Guidelines pursuant to art. 13 of Regulation (eu) 2016/679 of European Parliament and Council (Privacy Guidelines)

WHO ARE WE

Company Alitalia Loyalty S.p.A., with registered office in Fiumicino (RM), Piazza Almerico da Schio, 3 (hereinafter referred to as “Loyalty”) manages the MilleMiglia Program (“Program”) and the relationship with its members.

Pursuant to and in accordance with the “Program” promoted by Alitalia Società Aerea Italiana s.p.a. under limited partnership (“Alitalia”) and Alitalia Loyalty s.p.a., Alitalia and Alitalia Loyalty (“Companies”) are both “Promoters” of the program and “Co-Controllers” of personal data processing of members registered in the aforementioned “Program” pursuant to Art. 28 of Legislative Decree 196/2003 (Privacy Code) and Art. 26 of Regulation (EU) 2016/679.

 

In conducting their businesses, the companies pay utmost attention to the safety and confidentiality of personal data of members registered in the Program.

Companies are therefore data controller of personal data processing collected on this website (or via paperback forms).

 

WHAT TYPE OF PERSONAL DATA, THAT CONCERN YOU, MAY BE COLLECTED

Providing personal data in the registration form for the Program, marked with an asterisk (*) is mandatory in order to finalize registration to join initiatives related to the Program, and also in order to comply with legal obligations. 

Following categories of personal data, that concern you, may be collected:

-          Contact data – information on name, place and date of birth, gender, address, telephone number, mobile number, e-mail address.

-          Other personal data  information that you provide with regards to the name of your company, ways in which you prefer to be contacted or other personal data.

 

HOW WE COLLECT YOUR PERSONAL DATA

Companies collect and process your personal data under the following circumstances:

-          if you register for the Program by registering via the special section on the website www.alitalia.com dedicated to the Program;

-          if you register for the Program via paperback form provided by the Company or by other companies appointed by the latter;

-          if you contact us by phone in order to request registration for the Program.

 

If you provide personal data on behalf of someone else, first you need to make sure that the interested parties read this Privacy Guidelines.

Please help us keep your personal data up-to-date by informing us on any changes that may occur.

 

WHAT ARE THE PURPOSES FOR WHICH YOUR PERSONAL DATA MAY BE USED

Personal data processing must be justified by one of the legal requirements provided for by legislation in force on personal data protection, as described below.

 

a)    Operational management and purposes strictly related to it for the management of your registration for the Program.

Companies collect your personal data so that they can manage your registration for the program and its features

Requirement for processing: compliance with contractual obligations.

Providing data is mandatory so that we can meet your requests; failing to provide them, impedes us to do so.

 

b)   Marketing in order to meet your requests and provide promotional offers which are in line with your preferences

Companies may process your contact data for marketing and advertising purposes, aimed to inform you of sales promotional initiatives, conducted via automated contact methods (electronic mail, text message and other mass message tools, etc.), and traditional contact methods (for example, phone call with an operator) or for market research and statistical surveys, where you grant us specific consent and within the limits described in the relevant formula.

 

Companies may also process your contact data, interests and other personal data in order to send you business communications in line with your preferences (also by analyzing your habits and purchasing choices), based on a specific individual profile, created through statistical processing of aforementioned data, where you grant us additional consent and always within the limits described in the relevant formula.

Requirement for processing: consent, failure to provide it does not have any consequence on contractual relationships.

Consent may be revoked at any moment.

c)       Communication to Sponsors and business Partners for marketing purposes.

Companies may communicate your contact data to Sponsors and business Partners of the company for their marketing and advertising purposes, aimed to inform you on sales promotional initiatives, conducted via automated contact methods (electronic mail, text message and other mass message tools, etc.), and traditional contact methods (for example, phone call with an operator) or for market research and statistical surveys, where you grant us specific consent and within the limits described in the relevant formula.

In this case, Sponsors and Partners will process your personal data as independent data controllers.

Requirement for processing: consent; failure to provide it does not have any consequence on contractual relationships.

Consent may be revoked at any moment.

d) Compliance with legally binding requests in order to fulfill a legal obligation, regulations or provisions of judicial authority, as well as to defend a right in a court of law

Companies collect your contact data in order to fulfill a legal obligation and/or to defend their right in a court of law

Requirement for processing: legal obligations that the Company is obligated to comply with.

 

HOW WE STORE YOUR PERSONAL DATA

Companies use a wide range of safety measures in order to improve the protection and maintenance of safety, integrity and accessibility of your personal data.

Alitalia Società Aerea Italiana S. p. A. under limited partnership, co-promoter of the Program, is responsible for managing infrastructures, systems and safety measures related to the Program and website www.alitalia.com.

All your personal data are stored on secure servers (or secure paperback copies) of the Company or of our suppliers or our business partners and are available and usable based on our standards and our safety policies (or equivalent standards for our suppliers or business partners).

 

HOW LONG DO WE STORE YOUR INFORMATION

We store your personal data only for the time necessary to achieve the purposes for which they were collected or for any other legal purpose related to them. Therefore, if personal data are processed for two different purposes, we will store said data until the purpose with the longer-term ends, also, we will not store personal data for the purpose whose storage period lasted less.

We limit access to your personal data only to those who need to use them for relevant purposes.

Your personal data that are no longer necessary, or for which there is no longer a legal requirement to store them, are irreversibly anonymized (and this way they can be still be stored) or destroyed in a safe manner.

Below are storage times for different purposes mentioned above:

a)  Operational management and strictly related purposes for the management of your registration for the Program: data processed to comply with any contractual obligation may be stored for the entire duration of the contract and, in any case, not for more than 10 years, in order to check any outstanding matters including accounting records (for example: invoices).

b) Purposes of customer satisfaction surveys: data processed for this purpose may be stored for 24 months from the date when we received your consent for said purpose (except if you do not want to receive further communications). To be coordinated with letter c) of previous paragraph

c) Marketing purpose, including profiled marketing: personal data processed for marketing purposes may be stored for 24 months from the date we obtained your consent for said purpose (except if you do not want to receive further communications); for the purpose of profiled marketing, however, personal data will be stored for 12 months.

e) In case of disputes: in case we have to defend ourselves or operate or submit complaints against you or third parties, we may store personal data that we deem necessary to process for said purposes, for the time in which such complaint may be pursued.

 

WITH WHOM WE CAN SHARE YOUR PERSONAL DATA

Duly authorized employees may have access to your personal data, as well as external suppliers, appointed, if necessary, as data controllers, which supply support for the provision of services.

Also, on the basis of specific contractual agreements other companies of Alitalia Group may have access to your personal data or after obtaining your consent (please see previous letter d) for marketing purposes   

Please contact us at: Alitalia Loyalty S.p.A., Piazza Almerico da Schio, 3, Palazzina Bravo, 00054 Fiumicino (RM) or via e-mail dpo.alitalialoyalty@alitalia.com, if you wish to view the list of data controllers or other persons to whom we communicate data.

 

CONTACTS

Contact data of Alitalia Loyalty, as data controller, and of the person in charge of personal data protection (Data Protection Officer or DPO) may be found below:

Alitalia Loyalty S.p.A., Piazza Almerico da Schio, 3, Palazzina Bravo, 00054 Fiumicino (RM),

Data Protection Officer: dpo.alitalialoyalty@alitalia.com.

If you want to exert your rights related to the Mille Miglia program, please send an e-mail to the following e-mail address: privacy@alitalia.com which is an e-mail address managed by both Companies in order to provide timely answers to your requests, or you may contact the DPO at this address dpo.alitalialoyalty@alitalia.com, attaching in both cases: (i) Mille Miglia card number; (ii) details about your request; (iii) copy of a valid identity card

If you want, you may cancel your registration in the MilleMiglia Program at any moment, by contacting Customer Center at 892010, or by contacting the dedicated Customer Service, or by writing an e-mail to privacy@alitalia.com, or by contacting the DPO at this e-mail address dpo.alitalialoyalty@alitalia.com.

 

YOUR RIGHTS REGARDING DATA PROTECTION AND YOUR RIGHT TO SUBMIT COMPLAINTS BEFORE THE CONTROL AUTHORITY

 

Under certain conditions, you have the right to request:

 

  • access to your personal data
  • a copy of personal data that you provided to us (so-called portability)
  • correction of data found in our possession
  • elimination of any data for which we no longer have a legal requirement to process
  • opposition to processing if required by applicable law
  • annulment of your consent, in case processing is based on consent
  • limitation in the way we process your personal data, within the limits provided by the law on personal data protection

 

Exerting such rights is subject to some exceptions aimed to protect public interest (for example preventing or identifying crimes), and our interests (for example preserving professional secrecy). In case you exert any of the aforementioned rights, it will be our responsibility to check that you are entitled to exert said right, and we will provide a reply, as a rule, within a month.

 

Should you have any complaints or reports on processing methods of your data, we will make every effort to respond to your concerns. Nevertheless, if you want, you may submit your complaints or recommendations to the authority in charge of data protection, using relevant contact details: Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 - 00186 ROME - Fax: (+39) 06.69677.3785 - Telephone: (+39) 06.696771 - E-mail: garante@gpdp.it - Certified e-mail: protocollo@pec.gpdp.it.