Aena’s Biometric Service Privacy Policy

The biometric system is a process whereby your identity (including your image) is verified with your identity documents (DNI/NIE/passport and your boarding card) and, once done, your captured image is processed by the facial recognition cameras installed at different points within the airport, such as the security checkpoints or the boarding gates, in order to allow you pass through those places without needing to show any documents.

With regard to your biometric data (facial image), at no point are those data shared with any third party, they never leave Aena’s systems and your AIRLINE only receives the identification data and the details of the boarding card which it itself has issued to you.

You can take your biometric flight with any of the airlines subscribed to the Facial Recognition Programme, provided that, when obtaining your boarding card for the first time, you have expressed to the airline in question your wish to take your flights using this system, thereby giving it your consent.

The registration process has two parts:

• In the first part, you are registered in AENA’s system, registering your image and your identity documents (it will only be necessary to carry out this process once, unless more than a year has elapsed since you used the service, or you wish to add other documents to your biometric profile or update the existing ones). In this process, your image (selfie), an image of your identity document (DNI/NIE/passport) and the personal data and image from the NFC chip of your identity document will be captured. At that time, we check your image (selfie) against the image appearing on your identity document (DNI/NIE/passport) using a biometric process to verify that you are the owner of your identify document (1:1 comparison). Subsequently, Aena will only process the data for your image (selfie), the document type and the personal identification data obtained from your document, together with the boarding card associated with it in the second phase, discarding the biometric data obtained.
• The second part, during the process of obtaining your boarding card from the AIRLINE you are going to fly with, or any other you are going to fly with in the future (provided that the AIRLINE has signed up to this service and that, when obtaining your boarding card from that AIRLINE for the first time, you have given your prior consent to it sending us your boarding cards). The AIRLINE will send a query to Aena to check whether you are registered in the system and, as appropriate, if you are not registered, it will provide you with the means to do so, if you wish to, and, if you are already registered, the AIRLINE will send your boarding card to Aena to associate it with your biometric profile, solely for that flight. You can find information about the airlines subscribed to this service and with which you can carry out this biometric procedure at the following link.

That way, once you are registered on the Facial Recognition Programme and your boarding card has been linked correctly, you will no longer have to show any document at the security checkpoint or at the boarding gate. Nevertheless, you must take your identity documents and boarding card with you in case a problem arises or facial recognition is not in use. You can register in person, at the registration kiosks located in the airport, or automatically on Aena’s or your AIRLINE’s app.

Then, on the day that you are going to fly, you will only have to pass through the signposted points at the checkpoints and boarding gates. The cameras will take a photograph of you, which will be sent to Aena’s systems in order to verify your identity (biometric checking of the image obtained by the gate and those registered in the biometric database, to identify you and obtain your boarding card received from your AIRLINE (1:N comparison)). They will then send the details of your boarding card to the gate that sent your image, a process which is equivalent to the current one.

This biometric identification service is voluntary, such that, if you do not wish to use it, you can transit through the airport in the traditional way, presenting the relevant documents at each checkpoint in place at each airport. Even if you are already registered in the system, you are not obliged to use the biometric gates; you are free to pass through the traditional gates and it will not adversely affect you in any way.

Moreover, we would like to inform you that Aena has analysed all of the circumstances surrounding this system, in order to ensure that its processing of your personal data is proportionate. To that end, Aena has examined whether the planned processing achieves the proposed objectives and whether it is a measure which achieves the intended purpose with reasonable levels of efficacy, as well as considering the benefits obtained by you as a result of voluntarily submitting yourself to this biometric identification process in the different airport processes in which it has been installed. As a result of that analysis, Aena has concluded that the processing of your personal data is proportionate in the context of the benefits it yields, such as facilitating quicker and easier access to security checkpoints and quicker identification of the passenger when boarding, which also makes the process more secure.

• Aena S.M.E., S.A.

As controller of the biometric, contact and identification data. Address: C/Peonías, 12, 28042, Madrid. CIF (tax ID no.): A86212420.
Companies Register of Madrid, Volume 28806, Folio 211, Section 8, Page M-518648.
Contact details of the Data Protection Officer: dpd@aena.es.

The following data are processed:

• Identification data: obtained from the NFC CHIP of your identity document – name, surname(s), DNI/NIE/passport number, nationality, expiry date of the document – and from the scanned image of the back of your document.
• Contact details: we will only process your email address for operational communications relating to this service (welcome to the service, notification of changes to the terms and conditions or privacy policy, notification of imminent expiry of your identification document, receipt by Aena of a new boarding pass issued by your airline so that you know that you can use the biometric option on your flight if you wish, etc.).
• Biometric data: your facial image or selfie obtained and registered in the database during the registration process, the image obtained from the chip of your identity document, also during registration, the facial image obtained at the biometric gates, and the biometric tokens obtained by applying the biometric technology to the above images.
• Details of your boarding card, supplied by you or by your AIRLINE.
• Data relating to the means used for registration (Aena’s app, the AIRLINE’s app or kiosks located at the airport), details of your passage through the biometric gates (type of passage, date, time and result). These data are only used to resolve incidents, for statistical purposes and to monitor the project and analyse its viability.

The data will be collected over Aena’s app, your airline’s app or through the kiosks located at the airport, as applicable, and, subsequently, your image will be captured by the facial recognition cameras located at the checkpoints set up to allow you to transit through the airport.

Please be advised that all of the data that we request or may request are necessary for the purposes described in this privacy policy.

It is important that you ensure the truthfulness of the personal data you provide us with and, from time to time, we may ask you to review and update them, so that those personal data are as accurate and truthful as possible.

If you, as a passenger, have opted voluntarily to use the biometric system that appears on the devices located at the airport, and features on the Aena and the AIRLINE apps, the data received by this system will be processed by Aena for the following purposes:

(1) to improve your passenger experience by facilitating faster and more convenient access via security checkpoints by eliminating the need to show documentation at the different access points. This process involves the identification of the passenger by Aena. Although this is not done by traditional means, the voluntary use of this system will mean that Aena will identify the passenger during this airport process, thereby reducing the time passengers usually spend looking for their documents at the access point (you will not need to wait for the previous passenger to look for their documents), and increasing their comfort as they do not need to show their boarding pass to the readers.

(2) to improve the security processes applicable to the identification and monitoring of passengers boarding aircraft.

The ultimate purpose is to verify passengers’ identity through facial recognition in the security checkpoint and boarding processes at Aena airports that have this system, managing their access to these controls with higher levels of security, efficiency and effectiveness than those achieved by the identity verification methods currently used.

The legitimate basis for the processing of your personal data is the express consent that you freely give by registering with this system, which you may revoke at any time by sending an email to the following address: ocpd@aena.es (please include the identification number of your official identity document in your message).

This consent is given jointly for all these processes, since they are complementary and none would exist without the others.

To achieve those aims, the following operations are carried out:

• (i) Registration in the biometric database of Aena, as the data controller: processing of the user's data, including biometric data, to register his or her information in the biometric database and to carry out the relevant comparison of the photo from the identity document with the image of the user obtained at that time, to verify his or her identity (authentication by means of 1:1 comparison) and also that he or she is the owner of the identity document, with the resulting biometric data being discarded and only the selfie image and the identification data being saved. We will send you an email acknowledging receipt of your registration.
• (ii) When you are going to obtain your boarding card from an AIRLINE subscribed to this service, that airline will request your consent to consult Aena regarding your registration and, if you are registered, send Aena your boarding card, such that, from then on, for as long as you do not withdraw the consent given to the airline or ask to be removed from the system, Aena will receive the details of your boarding cards (current and future). In no event will the airline have access to your biometric data. We will send you an email each time we receive a boarding card from your airline to inform you that you can, if you wish, use this service on your flight. After receiving the details of your boarding card from your AIRLINE, Aena, as mentioned above, will associate it with your identification data for the flight in question. Such processing is based on the consent given to your AIRLINE, as mentioned above, which you will be able to revoke at any time using the channels provided for that purpose.
• (iii) On the day of your flight, when you appear at the airport in front one of the devices identified as ‘facial recognition’ devices, we will automatically verify your identity at the security/biometric identity checkpoints, managed by Aena, using the biometric database. This phase implies the use of your biometric facial recognition data and is based on your express consent, as mentioned above, which you will be able to revoke at any time, also as mentioned above. With regard to the biometric facial recognition data, they will be processed during this phase by AENA when you appear physically at the airport and at one of the biometric gates, by comparing the image of you obtained at the biometric gate with the images registered in the biometric database and obtained previously by AENA (identification by means of 1:N comparison), for the purposes of allowing you to pass through security checkpoints and/or boarding gates.
• (iv) Verification and communication to the AIRLINE, by Aena, of your data (non-biometric) and boarding card when checking in and boarding: data processing whereby the AIRLINE validates the boarding card, relying on the identity check carried out by Aena, who communicates the identification data, flight information and the result of the identity check (only if the check has been successful or not, without transferring biometric data).

All these operations are based on your express consent as indicated above, which you may withdraw at any time, as indicated, such that by giving your consent, you consent to all these operations, all of which are necessary for the biometric management of your journey through the minimum and essential airport processes (passage through the security checkpoints and passage through the boarding gate associated with your flight) for the effective completion of your journey.

We will use the email address you provided to us or, if applicable, the one you used to register as an Aena Club member, to send you only operational emails related to this service, such as a welcome email as an acknowledgement of receipt, informing you that your registration in the system has been successful and indicating the next steps; and emails whenever we receive a boarding pass to let you know that you can board your flight biometrically if you wish, and to let you know that your identification document is about to expire so that you can re-register or update it with a new document.

In addition, Aena will carry out the following forms of processing:

• (i) AENA will process your boarding pass data to control access through security checkpoints based on compliance with a legal obligation applicable to AENA to monitor access to restricted areas (National Security Programme for Civil Aviation based on the Aviation Security Act).
• (ii) Within the framework of the new identification system implemented in Spanish airports, and specifically at the security checkpoints and boarding gates, AENA will process the following categories and types of personal data collected throughout the biometric system process: identification data, boarding passes, access data and selfie photographs, NFC chip and photographs taken at the gates, and only the numerical data of the percentage of match obtained when comparing them, only for the purpose of adjusting this percentage in the system during the first months of implementation, and never the biometric data itself.

The purposes of this processing of personal data will be (i) the resolution of incidents, (ii) statistical uses for the improvement and monitoring of the service and (iii) the adjustment of the configurable parameters of the service, based on AENA's legitimate interest in evaluating the efficiency, viability and improvement of the user experience and of the service itself.

In this regard, AENA guarantees that in no case will your biometric data be processed for the purposes described in the previous paragraph, the processing being limited to the personal data previously mentioned.

Prior to carrying out the processing of your personal data for the purposes indicated in the previous paragraph, we weighed up your right to data protection against our interest in carrying out this type of analysis to improve the user experience and the service itself (obtaining information on the number of passengers that have checked in via Aena's or the airline's apps, the number of passengers on a given flight or route that have used the biometric gates at the checkpoints or boarding gates, the number of passengers who have checked in correctly, the fine-tuning of the system in the photo-matching processes and only during the first months of implementation of the system, etc., and all this by means of a process of anonymisation by means of removing any data that allows for identification, through processes of deletion, aggregation or replacement of these data with others that cannot be associated with a natural person), concluding that this processing, which does not involve the processing of biometric data or automated decisions, gives rise to a reasonable expectation on the part of passengers.

The processing of your personal data for the purposes described in this section allows AENA, in general terms, to identify areas for improvement in its own service at the airport, to try to reduce waiting times as much as possible, both at the security checkpoint and at the boarding gate controls, to ensure the agility of the new identification system, to measure the degree of efficiency of the system, etc. This processing is therefore clearly in your interest, as it aims to provide you with a better service and user experience.

In view of the above, AENA, while respecting your rights and freedoms, and in particular your fundamental right to the protection of personal data, considers that this processing is in your interest and for your benefit.

However, you can exercise your right of opposition by sending an email to dpd@aena.es.

Likewise, if you wish to know more details about the balancing exercise between your rights and freedoms and the legitimate interest of AENA, you can contact the Data Protection Delegate at the following email address dpd@aena.es.

Your identification data and selfie will be stored for a maximum of one (1) year from the last time that you used the service.

Your boarding pass data will be stored from the time you receive your boarding pass from your airline until a maximum of 24 hours after your flight ends.

The biometric data resulting from the application of the mathematical process to the photographs (i) at the time you registered in the system will be retained for a few seconds, and (ii) during the process of passing through the gates, will be retained from a maximum of 12 hours before your flight until a maximum of 24 hours after your flight departures.

Data relating to access logs, failed identifications and image validation events are retained for 30 days (the latter for the first few months of the system's implementation, for the sole purpose of adjusting the system's image comparison process).

The above notwithstanding, your data may also be stored, appropriately blocked, for as long as liabilities may arise, and also to comply with other legal obligations incumbent on Aena. In that regard, Aena guarantees that it will not process the data except where necessary in order to make, bring or defend claims, or where it is required to supply the data to public authorities, judges or courts, during the limitation period relating to its rights and legal obligations.

Such processing relating to the subsequent storage of the data is based on compliance with legal obligations, specifically the obligation contained in personal data protection regulations.

You may request both the withdrawal of your consent and the erasure of your data, at any time, using the mechanisms provided for that purpose.

The details of your DNI/NIF/NIE/passport may also be supplied to Aena by your AIRLINE when you receive your boarding card, for the purposes of checking in advance whether or not you are registered in Aena’s biometric database and, if you are not, offering you the option of registering.

Such processing is based on the AIRLINE’s legitimate interest in providing you a better service, and based on its interests.

If you are already registered, the details of your boarding cards (present and future) and the details of your DNI/NIF/NIE/passport will also be supplied to Aena by your AIRLINE in order to carry out verification and automatic association with your biometric profile, when you receive your boarding cards and following the above check.

This processing is based on the consent given to your AIRLINE when you subscribe to this service and you are going to fly for the first time with the airline; and from that moment until you revoke the consent given to the AIRLINE or request the cancellation of your subscription to the system, which you may revoke at any time through the channels provided for this purpose.

Likewise, if you register in the system through the AIRLINE’s app, AENA will also receive all the identification data referred to in section 2 of this policy, as well as your biometric data (facial image or selfie), with the AIRLINE acting as Data Processor and AENA as Data Controller for this data collection phase.

You can find information about the airlines subscribed to this service and with which you can carry out this biometric procedure at the following link.

Your data (only identification data and the details of your boarding card, never biometric data or photographs) may be disclosed to any authority in order to comply with a legal obligation.

Your identification data (never biometric data) and the details of your boarding card, received from your AIRLINE or provided by you, will be shared with the AIRLINE to help it comply with its security obligations as regards passenger identification when boarding and also during the performance of its contract of carriage.

Such processing is based on your consent, which you can revoke at any time using the channels provided for that purpose. No international data transfers are envisaged, except where required by law.

We wish to inform you that in no event will your biometric data or your photographs be shared with any third party.

Any data subject is entitled to receive confirmation regarding whether or not his or her personal data are being processed. Moreover, data protection regulations confer the following rights on the data subject:

• Access to his or her data.
• Requesting the rectification of his or her data.
• Requesting that the processing of his or her data be restricted.
• Portability of his or her data.
• Requesting the erasure of his or her data.
• Not to be the subject of automated decision-making – which will imply the removal of his or her data from the system.
• Objecting to the processing of his or her data as mentioned above (email to dpd@aena.es, stating the form or forms of processing to which he or she wishes to object).
• You can request additional information regarding processing based on legitimate interest (email to dpd@aena.es, stating what processing you wish to receive additional information about).
• Withdrawal of consent: you may withdraw your consent at any time by sending an email to ocpd@aena.es, attaching a copy of your DNI/NIF/NIE/passport (since the database is encrypted and we need that information to locate you), which will imply your removal from this service.

You can also exercise the rest of your rights (rights of access, rectification, erasure, portability and restriction of processing) with Aena, attaching a copy of your DNI/NIF/NIE/passport, at the following email address ocpd@aena.es, through the Procedures and Claims Portal on the Aena website (www.aena.es), or by writing to Calle Peonías, 12 – 28042 Madrid.

Requests will be answered as soon as possible and, in any event, within one month of receipt. The above time limit may be extended for a further two months where necessary, depending on the complexity and volume of requests. In any event, Aena will inform the data subject of the extension within one month of receipt of the request.

With regard to the details of your boarding card and the consent you gave for that, you can also exercise the same rights with your AIRLINE, using its contact details (more information on those details on its website or at the following link).

Automated decision-making process, logic used and effects: Choosing to carry out identification operations using facial recognition technology means that your identity will be verified entirely automatically. In particular, the following will be assessed.

• The validity of your identity document in the register.
• That the photograph taken at the time of registration and the photograph stored in the chip of the identity document, as well as the photograph taken at the gates and the registered photograph, are of the same person (by biometric comparison, such that there must be a minimum percentage of agreement).
• That the passenger’s identity matches the data on the boarding pass.
• In the security screening process: the passenger’s boarding pass is checked to ensure that it is a valid boarding pass for that day.
• At the boarding gate: The Airline will verify the validity of the boarding pass and the correct verification of the passenger’s identity by Aena.
• In no case will the data collected be used to create a user profile.

If any of these procedures fail, traditional non-biometric means will be used, by means of the presentation of all appropriate documents at each checkpoint set up at each airport. The fact that passengers are registered in the biometric system does not oblige them to use biometric lanes and they are free to use traditional means. Aena or airline staff will also be present at both the security checkpoint and the boarding gate, so that passengers can request human intervention in these processes at any time.

Aena will adopt the technical and organisational measures necessary in order to guarantee the security of the personal data you provide to us, preventing their loss, alteration or unauthorised processing with regard to the processing operations in which Aena is involved.

If you have any questions, you can contact AENA’s Data Protection Officer by email at dpd@aena.es.

You are also entitled to lodge a complaint with the Spanish Data Protection Agency (AEPD – www.aepd.es), the supervisory authority for data protection in Spain.