Privacy

The undersigned company, Air Dolomiti S.p.A. Linee Aeree Regionali Europee, with registered office in Dossobuono di Villafranca (VR), via Paolo Bembo, 70, VAT number IT-00445990310, in its capacity as "Data Controller" for the processing of personal data, provides the following information, to users browsing its websites listed below, pursuant to Article 13 of EU Regulation 2016/679 dated 27 April 2016, unified in content relating to the scope of data processing and management, broken down and separated by processing purposes, according to the specificity of acquisition of personal data on the various pages of the website from which the user can be redirected.
 
Pursuant to EU Regulation 2016/679 (hereinafter the "Regulation"), this page describes the processing of the personal data of users who visit the website of the undersigned company, Air Dolomiti S.p.A. Linee Aeree Regionali Europee, which can be access electronically via the following addresses:


→ Privacy Policy for the Air Dolomiti Facebook page

Source of data and purpose of data processing

Personal data and any sensitive data in the possession of the company Air Dolomiti S.p.A. Linee Aeree Regionali Europee, are collected through electronic format, paper format and/or directly from customers and/or their partners, suppliers and/or their partners, or other third parties. 
The data provided are processed by the company Air Dolomiti S.p.A. Linee Aeree Regionali Europee for the following purposes:

1. to execute the services requested, as well as for the activities connected with and/or instrumental to the correct management thereof; the services that the airline Air Dolomiti S.p.A. L.A.R.E. offers are:
1.1 the issuance of flight tickets, managed by the Autonomous Holder, Amadeus IT Group SA ('Amadeus') on its web portal
1.2 the sending of booking confirmations
1.3 services related to the flight you booked, and information related to the flight and baggage services
1.4 management of the procurement process.

2. for the purpose of sending and/or receiving quotes relating to services offered by the undersigned Air Dolomiti S.p.A. L.A.R.E.;

3. with respect to obligations provided for by laws, regulations and EU legislation, as well as by instructions given by authorities legitimated by the law and by supervisory and control bodies; these obligations include those of transmitting the passenger’s "reservation, control and boarding" data (PNR) to the national authorities.

4. sample analysis of customer satisfaction, i.e. the level of service received by customers. This purpose does not require consent but only information, as it has no marketing or profiling purposes. 

5. browsing of the website, in relation to the possibility of collecting data from the User necessary at a technical level. The following information is collected:
a. Internet Protocol (IP) address or the name of the device used;
b. type of browser and parameters of the device used to connect to the Website;
c. date and time of visit;
d. the numeric code indicating the status of the response given by the server (successful, error, etc.);
e. other parameters related to the operating system and computer environment of the device.

6. administrative-accounting activities, or to carry out activities of an organisational, administrative, financial and accounting nature, such as internal organisational activities and activities functional to the fulfilment of contractual and pre-contractual obligations.

The process of selling flight tickets via the website of Air Dolomiti S.p.A. L.A.R.E. is entirely carried out by the partner Amadeus IT Group SA ("Amadeus"), Autonomous Data Controller, a company registered with the Commercial Registry of Madrid, VAT No. ES-A84236934, with registered office located in Via Salvador de Madariaga 1, 28027 Madrid (ESP), certified according to PCI-DSS http://www.amadeus.com. No data relating to the credit cards used for payments is managed, acquired, processed or retained by Air Dolomiti S.p.A. L.A.R.E.

7. sending out newsletters. Pursuant to Legislative Decree No. 196 of 30 June 2003, as amended (“Privacy Code”) and EU Regulation 2016/679 (“Privacy Regulations” or “GDPR”), AIR DOLOMITI S.p.A. Linee Aeree Regionali Europee, with registered office in Via Paolo Bembo, 70, 37062 Frazione di Dossobuono - Villafranca di Verona - Italy, VAT Number 00445990310 (hereinafter referred to as the “Company” or the “Data Controller”) intends to inform you that, in case of your express consent (pursuant to Article 6, paragraph 1, letter a) of the Privacy Regulations), your personal data shall be processed to provide you with updates on all promotional and commercial initiatives, by sending advertising and/or promotional materials via email (hereinafter referred to as the “Newsletter”). In addition, in case of your express optional consent (pursuant to Article 6, paragraph 1, letter a) of the Privacy Regulations), your personal data shall be processed for the provision of personalized communications and promotions and customer analysis in order to improve the service offered (profiling). We may, with your consent, carry out analytical activities on purchasing habits and data optionally provided during registration or at a later stage through a web portal or through communication of data through a questionnaire.
Consent for marketing purposes is required to subscribe to the newsletter, as the latter does not contain informational content other than promotional content. In fact, the normative definition of “advertising” includes “any type of message that is disseminated, in any way, in the exercise of any commercial, industrial, artisanal or professional activity for the purpose of promoting the sale or transfer of movable or immovable goods or property, the provision of works or services or the establishment or transfer of rights and obligations over them”.
The data you provide shall be processed primarily on paper and/or using IT tools under the authority of the Data Controller, by individuals specifically authorized and instructed in the same processing (pursuant to Article 2-quaterdecies of the Privacy Code and Articles 28 and 29 of the Privacy Regulations). We inform you that appropriate security measures are also adopted pursuant to Articles 5 and 32 of the Privacy Regulations to prevent data loss, illegal or incorrect use and unauthorized access to the same data.
The data may be communicated, within the EU, in full compliance with the provisions of the Privacy Code and the Privacy Regulations, to the following parties: to financial authorities and/or other public authorities, where required by law or at their request; to the facilities, individuals and external companies that the Data Controller uses to carry out activities connected with, instrumental to or consequent to the execution of the Newsletter service; to external consultants, where designated in writing as Data Processors. The updated list of Data Processors can be provided upon request by the Data Subject. The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted by sending a regular communication to the corporate office or by email at [email protected].
The data required to send the Newsletter shall be processed based on an “OPT-OUT” management model, that is, until the Data Subject exercises the right to unsubscribe from the service. You may exercise your rights under Articles 15 et seq. of the Privacy Regulations, at any time, for access, rectification, transformation, blocking, deletion and restriction of the data processing.

8. the exercise of rights. Personal data, in the event of the exercise of rights by the data subject, shall be processed as specified in the specific policy appended to the request form at the page bottom

9. transfer to third parties for their specific marketing purposes, subject to specific/separate/documented and free consent. The product categories to which third parties belong: large-scale retail, clothing, publishing, tourism and accommodation facilities, cosmetics and pharmaceuticals, gifts, event organisation, training agencies.
 
10. disclosure and reporting to the Public Security Authorities of situations of anomalous conduct by passengers.

Personal data shall not be disclosed.
 
Legal basis and lawfulness of processing
With reference to the purposes referred to in sections (1,2,5) of the preceding paragraph, the legal basis of the processing is the execution of services provided via the Website. As regards the optional purposes referred to in sections (7 and 9), the legal basis for processing is the freely given consent. With reference to the purposes referred to in sections (3, 6), the legal basis for the processing is to fulfil a legal obligation to which the Data Controller is subject. With reference to the purposes referred to in section (4), the legal basis for the processing is necessary for the pursuit of the legitimate interest of the Data Controller, for which the appropriate balancing of interests has been assessed (the purpose is optional and there is no consequence in the event of non-response).
As regards purpose (10), the legal basis is:
• a legal obligation when the facts under consideration relate to flight safety
• a legitimate interest when the facts considered relate to possible breaches of regulations on which there are company guidelines. A balancing assessment of interests was carried out for this processing, authorising its legitimacy. 
 
Data processing methods
The processing of personal data processing shall be guaranteed with security and confidentiality and can be carried out using manual or automated (software) tools, capable of storing, managing and transmitting said data.
You are also hereby informed that personal data shall be processed in compliance with current legislation that provides, inter alia, for the fact that they are processed lawfully and fairly, collected and recorded for specific purposes.

For passengers traveling with us to France, in accordance with article L 237-7 of the French national security code, we wish to inform you that as an air carrier we must transmit the reservation, control and boarding data collected from passengers to the French national public services (API/PNR) and the competent authorities for the purposes and under the conditions referred to in Decree no. 2014-1095 of 26/09/2014, amended by decree 2018/714 of 3 August 2018.
 
Data provided voluntarily by the user
The optional, explicit and voluntary submission of electronic mail to the addresses specified on this website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message.
 
Cookies
Please refer to the extended cookie policy which can be viewed via the following link: cookie policy.
 
Rights of the data subject​
The possibility of requesting the exercise of the rig https://www.airdolomiti.eu/cookie-policy provided for in Articles 15, 16, 17, 18 and 21 of EU Regulation 2016/679 as regards rectification, erasure, limitation and objection to processing, in accordance with the procedures set out in Article 12 of said Regulation, remains valid.
It should be noted that any corrections or erasures or limitations of processing made on request shall be notified by Air Dolomiti S.p.A. L.A.R.E. to each of the recipients to whom the personal data have been transmitted, unless this proves impossible or involves a disproportionate effort. Air Dolomiti S.p.A. L.A.R.E. may inform the data subject of the addressees, should the latter so request.
 
The data subject is entitled to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR in the European Union Member State in which said data subject normally resides, works or where the alleged breach took place. The competent supervisory authority for Air Dolomiti S.p.A. L.A.R.E. is as follows: Personal Data Protection Authority. The Guarantor, the website of which is www.garanteprivacy.it, can be contacted via: 
• telephone switchboard: (+39) 06.696771
• Fax: (+39) 06.69677.3785
• Email: [email protected] 
• Certified email: [email protected] (this address is configured to receive notifications from certified emails ONLY)

Duration of processing
Your are hereby informed that the data you provide shall be processed under the following Data Retention terms:
• data provided in the form of OPT-IN (newsletter) shall be retained until their erasure is requested;
• as regards the data referred to in sections (1, 2), the data are to be erased after five years of the date of collection;
• as regards the data required to finalise an online sale from our website, please see the provisions of civil and tax regulations;
• as regards website browsing data (excluding cookies), erasure is expected to take place 26 months after the last browsing session;
• as regards customer satisfaction survey data, anonymisation is envisaged 10 years after collection;
• as regards the data referred to in section (8), erasure is expected to take place 24 months after the request; 
• as regards the data referred to in sections (7 and 9) provided with free and optional consent, these shall be processed until the request, by the data subject, for the withdrawal of consent (first-party marketing, third-party marketing).
• As regards the data referred to in section 10, the following shall be processed:
◦ for the period provided for by the current legislation, in the event of a complaint made to the Public Safety Authorities;
◦ for 5 years, if the report is only recorded in Air Dolomiti's management systems.

Data Processor (DPC) and Data Protection Officer (DPO)
You are hereby informed that the list of data processors may be requested by data subjects who have a legitimate interest, by sending a written notification, even if informal, (containing the identification data of the applicant) to the address of the registered office of Air Dolomiti S.p.A. Linee Aeree Regionali Europee specified in this policy (AIR DOLOMITI S.p.A. Linee Aeree Regionali Europee Privacy Department - Via Paolo Bembo, 70 - 37062 Dossobuono di Villafranca (VR) Italy), or to the unencrypted email address [email protected]. The Data Protection Officer appointed by the Data Controller can be contacted through the same contact details.