aerea Italiana S.p.A. in amministrazione straordinaria, Data Protection Officer, Piazza Almerico da Schio n 3, Palazzina Bravo, 00054 Fiumicino (RM), or by sending an email to the address



To allow you to use any services related to ticket and voucher refunds, or to any after sales support, the Data Controller needs to know and process some of your personal data.

The term "personal data" designates information that concerns a natural person who is either identified or identifiable, such as, for example, name, contact information and/or data related to the booking.

In order to manage the above-mentioned service, the data processed will be first name, last name, telephone number, email address, information about the journey purchased, including any special care required or preferences regarding meals and payment-related details. 


As far as data that are processed to merely browse the Website, the dedicated informative notice on “cookies” are specified below.

Browsing data

The IT systems and software procedures that carry out Alitalia in a.s. operations acquire, during their normal performance, some personal data, whose transmission is implicit when Web communication protocols are used.


Cookie Policy

Please find below the type of cookies used on this Website and how you can easily choose if and how your personal data will be processed by this type of technological solutions.


Technical cookies

This Website makes use of the so-called “technical cookies”, small rows of text containing a certain quantity of information that is exchanged between the Website and its terminal (or between the browser and its terminal) to ensure correct function and use of the Website.


Analytical Cookies

This Website uses the so-called “analytical cookies”, which are created and placed at the disposal of third parties, precisely Google Analytics and Adobe Analytics. They aim to ensure internal statistical analyses of access to improve the Website and make it easier to use it, and also to monitor its correct function. The Data Controller has, anyhow, adopted the most suitable tools to minimize the identification functions of these cookies. Google Analytics has published its cookie policy here. Adobe Analytics has published its list of cookies here.

List of analytical cookies……


Profiling Cookies

This Website uses the so-called “profiling cookies”. These cookies are not essential but they help us customize and improve your experience of the Website. For instance, they help us show you the departure airport that is closest to your location, or tell us about your purchase preferences and help us remember them. They also enable us to show you relevant and customized advertisements. Furthermore, they allow us to limit the number of times an advertisement is displayed, gauge the efficacy of the advertising campaign, remember your visit and share the data collected with third parties, such as our advertisers.


Hence, the removal of these cookies does not impair general use of the Website, but it might limit some functions.

List of profiling cookies……


Third party cookies

Even third parties can install cookies on your device. We cannot control the use of cookies on the part of third parties and, therefore, we are not responsible for their use. Third parties have their own privacy policies and data collection methods. The policies can be consulted at the following links:


List of third-party cookies………;dc_…




Phone calls to Call Center numbers might entail processing of the user's personal data to provide the services requested, such as refunds, claims and post sales support.  Finalization of electronic transactions may also entail acquisition of the client's credit card details, which will be processed with all the necessary precautions established by the legislation for this sector. Alitalia in a.s. may also make use of third party call centers that operate as Data Manager on behalf of the Data Controller, always in total compliance with the privacy policy and with a dedicated service agreement, pursuant to art. 28 of the European Regulation.


In case third party call centers process data for which Alitalia in a.s. is the Data Controller outside the EU, Alitalia in a.s. requires its suppliers to comply with the warrantees laid down by art. 46 of the European Regulation.


When making use of foreign call centers based outside the European Union, in compliance with the legislation in force, Alitalia in a.s. will inform its clients about the foreign country where the operator is physically located, offering its clients/users the option of requesting that the service be rendered by an operator located in the user's country.



The personal data held by the Data Controller are exclusively those provided by you when browsing and/or when using our services.  Therefore, the personal data will be processed to: 


A) Allow you to use our refund, claim and after sales service;


In consideration of the choice to use the services provided, the legal basis on which the processing of your personal data is based may be that:

The data provided is necessary to make reservations and purchase one or more airline tickets;

-          The data provided is necessary to be able to guarantee the applicable air transport contracts according to travel destinations;

-          The processing of personal data is necessary to process ticket o voucher refunds, manage claims or after sales support;


Personal data may be processed both by means of IT tools or on paper.


J) Ensure the protection of public health and safety


  •  Legal basis:

    - data processing is necessary for reasons of public interest in the public health sector, such as protection from serious cross-border threats to health.


The Data Controller plans on storing personal data for a period of time that does not exceed the time required to pursue the purposes for which the data were collected and processed.

Regarding other personal data, since we cannot precisely define the storage period of your personal data, the Data Controller commits from this moment to process your personal data in compliance with the principles of appropriateness, relevance and minimization of data, as required by the European Regulation, regularly verifying the need to store them. Hence, once the purposes for which they were collected and processed have been achieved, we shall remove them from our systems and logs and/or we shall adopt the appropriate measures required to ensure their anonymity in order to prevent your identification.

This will be applied unless we need to maintain said data to fulfill legal obligations or to ascertain, exercise or defend our rights during legal proceedings.



The data processed will not be disclosed to third parties.  However, they may become aware of your data, in relation to the processing purposes previously set out:

  •        Health and public health control authorities of any country on your itinerary, including stopovers and countries that you fly over;
  •        Subjects who can access the data pursuant to the provisions of the law provided for by European Union law or by that of the Member State to which the Data Controller is                 subject, including the Central Directorate of Immigration and the Border Police;
  •        Our employees are designated as Processing Coordinators, System Administrators, or as a person acting under the authority of the Data Controller or the Data Processor,                   provided that they have been previously trained in this sense by the Data Controller;
  •        Banks and payment companies, as well as service providers for anti-fraud control connected to the payment process and (where necessary) activation of the anti-fraud control           procedure;
  •        Third parties such as law firms and public authorities to which we turn to ensure that the stipulated contract is respected or applied and to safeguard all our other legitimate               interests;
  •        Third parties such as police and national authorities to protect our rights, property or safety of you, staff and our assets and resources;
  •        Public authorities and law enforcement agencies, for example customs and immigration authorities, following a validly made request;
  •        Persons who carry out, in complete autonomy, as separate Data Controllers, or as Data Processors appointed by Alitalia in a.s. for this purpose, companies that offer IT infrastructures         and IT assistance and consultancy services, including those who provide and manage customer service.
           Any communication of personal data will take place in full compliance with the legal provisions of the European Regulation and the technical and organizational measures                   prepared by the Data Controller in order to ensure an adequate level of security.



Alitalia in a.s. has ceased flight operations but may receive requests from authorities or immigration control bodies.

In case of trasfer of personal data of the parties outside the European Union, we commit to:    

  •       include standard data protection contractual clauses approved by the European Commission for the transfer of personal information outside the EEA in our contracts with those        third parties (these are clauses approved under Article 46.2 of the General Data Protection Regulation ("GDPR"); or
  •       ensure that the country where the personal information will be managed is deemed “appropriate” by the European Commission, pursuant to art. 45 of the GDPR; or
  •       (in the event that we transfer the personal information of the interested parties to a recipient in the United States) make sure that the recipient is part of the Privacy Shield,                which requires that recipient to provide protection similar to any personal information shared between Europe and the United States.

           For more information on data transfer rules outside the EEA, including the mechanisms on which we rely, please see the European Commission's website here.



The conferment of your personal data for the purposes stated in sections 4.A is mandatory because your refusal, if any, to provide the personal data requested would make it impossible for Alitalia in a.s. to provide the requested service.



Regarding the processing of your personal data, pursuant to the European Regulation, the party concerned is entitled to:

  •        Withdraw consent to data processing, at any time, for all further data processing procedures that are not necessary to execute the service agreement; however, it must be said           that withdrawal of consent does not constitute a bias to the lawfulness of data processed based on consent provided prior to withdrawal of the consent itself, as                                   established by art. 7, section 3, of the European Regulation
  •        Ask the Data Controller access to personal data, as established by art. 15 of the European Regulation
  •       Obtain, from the Data Controller, the correction and integration of personal data that is deemed inaccurate, even providing a simple integrative statement, as established by art.         16 of the European Regulation;
  •        Obtain, from the Data Controller, the deletion of personal data if even just one of the reasons established by art. 17 of the European Regulation is present, for all further data             processing that might not be necessary to execute the service agreement,
  •        Obtain from the Data Controller the limitation of personal data processing, if even one of the cases theorized in art. 18 of the European Regulation is present, for all further                data processing that might not be necessary to execute the service agreement
  •        Receive, from the Data Controller, the personal data that concern you, in a structured format widely used and legible by an automatic device; you are entitled to transmit these
           data to another Data Controller, as established by art. 20 of the European Regulation
  •        Object at any moment, for reasons associated with your particular situation, to the processing of personal data carried out in compliance with art. 6, section 1, letters e) or f),              including profiling based on these provisions, as established by art. 21 of the European Regulation
  •        Not to be subjected to decisions solely based on automated data processing, including profiling, that will have legal repercussions for you, if you have not consented explicitly in         advance, as established by art. 22 of the European Regulation; by way of a non-exhaustive example, this category includes any form of automated personal data processing                 intended to either analyze or foresee aspects that concern consumption and purchase choices, the economic situation, interests, reliability and behavior;
  •       Submit a complaint to the control authorities if you deem that the processing of your data violates the European Regulation; the complaint can be submitted in the Member                State where you habitually reside or work or in the place where a presumed violation occurred, as established by art. 77 of the European Regulation.

To exercise each of your rights, you may contact the Data Controller, in the person of the legal representative, by contacting the registered office at Piazza Almerico da Schio n 3, Palazzina Bravo, 00054 Fiumicino (RM).


Alternatively, you can contact the Data Protection Officer by sending a communication to Alitalia Società Aerea Italiana S.p.A. in amministrazione straordinaria, Data Protection Officer, Piazza Almerico da Schio n 3, Palazzina Bravo, 00054 Fiumicino (RM), or by sending an email to providing the following information:


  •        First and last name and postal address;
  •        Details of the request;
  •        Booking code or flight number and date;
  •        Photocopy of a valid document of identification.



You can change the consent provided at any time for the following purposes:

  •      4F - 4G by clicking on the link “unsubscribe” present in each newsletter received or by answering “unsubscribe” to the TEXT MESSAGE SERVICE message you received.