- Video surveillance. Your image is processed for video surveillance for the purposes of control and surveillance of airport operations (operation and maintenance) and security, protection of people and goods in airport facilities or any other type of facilities owned by Aena. In some airports your image as a driver may be processed, taken at the time of entering and leaving the car park for security purposes. All this based on public interest (airport security, operational security and private security regulations). Your data (images) will be stored for a maximum of one month from their collection. Your data will be communicated to customs authorities in order to provide their customs and tax services (legal obligations), to security forces for the purpose of preventing a real and serious danger for public security or to prevent criminal offences, following the formal requirements of the Spanish Data Protection Agency, and to comply with legal obligations (National Security Programme and Regulation (EU) 2015/1998). Possible communication to third parties is also provided for based on their legitimate interest, after considering any rights and freedoms affects (Article 6.1.f GDPR). No international data transfers are envisaged.
- Capacity and crowd control. Your data will be processed for capacity and crowd control via video cameras and with no user identification, based on the legitimate interest of Aena to prevent crowding at critical points of the airport.
-
Managing and addressing airport claims, as well as managing and processing all kinds of claims/complaints/suggestions/requests for information, basing this processing on consent provided. You can withdraw your consent at any time by sending an email to ocpd@aena.es, stating “Withdraw Consent + Type of Request + Airport”, attaching information proving your identity. Data will be stored while being processed and while any claims may arise. They will be transferred, where necessary, to the airline, company or body involved in the processing of this claim, complaint, request, or suggestion; to Judges and Courts, should your claim give rise to any legal action, and to the authorities provided by the law. No international data transfers are envisaged.
This service includes the management, control and processing of claims, complaints and suggestions sent to both Aena S.M.E., S.A. and Aena Sociedad Concesionaria del Aeropuerto Internacional de la Región de Murcia S.M.E., S.A. or Aena Desarrollo Internacional S.M.E., S.A., where applicable, as well as all types of complaints, claims or suggestions services through the Procedures and Claims Portal on the Aena website.
-
Authorities. If you are an authority, your data will be processed to manage and control services provided to authorities, such as managing visits, managing authority lounges, recording and maintaining institutional contacts, to comply with legal obligations. We also inform you of the source of data; they can sometimes come from the public body or administration you belong to. Your data will be stored during your relationship with our company and while any claims may arise. Your data may be may be transferred, where appropriate, to the airline which you fly with, based on contractual performance, and to state security and law enforcement bodies to comply with legal obligations. No further communications or international data transfers to third parties are envisaged, except where there is a legal obligation.
-
Commercial communications. Your data will be processed for the purpose of sending commercial communications where appropriate, based on your consent. You may withdraw your consent at any time by sending an e-mail to ocpd@aena.es indicating “Withdrawal of consent to commercial communications”, accompanied by proof of your identity. For more information, please click on the following link.
-
Managing airport users: visits. Your data may be processed for Managing airport users: visits should you visit one of our airports, based on your consent. We will also manage your temporary accreditation for the visit (as visitor and/or on operational or professional grounds), facility access control and security, and to control visits to the airport or centre, basing this processing on a legal obligation (private security regulations) and public interest (airport security). Data will be stored for a period of one month and while any claims may arise. Your data may be communicated to security forces in compliance with legal requirements, no more transfers or international transfers are envisaged unless required by law.
-
Managing the service when you request assistance for People with Reduced Mobility (PRM). Your data will be processed to manage the service when you request assistance for People with Reduced Mobility (PRM), basing this processing on existing public interest and, on public interest pursuant to Regulation (EC) No 1107/2006 of the European Parliament and of the Council of 5 July 2006 on the rights of disabled persons and persons with reduced mobility when travelling by air. We will also process your data for sending a satisfaction survey in order to find out about your experience and be able to improve the service, based on our legitimate interests.
In this regard, we have performed an internal analysis weighing up your right to data protection and our interest in conducting such surveys, to improve the user experience and the service itself, concluding that there is a reasonable expectation on your part regarding this processing, and that specially protected data will not be processed, nor will this involve automated decisions.
You can oppose this or request additional information using the channels provided for this purpose in this policy by sending an e-mail to dpd@aena.es.
The service is provided by going to the airport points identified for this service, or by previously booking the service on the Aena website or through your airline. Aena may receive your data from the airline if you have booked on your company’s website, or if you travel on a flight arriving at an Aena network airport from other airports. Your data will be stored while necessary to comply with the purpose and while any claims may arise. No transfers (unless required by law) or international data transfers are envisaged.
Additionally, at the information points situated in different points of the airport, we will process your data (image taken by the camera at the information point and your voice, which are activated when you press the call button on the information point) to better manage the assistance requested, based on the legitimate interest of providing the best service. Your data (voice only) will be stored for one year to be able to analyse any possible complaints or incidents in the service and will not be disclosed to any third parties.
In this regard, we have performed an internal analysis weighing up your right to data protection and our interest in providing a better on-site service in the airport in relation to any questions or enquiries you may have, concluding that there is a reasonable expectation on your part regarding this processing, and that specially protected data will not be processed, nor will this involve automated decisions.
You can oppose this or request additional information using the channels provided for this purpose in this policy by sending an e-mail to dpd@aena.es.
Data processed: Identification, contact, health data (type of disability or special needs) and of your flight. Image and voice at information points.
-
Recording telephone calls to certain telephone numbers. Where appropriate, we can process your voice to record telephone calls to certain telephones (operational, incident investigation, emergencies), based on your consent, contract performance, vital interest, public interest, claims, as appropriate (depending on the type of call made). Recordings will be stored while necessary for the purpose for which they were made, however, they will be blocked and only available to judges and courts for the remaining time before destruction. No transfers or international transfers are envisaged, unless required by law.
Recordings will be stored while necessary for the purpose for which they were made, however, they will be blocked and only available to judges and courts for the remaining time before destruction. No transfers or international transfers are envisaged, unless required by law.
-
Managing and addressing vehicle car park complaints. If you use one of our vehicle car parks (public, subscription or personnel), your data may be used to manage the car park or address vehicle car park complaints. We also inform you that images taken by car park access cameras, which are cameras used to capture vehicle data (registration recognition and reading system, front and/or back), will be used to comply with legal obligations including those stemming from car park contract regulating legislation such as, for example, the obligation to identify the vehicle. In some airports your image as a driver is processed, taken at the time of entering and leaving the car park for security purposes, based on public interest (by video surveillance). Furthermore, you entry and exit data, registration and details of your booking, where appropriate (see information on “Aena Car Park Booking” processing), will be processed to manage the car park, based on contract performance. Your data may be processed to address and resolve claims, in compliance with legal requirements.
In the case of subscription or personnel car park, we will also process your data (identification, contact and, where appropriate, company data), which may be provided by your company, to manage your subscription, based on contract performance (and where appropriate, the contract between your company and Aena. In this case, your data may be communicated to your company to develop the contract).
Data processed: Vehicle images (recognition of registration, front and/or back), entry and exit data, registration, details of your booking and, where appropriate, payment methods.
Images taken will be stored during your stay in the car park and then stored for a maximum period of one month.
Data for managing the car park will be stored during your stay and/or your contract (as indicated above) and while any claims may arise.
Data may be communicated to your bank to charge the service provided (where appropriate), to your company, as necessary to perform the contract (where appropriate) and data transfers are envisaged to state security forces for the purpose of preventing a real danger to public security or to prevent criminal offences, and to judges and courts in case of legal injunction. Communicating data to competent public administrations for their inspection activity is also envisaged in compliance with state and regional Road Transportation Organisation regulations. No international transfers are envisaged.
Furthermore, in the case of subscribers to some car parks at our airports, we will process you (contact) data to send commercial communications (based on explicit consent) and to conduct surveys (based on Aena’s legitimate interest in improving the service provided). Aena informs you that consent can be revoked at any time and you can oppose processing by sending an email to ocpd@aena.es
- Controlling passengers passing through security checkpoints to boarding areas, Fast Track and Fast Lane. As a passenger, your data will be processed for Controlling passengers passing through security checkpoints to boarding areas and, where appropriate, recording access incidents (to comply with a legal obligation) and conduct statistics (based on legitimate interest). Processing consists of verifying that the boarding pass read is for a flight that day and has not been previously used. If everything is correct, you can pass through the checkpoint. In any case, you will have the chance to challenge the decision taken and ask for these controls to be repeated by a security operator.
Fast Lane and Fast Track – Fast checkpoint for airline VIP passengers. Legitimation: processing necessary to perform a contract. The system allows the passenger to pass through the Fast Lane checkpoint if they have acquired this VIP right with their airline or have acquired the right to pass through on the Aena website. Data processed: your boarding pass data using the pass readers located before the security checkpoint and Fast Lane security checkpoint. Data will be communicated to the company operating your flight or the handling company operating your flight on behalf of the airline in order to streamline boarding for the scheduled flight, as well as to verify the authenticity of the identity document if we detect that your pass has already been registered (based on performing contracts); to state security forces for the purpose of preventing a real and serious danger to public security or to prevent criminal offences, following the formal requirements of the Spanish Data Protection Agency and to comply with legal obligations (National Security Programme and Regulation (EU) 2015/1998); and to customs authorities (to comply with legal requirements). In the case of the Fast Lane, your data will be transferred to the airline for control and, where appropriate, to the company invoicing you for the service provided, based on performing the contract with your airline.
- Airport Medical Services. If you access one of our health care posts available at the airports, your data will be processed for the management of airport medical services provided by Aena or any external collaborating entity contracted for this purpose, for the purpose of providing a first aid service (primary emergency care and emergency medical transfer) at the airport, based on the provision of the requested medical care service and, where appropriate, to protect your vital interests in the event of your inability to give consent. We will also process your data to obtain aggregate statistics on the service based on our legitimate interests.
Your data will be stored for as long as necessary to comply with the purpose for which they were collected and to determine any liabilities that may arise from this purpose and from their processing, taking as a reference applicable healthcare regulations. Your data may be disclosed to hospitals or other medical institutions if the service provided is deemed necessary for the same purpose, either in the vital interest of the data subject or for the performance of a task carried out in the public interest or in the exercise of public powers vested in the data controller. In no other case will your data be communicated unless required by law or legal injunction. No international data transfers are envisaged.
- Legal defence and legal advice. In cases in which your a party of a legal case of Aena S.M.E., S.A. or Aena Sociedad Concesionaria del Aeropuerto Internacional de la Región de Murcia S.M.E., S.A (as an affected or interested party, etc.) your data may be used for Legal defence and legal advice, based on compliance with a legal obligation.
- Lost Property. If you find lost property, or you claim for lost property, your data (identification and contact data, documentation accrediting ownership of the property) will be processed for managing lost property, to control property kept in the warehouse, entry and exit records, returns, identification of the individuals who find and claim lost property; processing is based on compliance with a legal obligation. Data will be stored for two years and while any claims may arise, and they will be communicated to the Council Lost Property Office should it provide this service in order to comply with Art. 615 and 616 of the Civil Code, and where appropriate, to other authorities provided by law. If an identity document is found, it will be handed over to the state security forces. In the case of bank cards, their data may be communicated to the bank. No international data transfers are envisaged.
- Statistical purposes. Your data may be used to prepare statistics and improve the services provided, based on legitimate interest or compliance with a legal obligation (in case of statistics requested by public bodies such as the National Statistics Institute), as applicable. The result of this processing will never provide specific information on you.
- Record of entry/exit of documentation and archiving. If you submit or are party to documentation submitted in Aena records, your data may be processed for the Record of entry/exit and archiving documentation, based on processing necessary to process your request. Data will be stored while necessary to manage the record and documentation and while any claims may arise. Personal data may be communicated to entities or individuals addressed by the request. International data transfers may be made when the request is directed to a country outside the European Economic Area (EEA), necessary for processing or performing a contract.
- Authorisations to conduct air activities, with remote piloted aircraft systems (drones or RPAS).If you request authorisation to conduct air activities, with remote piloted aircraft systems (drones or RPAS) or another type of air activities, we will process your personal data (identification and contact data, types of operations, aircraft details and details of the operations with aircraft) to manage the authorisation with the bodies involved; processing is based on legal obligations (aeronautical security regulations). Data will be stored during the formalities and while any claims may arise, and they will be communicated to AESA and to Air Traffic Service Providers at the airports involved and the airspace affected, in accordance with legal obligations (aeronautical security regulations).
-
Free Aena WiFi service. In order to offer the WiFi service, AENA may obtain personal contact data provided by the USER when logging into or registering in the WiFi service. Specifically, you are informed that:
- If you register for access through a Facebook account or another social network, we can use the data provided via social networks.
- If you register through our Aena Club service, we can use the USER’s Aena Club credentials data (username and password).
- If you register directly through the WiFi access portal, we can use the personal data provided when registering for access.
The legal basis for processing USER data is performance of the contract for providing the WiFi service according to the General Terms of Use, as well as compliance with legal obligations related to Article 31 bis of the Criminal Code and the obligation set forth in Law 25/2007 on storing electronic communication data.
Meanwhile, and if the USER explicitly accepts by checking this option, Aena may use the data provided during registration for the WiFi service, as well as data obtained from browsing and geolocation, to provide a personalised service by sending commercial communications and advertising by email, sent by Aena itself, and newsletters with information of interest for the passenger or promotions and discount vouchers for AENA or third party airport stores for the following fields or sectors: Cars and vehicle rental, leisure, travel agencies, tourism, transport, airlines, catering, textiles, fashion, beauty and cosmetics, financial and insurance, press and magazines, gaming, gambling.
Processing is based on your consent. AENA informs you that consent provided for this purpose can be revoked at any time by sending an email to serviciowifi@aena.es or ocpd@aena.es, indicating the subject “WITHDRAWAL WIFI CONSENT”. If the USER request revocation and/or deregistration from sending commercial communications and advertising and/or information by electronic means indicated, AENA informs you that data associated with the device and USER registration credentials data will be processed for the purpose of processing the deregistration request. In no case does withdrawal of consent condition performance of the WiFi service provision contract. Sending commercial communications and advertising and/or information by electronic means indicated, prospective offers for products and services for commercial, advertising or general information purposes, as well as for statistical and segmentation purposes is based on consent requested from the USER.
Data processed: Identification data such as email address (if accessing through email), password and username (if accessing through Aena Club) or other equivalent data is accessing through social networks. Some other data may also be registered in the system and as also mandatory for the purposes mentioned, such as: name of the device connecting to WiFi, MAC address, IP address, telephone number and IMEI (if using a telephone) and connection and browsing data, geolocation.
Your data will be stored while necessary to comply with the purpose for which they were collected and during the legally mandatory term provided in Law 25/2007. They are also stored for as long as claims and liabilities may arise as a result of the processing of your data for the purpose for which they were collected.
Data will not be transferred to third parties unless required by law. International data transfers may be carried out if necessary to perform the activity or provide the service, in which case Aena will take the appropriate measures.
-
Making personalised calls using the Airport Public Address system. On certain occasions, at the request of your airline or your handling agent, or other third parties (family members, for example, if you are a minor or an elderly person), we may call you using the airport public address systems to ask you to come to a certain location in the airport, such as the departure gate when the flight gate is about to close, Aena information desks or check-in desks, etc. This processing is based on your legitimate interest in the performance of the transport contract, or that of other third parties, such as your airline or your family members, in locating you and being able to meet up at a point in the airport. Your data (name, surname(s), flight number or destination, and the location you should go to) will be communicated to all users present in the airport due to the nature of the announcement, so that you hear the message and know it refers to you. However, whenever possible, the call will be made to a specific sector within the terminal.
-
General Aviation Pilots not based at our network airports: Your contact details will be collected and stored in order to contact you in the event of any incident that may arise during your stay at our airports, as well as for the management and payment of the corresponding airport taxes. This processing is based on legal obligations (payment of taxes) as well as Aena's legitimate interest in guaranteeing airport operations, and even your own legitimate interest (if the incident, for example, is of a meteorological nature and affects the safety of your aircraft). On certain occasions, at the request of ENAIRE or EUROCONTROL and provided that they have not been able to contact you directly, we may provide your contact details to these entities so that they can manage the payment of the corresponding aeronautical taxes with you, based on the legitimate interest of these entities in contacting you in order to invoice you for these taxes that they must collect in compliance with their legal obligations. Your data will be kept for the duration of your stay, as well as for the attention of possible liabilities that may arise during the applicable legal periods.
-
Participation in the interactive games platform available at some airports. In the event that you are in one of the airports that have interactive gaming platforms in the airport waiting areas, we will process your image and score obtained only to provide you with this entertainment service, based on your consent when you approach the system screen and show your desire to participate in the game. Your images and scores are not retained, nor are they communicated to any third party.
-
Aena Life and Accident Insurance beneficiaries. If you are appointed as a life and accident insurance beneficiary by an Aena employee, we inform you that Aena group companies (depending on which company our employee works for) will process your personal data (full name and identity number) in order to manage the insurance and communication to the insurance broker and insurance company, all in compliance with legal obligations applicable to our companies. Your data will be stored while necessary for the purpose and subsequently for three years (Royal Legislative Decree 5/2000, of 4 August, approving the consolidated text of the Social Violations and Penalties Act).