Personal data protection policy

Foreword

This general policy for personal data protection is issued by the company:
Aéroports de la Côte d’Azur,
Limited-liability company with a capital of €148,000,
with head offices located at 19 Rue Costes et Bellonte - CS 63331 - 06206 NICE Cedex 3, FRANCE,
Registered in the Nice Trade and Companies Register (RCS) under the number 493 479 489
 nice.aeroport@cote-azur.aeroport.fr.

The company Aéroports de la Côte d’Azur undertakes to respect the legal and regulatory provisions in force pertaining to personal data protection, and, in particular, French Law No. 78-17 dated 6 January 1978 as amended, as well as the General Data Protection Regulation (GDPR) No. 2016/679 dated 27 April 2016.

Aéroports de la Côte d'Azur wishes to develop a relationship of trust with its customers and professional partners, which is founded on meticulous respect for the privacy of individuals.


1. Purpose  

This policy has the purpose of informing you of the manner in which your data is collected, processed, stored, and sent to third parties by Aéroports de la Côte d'Azur as part of its professional activities.


2. Methods of processing personal data

As part of its activities, the company Aéroports de la Côte d'Azur may be required to collect and process personal data concerning you.


2.1. YOU ARE A PASSENGER

Within its capacity as concession holder for the Nice Côte d'Azur Airport, the company Aéroports de la Côte d'Azur provides airlines with its facilities and infrastructure, for the purpose of enabling the fulfilment of transport contracts, which bind them to their passenger customers, in turn enabling the latter to take their flights.

It is in this respect that the company Aéroports de la Côte d'Azur is required to collect a certain amount of data, including personal data.

The data is collected for several purposes: 

  • the management of passenger check-in (at desks or via self-check-in terminals),
  • the management of luggage (at desks or via self-check-in terminals),
  • the management of security controls,
  • assistance for handicapped individuals,
  • the management of the services provided for passengers (fast-track queueing, lounge access, VIP welcome service, lost and found items).

The data collected is the information included on passenger boarding passes.
 
These various processing procedures are justified by the execution of public-interest missions, by regulatory obligations, or by our legitimate interest as an airport operator.


2.2. YOU ARE USING OUR AIRPORT INFRASTRUCTURE

2.2.1. You are moving within the airport area
  • CCTV

In order to ensure the protection of individuals and property, to prevent theft and loss, as well as to aid any enquiries following an accident which has occurred within the airport area, Nice Côte d’Azur Airport has a CCTV system, declared to the local Prefecture, composed of over 1825 cameras.

Images from the CCTV system are stored for 15 days, and may only be viewed by cleared personnel.

  • Monitoring the passenger circuit

In order to better understand and improve the passenger experience in the air terminals of Nice Côte d’Azur Airport, the company Aéroports de la Côte d’Azur has implemented, in certain areas, a processing system which collects passengers' MAC addresses.

The data collected in this context is subject to short-term pseudo-anonymisation, and it is definitively deleted 24 hours after being collected.

You have the right to object to this processing, and can exercise this right by writing to the following email address: dpo@cote-azur.aeroport.fr, specifying your MAC address in your request. 
To find out the MAC address of an iPhone, please follow the steps below: Go to ‘Settings’. Under the ‘General’ section, press ‘About’. On the next screen, you’ll find the MAC address next to the heading ‘Wi-Fi Address’.
For an Android: open ‘Settings’, search ‘Status’, and access this section. You will then see ‘Wi-Fi MAC Address’, which is your phone’s device MAC address.

2.2.2. You are using our car parks

If you park your vehicle in one of our car parks, we may gather information about your vehicle.

With regard to the data processed within the context of the use of our car parks without advance reservation, we record vehicle movements (arrival / departure), and this information is collected via registration plates, for management purposes.

This data is not sent to third parties, and is stored for three months.

2.2.3. You are using Nice Côte d’Azur Airport's public Wi-Fi network

The company Aéroports de la Côte d'Azur provides passengers with a free and unlimited internet connection within its airport terminals, via the General Public Wi-Fi network. In order to access this network, you simply need to login:
•    either via the login form, 
•    or via social media.

  • Login via form

In order to login to Nice Côte d’Azur Airport’s free General Public Wi-Fi portal, you will be required to complete the following fields:
-    Your journey: I am arriving / I am departing / I am not travelling
-    Your place of residence between Marseille and Genoa, or elsewhere
-    Your title
-    Your nationality
This information is required from you for statistical purposes, or for the definition of user profiles (departing travellers / arriving travellers, domestic travellers / international travellers, / man / woman, and nationality).

  • Login via social media

Two types of login via social media are available to you (Facebook and LinkedIn). In this case, the Airport will receive, again for statistical purposes, the following minimal information, from the social media network you select (package provided by networks without the option of filtering information). 

During the login process for Users of the General Public Wi-Fi network, and in accordance with the regulations in force, a certain volume of traffic data, which may include personal data, is collected and stored for the maximum duration of one year, as of the date of the login. The subcontractor responsible for providing the Wi-Fi portal is UCOPIA, with head offices located in France, at 16 Rue Auguste Vacquerie 75016, Paris.


2.3. YOU ARE BROWSING ON OUR WEBSITE

2.3.1. Subscribing to our e-newsletter

In order to receive our e-newsletter (emails with information and promotions for our products, services, and new projects), you will need to provide us with your full name and email address.

The processing of this data is exclusively based on your consent, which is given during the process of subscribing to the service.

You can unsubscribe from our e-newsletter at any time, by simply clicking on the “unsubscribe” link, which can be found at the bottom of each email. Alternatively, you can send us an email, to nice.aeroport@cote-azur.aeroport.fr.

Our e-newsletter is sent to you via the intermediary of our subcontractor, ISOSKELE, with head offices located in France, at 17 Rue de la Vanne 92120, Montrouge. Your personal data will be transmitted to ISOSKELE, with an appropriate level of data protection. 

To improve the quality of our services, we analyse the readership of our e-newsletters. For this purpose, the newsletters contain web beacons and tracking pixels. We record the moment you read our e-newsletter and the links you click on.

2.3.2 Our communication via the contact form, email, or telephone

On our website is a contact form to communicate with us.

For this purpose, it is obligatory for you to provide us with your title, full name and email address, as well as the subject of your request. Providing your other contact information (address and telephone number) or any other data included within the text of your message, is optional.

The personal data provided is used for management purposes in cases of claims or requests made by customers, and is automatically stored for a period of five years. We use software published by the company EPTICA, with head offices located in France, at 63 bis Rue de Sèvres - 92100 Boulogne Billancourt. You can find more detailed information on EPTICA's data processing in the data protection declaration, which can be viewed at the link below https://eptica.com/legal-mentions-personal-data.

The same notions apply for our communication via email, which is sent directly to our Customer Services department.

We also respond to any requests via telephone. Telephone communication is liable to be recorded for security and/or training purposes. Nevertheless, you have the right to object to this recording, by expressing your objection to the advisor handling your call. Please note that call recordings are stored for one month, as of the date of the call.

2.3.3. Your user account 

When you create a user account on our website, a certain amount of personal data, which is required for managing this account, is collected with your consent (title, full name, postal address, date and place of birth, nationality, telephone number, email address, and potentially your vehicle’s registration plate). 

The creation of an online account automatically entails subscription to Club Airport Premier, which is our loyalty programme. Within this context, we also collect the following personal data (the number of loyalty points credited to your account and the use of these points, the dates and destinations of journeys completed, the date and time of visits to the website www.nice.aeroport.fr, communication with ACA or with one of its partners within the context of the services provided to members of Club Airport Premier, in particular, the total amount and date of any purchases made within Club Airport Premier partner stores).
When creating your account, you may also consent to receiving newsletters, but this remains optional.

The data is collected for account management purposes, and for ACA's direct-marketing purposes.  The data collected is stored for two years by our service providers, ADELYA,ISOSKELE & SALESFORCE.

In the event of a purchase made via the user account, a certain amount of data pertaining to the payment for this purchase is recorded by the relevant payment service provider, who assumes sole responsibility. You can find further, more detailed information concerning payment data processing from these service providers:

  • PayPal: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, is the data controller. You will find information on data protection and any potential solvency controls carried out by other payment service providers via the following link:https://www.paypal.com/en/webapps/mpp/ua/privacy-full?locale.x=en_GB
  • American Express Payment Services Limited, a company governed by American law with registered and subsidiary offices in the United Kingdom, located at Belgrave House, 76 Buckingham Palace Road, SW1W 9T, London, is the data controller. You will find information on data protection and any potential solvency controls carried out by other payment service providers via the following link:https://www.americanexpress.com/fr/legal/politique-de-protection-des-donnees-personnelles.html
  • Caisse de Crédit Mutuel Nice Avenue, cooperative company with a variable capital and limited liability, with head offices in France, located at 06000 Nice, 29 Avenue Jean Médecin, is the data controller. You will find information on data protection and any potential solvency controls carried out by other payment service providers via the following link: https://www.cmcicpaiement.fr/fr/aide/informations-legales/protection-donnees.html
2.3.4. The “Flight Tracking” service

In connection with the “flight tracking” service offered on our website, we collect your email address, for the sole purpose of keeping you updated with regard to the status of the flight that you have selected (via targeted emails).

The collection of this personal data enables the correct execution of the service. 

The personal data collected is only stored for the time required by the activated service, i.e. either up until flight take-off (in the event of a departing flight) or up until flight landing (in the event of an arriving flight), and it is then automatically deleted.


3. Data security

We implement technical and organisational measures to protect your data, including encryption, anonymisation, and physical security procedures.

We require our staff and all third parties working for ACA to adhere to strict working practices related to security and data protection. These include contractual obligations under which they commit to ensuring the confidentiality of personal data and to applying rigorous data transfer measures.


4. Your rights relating to data processing

In accordance with the personal data protection regulations, you have a right to access, rectify, and delete your data, as well as the right to object to or request the limitation of its processing. You also have the right to the portability of your data.

To exercise these rights, simply make the request to us by either sending a letter to the postal address provided in the foreword, or by sending an email to: dpo@cote-azur.aeroport.fr

Furthermore, you have the right to lodge a complaint with a supervisory authority if you deem that the processing of your data constitutes a violation of the data protection regulations, in accordance with Article 77 of the European data protection regulations.


5. Cookies

We use cookies in order to provide you with an optimal browsing experience.  You are free to select the categories that you want to authorise. Please note that access to certain website features depends on the settings that you select. 

A specific module allows you to manage your cookies. This can be accessed during your first visit to the website, via a banner at the bottom of the page. 

Once the use of the cookies has been accepted, you can return to the cookie settings at any time, by clicking on the link which can be found on all pages, and at the bottom of the website (to the left), under the title “Cookie management”. 
This cookie management interface allows you to select the cookies that you want to activate, or not, during your time on the website. 

These cookies are grouped into five categories (one compulsory category and four optional categories):  

  • Necessary (compulsory)

These cookies are required for the management of our website (for example, for security purposes), saving your confidentiality preferences, keeping your sessions open, and gathering your feedback on our products and services. The website cannot function correctly without these cookies.
Cookies concerned: reCAPTCHA, iframe, eKomi

  • Audience analysis

Statistical cookies enabling Website use and performance to be measured, which subsequently enables us to improve its functioning.
Cookies concerned: Google Tag Manager and the “Acoustic campaign” cookies, which relay information on your browsing to our automated marketing platform.

  • Videos & multimedia content

These cookies are installed via video-sharing services, and allow you to directly view multimedia content on our website.
Cookies concerned: Youtube

  • Google Maps / Indoor Street Maps mapping service

These cookies are installed via the Google Maps online mapping service, which allows you to view an interactive map, presenting destinations and airport maps, or even virtual visits using Indoor Street Maps for our infrastructure.
Cookies concerned: Google Maps, Indoor Street Maps

  • Advertising

Advertising cookies enable us, with our advertising partners, to offer you adverts which are adapted to your interests. Deactivating these cookies will not affect the volume of adverts you see, but will simply reduce their relevance to you.
See the list of advertising partners below, in the “Advertising cookies” section


5.1.  OPERATIONAL COOKIES

The website www.nice.aeroport.fr requires the use of cookies. When you log in to our sites, you agree to allow the following cookies to be installed on your device:
•    hideprehome: enables choices made by the user to be stored in the prehome of the mobile version: mobile version or desktop version
•    expandmenu: enables the menu status (expanded or closed) to be stored for the mobile version
•    cnilCookies: enables the user’s cookie acceptance for nice.aeroport.fr to be stored
•    is_logged_in: enables the user’s login status to be stored
•    resolution: enables the user’s screen resolution to be stored
These cookies are used for the proper functioning of the site, user accounts, and the control system. More specifically, these cookies enable us to:
. Store the user's choice between displaying the site in mobile, tablet,
  or computer version.
. Store the menu status (expanded or closed) for the mobile version.
. Store the user’s cookie acceptance for nice.aeroport.fr.
. Store the user's screen resolution.
. Analyse the browsing on our site to improve it.

We use two types of cookies - session cookies and persistent cookies. Session cookies are automatically deleted when you close your browser. However, persistent cookies can be used again the next time you connect to the ACA website.

You can delete these cookies at any time. You can also refuse cookies.
By disabling cookies, certain portions of our website will not be able to function properly.


5.2.  BROWSING ANALYSIS AND STATISTICAL COOKIES

 We also allow Google Analytics and Google Optimize to install such technologies on our site. These are analytical services of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. It is used for custom data processing with an appropriate level of data protection (EU-USA Data Protection Shield (C (2016) 4176 final)).

  • Google Analytics and Google Optimize help us in particular to analyse your browsing habits on our site. For example by noting the way you connected to it, as well as offering you a better experience and marketing and advertising our articles on our site and on third party sites. To prevent Google Analytics and Google Optimize from using your information for analytical purposes, you can install the browser add-on for disabling them by clicking here.

As such, data may be sent to servers located in the United States. You can find more information about how Google processes data in their Privacy Policy and Terms of Use.

5.3.  ADVERTISING COOKIES 

We use the following service providers to get back to you:

. Google Adwords (doubleclick.net) is used by Google DoubleClick to record and report the actions of the site user after they have seen or clicked on one of the advertiser's ads for the purpose of measuring effectiveness and presenting ads.

As such, data may be sent to servers located in the United States. You can find more information about how Google processes data in their Privacy Policy and Terms of Use.

5.4.  DELETING COOKIES 

You can delete these cookies at any time by configuring your browser.

You can configure your web browser to save cookies in your device or, on the contrary, block third party cookies, systematically or depending on their source. You can also configure your web browser to give you the option of accepting or blocking temporary cookies before they are likely to be saved onto your device.

Configuring cookie management is different on each web browser. Your browser’s help menu explains how to select your cookie management choices.

You can also refuse cookies.

You will find more information about this on the CNIL website.


6. Update

This policy is liable to be amended at any time.