PRIVACY POLICY FOR SITE USERS/VISITORS

PRIVACY POLICY

The purpose of this privacy policy is to describe how SEA web sites are administered with regard to the processing of personal data of the users/visitors who consult them. This site is owned and administered by S.E.A. S.p.A., which guarantees compliance with the legislation on protection of personal data (Legislative Decree 196/03).

In providing its services, SEA will necessarily come into possession of personal information and data: We therefore ask you to read carefully the policy statement pursuant to Article 13 of Legislative Decree 196/03, which you will find on all the forms requesting personal data.

The set of data provided constitute the personal profiles of users, which they can update, correct, supplement or delete.

The personal data are processed with automatic instruments (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data were collected. Specific security measures are in place to prevent the loss or the illegal or improper use of the data and unauthorized access to them, in conformity with the provisions of Legislative Decree 196/03.

The personal data provided by users when enrolling with the services, or collected thereafter when the services are used, including those related to web traffic, will be processed by SEA to provide the services (and any other related service requested) and for the maintenance and technical assistance to the services, for the management of any complaints or litigation and for preventing/repressing fraud and any other illicit activity. They may also be processed, of course, to fulfil any legal, regulatory or EU obligations.

SEA may occasionally update this Privacy Policy. In the case of substantive modifications to the content of this declaration, SEA will notify customers by publishing notices on its web site.

The Data Processing Controller is SEA. The Data Processing Manager, the individual responsible for processing of the data is the Director of IT Systems SEA. Persons in Charge of data processing have been appointed within the company.

The personal data provided voluntarily by users shall not be divulged and may be transmitted only to certain parties, such as other companies to which SEA may entrust specific activities or services related to administration of the web site, to customer care, or to the sending of promotional-advertising messages.

The data may also be transmitted to the competent public authorities to meet legal obligations.
 
Regarding the processing of the collected data, data subjects shall be entitled to exercise the right to access, update, correct, supplement or cancel them, and all the rights set forth in Article 7 of Legislative Decree 196/2003, by directly accessing their personal page on the site (if registered) or by sending a request by regular mail to the person in charge of exercising personal data access rights, i.e. the director of Legal and Corporate Affairs of SEA – Società S.p.A. Esercizi Aeroportuali – 20090 Segrate, Milano Linate Airport, or to the e-mail address privacy@seamilano.eu.

Article 7. Right of access to the personal data and other rights

1. Data subjects shall have the right to obtain confirmation as to whether or not personal data concerning them exist, even if the data have not yet been recorded, and communication of such data in intelligible form.

2. Data subjects shall have the right to information on:

a) the source of the personal data;
b) the purposes and modes of processing;
c) the logic applied when the data is processed with the use of electronic instruments;
d) the identity of the data controller, data processing officers and the representative designated pursuant to Article 5.2;
e) the entities or categories of entities to which the personal data can be transferred or which can gain knowledge of them as designated representatives of the state, data processing officers, or data processors.

3. Data subjects shall have the right to obtain:

a) the updating, correction or, should they be interested, additions to the data;
b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of law, including those that need not be retained for the purposes for which the data were collected or subsequently processed;
c) certification that the parties to which the data have been transferred or disseminated have been notified of the operations specified in points a) and b), also regarding their content, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

4. Data subjects shall have the right to oppose, wholly or in part:

a) for legitimate reasons, the processing of their personal data even when it pertains to the  purpose of collection;
b) the processing of their personal data for the purpose of sending advertising or direct marketing material or to conduct market research or commercial communication surveys.

COOKIE DISCLOSURE

Cookie disclosure Italian Legislative Decree no. 196 of 30 June 2003 (the “Personal Data Protection Code” or the “Code”) establishes the right of anyone to have their personal data protected. The legislation in question therefore rules that personal data is processed in compliance with fundamental freedoms and rights and in respect of the dignity of the data subject, with specific reference to the right to the confidentiality and protection of personal data.

The websites of Società per azioni Esercizi Aeroportuali S.E.A. (“SEA”) www.viamilanoeshop.eu, www.viamilanoparking.eu, www.milanomalpensa-airport.com and www.milanolinate-airport.com (the “Websites”) use their own and third party technical cookies and third party profiling cookies; below is, therefore, the information envisaged by the reference legislation.

What cookies are

Cookies are small strings of text that websites visited by the user send to the terminal (usually the browser), where they are saved before being re-sent to the same websites at the next visit by the same user. When browsing a website, the user may also receive cookies on his terminal sent by different web servers or websites (referred to as “third party”) on which certain elements may be held (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the website that he is visiting. Three categories of cookies are identified: “technical” cookies, “non-anonymous analytical” cookies and “profiling” cookies, own and third party.

Technical cookies

The technical cookies are those used merely to “transmit a communication on an electronic communication network or to the extent strictly necessary to the supplier of an information society service, specifically asked by the contractor or user to supply said service” (Art. 122, paragraph 1 of the Personal Data Protection Code). They are not used for any further purpose and are normally installed directly by the Controller or website manager. They can be divided up into browsing or session cookies, which guarantee the normal browsing and use of the website (allowing, for example, a purchase to be made or user to identify himself in order to access reserved areas); analytics cookies, similar to technical cookies, where used directly by the website manager to collect information in aggregated form on the number of users and on how they visit the website; function cookies that enable the user to browse according to a series of selected criteria (e.g. language, products chosen for purchase) in order to improve the service offered. For the installation of technical cookies, no prior user consent is required, whilst the obligation remains to provide a disclosure in accordance with Art. 13 of the Personal Data Protection Code, which the website manager, if only using these devices, may supply in the way it considers most appropriate.

The following technical cookies are used:

http://www.milanolinate-airport.com and http://www.milanomalpensa-airport.com

o JSESSIONID: session cookies, created by the WebLogic server to maintain the session. They expire when the session expires.
o __utma: created by Google Analytics, cookie distinguishing the Visitor. This lasts for 2 years and, amongst other things, has a unique code that can distinguish the Visitor. Google Analytics, to measure the number of people (one-time visitors) who visited a website, counts the utma number;
o _utmb and _utmc. These are the two cookies that identify the session (Visit). Google Analytics uses them to calculate the metrics based on time, and duration of Visit or time on the Page. They expire when the browser is closed or the website exited;
o __utmt: tracking cookie, created by Google Analytics. It is valid for 10 minutes;
o __utmz: identifies the Source of Traffic. This allows information to be collected on the origin of the Visit (organic search, link on another website, on-line campaign, etc.). It lasts for 6 months;
o s_fid: tracking cookie, created by Adobe Omniture. It is valid for 5 years;
o s_sq: tracking cookie, created by Adobe Omniture. They expire when the browser is closed or the website exited;
o s_cc: tracking cookie, created by Adobe Omniture. They expire when the browser is closed or the website exited;
o OAID: Cookie of the adserver that is used to avoid the user from viewing the same banners during the browsing session (saved upon clicking on the AdServer banner). It is valid for 1 year.

http://www.viamilanoparking.eu

o _ga: created by Google Analytics; used to collect information and generate statistics on the use of websites, without supplying personal data on individual visitors to Google. It is valid for 2 years;
o _gat: created by Google Analytics; used to collect information and generate statistics on the use of websites, without supplying personal data on individual visitors to Google. It is valid for 10 minutes;
o _gid: created by Google Analytics; used to collect information and generate statistics on the use of websites, without supplying personal data on individual visitors to Google. It is valid for 24 hours;
o s_fid: tracking cookie, created by Adobe Omniture. It is valid for 5 years;
o s_cc: tracking cookie, created by Adobe Omniture. They expire when the browser is closed or the website exited;

• https://www.viamilanoeshop.eu

o Commerce: browsing cookies, created by the application. They expire when the session expires;
o JSESSIONID: session cookies, created by the WebLogic server to maintain the session. They expire when the session expires;
o __utma: created by Google Analytics, cookie distinguishing the Visitor. This lasts for 2 years and, amongst other things, has a unique code that can distinguish the Visitor. Google Analytics, to measure the number of people (one-time visitors) who visited a website, counts the utma number;
o _utmb and _utmc. These are the two cookies that identify the session (Visit). Google Analytics uses them to calculate the metrics based on time, and duration of Visit or time on the Page. They expire when the browser is closed or the website exited.
o __utmt: tracking cookie, created by Google Analytics. It is valid for 10 minutes;
o s_fid: tracking cookie, created by Adobe Omniture. It is valid for 5 years;
o s_cc: tracking cookie, created by Adobe Omniture. They expire when the browser is closed or the website exited;


Third party profiling cookies (marketing/retargeting)

Third party profiling cookies are used by third party companies and enable the user to view advertising banners on other affiliated websites, showing the last products displayed on the websites www.viamilanoeshop.eu, www.viamilanoparking.eu, www.milanomalpensa-airport.com and www.milanolinate-airport.com.
These cookies allow for the creation, distribution and monitoring of digital marketing campaigns and show the user products that could be of interest to him.
More specifically, as regards third party profiling cookies:
Adform is used for on-line marketing campaigns, including based on user behaviour. For more information and to disable this cookie: http://site.adform.com/privacy-policy/en/.

Acceptance and waiver of cookies

By continuing to browse on one of the above-specified websites, clicking on the “I accept” button or clicking on any part of the page, the SEA Cookie Policy is accepted and the cookies are set and collected for the website being browsed. If cookies are not accepted, and browsing is therefore discontinued, there is no provision for an “I do not accept” button; any cookies already recorded locally in the browser will remain recorded there but will no longer be read or used by SEA until subsequent potential acceptance of the Policy. There is always the option of removing these cookies at any time, in the ways described over the next few paragraphs.

1. Purpose in which the data will be processed

The purposes for which the cookies on our above websites are used are as follows:

1. Execution of IT authentication
2. Session monitoring
3. Definition of user profile according to preferences expressed during browsing.

2. Nature of data conferral and consequences of a potential refusal to respond

With reference to points 1. and 2. pursuant to paragraph 1 above, the installation of these cookies is not subject to prior user consent, as they are strictly necessary to transmit the communication on an electronic communication network.

With reference to point 3. pursuant to paragraph 1. above, user consent is necessary in connection with the installation of these cookies and a potential denial does not in any way preclude website browsing.

Processing will take place using automated systems that are able to save and manage data in compliance with the above purpose and in such a way as to guarantee security and confidentiality.

3. Scope of disclosure and dissemination of data

For the above purposes, the data may be disclosed by Società per Azioni Esercizi Aeroportuali S.E.A.:

- to all subjects whose faculty to access said data is recognised according to regulatory provisions and/or by order of the Authorities;
- to our collaborators, employees, consultants and suppliers, under the scope of their respective duties;
- to other companies of the SEA group.

4. Details identifying the data controller and supervisor

The Data Controller in accordance with the Code is Società per Azioni Esercizi Aeroportuali S.E.A., with registered office in Segrate (Milan) at Milan Linate Airport.

The Data Supervisor in accordance with the Code is the SEA Information and Communication Technology Manager. Within the Company, Persons in charge of data processing have been identified. Data will be processed by employees and collaborators of the Controller, as Persons in charge of the processing and Data Supervisors. A complete, up-to-date list of Data Supervisors appointed by the Controller can be obtained by e-mailing privacy@seamilano.eu. Data collected using cookies will not be disseminated.

5. Rights pursuant to Art. 7 of Italian Legislative Decree no. 196/2003

As regards the processing of the data collected, data subjects shall have the faculty to access the rights of access, update, rectification, supplementation or deletion and all other rights pursuant to Art. 7 of Italian Legislative Decree 196/2003 by sending the request by ordinary post to the Manager for the exercise of rights of access to personal data, identified as the SEA Legal and Corporate Affairs Manager - – 20090 Segrate (Milan), at Milan Linate Airport or by e-mailing privacy@seamilano.eu.

Art. 7 of the Code (Right to access personal data and other rights):

“1. A data subject shall have the right to obtain confirmation as to whether or not personal data concerning him/her exist, either registered or in the process of being recorded, and communication of said data in intelligible form.

2. A data subject shall have the right to be informed of:

a) the source of the personal data;
b) the purposes and methods of the processing;
c) the logic applied to the processing, if carried out with the help of electronic means;
d) the identification data concerning the data controller, data processors and the representative designated as per article 5, paragraph 2;
e) the entities or categories of entity to whom or which the personal data may be communicated and who or which may get to know said data in their capacity as designated representative in the State's territory, data processors or persons in charge of the processing.

3. A data subject shall have the right to obtain:

a) updating, rectification or, where interested therein, integration of the data;
b) erasure, anonymisation or blocking of the data that has been processed unlawfully, including data whose retention is unnecessary for the purposes for which it has been collected or subsequently processed;
c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data was communicated or disclosed, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected.

4. A data subject shall have the right to object, in whole or in part:

a) on legitimate grounds, to the processing of personal data concerning him/her, even though this is relevant to the purpose of the collection;
b) to the processing of personal data concerning him/her, where it is carried out for the purpose of sending advertising materials or direct selling, or for the performance of market or commercial communication surveys.”


HOW CAN I DISABLE COOKIES?

At the same time as accessing any of the website pages, a banner is displayed giving a brief disclosure. By closing the banner or continuing to browse by accessing another area of the website or selecting an element on it (e.g. an image or link), you consent to the use of cookies. Any refusal to use cookies does not in any way prevent you from browsing the website; below are instructions on how to disable cookies.

1. How can I disable third party cookies?

Advertising companies allow you to renounce receiving targeted announcements if you so wish. This does not prevent the setting of cookies but does suspend the use and collection of some data by said companies.

In accordance with Article 154, paragraph 1, letter c) of the Code, below are the links to the web pages giving the disclosures by third parties:

AD FORM: http://site.adform.com/privacy-policy/en/ (English version)

For more information and to renounce, should you so wish, also visit http://www.youronlinechoices.com/uk/

2. How can I disable cookies from the major browsers?

Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies saved to the hard disk of your device can in any case be deleted and cookies can also be disabled by following the instructions given by the main browsers; the links below are to the instructions offered by the main browsers:

Chrome: https://support.google.com/chrome/answer/95647?hl=en
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies#ie=ie-10
Opera: http://help.opera.com/Windows/10.00/en/cookies.html
Safari: https://www.apple.com/legal/privacy/it/cookies/