Personal Data Protection

The General Data Protection Regulation (GDPR) is a regulation of the European Union, which standardises the rules on the processing of personal data by private companies and public authorities across the EU. The aim is not only to safeguard the protection of personal data within the European Union, but also to ensure the free movement of data within the European single market.

Protection and security of personal data is of great importance to us. Below you will find the information required under the General Data Protection Regulation ("GDPR") regarding the processing of personal data in connection tailored to different categories of data subjects.

It is our goal to provide you with exactly the right amount of information regarding the processing of personal data relating to you.

Below you can read how Fraport Slovenija collects, stores and processes personal data of individuals. If we did not answer your questions with the written information, please contact us via e-mail.

In addition to this Policy, which documents contain information on the processing of personal data?

Information regarding processing of personal data is contained in the following documents:

Personal data protection policy for employees and other personnel of the company Fraport Slovenia;
Personal data protection policy for benefit club flyLjubljana;
Personal data protection policy for Fraport Aviation Academy;
Cookies.

In the event of any conflict between the provisions of this General Policy and the provisions of the abovementioned documents, the provisions of the abovementioned documents shall apply.

Controller (who processes my personal data)?

This policy applies to the processing (use) of any personal data carried out by Fraport Slovenia, upravljanje letališč, d.o.o. (controller) or carried out by third parties on behalf of the controllerInformation about the controller:

Fraport Slovenija, d.o.o.
Zgornji Brnik 130A
4210 Brnik – Airport, Slovenia
Register number: 5142768000
Phone: +386 (0)4 20 61 000
E-mail: info@fraport-slovenija.si

Information about the Data Protection Officer:

Taja Skobir

info.gdpr@fraport-slovenija.si +386 42061440

What type of my personal data are stored and processed?

Controller stores and processes personal data depending on the relationship with a particular individual. In principle, we only process some of the data listed below for a specific individual, but not all of them.

There are three categories of individuals to whom personal data refer to:

Passengers and visitors

Surveillance cameras videos:
a video of an individual who entered the airport area (defined in the Airport Usage Rules, Chapter 14), the date and time of entry into and departure from the airport area;ž

Data on entry and exit through access control passages:
name and surname, company, organization or department, access card number, picture of person, date and time of the passage, task (entry / exit) and location or facility in which the passage happened;

Data on visitors who move within the protected area of the airport (defined in the Airport Usage Rules, Chapter 14): name and surname, number and type of personal document, date and hour of entry to and exit from the protected area, the person or company visited;

Data on persons entering the airport area for a visit:
name, surname, organization, personal identification number

Data on safety reports and investigations:
name and surname, address of residence;

Partners

Data on contact persons of clients, business partners and media:
name and surname, name of the employer, phone number, e-mail address, address, area of interest, data on participation in controller’s training, business correspondence and calendar of activities (meetings, events, ...), bank account;

Data on office building visitors:
name and surname of the person and/or company or organization, date of the visit, person visited, number of issued badge, hour of arrival, departure time;

Data on airport identification card holders:
name and surname, date of birth, address of permanent and temporary residence, name of the employer and work position, number, type and date of validity of identification card, persons’ picture, area to which entrance is allowed with that specific identification card;

Data on airport driving license holders:
name and surname, date of birth, address of permanent and temporary residence, employer's name, position, number and validity of identification card, picture number, test type, copy of valid driving license for driving in road transport;

Data on parking cards holders:
name and surname, employer's name, vehicle registration number, card number, date of validity of the card, date and time of entry to and exit from the parking lot, location or facility where the parking lot is located, vehicle information;

Data on participants of trainings organized by the controller:
name and surname, address, e-mail address, information on trainings completed, data on controller’s instructors;

External instructors for trainings:
name and surname, address, e-mail address, telephone number, data on competences and licenses

Others

Data on shareholders who are natural persons:
ID number, name and surname, personal ID number, tax number, permanent address, country of residence, tax office and type of person, data on the shareholder's transaction account (account type, bank, business unit, account number), ownership data (trading information, status of the ownership, amount), data on the documents relating to ownership (ID number, type, balance, application, trading information, amount, final amount, date of the document), data on dividends (serial number of dividend distribution,% of tax, amount of tax, date of tax transfer, gross dividend, the envisaged transfer, realized transfer, date of transfer, method of transfer, account number to which the transfer was made);

Data on participants on construction sites:
name, surname, data on the employer, data on the person responsible for safety and health at work, data on occupational health and safety education

Data on event participants and their family members:
name and surname, e-mail, names and surnames of family members, type of the event, type of airport tour, date of the event.

What are the legal bases for processing my personal data?

We may process your personal data on the following legal basis:

when processing is determined by law or when processing is necessary to fulfill our legal obligations or obligations laid down by European Union laws;
when processing your personal data is necessary for the conclusion and fulfillment of a contract that you have concluded with us or you wanted an offer from us or have shown an interest in our services;
when for processing of your personal data you have given consent for the specific purpose of processing, while you are always entitled to withdraw this consent;
when we have a legitimate interest in processing your personal data, which prevails over your interests.

Specific legal bases for the processing of personal data are:

Passengers and visitors

Surveillance cameras videos:
Articles 74 to 77 of the Personal Data Protection Act (PD Act-1);

Data on entry and exit through access control passages:
Article 82 of PD Act-1, Articles 127 and 128 of the Aviation Act (Avi Act);

Data on visitors who move within the protected area of the airport (defined in the Airport Usage Rules, Chapter 14):
Article 82 of PD Act-1, Articles 127 and 128 of the Aviation Act (Avi Act);

Data on persons who enter the airport area for a visit:
contractual relationship between you and the controller;

Data on safety reports and investigations:
consent;

Partners

Data on contact persons of clients, business partners and media:
consent or contractual relationship between you and the controller;

Data on contact persons of media:
consent and legitimate interest;

Data on the recipients of general news Fraport Slovenija:
consent;

Data on the recipients of general news Fraport Aviation Academy:
consent;

Data on the recipients of the news Flyljubljana:
consent;

Data on office building visitors:
Article 82 PD Act -1, Articles 127 and 128 of the Aviation Act (Avi Act);

Data on airport identification card holders:
Article 82 PD Act -1, Articles 127 and 128 of the Aviation Act (Avi Act);

Data on airport driving license holders:
contractual relationship between you and the controller;

Data on parking cards holders:
contractual relationship between you and the controller;

Data on participants of the trainings organized by the controller:
contractual relationship between you and the controller;

External instructors for trainings:
contractual relationship between you and the controller.

Others

Data on shareholders who are natural persons:
Article 25 of the Book-Entry Securities Act (BESA-1), Article 325 of the Tax Procedure Act (TPA-2);

Data on participants on construction sites:
Articles 25 and 38 of the Occupational Safety Act;

Data on event participants and their family members:
Consent and legitimate interest.

What are my personal data used for (processing purposes)?

Passengers and visitors

Surveillance cameras videos:
ensuring the safety of people and property; proving and exercising rights in official procedures;

Data on entry and exit through access control passages:
ensuring safety, fulfillment of legal obligations;

Data on visitors who move within the protected area of the airport (defined in the Airport Usage Rules, Chapter 14):
Ensuring safety, fulfillment of legal obligations;

Data on persons who enter the airport area for a visit:
keeping records of visitors, providing security;

Data on safety reports and investigations:
ensuring the safety of civil aviation;

Partners

Data on contact persons of clients, business partners and media:
communication with clients and business partners; informing journalists about events, news, making a payment to a business partner who is a natural person, etc.;

Data on news recipients:
notifying about the activity of the controller, communication with stakeholders.

Data on office building visitors:
ensuring safety, fulfillment of legal obligations;

Data on airport identification card holders:
ensuring safety, fulfillment of legal obligations;

Data on airport driving license holders:
ensuring safety, fulfillment of legal obligations;

Data on parking card holders:
parking supervision, parking record;

Data on participants of trainings organized by the controller:
organization and implementation of trainings, communication with participants, informing about similar trainings;

External instructors for trainings:
organization and implementation of trainings, communication with participants.

Others

Data on shareholders that are natural persons:
the exercise of rights and obligations of shareholders, communication with them (invitations to assemblies, etc.), fulfillment of tax obligations;

Data on participants on construction sites:
ensuring safety, fulfillment of legal obligations;

Data on event participants and their family members:
keeping records of participants and their family members.

How long do you store my personal data and what happens to them after that?

Passengers and visitors

Surveillance cameras videos:
3 months, except in cases where there is a suspicion of a criminal offense, a misdemeanor or damages felony - in this case, the information thus collected is kept for 5 years after the final conclusion of the procedure;

Data on entry and exit through access control passages:
3 years;

Data on visitors who move within the protected area of the airport (defined in the Airport Usage Rules, Chapter 14):
3 years;

Data on persons entering the airport area for a visit:
1 month from the day of the visit

Data on safety reports and investigations:
1 year;

Partners

Data on contact persons of clients, business partners and media:
during the contractual relationship with the client or business partner and one year after the termination; until the media announces that a particular person no longer works for the media;

Data on news recipients:
until cancelled

Data on office building visitors:
3 years;

Data on airport identification card holders:
1 year after the termination of the eligibility to use the identification card;

Data on airport driving license holders:
3 years after the expiration of the license;

Data on parking card holders:
1 year after the expiration of the right to hold a parking card;

Data on participants of trainings organized by the controller:
5 years after the training;

External instructors for trainings:
5 years after the training;

Others

Data on participants on construction sites:
6 months since the last entry to the construction site, or after the construction is finished

Data on shareholders who are natural persons:
5 years after the expiration of the shareholder status; 5 years after the payment of the dividend;

Data on event participants and their family members:
1 year after the date of the event;

After the expiration of the storage period, personal data is either effectively and permanently erased or destroyed, or effectively anonymized, in such a way that it is no longer possible to determine to which specific individual certain anonymous data relate.

What type of personal data am I obliged to provide and what type of personal data are voluntary, and what happens if I do not provide them?

The provision of personal data is in principle voluntary, which means that you decide for yourself whether or not you will transmit data to the controller.

However, in certain cases you cannot receive certain services or benefits (such as entering certain airport areas) if you do not provide us with personal data. In such cases, the transmission of data may be marked or presented as mandatory from our part, but even in such cases, you may decide yourself whether or not to provide personal data.

You do not have a choice in video surveillance: if you enter the airport area, you will be recorded.

Who has access to my personal data?

From the controller’s part, access to your personal data is available to employees and contractors for whom that is necessary due to their position or workplace or work tasks.

We do not transmit your personal data or provide information about them to third parties (beyond the controller), except to those who have a written contract with us, on the basis of which they perform certain tasks related to data processing and are obliged to comply with the legislation regarding the processing and protection of personal data (the so-called processors). Processors to whom we provide personal information are:

marketing service providers;
providers of sending e-mails;
IT equipment maintenance service providers;
providers or administrators of developed tools that are used to edit websites and carry out marketing activities.

Processors shall process personal data only within the framework of our instructions and shall not process personal data for their own purposes. They are obliged, together with their employees, to protect the confidentiality of your personal data.

Contracted processors of personal data do not transmit data to third countries (outside the European Economic Area Member States - EU Member States and Iceland, Norway and Liechtenstein).

What are my rights regarding personal data?

You have the following rights regarding your personal data:

To ask us at any time for:

confirmation that we process your personal data;
access to personal data and the following information: processing purposes; type of personal data; users or categories of users to whom your personal data have been or will be disclosed, in particular users in third countries or international organizations; the planned period of storage of personal data or, if that is not possible, the criteria used to determine that period; the existence of automated decision-making, including the profiling and the reasons for it, as well as the significance and intended consequences of such processing for you;
one (free) copy of personal data in the format you specify yourself (if the request is provided by electronic means of communication and you do not request otherwise, the copy will be provided in electronic form); for additional copies you request, we can charge a reasonable fee, taking into account the costs;
restriction of processing, when:
- you contest the accuracy of personal data, for a period that allows us to verify the accuracy of personal data;
- processing is unlawful, and you are opposed to the deletion of personal data and, instead, request a restriction on their use
- we no longer require your personal data for processing, but you need them to exercise, enforce or defend legal claims;
the deletion of all personal data (the right to forget) if the conditions under Article 17 of the General Data Protection Act are fulfilled, and in particular when you withdraw the consent for the processing of personal data;
the printout of personal data in a structured, commonly used and machine-readable format, with the right to transmit these data to another controller without obstructing you in doing so;
termination of usage of personal data for direct marketing purposes, including profiling;
that you are not subject to a decision based solely on automated processing, including profiling if the conditions of Article 22 of the General Data Protection Regulation are met.

The right to file a complaint against us with the Information Commissioner if you believe that the processing of your personal data violates the General Data Protection Act.

How can I cancel my consent for processing personal data and what are the consequences of cancellation?

When you have consented to processing of your personal information, you can withdraw it at any time by sending it to us in writing to Fraport Slovenia, Airport Management, Ltd, Personal Data Protection Authorized Person, Zgornji Brnik 130A, 4210 Brnik - Airport, Slovenia, or by e-mail at info.gdpr@fraport-slovenija.si.

The cancellation of the consent does not have any negative consequences for you, but in certain cases you will no longer be able to receive certain services from us, namely in cases when we need your personal data to provide the service for which you have cancelled the consent.

The cancellation of the consent may also be partial, e.g. for certain personal data or for a certain period of time or for a specific purpose.

How can I exercise my rights regarding personal data?

You can address your requests regarding the exercise of rights regarding personal data in writing to any contact that is listed under the Controller (who processes my personal data)?

For the purposes of reliable identification (in order, for example, to avoid the deletion or access to your personal information by someone else), we may require additional information or proofs in the event of the exercise of rights regarding personal data, and the exercise of such rights may be refused only in case we prove that we cannot reliably identify you.

At your request, with which you exercise your rights regarding personal data, we must respond without undue delay and no later than one month after receiving your request.

Questions, dilemmas, concerns?

Contact us at Fraport Slovenia, Airport Management, Ltd, Authorized Person for Personal Data Protection, Zgornji Brnik 130A, 4210 Brnik - Airport, Slovenia or at info.gdpr@fraport-slovenija.si.

Management

Goals and values