Logo Aeroitalia

AEROITALIA S.p.A. - Privacy Policy pursuant to Articles 13 and 14 of Regulation (EU) No. 679/2016 for the processing of data of users visiting the website www.aeroitalia.com.

Aeroitalia S.p.A., in its capacity as Data Controller (‘Aeroitalia’ or ‘Data Controller’), pursuant to Articles 13 and 14 of the Regulation (EU) 2016/679 (‘GDPR’ or ‘Regulations’) - describes the methods of processing of personal data of users visiting the website of Aeroitalia S.p.A. The purpose of this Privacy Policy is to inform, in accordance with Articles 13 and 14 of the GDPR, those who interact with the website www.aeroitalia.com (‘Website’), either through simple consultation or through the use of specific services made available through the Website, about the manner in which personal data will be processed during the use of the same.

This notice, which does not refer to other websites that may be consulted through links contained in this Website, is also provided, pursuant to Article 14 of the GDPR, for the processing of personal data of further passengers of the flight(s) provided by the user in the context of booking the flight(s) through the Website as well as in the use of specific services made available on this Website, including any minors or incapacitated persons for whom you exercise parental responsibility/legal representation. The processing of personal data shall be based on the principles of fairness, lawfulness, transparency, purpose limitation and storage, minimisation and accuracy, integrity and confidentiality, as well as on the principle of accountability pursuant to Article 5 of the GDPR.

‘Processing of personal data’ stands for any operation or set of operations carried out with or without the help of automated processes and applied to personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Aeroitalia S.p.A., in the person of its legal representative pro tempore, with registered office in via Andrea Mantegna, 8 00054 Fiumicino (RM) PIVA 16340701008, who can also be contacted at the following email address: privacy@aeroitalia.com.

2. PERSONAL DATA SUBJECT TO PROCESSING

We inform you that the personal data subject to processing may consist of an identifier such as a name, an identification number, location data, an online identifier or one or more characteristic elements of a person's physical, physiological, mental, economic, cultural or social identity capable of making the person concerned identified or identifiable, depending on the type of services requested.

The personal data processed through the Site are as follows:

  1. Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the Site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website to check its correct functioning, to identify anomalies and/or abuses; the data is usually deleted after processing, unless we need to identify those responsible in case of hypothetical computer crimes against Aeroitalia or third parties.

  1. Data voluntarily provided by the user

Without prejudice to the reference to specific vertical information that may be available in the different sections of the Website, this Privacy Policy shall also apply to the processing of personal data concerning you and voluntarily provided by you in the context of specific requests for assistance and/or information to the Aeroitalia assistance team through the e-mail addresses and/or call centre channels of the Data Controller available on the Website (such as, for example, e-mail address, personal data, identification data, information relating to the flight booked). With reference to these types of data, we invite you to share only the personal data strictly necessary for the management of your request, thus excluding irrelevant information and/or information that may fall within the category of special categories of personal data pursuant to art. 9 of the GDPR ([...]personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, genetic data, biometric data capable of uniquely identifying a natural person, data concerning a person's health or sex life or sexual orientation), unless the provision of special data is necessary for the handling of your request for assistance (e.g. in the case of a request for support and assistance, or in the case of a request for assistance or assistance from a third party, or in the case of a request for assistance from a third party, or in the case of a request for assistance from a third party, or in the case of a request for assistance from a third party, or in the case of a request for assistance from a third party). in the case of a request for support and assistance in the management of special flight requirements related, for example, to conditions of reduced mobility and/or disability; for reporting special meals for medical or religious needs, etc.). In the event of the transmission of personal data that are neither pertinent nor strictly necessary to the management of the request, the Data Controller will refrain from processing such data and will immediately delete them.

Pursuant to Article 14 of the GDPR, the Data Controller hereby informs that the personal data indicated above may also refer to other passengers on the flight, including any passengers who are minors and/or incapacitated, provided in the context of the request for assistance/information.

  1. Data processed by reason of the services rendered online

Without prejudice to the reference to specific information that may be available in the various sections of the Site, this Privacy Policy shall also apply to the processing of data provided by you for the purposes of the services rendered through the Site, with particular reference to the following services

- Online flight ticket purchase service, including the performance of related administrative activities, including the sending of service notices containing details and updates on flights purchased to the e-mail address you indicate, in the context of which personal data may be processed (name, surname, place and date of birth, CF, nationality passport and residence details), contact details (e-mail and mobile phone number), information relating to the purchased flight, such as the place of departure and place of destination, date and time of departure/arrival, number of seats, number of bags, identification codes, information on whether you have signed up for particular discounts and/or agreements, payment details (e.g. payment data (e.g. credit/debit card data; payment by voucher; information relating to bank details in the case of payment by bank transfer, etc.), including information relating to the transaction carried out using the payment method selected by you (credit/debit card, bank transfer and/or PayPal). 14 of the GDPR that, following your choice to use these payment methods, the bank or PayPal, as autonomous data controllers, will communicate to Aeroitalia the information relating to the circumstance of the payment. Subject to the consent of the data subject in accordance with Article 9.2.a) of the GDPR, data belonging to ‘special’ categories in accordance with Article 9 of the GDPR may also be processed, specifically information relating to the state of health related to special needs of you and/or of other passengers on the flight (such as, for example, conditions of reduced mobility and/or disability, food allergies/intolerances, other information relating to health including life-saving medicines and electronic medical devices), and whose processing is necessary for the purpose of booking and/or management of the purchased flight.  Pursuant to Art. 14 of the GDPR, the Data Controller hereby informs you that the personal data indicated above may also refer to other passengers on the flight, including any passengers who are minors and/or incapacitated, or third parties, such as credit card holders used for the purchase, provided in the context of the booking and purchase of the flight tickets. In this regard, please ensure that such persons have read this notice and understood the manner in which Aeroitalia processes their personal data.

- Online Check-in, Change and Refund and Upgrade services, including the related administrative activities, including the sending of the relevant service e-mails (e.g. containing boarding passes, information on requested changes and refunds and requested upgrades, etc.) to the e-mail address indicated by you, in the context of which information relating to the purchased flight (e.g. booking code; ticket identification number; etc.), flight passenger personal data, contact details may be processed;

- Complaints and reporting service, where you may provide personal details, contact details, information relating to the flight taken (e.g. booking code, flight number, carrier number, date and time, place of departure and destination), information on lost baggage, including the identification codes relating to lost baggage (P.I.R. code), any irregularities and/or inefficiencies reported, any documentation supporting the report. When uploading any documentation supporting the report and/or complaint, please do not provide information relating to third parties and/or information that is not relevant and/or strictly necessary for handling your request. Otherwise, the Data Controller will refrain from processing such documentation and will immediately delete it.

With reference to the source from which the aforesaid personal data originate, please note that such personal data will mainly be collected from you both when you simply use the Site and when you use the services available through the Site.  It should be noted, however, that in some cases, your personal data may also be collected from third parties, such as, for example, subjects involved in your travel plans, including other airlines within the scope of the so-called ‘re-routing’ and ‘reprotection’ services. of ‘re-routing’ and ‘code sharing’ services, or even Customs and Immigration Authorities, from which Aeroitalia may receive your personal and contact data and those of other flight passengers, information relating to the purchased flight, such as, for example, the place of departure and the place of destination, date and time of departure/arrival, number of seats, number of baggage, flight and ticket identification codes. Aeroitalia may also receive the above mentioned personal data from business partners with whom you have interacted and to whom you have consented to transmit such data to Aeroitalia.

Please note that the services offered by the third party partner companies of Aeroitalia and accessible through the relevant sections of the Website (e.g. car rental services, hotels, airport parking, etc.) are parts of the visited page of the Website generated directly from the partners' websites and integrated in the page of the hosting Website. The use of the services made available therein entails the processing of the personal data provided by you by the aforementioned partners as autonomous data controllers, in respect of which please refer to the links to their respective Privacy Policies available by clicking on the links to the Partners' websites shown in the various dedicated sections of the Site.

  1. Personal data of third parties

In the context of the use of the services on the Site, please do not provide any information of third parties that is not required to be communicated to Aeroitalia in order to provide the requested services.

With respect to such hypotheses, in case of conferral, you act as autonomous Data Controller, assuming all obligations and responsibilities under the law. In this regard, you grant on this point the widest indemnity with respect to any dispute, claim, request for compensation of damages from processing, etc. that may be received by Aeroitalia from third parties whose personal data have been processed through your use of the functions of the Website in violation of the applicable data protection laws. In any case, in case you provide or otherwise process personal data of third parties in the use of the Website, you warrant as of now - assuming all related liability - that such particular case of processing is based on the consent of such third party or on another appropriate legal basis legitimating the processing of such information.

  1. Cookies and other tracking technologies

Information on the cookies served by the Site can be found in the relevant Cookie Policy available here.

The personal data indicated above will be referred to hereinafter as ‘Personal Data’.

3. PURPOSE, LEGAL BASIS OF THE PROCESSING AND NATURE OF THE CONFERMENT

Personal Data will be processed, with the specific consent of the data subject where necessary, for the following purposes:

  1. to allow the navigation and the correct use of the website, including the management of the security of the Website (‘Website Navigation Purposes’);
  2. to allow access to all services made available on the Site by the Data Controller, such as, for example, the booking and purchase of airline tickets, and the use of all related services, including online Check-in, Exchange and Refund and Upgrade services, including the performance of all related contractual, administrative and accounting activities connected with the performance of the contractual relationship, including the invoicing of fees, the management of payments and/or claims, and the management and response to specific requests for information and assistance also in relation to pre- and post-sales, addressed to the Data Controller through the e-mail addresses and/or the telephone numbers of the Data Controller available on the Site, in order to provide the requested support through the dedicated team of Aeroitalia, for example, within the management of its bookings, the purchase and dispatch of the required air transportation tickets, to make changes or substitutions to the tickets already issued, for refunds, after-sales assistance, special assistance and purchase of complementary services to the flight (‘Purposes of Service Provision’)
  3. guarantee the correct use of the air transport service, including the management of all related travel needs and assistance services, in execution of the relative pre-contractual and contractual obligations of sale and assistance, including the execution of the so-called of ‘re-routing’ and of ‘code sharing’, in the event that Aeroitalia communicates Personal Data to, or receives the same from, another carrier, including the sending of service communications containing details and updates on flights purchased and/or information that may be necessary to manage aspects related to health emergencies in progress and/or in any case aimed at facilitating the boarding operations of passengers, to the e-mail address indicated by you (‘Purposes of providing air transport service’)
  4. to manage and acknowledge reports and complaints forwarded to the Data Controller through the dedicated forms present on the Site (‘Purposes of managing reports and complaints’)
  5. to send, by email, the post-flight questionnaire aimed at collecting the level of satisfaction of the data subject regarding the air transport services offered by Aeroitalia, as provided by the General Conditions of Carriage. This allows Aeroitalia to fulfil the obligations provided for by Article 783 of the Italian Navigation Code and by the ‘Guidelines on the quality of air transport services: Standard Service Charters’, issued by ENAC, for the drafting of the Service Charter (‘Purposes of assessing the perception of air services’).

The lawfulness basis for the processing of Personal Data belonging to the ‘common’ categories for the Purpose of browsing the Site, the Purpose of providing the Services, the Purpose of providing the air transport service, the Purpose of managing reports and complaints and the Purpose of evaluating the perception of the air services is to be found in Art. 6, par. 1, lett. b) of the GDPR, since the processing of the data is necessary to implement the pre-contractual measures requested by the data subject, to establish the contractual relationship, to provide the requested services and to execute and manage the existing contractual relationship with the Data Controller, in accordance with the General Conditions of Carriage applied by Aeroitalia.

With regard to the sending of the post-flight questionnaire for the ‘Purpose of evaluating the perception of air services’, as provided in the General Conditions of Carriage, Aeroitalia guarantees you the possibility to stop such sending at any time. You may do so by using the appropriate function in the communication itself or by sending a request to privacy@aeroitalia.com, thereby interrupting the receipt of the post-flight questionnaire.

If Personal Data belonging to the category of ‘special’ data within the meaning of Art. 9 of the GDPR are processed for the purpose of providing services, the purpose of providing the air transport service and the purpose of handling reports and complaints, the basis for lawfulness is to be found in the consent given by the data subject pursuant to Art. 9, par. 2, lett. a) of the Regulation; in case the health data refer to minors and/or incapacitated subjects, the explicit consent to the processing must be provided by the exercising parental responsibility and/or legal representative of the minor and/or incapacitated subject.

Please note that the consent given for the processing of special data pursuant to Article 9(2)(a) of the GDPR may be revoked at any time, without prejudice to the lawfulness of the processing carried out prior to the revocation.

The provision of Personal Data for the aforementioned purposes referred to in letters a) - d) is optional, however, failure to provide such data may make it impossible for the Data Controller to activate and provide the services requested and/or to allow for the proper management and acknowledgement of reports and complaints forwarded to the Data Controller.

Once provided, Personal Data may be processed by Aeroitalia also for the following purposes

  1. fulfilment of legal obligations, regulations or national and community rules, to which the Data Controller is subject, including the provisions of the Supervisory Authorities of the sector and/or the measures of the judicial and/or administrative Authorities including, among others, the fulfilment of accounting and tax obligations, obligations and controls arising from the sector legislation relating to the air passenger transport, e.g. Regulation (EC) 261/2004 and Regulation 1107/2006, including the provisions of Legislative Decree n.96 of 9 May 2005 (‘Navigation Code’) aimed at guaranteeing its passengers a high level of protection as well as obligations related to the purposes of protection of public health and safety, the detection and suppression of crimes, public order and civil protection, also in the context of the fight against crime and terrorism (‘Compliance Purposes’). The basis of lawfulness for the Compliance Purposes represents a lawful processing of Personal Data pursuant to Art. 6, para. 1, lett. c) of the GDPR and, for any processing of Personal Data belonging to the category of ‘special’ data such as, in particular, information relating to the health of the data subject, pursuant to Art. 9, para. 2, lett. g) of the GDPR and Art. 2-sexies, para. 2, lett. u) of the Privacy Code;
  2. identifying, pursuing and countering fraudulent, abusive or illicit phenomena carried out against the Data Controller in the context of the use of the Site and its services (“Anti-Fraud Purposes”); the basis of lawfulness is to be found in the legitimate interest of the Data Controller and/or the customers concerned pursuant to Art. 6.1.f) of the GDPR, consisting in the need to ensure the guarantee of effective protection against fraudulent, abusive or illegal phenomena, also in compliance with the provisions arising from the current provisions of the Supervisory Authorities of the sector;
  3. in the event that it is necessary to ascertain, exercise or defend a right in judicial or extrajudicial proceedings, including debt collection (“Defensive Purpose”), for the pursuit of the legitimate interest of the Data Controller pursuant to Articles 6, par. 1(f) and 9(2)(f) of the GDPR, as once Personal Data has been provided, its processing may become necessary to establish, exercise or defend a right in court or whenever judicial authorities exercise their functions.
  4. for the direct sending by Aeroitalia, through electronic mail, of commercial communications, advertising and promotional material for the direct sale of its products and/or services similar to those purchased by you, without your consent, pursuant to art. 130, co. 4 of the Privacy Code and art. 6, par. 1, lett. f) of the GDPR and according to the “Guidelines on promotional activities and contrast to spam - July 4, 2013”; issued by the Guarantor Authority. Pursuant to Article 21 of the GDPR, you have the possibility to object to the processing of your data for this purpose at any time, initially or in subsequent communications, easily and free of charge also by writing to the Data Controller at the contact details indicated in paragraph 7 of this policy or also by using the link at the bottom of each such e-mail communication.
  5. to the user interested in the purchase of an airline ticket or ancillary service to complete the purchase process of the service already started, by sending a reminder e-mail to the address entered in the pre-purchase phase so-called “abandoned cart recovery”. The processing of data for the aforementioned purpose is useful for the legitimate interest of Aeroitalia and for the ‘usefulness’ of the user himself in order to remember any purchase processes that have not yet been completed even for any technical problems.
  6. Subscription to the newsletter service, in order to receive by e-mail communications and information of a commercial, promotional and direct marketing nature on the services, products and offers of the Data Controller (“Newsletter Subscription Purpose”;); The legal basis for the Newsletter Subscription Purpose can be found in the free and specific consent provided by the data subject pursuant to Art. 6, par. 1, lett. a) of the GDPR, at the time when he/she subscribed to the Aeroitalia newsletter.
  7. Should you wish to object to the processing of your data for the purpose of receiving newsletters, you may do so at any time by contacting the Data Controller at the contact details given in Section 7 of this policy or also by using the link at the bottom of each such email.
  8. The consent given is revocable at any time, without any prejudice to the lawfulness of the processing carried out prior to revocation. The provision of Personal Data for the Purpose of Newsletter Subscription is optional, and, in case of refusal, there are no consequences and access to the services provided by the Owner will not be affected in any way.

4. RECIPIENTS OF PERSONAL DATA

Personal Data may be shared, for the purposes described in paragraph 3 of this Privacy Policy, with:

  • Individuals authorized by the Data Controller to process Personal Data under Articles 29 and 32 of the GDPR and 2-quaterdecies of the "Privacy Code" (e.g., sales, administration and accounting staff, pre- and post-sales support, CRM management, IT system management personnel, boarding and reception staff, etc.);
  • Third parties who, in the provision of services (including but not limited to: technological services, assistance services, security services, payment services, individuals and/or companies and/or professional firms providing assistance and consulting services in accounting, administrative, legal, tax matters; entities and companies involved in debt recovery and fraud prevention; technical maintenance services, commercial partners; companies offering IT infrastructure and support and consulting services, as well as designing and developing software and websites; companies offering services to personalize and optimize our services, including those for managing and delivering customer service; companies specialized in planning and managing communication projects responsible for marketing activities on behalf of Aeroitalia, etc.), typically act as data processors under Article 28 of the Regulation; the Data Controller maintains an updated list of the appointed data processors and ensures that the data subject can access this list at the address above or upon request to the contact details provided in paragraph 7 of this Privacy Policy;
  • Third parties, independent data controllers, performing functions strictly related to or instrumental for air transport activities, to whom Personal Data may be communicated to enable the correct execution of pre-contractual and contractual obligations related to sales and support, including the correct operation of flights, including services such as "rebooking" and "code-sharing" (for example, other airlines; entities performing control, audit, and certification activities for Aeroitalia’s operations, also in the interest of its clients and users, etc.);
  • In case the purchased flight is also associated with mandatory and/or optional insurance offered by Aeroitalia’s insurance partner companies, Personal Data may be communicated to such companies as independent data controllers;
  • Entities, bodies, or authorities, including Control Authorities - independent data controllers - to whom it is mandatory to communicate Personal Data under legal provisions or authority orders (e.g., the Central Immigration Directorate; Border Police; the UIP (Passenger Information Unit) database of the Member State where the flight lands or departs, to which, under Article 8 of Directive (EU) 2016/681 of April 27, 2016, on the use of Passenger Name Record (PNR) data, Aeroitalia, as an air carrier, is required to transfer the PNR data of passengers for the purpose of preventing, investigating, prosecuting criminal terrorism activities and serious offenses, etc.).

These entities are collectively referred to as "Recipients."

5. TRANSFER OF PERSONAL DATA OUTSIDE THE EU

Personal Data provided through the Website will be processed and stored in the Data Controller’s information systems, whose servers are located within the European Economic Area. Aeroitalia is a global carrier that transports passengers to a variety of countries around the world. Therefore, in the course of providing its air transport services, it may transfer Personal Data to third countries for the proper execution of its activities, as well as to comply with specific requests from the data subject. Consequently, this transfer may be necessary for the performance of the contract concluded between the data subject and the Data Controller, or in some cases, to comply with legal obligations to which the Data Controller is subject.

It should be noted that when Personal Data is transferred to Recipients located outside the European Economic Area, the Data Controller ensures that the transfer will take place in accordance with the conditions specified in Articles 44 et seq. of the GDPR, such as the adoption of Standard Contractual Clauses approved by the European Commission, selecting entities participating in international programs for the free movement of data or operating in countries considered safe by the European Commission, in compliance with the recommendations 01/2020 adopted on November 10, 2020, by the European Data Protection Board.

You can request further information about data transfers and the guarantees implemented for such transfers by contacting the Data Controller using the contact details provided in paragraph 7 of this Privacy Policy.

In particular, in carrying out the Purposes of providing services and the Air Transport Service described in paragraph 3, letters b) and c) of this Privacy Policy, the transfer of Personal Data of flight passengers to non-EU countries for which there has been no adequacy decision pursuant to Article 45, paragraph 3 of the Regulation or in the absence of adequate safeguards under Article 46 of the Regulation, occurs based on Article 49, paragraph 1, letter b) of the GDPR, as the transfer is necessary for the performance of the contract concluded between the data subject and the Data Controller or for the execution of pre-contractual measures taken at the request of the data subject.

Further information is available upon request by sending a written request to the Data Controller at the addresses specified in paragraph 7 of this Privacy Policy.

 

 

6. RETENTION OF PERSONAL DATA

Your Personal Data will be collected and stored in compliance with the principles of data minimization and storage limitation as per Articles 5.1(c) and (e) of the GDPR, ensuring security measures to prevent data loss, unlawful or improper use, and unauthorized access.

Personal Data processed for the purposes outlined in letters a), b), c), d), e), f) of paragraph 3 of this Privacy Policy will be retained for the time strictly necessary to achieve those same purposes, i.e., for the duration required to provide the requested service, taking into account any legal retention periods.

For the purpose of subscribing to the newsletter mentioned in letter l) of paragraph 3 of this Privacy Policy, your identifying and contact Personal Data will be processed exclusively for the period in which the service remains active, unless consent is revoked by you as per Article 7 of the Regulation and/or until you object to the processing in accordance with Article 21 of the Regulation (in compliance with the provisions of the Personal Data Protection Authority's decision of October 15, 2020).

Personal identifying and contact data processed for the purpose of soft-spam mentioned in paragraph 3, letter j) of this Privacy Policy will be stored by Aeroitalia until you object to this processing through the link provided at the bottom of each soft spam email or through other methods indicated in paragraph 7 of this Privacy Policy. Additionally, Personal Data related to flights and services purchased, processed as part of soft-spam communications described in letter j), paragraph 3 of this Privacy Policy, will be retained for this purpose for a period of 14 (fourteen) months from the time of their registration, unless you object to the processing before this period elapses.

In general, the Data Controller reserves the right to retain data for as long as necessary to comply with any legal obligations it is subject to, including potential obligations or orders to transmit Personal Data to Authorities, or to satisfy any defensive needs. Specific security measures are in place to prevent data loss, unlawful or improper use, and unauthorized access.

In any case, the Data Controller commits to ensuring that Personal Data processing is guided by the principles of adequacy, relevance, and data minimization, as required by the GDPR, and will periodically review the need for its retention.

Therefore, once the purposes for which the data was collected and processed have been achieved, Aeroitalia will remove the data from its systems and records and/or take appropriate measures to anonymize it to prevent re-identification of the data subject.

For more information regarding the data retention period and the criteria used to determine this period, you may request written information from the Data Controller using the contact details provided in paragraph 7 of this Privacy Policy.

7. RIGHTS OF THE DATA SUBJECT

The data subject may assert their rights and/or request information on the processing of their data by contacting the Data Controller at the contact details provided below, preferably including "Privacy Rights Request" in the subject line of the communication.

In particular, you may exercise the following rights at any time:

  1. Right to withdraw consent (Article 7 of the GDPR) – You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent before its withdrawal.
  2. Right of access (Article 15 of the GDPR) – You have the right to obtain confirmation of whether or not your personal data is being processed and to receive information related to such processing.
  3. Right to rectification (Article 16 of the GDPR) – You have the right to request the rectification of your Personal Data if it is incomplete or inaccurate.
  4. Right to erasure (Article 17 of the GDPR) – Under certain circumstances, you have the right to request the deletion of your Personal Data from our records.
  5. Right to restriction of processing (Article 18 of the GDPR) – Under certain conditions, you have the right to request the restriction of the processing of your Personal Data.
  6. Right to data portability (Article 20 of the GDPR) – You have the right to request the transfer of your Personal Data to another data controller, and to receive it in a structured, commonly used, and machine-readable format.
  7. Right to object (Article 21 of the GDPR) – You have the right to object to the processing of your Personal Data, providing reasons justifying the objection; the Data Controller may evaluate this request, and it may not be accepted if there are legitimate reasons to proceed with processing that outweigh your interests, rights, and freedoms. You may also object to receiving soft-spam communications by using the link at the bottom of each commercial email. In any case, you may always exercise this right by writing to the Data Controller at the contact details provided below.
  8. Right to lodge a complaint with the supervisory authority (Article 77 of the GDPR) – If you believe that the processing of your data violates data protection laws, you can file a complaint with the supervisory authority of the member state where you reside or work, or where the alleged violation occurred.
  9. Right to seek judicial remedies (Article 79 of the GDPR).

To exercise any of your rights, you can contact the Data Controller, represented by the legal representative, by sending a communication to the registered office at via Mantegna, no. 8, Fiumicino 00054 (RM), or by sending an email to privacy@aeroitalia.com, providing the following details:

  • Name, surname, and postal address
  • Details of the request
  • Booking code or flight number and date (if your request is related to a flight with Aeroitalia).

8. CHANGES

The Data Controller reserves the right to modify or update the contents of this policy, in part or entirely, also due to changes in applicable regulations. The Data Controller therefore invites you to regularly visit this section to be aware of the most recent and updated version of the privacy policy.

9. CONSENT OF MINORS IN RELATION TO INFORMATION SOCIETY SERVICES

To use the services provided through the Website, you must be over fourteen years old: the processing of Personal Data of minors under the age of fourteen is lawful provided it is exercised by the individual exercising parental authority.

10. VIRTUAL ASSISTANCE CHAT

The Website includes a virtual assistance chat service, designed to help users navigate and consult the information available on the Website. The virtual assistance chat does not involve the processing of Personal Data. Therefore, it is not necessary to provide Personal Data for its use, including data related to booking codes or flight information, as the virtual assistance chat will not be helpful in these circumstances. We invite you not to enter any Personal Data, of any kind, into the virtual assistance chat.

If the guided suggestions from the virtual assistance chat are insufficient for your request, you can contact an Aeroitalia support team member, who, as the data processor, will handle your Personal Data in full compliance with the applicable laws and only for the purposes mentioned above.

More information about the chat and assistance service is available in the dedicated privacy notice