POLICY AND CONSENT TO THE USE OF PERSONAL DATA, PURSUANT TO ITALIAN LEGISLATIVE DECREE NO. 196 OF JUNE 30, 2003, ART. 13
Alitalia Società Aerea Italiana S.p.A. ("Alitalia S.p.A.") handles all of its customer data according to the legislation referred to in Italian legislative decree no. 196 of June 30, 2003, regarding the "Personal data protection code," which implements the European Union directives on this subject in Italy.
Alitalia S.p.A. ensures that the processing of personal data—however it is obtained—is performed with respect for fundamental rights and freedoms, as well as the individual's dignity, with particular reference to confidentiality, personal identity and the right to personal data protection. This policy is not valid for data collected through Alitalia's partner websites, which may be accessed using links on the Alitalia website, for which the company is not responsible in any way. For such processing, a separate policy should be provided by the respective owners.
For security reasons, Alitalia is required, to an increasing extent, to notify the various local authorities worldwide—the immigration and customs service in particular—of our customers' personal and travel data, obtained as part of normal flight schedules; as well as in Italy where requested by the Central Directorate for Immigration and Border Police. This notification is required in order to implement the contract of carriage.
Furthermore, measures taken to ensure data confidentiality comply with the provisions set out in the opinions of the Working Group Art. 29 for Personal Data Protection no. 2/2007 of February 15, 2007, reviewed and updated on June 24, 2008, on the information for passengers concerning the transfer of PNR data to the United States authorities (for more details, please see Information for Passengers Traveling to the United States).
Please carefully refer to this page regularly to check for any necessary updates or revisions, as well as to adopt and/or conform to national, community or international legislation, or to adapt to technological innovations.
Updates will be reported on this web page and will remain visible at all times, so that anyone who wishes to do so can be fully informed about the use of their own personal data through the Alitalia website or through other different data collection channels.
We recommend looking at this page every time you visit the Alitalia website.
DATA PROCESSING AND METHODS
Personal data processing will occur, including by means of external providers appropriately called external processing managers, with guaranteed security and confidentiality. These providers may be located also outside the European Union in accordance with the art. 26 of Directive 95/46/EC, after analysis of appropriate security measures and after the subscription of the standard clauses made available by the European Commission – The data processing may be performed not only with manual tools but also with automatic tools (both computer and telematic) that are capable of storing, managing and transmitting the said data. Personal data will be: processed in a legal and proper manner; collected and recorded for specific, explicit, legitimate and precise purposes, and, if necessary, updated, relevant and complete purposes, not exceeding the purposes of processing; stored in a way that allows it to be identified by the individual for a period of time not exceeding the time necessary for the purposes for which it was collected or subsequently processed.
DATA PROVIDED VOLUNTARILY BY THE USER
Alitalia collects personal information and other data that is communicated through the Company's call center or voluntarily entered into registration forms on the website and the Mobile site, as well as optional and explicit data submitted to the Company by post or email. This data may be information that is necessary for providing the services requested by the individual (primarily the air transport service), or other services (e.g. newsletter) and/or for contacting the individual (name, address, any other personal data entered in the message). The optional, explicit and voluntary sending of emails to the addresses indicated on this website implies the subsequent gathering of the sender's email address—which is necessary for responding to requests—as well as any other personal data entered in the message.
BROWSING DATA COLLECTED BY USING ELECTRONIC TOOLS
The computer systems and software procedures used to operate the Alitalia S.p.A. website and Mobile site acquire, over the course of their normal use, a series of personal information, the transmission of which is implicit in the use of Internet communication protocols (e.g. the user's IP address or the domain name of the computer used to access the website, the URL of the requested resources, the time of the request or the session time, the method used to submit the query to the server, the size of the files received in response to the request, the numerical code concerning the response status given by the server and other types of information regarding the user's operating system and computing environment).
While browsing the Alitalia S.p.A. website, information will be collected that allows your computer or browser to be identified using files called "cookies." "Cookies" are strings of encrypted text that can be stored on the user's cell phone (if accessing the Mobile site) or computer, so they can be quickly identified at a later date. Cookies for the Mobile site only store data relating to Name, Surname and Ticket Number. Cookies for computers allow websites to be personalized, making navigation easier for the user and—by quantitatively checking access to various web pages—allowing better presentation of the most requested information. The cookies we use do not store personal data, except for the IP address. The rest of the information stored in the cookies will remain anonymous because the cookie's identification number is not associated with the personal data provided by the user. Users can always request that the cookies are disabled by modifying their browser settings.
DATA COLLECTED THROUGH THE CALL CENTER
Calls made to the Call Center numbers listed on the Alitalia website may involve processing the user's personal data with the aim of providing the services requested by the user, such as: bookings, purchase and dispatch of air travel documents requested by the passenger, changes to or replacements for tickets that have already been issued, refunds, after-sales assistance, special assistance and purchases of additional flight services, etc. Finalizing electronic transactions may involve collecting data from customers' credit cards, which will be processed with all of the necessary precautions set out in the relevant legislation. Alitalia may also use third-party call centers that operate—always in full respect of privacy regulations—with a special service contract on behalf of the Holder, as external data processors pursuant to Art. 29 of Legislative Decree no. 196 of June 30, 2003. If the third-party call centers process data owned by Alitalia outside the EU, Alitalia asks the suppliers to respect the safeguards set out in Directive 95/46/EC and in the subsequent European Commission Decisions.
PURPOSE OF COLLECTION
By means of the website, Alitalia collects personal data from its users, which is required for implementing the operations for authorizing, enabling and granting individual access to the different areas and relevant contents of the Company's website. As specified, Alitalia S.p.A. collects the data necessary for complying with the contractual obligations to customers and the data from passenger ticket booking and purchasing operations, from the provision of ancillary services, as well as the data necessary for managing reports and complaints sent by customers and for the other purposes described above. Fulfillment of these obligations necessarily implies that this data must be made accessible to Alitalia's operations and commercial staff, as well as partner carriers in the execution of various commercial agreements and, where necessary, the insurance companies with which Alitalia has taken out the compulsory or optional covers related to the execution of air transport services and related services. The personal and/or sensitive data provided or collected throughout the contractual relationship may, in accordance with and within the limits of the requested service, be communicated to:
- Parties within the Alitalia S.p.A. facility For the purposes of improved performance, parties appointed as data processors by Alitalia S.p.A. pursuant to the procedures set out in Italian Legislative Decree 196/2003;
- Parties outside of the Alitalia S.p.A. facility that perform functions that are strictly connected or instrumental to our business, functions that must be considered fundamental to Alitalia's operations.
Any sensitive data may be also processed without the individual's express consent in the cases of Art. 26, no. 4, Legislative Decree 196/2003. However, this data will not be disclosed. It must be noted that in some cases (not subject to the ordinary administration of this website) the Authority can request news and information pursuant to Art. 157 of Legislative Decree no. 196/2003, for the purposes of controlling personal data processing. In these cases, response is mandatory, under penalty of a fine. Alitalia S.p.A., as "Holder," informs you that the data in question will be processed and used exclusively for the purposes outlined in this policy.
ACCESS THROUGH SOCIAL NETWORKS
We also wish to advise members of the MilleMiglia Program (hereinafter referred to as the "Program"), who intend to join the Alitalia Social Login service, that the personal data provided when joining the service (hereinafter the "Service") will be collected and recorded by Alitalia S.p.A. on paper, electronic and/or computer and/or telematic formats, protected and processed with the appropriate means for ensuring security and confidentiality in accordance with the provisions of the Code. Please note that the data provided directly when joining or indirectly through Social Networks may be used for purposes strictly connected and instrumental to participation in the Program and/or joining the Program itself, as well as personalization of Services designed by Alitalia S.p.A for subscribing customers. Subject to customer consent, the data provided may be used by Alitalia S.p.A. for promotional, advertising and marketing purposes, such as sending advertising, promotional and informational material on products and services, as well as for direct statistical analyses for detecting the degree of satisfaction for services and products offered. Email firstname.lastname@example.org
Alitalia S.p.A. customers may contact the Holder of the processed data to assert their rights as stipulated in Art. 7 of Italian Legislative Decree no. 196/2003 (including, but not limited to, the rights to obtain confirmation of the existence of data and the communication of said data in an intelligible form, the source of the data, the purposes and methods of processing, updating, correction or integration, deletion, anonymization or blocking of personal data processed illegally, and finally the right to object, in whole or in part, to its use) by means of a request sent without formal procedures to the following email address: email@example.com or by any other means that will be appropriately made known to the user. Please note that requests of any other kind (e.g. complaints, refund requests, requests regarding the MilleMiglia Program, etc.) sent to the privacy inbox will not be taken into consideration. For any such requests, please use the dedicated telephone numbers and addresses. (e.g. see pages: Contacts or Post-flight Assistance or the MilleMiglia section). If you no longer wish to receive communications from the Alitalia Group, please follow the following procedures:
- For sales communications from Alitalia, click the cancellation link found at the bottom of all emails from Alitalia. Cancellation may take several minutes. Please wait for confirmation that the operation has ended before leaving the relevant web page. Data will be deleted within five days of the cancellation request
- For communications to MilleMiglia Members, please access the "Your profile" service, selecting "No communication" in the "Communication" section of "News and Offers", and click on "Update". Or, you can call Customer Service. Your profile will be updated within five days of the request
DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is Alitalia Società Aerea Italiana S.p.A.
with registered office in Via A.Nassetti
Fiumicino (RM), Italy