Privacy Policy - Newsletter

Subscription to the newsletter service is reserved for those who are 14 years of age or older and requires the provision of some personal data.
As required by the current legislation regarding the protection of personal data (art. 13 General Data Protection Regulation, hereinafter also GDPR) SO.GE.A.AL. S.p.A., the legal representative pro tempore, (hereinafter also referred to as “Owner” or the “Company”), provides users that wish to subscribe to the newsletter service some information regarding the processing of acquired data.

IMPORTANT INSTRUCTIONS
Subscription to the newsletter is reserved for users who are at least 14 years old, as well all users must have an email address. The newsletter is aimed at communications related to airport activity. Users who have given their consent to data processing for marketing purposes will also be sent promotional and commercial communications.

DATA CONTROLLER
The Data Controller is SO.GE.A.AL. S.p.A., with a registered office in Regione Nuraghe Biancu, 07041 Alghero (SS), P. IVA 01635090903. The company can be contacted via email at privacy@sogeaal.it or by phone at +39.079.935011

DATA PROTECTION OFFICER (DPO) CONTACT

The Data Controller has appointed the Data Protection Officer. They can be contacted at dpo@sogeaal.it

WHAT DATA IS PROCESSED
The data processed is provided by the user through the completion of the appropriate registration form for the newsletter service.

WHAT ARE THE PURPOSES AND LEGAL BASIS OF THE PROCESSING
The personal data provided by the user through the dedicated forms are used to allow the interested party to subscribe to the newsletter and receive regular emails related to the activities of the airport and with authorization, promotional and marketing communications.

The legal basis for the processing of data is the execution of the contract to deliver the newsletter service.

For promotional and commercial communications, the legal basis is consent, which may be revoked at any time.

If necessary, the data may also be used in the Data Controller’s legitimate interest, in verifying the security and proper functioning of the computer systems and in carrying out security activities.


HOW IS DATA COLLECTED
The data collected is processed with computer tools and residual in paper form. Adequate security measures are taken to prevent data loss, illicit or incorrect use and unauthorised access.

DATA TRANSFER ABROAD
The data is managed through the servers and used by the Data Controller for the website and third party services (used for payments and for receiving requests by email) that involve a transfer of data abroad in compliance with the necessary guarantees (standard contractual clauses).

DATA STORAGE PERIOD
The data relating to the account is kept until the user requests to cancel or until 24 months after the last access.
The data processed for the management of purchases is kept in accordance with the laws related to administrative and accounting purposes and within the prescribed terms set forth by the rights and obligations underlying the processing.
If agreed, the data processed for marketing purposes will be retained for two years, without prejudice to the right of the opposition. The person concerned may exercise freely and without any charges at any time to the sending of promotional communications via automated or traditional means.

The Data Controller reserves the right without prejudice, and for security means to store data beyond the indicated terms.

WHAT HAPPENS IF THE DATA IS NOT PROVIDED?
The provision of data is optional and is subject to the user's wish to register. Failure to provide data will make it impossible to create an account and use the functions reserved for registered users.

DATA ACCESS
The data will be processed by the Data Controller and by the staff authorised to do the processing.
The competent authorities may have knowledge of the data in the case of specific requests which the holder is required by law to give. For example, to companies providing IT supply services, to payment services providers, to consultants that the owner uses for financial and administrative management and, to consultants for the management of litigation and legal assistance.

It should be noted that some of the indicated subjects operate as owners, and others are responsible for the processing of data and communication. Those who operate as independent controllers do so because it is required by law or necessary to fulfil the obligations arising from the pre-contractual relationship or the holder's legitimate interest in maintaining the security of the computer systems and in the systems security conduct.

The detailed list of the subjects to whom the data may be communicated can be requested by contacting the Data Controller.

It should be noted that personal data communication is limited to only categories of data whose transmission is necessary for the performance of the activities and purposes pursued.

THE USERS RIGHTS

The law recognises that the interested party has the right to ask the Data Controller for access to personal data, the rectification or cancellation of data, the limitation or opposition to the processing of their data, as well as the right to data portability.

It should be noted that you have the right to oppose the processing of marketing data.

The interested party may assert their rights at any time, without formalities, by contacting the Data Controller or the Data Protection Officer through the contact information listed on this website. The Data Controller will respond within 30 days of receiving the request, as required by current legislation.

The rights recognised by current legislation on the protection of personal data is provided in detail below.

  • The right of access, i.e. the right to obtain from the Data Controller the users confirmation as to the processing of personal data, to obtain access to the personal data and the following information: a) for the purposes of the processing; b) for the categories of personal data concerned; c) for the recipients or categories of recipients to whom the personal data has been or will be communicated, in particular for recipients of third countries or international organisations; d) when possible, the retention period of the personal data provided or, if not possible, the criteria used to determine such period; e) for the right to request from the Data Controller the rectification or erasure of personal data or restriction of processing of personal data concerning the user or to oppose the users processing; f) for the right to file a complaint with a supervisory authority; g) should all available information on their origin not be collected from the data subject h) for the existence of an automated decision-making process including profiling and, in those cases, meaningful information on the logic used, as well as the importance and the consequences expected of such processing for the data subject. Where personal data is transferred to a third country or an international organisation, the data subject has the right to be informed of adequate safeguards relating to the transfer.

  • The right of amendment i.e. is the right to obtain from the Data Controller the rectification of inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, by providing an additional statement.

  • The right of erasure, i.e. the right to obtain from the Data Controller the cancellation of personal data concerning you without undue delay if: a) the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed; b) the subject revokes the consent on which the processing is based and if there is no other legal basis for the processing; c) the subject opposes to the processing carried out because it is necessary for the performance of a task in the public interest or in the case of official authorities vested in the owner or for the purposes of the legitimate interest and there is no legitimate reason prevailing to proceed with the processing, or opposes to the processing for direct marketing purposes; d) the personal data has been unlawfully processed; e) the personal data must be deleted in order to fulfil a legal obligation under union or member state law to which the controller is subject; f) the personal data has been collected in relation to the provision of information society services to minors. However, the request for cancellation cannot be accepted if the processing is necessary: a) to exercise the right to freedom of expression and information; b) for the fulfilment of a legal obligation that requires processing provided by EU law or of the member state which is subject to the holder of the treatment or for the performance of a task carried out in the public interest or in the case of public authority vested in the holder of the processing; c) for reasons of public interest in the field of public health; d) for archiving purposes in the public interest, scientific research, historical, or statistical purposes, to the extent that the cancellation risks makes it impossible or seriously undermines the achievement of the objectives of that processing; e) for the assessment, exercise or defence rights in court.

  • The right of limitation, i.e. the right to obtain processed data, except for storage, only with the consent of the data subject or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of important public interests of a union or of a member state, if: a) the interested party disputes the accuracy of the personal data, for the period needed by the Data Controller to verify the accuracy of such personal data; b) the processing is unlawful and the data subject objects to the erasure of personal data and instead requests that its use be limited; c) the Data Controller should no longer need this data for the purposes of processing, the personal data is necessary for the data subject to ascertain, exercise or defend a right in court; d) the interested party has opposed the treatment because it is necessary for the performance of a task for public interest or in the exercise of official authority vested in the owner or for the purposes of the legitimate interests of the holder of the treatment or of a third party, pending the verification on the possible prevalence of the legitimate reasons of the holder of the treatment compared to those of the data subject.

  • The right to the portability, i.e. the right to receive in a structured format, in common use and readable by automatic devices, personal data provided to the Data Controller. The Data Controller has the right to transmit data to another Data Controller without impediments from part of the holder who has supplied them, as well as the right to obtain the direct transmission of personal data by one Data Controller to another, if technically feasible, in cases where such processing is based on consent or on a contractual basis the processing is carried out by automated means. These rights shall be without prejudice for the right to erasure.

  • The right to object, i.e. the right of the interested party to oppose at any time, for reasons connected to their particular situation, to the processing of their personal data carried out because it is necessary for the performance of a task for public interest or in the exercise of official authority vested in the owner or for the purposes of the legitimate interests of the holder of the treatment or of third parties. Where personal data is processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data carried out for these purposes, including profiling related to direct marketing.


The interested party is then informed, and if they consider that the processing of their personal data occurs in violation of the provisions of the RGDP, they have the right to file a complaint with the guarantor, as provided for by art. 77 of the regulation itself or to appeal to the appropriate courts (art. 79 of the regulation).


ADDITIONAL INFORMATION
Further information is contained on the website, user and cookie information can be accessed at any time from the footer of the website.

This privacy policy was updated on 23/06/2020