Skip to main content

Cookie Policy

NOTICE

pursuant to European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data, and pursuant to current Italian legislation

Società per azioni Esercizi Aeroportuali S.E.A., with registered office in Segrate (Milan) – 20054 – at Milan-Linate Airport (“Company”) in the provision of services offered through its websites processes personal data freely provided by data subjects pursuant to Articles 4(7) and 24 of EU Regulation 2016/679 of 27 April 2016 concerning the protection of natural persons with regard to the processing of personal data (“Regulation”), and in accordance with current Italian legislation.

The processing of personal data means any operation or set of operations, carried out with or without the aid of automated processes, applied to personal data or sets of personal data, even if not recorded in a database, such as collection, recording, organization, structuring, storage, processing, selection, blocking, adaptation or modification, extraction, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction.

Therefore, the Company will proceed, pursuant to Articles 13 and 14 of the Regulation and Italian legislation, to the related processing for the purposes listed below, either manually and/or with the aid of IT or telematic tools.

1. Purpose and Legal Basis of Processing

Data is acquired and processed in compliance with the rules set out by the Regulation and current Italian law and may be processed for the following purposes on the basis of the data subject’s consent, to execute a contract, or due to a legal obligation:

-   provision of the Service (hereinafter “Primary Purposes”)
-   marketing (see section 3.2 below)
-   profiling (see section 3.3 below)
-   communication/disclosure of data to third parties (see sections 3.2 and 3.3)

2. Communication and dissemination of personal data for the pursuit of the Primary Purposes

Data may be communicated to third parties when required by law, including for the prevention/repression of any unlawful activity. Pursuant to Article 13, paragraph 1, letter (e) of the Regulation and Italian law, data may be communicated solely for the pursuit of Primary Purposes to employees/collaborators/consultants of the Company, as well as to third-party companies engaged by the Company to achieve Primary Purposes, the updated list of which is available at the Company's headquarters.

Data will not be disseminated or disclosed to the public or to an unspecified number of subjects.

3. Mandatory or optional nature of providing data for the purposes of processing

3.1 Primary Purposes

Providing data to the Company is mandatory only for data required by law.

Failure to provide such mandatory data may compel the Company to acquire them from third-party sources (where legally allowed), or may result in failure to provide the Service. Refusal to provide non-mandatory but necessary data for Service provision will not affect ongoing relationships, except where such data is essential to perform related operations or deliver the Service.

3.2 Marketing Purposes

For marketing purposes, it is necessary to obtain specific, separate, expressed, documented, prior and entirely optional consent.

By providing consent for marketing purposes, the data subject specifically acknowledges the promotional, commercial, and broad marketing purposes of the processing (including subsequent management and administrative activities) and expressly authorizes such processing pursuant to Article 6(1)(a) of the Regulation and in accordance with Italian law.

If the data subject does not consent to processing for marketing purposes, the Company will not carry out such processing. Refusal will not affect any other contractual or non-contractual relationship with the user.

The data subject may also consent to the communication/disclosure of data to third parties for their own marketing purposes. If no such consent is given, the Company will not share the data and will process it exclusively itself if the user has provided marketing consent.

3.3 Profiling Purposes

The Company may carry out profiling for marketing and service improvement purposes. As per Article 4(1)(4) of the Regulation: “any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements”.

Specific and separate consent is required for profiling.

If the data subject does not provide consent for profiling, the Company will not perform such processing. The data subject is free to consent to marketing processing and deny consent to profiling and/or to data disclosure to third parties for profiling. If such consent is not given, no profiling or third-party sharing will occur. Data collected will be processed solely by the Company where marketing consent was granted. Profiling data and related profiles will not be disseminated.

In any case, even where the data subject has given consent for all the purposes mentioned above, they remain free to revoke it at any time.

As specifically and separately informed under Article 21 of the Regulation, where applicable, the data subject has the right to object at any time to the processing of their personal data for such purposes, and if so, such data will no longer be processed for these purposes.

4. Transfer of personal data to non-EU countries

Data collected and processed is not transferred to companies or other entities outside the EU.

5. Data retention periods

Personal data subject to processing will be retained in accordance with the principle of proportionality and until the purposes for which the data was collected have been achieved.

6. Data Controller

The Company acting as data controller is identified as follows:

Società per azioni Esercizi Aeroportuali S.E.A., with registered office in Segrate (Milan) – 20054 – at Milan-Linate Airport.

7. Data Protection Officer (DPO)

You may contact the Data Protection Officer, including for exercising your rights under Articles 15-22 of the Regulation, by emailing privacy@seamilano.eu.

8. Data Subject Rights

In relation to the processing of personal data, data subjects may exercise the rights provided for in Articles 15 to 22 of Regulation (EU) 2016/679, summarized in Annex A to this notice.

The exercise of rights is free of charge and not subject to any formal requirements.

Annex A

European Regulation on Personal Data Protection Articles 15 to 22

Pursuant to Articles 15 to 22 of Regulation (EU) 2016/679, the data subject has the right to obtain from the data controller the rectification, integration, or deletion (so-called right to be forgotten) of their personal data; the right to restrict processing and the right to data portability; the right to object to the processing of personal data, including profiling; and the right to lodge a complaint with the supervisory authority.

 

Cookie Policy

1. Cookie Policy

SEA uses only technical cookies on its websites. Technical cookies are those used solely to “carry out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service” (see Art. 122, paragraph 1, of Legislative Decree No. 196/2003).
These cookies are not used for other purposes and are normally installed directly by SEA.
SEA's technical cookies may be divided into the following categories:

 • Browsing cookies, which save browsing preferences and optimize the User’s browsing experience;
 • Analytics cookies, which collect statistical information on Users' browsing behavior. This information is processed in aggregate and anonymous form;
 • Functionality cookies, including those of third parties, used to enable specific functionalities of this online space and necessary to provide or improve the service.

These cookies do not require the data subject’s prior consent for installation and use.
Personal data voluntarily provided by users will not be disseminated and may only be communicated to specific entities, such as third-party companies SEA may engage for site management, customer care activities, or the sending of promotional and advertising messages.
Data may also be disclosed to the relevant Public Authorities in compliance with legal obligations.
Regarding the processing of collected data, data subjects may exercise the rights of access, update, rectification, integration, or erasure, and all other rights set out in Art. 7 of Legislative Decree 196/2003 by accessing their personal page on the site (if registered), or by sending a request by mail to the Data Access Rights Officer, identified as the Director of Legal and Corporate Affairs of SEA – Società p.A. Esercizi Aeroportuali – 20054 Segrate, Milan Linate Airport, or via email to privacy@seamilano.eu.

Right of access to personal data and other rights

1. The data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, even if not yet recorded, and their communication in intelligible form.

2. The data subject has the right to be informed of:

a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied in case of processing with electronic tools;
d) the identity of the data controller, processors, and the designated representative pursuant to Article 5, paragraph 2;
e) the entities or categories of entities to whom the personal data may be disclosed or who may become aware of it as designated representatives, processors, or persons in charge.

3. The data subject has the right to obtain:

a) the updating, rectification or, where interested, integration of data;
b) the deletion, anonymization or blocking of data processed unlawfully, including data not required to be retained for the purposes for which they were collected or subsequently processed;
c) certification that the operations under letters a) and b) have been notified, also as to their contents, to those to whom the data was communicated or disseminated, unless this proves impossible or involves a manifestly disproportionate effort.

4. The data subject has the right to object, in whole or in part:

a) for legitimate reasons to the processing of personal data concerning them, even if relevant to the purpose of collection;
b) to the processing of personal data for the purpose of sending advertising materials or direct selling or for conducting market research or commercial communication.

Acceso