Smarter Airports’s Privacy Policy relates to the nature and scope of our processing of your personal data in our business operations, in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

1                       Privacy Policy

This Privacy Policy explains how Smarter Airports processes your personal data and what your rights are in relation to Smarter Airports’s collection, processing and retention of your personal data.

The Privacy Policy is addressed to you as an applicant, customer, supplier, business partner, collaborator, consultant, advisor or any other party for whom we may process personal data.

2                       Data controller

When processing your personal data for Smarter Airports’s purposes, Smarter Airports acts as a data controller.

Smarter Airports is an international organisation with legal entities in several countries. The entity responsible for the processing of your personal data (the data controller) thus depends on which entity you are working with.

 

Location

Company

Address

Denmark

Smarter Airports A/S

Smarter Airports A/S

Rued langgaards vej 8

DK-2300 Copenhagen

Denmark

 

Some of your personal data may be shared internally within the Smarter Airports, but only if it is necessary in order to fulfil the purpose of which we are processing your personal data. All entities in the Smarter Airports Group have entered into an Intra Group Agreement that ensures that everyone follows the same procedures when processing personal data so the same level of security is maintained throughout.

 

3                       Purposes for processing personal data

Smarter Airports only process personal data where a specific and legitimate purpose exists. Below we have listed the most relevant purposes for Smarter Airports’s processing of personal data and some of the activities associated herewith:

Applications and recruitment:

E.g. applicants applying for a job (whether solicited or non-solicited), potential candidates participating in various events (whether socially or academically), candidates contacting Smarter Airports with the purpose of hiring (whether as a regular employee or freelancer), entering and participating in Smarter Airports’s recruitment process and when participating in job interviews and/or personality tests.

Business operations:

E.g. when operating and managing the IT and communications systems, managing product and service development, buying various goods and items from suppliers, improving products and services, managing company assets, allocating company assets and human resources, strategic planning, project management, business continuity, compilation of audit trails and other reporting tools, maintaining records relating to manufacturing and other business activities, maintaining security of premises, budgeting, financial management and reporting, communications, managing mergers, acquisitions, and reorganisation or disposals.

Communication:
E.g. when facilitating communication with employees, use of photographs in newsletters and other material distributed within Smarter Airports and to partner entities and subsidiaries, providing references, ensuring business continuity, protecting the health and safety of employees and others, safeguarding IT-infrastructure, office equipment and other property, facilitating communication in an emergency, publication of contact information and pictures on our website.

Compliance:
E.g. when monitoring compliance with internal policies or applicable laws, complying with legal and other requirements, such as income tax and national insurance deductions, recordkeeping and reporting obligations, conducting audits, compliance with government inspections and other requests from government or other public or regulatory authorities, responding to legal process such as subpoenas, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claim and complying with internal policies and procedures.

Website:

When you use our website, we collect personal data via cookies. Please see Smarter Airports’s cookie policy for further information.

4                       Categories of personal data

4.1                  Personal data

Smarter Airports processes personal data that is provided to us by either you, our business partners or customers etc. Usually, that amounts to the processing of some of the following categories of personal data e.g.:

  • Name, e-mail, telephone number, address, date of birth, gender, photographs, bank and salary details, description of current position and title, employment status, details contained in letters of application and resume/CV, previous employment background and references, education history, professional qualifications and academic credentials, other relevant skills and personality test results.

4.2                  Sensitive personal data:

Sensitive personal data is defined as:

  • Personal data regarding racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade-union membership
  • Genetic and biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health or data concerning a natural person's sex life or sexual orientation
  • Criminal offences

 

Generally, Smarter Airports does not process sensitive personal data. However, in connection with an application, we may ask for a criminal record to be provided.

5                       Collection of personal data

We may collect personal data from the following source(s):

  • Directly from you, such as through an application process or other forms or information you provide to Smarter Airports in connection with your application, partnership, consultancy work, advisory work etc.
  • From group entities or subsidiaries such as through an application process or other forms or information you provide to the group entity or subsidiary in connection with your employment, partnership, consultancy work etc.
  • During your activities in the course of your application, partnership, consultancy work, such as through your performance and interaction with other employees, customers, or other individuals
  • From third parties which may include (the list is not exhaustive):
    • References
    • Former employers
    • Public authorities (in particular regarding security checks and the obtaining of security licenses)
    • Other third parties, including background checks, agencies and external recruiters
    • Websites, LinkedIn or similar public medias

6                       Special notices

Smarter Airports hereby explicitly notifies that there is video surveillance at the entries of our premises.

7                       Legal basis for processing of personal data

We process personal data on the following legal grounds pursuant to the GDPR:

Consent (article 6.1.a):

E.g. when you provide Smarter Airports with the relevant personal data directly or you provide Smarter Airports with your explicit consent to obtain such personal data.

Necessary for the performance of the contract between you and Smarter Airports (article 6.1.b):

E.g. when it is necessary for Smarter Airports to comply with a contractual obligation.

Necessary for Smarter Airports to comply with a legal obligation (article 6.1.c):

E.g. when Smarter Airports must comply with laws on bookkeeping and financial reporting etc.

Necessary for the pursuit of legitimate purposes of Smarter Airports (article 6.1.f):

E.g. when Smarter Airports stores contact information in our CRM system to handle client relations.

Necessary for the purpose of carrying out obligations in the field of employment, social security and social protection (article 9.2.b):

E.g. when Smarter Airports must comply with employment laws etc.

Necessary for the establishment, exercise or defence of legal claims (article 9.2.f):

E.g. in cases where it is necessary for Smarter Airports to either establish, exercise or defence legal claims.

8                       Recipients of personal data

Smarter Airports only shares your personal data to the extent that it is necessary in order to fulfil the purposes with the processing or if required by law. In such cases, we might share your personal data with:

  • Suppliers, business partners and clients that we work with e.g. service providers and financial institutions
  • Group entities
  • Public authorities

 

Certain recipients process personal data on behalf of Smarter Airports (data processors) and may only process your personal data in accordance with the instructions given by Smarter Airports. These third parties may not process your personal data for their own purposes.

To the extent that Smarter Airports disclose or transfer personal data to third parties who may use your personal data for their own purposes (joint data controllers), such disclosure or transfer will only take place if it is in accordance with applicable law or with prior consent given from you.

9                       Transfer to countries outside the EU/EEA

Smarter Airports generally refrains from transferring personal data to countries outside the EU/EEA. Should the transfer be necessary, the transfer will, however, only take place if there is a legal basis for the transfer in accordance with the GDPR as set out below:

  • If the country has been deemed to have an adequate level of protection of personal data by the Commission of the European Union, and
  • If the country has not been deemed to have an adequate level of protection of personal data by the Commission of the European Union, where the appropriate safeguards can be guaranteed through either:
  1. The use of "Model Contracts for the Transfer of Personal Data to Third Countries", as published by the Commission of the European Union, or any other contractual agreement approved by the competent authorities, or
  2. The use of an approved code of conduct pursuant to article 40, an approved certification mechanism pursuant to article 42.

10                  Storage

We only store personal data for as long as it is necessary in order to fulfil the purposes of the processing, unless there are specific legal reasons, and/or a legal requirement that stipulates a longer storage period.

As such personal data obtained in connection with applications and recruitment will as a main rule be deleted after 12 months from the receiving of the candidate’s application.

Personal data obtained in connection with business operations will generally be deleted according to either Smarter Airports’s Internal Privacy Policy or according to the agreed upon terms with our suppliers or other business parties.

Personal data obtained in connection with communications will also in general be deleted according to Smarter Airports’s Internal Privacy Policy.

11                  Your rights as a data subject

As a data subject you have certain rights, which are listed and further described below. Smarter Airports takes all necessary and adequate measures to protect your personal data and ensure your rights as a data subject.

Your rights as a data subject includes the right to:

  • Request access to your personal data
  • Request rectification of your personal data
  • Request erasure of your personal data
  • Object to the processing of your personal data and have the processing restricted
  • Receive your personal data in a structured, commonly used and machine-readable format (data portability)
  • Complain to a data protection supervisory authority

Please note that certain exceptions to the enforcement of your rights may apply e.g. if it is necessary for compliance with legal obligations and/or for the establishment, exercise or defence of a legal claim.

Exercising your rights

You may take steps to exercise your rights by contacting Smarter Airports’s appointed DPO. You can find the contact information under section 16.

Please note, that there may be other conditions or limitations on your rights as a data subject than stated above, depending on the specific circumstances.

12                  Withdrawal of consent

When the processing of your personal data is based on your consent, you may withdraw your consent at any time by contacting Smarter Airports’s DPO. However, please note that this does not affect the legal basis for Smarter Airports's processing of your personal data prior to the withdrawal of your consent.

13                  Filing of a complaint

If you wish to file a complaint regarding Smarter Airports’s processing of your personal data, you can always contact Smarter Airports’s DPO. All complaints filed to the DPO should be resolved, if, however, this is not the case, you can file a complaint to the local data protection supervisory authority.

 

Country

Supervisory Authority

Denmark

Danish Data Protection Agency (Datatilsynet)
Carl Jacobsens Vej 35
DK-2500 Valby
Tel.: +45 33 19 32 00
Email: dt@datatilsynet.dk
Website: www.datatilsynet.dk

14                  Data Protection Officer (DPO)

The contact information of Smarter Airports’s Data Protection Officer (DPO) are as follows:

Email address: gdpr@smarterairports.com

15                  Changes to the Privacy Policy

This Privacy Policy will be updated on a regular basis and whenever necessary due to changes in applicable law. The Privacy Policy will always include information on the effective date of the latest version.