INTRODUCTION

The protection of personal data and the trust of data subjects is very important to us. For this reason, the security of personal data is our priority. We make sure that all our activities are in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter "the GDPR"). Fulfilling the information obligation, in order to maintain transparency and comprehensibility of the applied personal data protection rules, we present this Privacy Policy.



DATA CONTROLLER


The controller of your personal data, as the entity deciding on the purposes and forms of their processing, is Polskie Porty Lotnicze Spółka Akcyjna (hereinafter also referred to as "PPL" or "Data controller") with its registered office in Warsaw (00-906), at ul. Żwirki i Wigury 1, registered in the register of entrepreneurs kept by the District Court for the Capital City of Warsaw, 14th Commercial Division of the National Court

Register, under KRS number: 0001025154, NIP: 5250000239.

Our contact details are: e-mail: kontakt@ppl.pl , phone: 22 650 11 11.

The controller has appointed Mr. Michał Kłoda as the Data Protection Officer, who can be contacted in all matters regarding the processed personal data by e-mail iodo@ppl.pl or in writing to the address indicated above with the annotation "Inspektor danych osobowych” (Data Protection Officer).



FORMS OF COLLECTING PERSONAL DATA


We collect personal data using various forms of communication, depending on the situation and needs. This may occur in particular during:
  • e-mail or telephone contact, or when you use the form on our websites,
  • our processing of your individual case, for example as a result of your application, inquiry, complaint,
  • our correspondence with you, for example to answer your questions and requests,
  • your visit and movement around the airport, for example through recording your image by the CCTV security camera system,
  • use of the free WiFi network in the area managed by PPL,
  • your browsing of our websites,
  • your use of our services, entering into a commercial relation with us,
  • your participation in the recruitment processes conducted by PPL.



PURPOSES OF PERSONAL DATA PROCESSING


We process your personal data only for the purposes for which they were provided to us and for purposes directly related to our business.

The main purposes for which we may use your personal data are:
  • ensuring the safety and security of the airports we manage,
  • implementation of the National Civil Aviation Security Program and the National Quality Control Programme, which should be understood as implementing the principles of civil aviation security and ensuring the effective application of civil aviation security regulations, including enabling the competent authorities to conduct a security audit and quality control in the field of civil aviation,
  • activities aimed at concluding and implementing contracts in the scope of our business or proper provision of services,
  • consideration of applications, complaints, claims,
  • effecting settlements, accounting records-keeping and financial reporting,
  • conducting marketing activities,
  • human resources management - employees and associates, including recruitment.
We may also collect information about your health when an assistance service is needed at the airports managed by us, e.g. in the form of a wheelchair, or if it is necessary to provide necessary medical assistance, an accident or an aviation incident has occurred. We may also collect sensitive information, including criminal record information, prior to issuing authorization for unescorted access to restricted areas.

Detailed information on individual purposes and grounds for processing can be found in the tab: Personal data protection → Rules for the protection and processing of personal data.



PERSONAL DATA RECIPIENTS


In connection with the Controller's activity, the recipients of personal data may be third parties cooperating with PPL on our behalf, in particular:
  • suppliers of ICT systems supporting our activity,
  • service providers for maintaining and developing our websites, providing hosting services,
  • customer service entities and suppliers of products or services purchased by you,
  • payment intermediaries,
  • courier companies,
  • financial and accounting service entities,
  • entities providing legal services to the Controller,
however, such entities will process data on the basis of an agreement with PPL and only in accordance with our instructions. These entities are also obliged to adequately protect personal data and keep them secret.

Your personal data may be made available to state authorities or other entities authorized under the law.



PERIOD OF PROCESSING PERSONAL DATA


The period of personal data processing depends on the purpose for which the processing is carried out. We store personal data for the period necessary to achieve the objectives set out in the Policy, including for the period required by law or until the expiry of the limitation period for claims.

The maximum storage period may vary depending on the type of data and the purposes of processing. Detailed information on individual periods can be found in the tab: Personal data protection → Rules for the protection and processing of personal data.



RIGHTS OF PERSONAL DATA SUBJECTS


In accordance with applicable regulations (Articles 12-23 of the GDPR), each person whose data is processed by PPL has the right to:
  • access their data and receive a copy thereof,
  • rectify (correct) their data,
  • delete their data,
  • limit the processing of their data,
  • transfer their data - if the legal basis for their processing is consent (Article 6(1)(a) or Article 9(2)(a) of the GDPR) and an agreement (Article 6(1)(b) of the GDPR),
  • object to the processing of their personal data - if the legal basis for their processing is a legitimate interest (Article 6(1)(f) of the GDPR).
  • withdraw consent at any time, without affecting the lawfulness of the processing which was made on the basis of a consent before its withdrawal.

To use the above rights, please contact the Data Controller or the Data Protection Officer in the manner indicated above.

In the event that a request to exercise rights is manifestly unjustified or excessive, in particular due to its repetitive nature, we may charge a reasonable fee, taking into account the administrative costs of providing information, communication or taking the requested action, or refuse to take action.

You also have the right to lodge a complaint with the President of the Personal Data Protection Office if you consider that the processing of personal data violates the applicable provisions on the protection of personal data.

In terms of jointly controlled personal data processed on social networking sites, you can exercise your rights towards the operator of such social networking site in accordance with the rules set out by these operators:



VOLUNTARY OR OBLIGATORY PROVISION OF DATA


In most cases, providing personal data is voluntary, in particular for the implementation of our promotional, marketing or advertising purposes. In some cases, providing data may be voluntary, but necessary to use our services - failure to provide data may result in us not being able to conclude a contract with you, provide an appropriate level of service or answer your inquiries, requests.

In situations where the provision of specific data results directly from the provisions of law, such as the Aviation Law of July 3, 2002 and the Regulation of the Minister of Infrastructure on the National Civil Aviation Security Program of December 2, 2020, providing data may be mandatory , where without the provision of data it will not be possible, for example, to implement an application for an authorization or a pass.



JOINT CONTROLLERS


The Controller may use the so-called "social media plug-in", i.e. a banner of Facebook, LinkedIn and Twitter posted on its website, which redirect to:

If the Controller uses the Facebook Profile, LinkedIn Profile, Twitter Profile and posts social plug-ins on its websites, the joint controller of the user's data is also respectively:
  • Meta Platforms Ireland Limited with its registered office in Dublin (Ireland), address: 4 Grand Canal Square, Grand Canal Harbour , Dublin 2, D02X525, Ireland,
  • LinkedIn Ireland Unlimited Company based in Dublin (Ireland), address: Wilton Place, Dublin 2, Ireland,
  • Twitter International Unlimited Company Inc. based in Dublin (Ireland), address: Fenian Street Dublin 2, D02 AX07 Ireland.

Joint controlling includes collective data analysis, the purpose of which is to display activity statistics of Facebook, LinkedIn or Twitter Profile users and advertising activities using the tools available there.



NEWSLETTER


On the basis of a filled out form, it is possible to subscribe to our Newsletter. Then, based on your consent, we will use the data provided to us to make the necessary contacts and, as part of our offer, recommend products or services that may meet your potential needs and interests.

To protect privacy, in order to avoid sending messages to people who have not consented to it, we require prior confirmation of subscription based on the received automatic e-mail, by the owner of the address expressing consent to receive the Newsletter .

If you wish to unsubscribe from the Newsletter , you can do it yourself at any time by activating the unsubscribe link at the bottom of each sent Newsletter or by sending a request to the e-mail address kontakt@ppl.pl from the e-mail address currently registered in the database of Newsletter subscribers .



COOKIES


In order to provide high quality services, PPL uses browser cookies (commonly referred to as "cookies"). Using our websites means that they may be placed on your device.

Cookies that are necessary to use our website serve, inter alia, to ensure the stability of its operation (they measure traffic, protecting the website from overload), remembering your privacy preferences, filling out online forms provided by us, saving the contents of the basket and monitoring the login status. We use these cookies by default, i.e. we save them on your computer or smartphone when you visit our website. We use other cookies only when you give us your consent (see below).

We use three types of cookies:
  • Necessary cookies – ensure the proper functioning of our website and its basic functions. Without them, you will not be able to use our online services properly. These cookies are exempt from the obligation to obtain your consent (Article 173 par. 3 of the Telecommunications Act).
  • Analytical cookies – they allow us to track the number and sources of visits so that we can measure and improve the performance of our website. These types of cookies help us understand which pages are most or least visited and how visitors navigate our site. If you refuse to save analytical cookies on your computer or smartphone, your visit will not be included in our statistics, but at the same time it will not limit any functionalities on our website for you.
  • Marketing cookies - we use these cookies to personalize the content that is displayed to you. Marketing cookies may be used in our advertising campaigns that are run on third party websites. If you consent to the use of marketing cookies, you can receive information about the websites of our trusted partners where you have responded to our ads. If you opt out of marketing cookies, you will be shown general and non-personalized advertisements. As with analytical cookies, if you refuse to save marketing cookies on your computer or smartphone, this will not limit any functionality for you on our website.

During your visit to our website, you will see a banner informing you that it uses cookies. If you choose the option:
  • "Allow all" – it will mean that you accept all cookies that are placed on our website and confirm that you have read the information about cookies and the purposes of their use, as well as cases in which data collected with the help of cookies are transferred to our partners.
  • "Settings", you will be able to manage your cookie preferences in detail by selecting a field on the cookie banner displayed to you.
  • "Reject all", this will mean that you do not want our cookies to be saved on your device. By choosing this option, you will reject all but technically necessary cookies that we use on our website.
We emphasize that accepting cookies is not a prerequisite for using our websites. It is also possible to change cookie settings at any time by clicking on the content "Management of granted consents (cookies)" located in the lower right corner of our website.



TRANSFER OF DATA TO THIRD COUNTRIES


As a rule, your personal data will not be transferred outside the European Economic Area (hereinafter referred to as "the EEA") to entities based in the so-called "third countries". However, bearing in mind the performance of services and tasks by our subcontractors in the implementation of support for ICT services and IT infrastructure, we may outsource certain activities to reputable subcontractors operating outside the EEA, which may result in the transfer of data outside the EEA.

In the above cases, data is transferred to a third country on the basis of a decision of the European Commission stating an adequate level of protection, and in the absence of such a statement, in accordance with applicable legal regulations, appropriate safeguards are applied in order to create an appropriate level of data protection - these include in particular standard contractual clauses issued by the European Commission in accordance with Art. 46 par. 2(c) of the GDPR. The applied method of data protection complies with the principles specified in Chapter V of the GDPR "Transfer of personal data to third countries or international organisations" .



DATA PROCESSING IN AN AUTOMATED MANNER


Your personal data will not be used for automated decision-making (including in the form of profiling), as a result of which any decisions could be made that would have legal effects or similarly impact any effects on customers, contractors, their employees or associates, as well as employees or associates of the Controller.



SECURITY OF PERSONAL DATA


Taking care of the protection of your personal data, we have implemented appropriate technical and organizational measures at PPL to ensure an appropriate level of data security, including through:
  • training our staff and building awareness in the area of data protection,
  • allowing only persons with appropriate authorization to process data, while submitting a declaration of confidentiality,
  • implementation of systems and security measures to ensure confidentiality, integrity and availability of data,
  • supervision over the processing of personal data, in particular control of what data and to what extent we obtain it, and to whom it is potentially transferred,
  • cooperation with business partners who provide sufficient guarantees to implement appropriate security standards.



PRIVACY POLICY UPDATE


We reserve the right to update this Privacy Policy in the future - this may happen for important reasons, including such as changes in applicable regulations, in particular in the field of personal data protection, as well as in connection with the development of functionalities or electronic services related to the progress of Internet technology, including the use / implementation of new technological or technical solutions affecting the scope of the Policy.


 
Last update: 23/03/2023