Personal Data Protection

Information on Personal Data Protection
Return to home

1. Introduction

Letiště Praha, a. s. (hereinafter Prague Airport) pays attention to the protection of your personal data it processes for certain purposes. Personal data processing is carried out in accordance with legal regulations applying to personal data protection; in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter GDPR).

Prague Airport informs you on this website about the processing of your personal data you provided in particular in relation to the use of services and products or during communication with us. Here, you can find information on the conditions of personal data processing in individual cases as well as information on the scope of processed personal data, their protection and your rights related to personal data processing. Specific information on the method of processing of your personal data can also be found in individual cases when you provide Prague Airport with your personal data (such as when ordering a service, sending an inquiry etc.).

 

2. Prague Airport – Personal Data Controller

Prague Airport, as the personal data controller, processes your personal data transparently, correctly, in accordance with GDPR, as well as other legal regulations, in the scope necessary for a relevant purpose. We keep your personal data safely for a necessary period, according to legal regulations. Personal data of children are processed solely when a legal representative acts on behalf of the child.

Prague Airport contact information:

Letiště Praha, a. s.
K letišti 1019/6,
Praha 6 - Ruzyně
161 00
ID: 282 44 532
TIN: CZ699003361
 
Letiště Praha, a. s. is incorporated in the Commercial Register kept by the Municipal Court in Prague, Section B, Insert 14003.

3. Personal data

Prague Airport processes personal data solely for certain legitimate purposes, always in necessary scope in relation to the purpose for which they are processed. Personal data processing is necessary for provision of services or products you are interested in. Prague Airport is also obliged to process your personal data based on a legal obligation imposed upon us or due to protection of legitimate interests arising from our mutual relations.

Prague Airport processes in particular personal data of its customers (persons using its services and products), persons who communicate with it for certain reasons (questions, opinions, complaints) but it also processes personal data of visitors of certain buildings of Prague Airport. Our company processes the following personal data categories for the mentioned purposes:

  • Identification data, such as name and surname, date of birth, card identification number, birth number etc.
  • Contact information such as residence address, telephone number, email address etc.
  • Other data such as recordings from CCTV located in the premises of Václav Havel Prague Airport etc.
4. Personal Data Processing Cases

Prague Airport processes provided personal data for certain purposes related in particular to the provision of services or products, fulfillment of legal obligations, rights and duties arising from a contract or from Prague Airport´s legitimate interests.

Below you will find an overview of cases when Prague Airport processes personal data:

a. a. Visit/Use of Prague Airport Website

We use cookies in order to make use of Prague Airport website simple (content personalization) and in order to analyze traffic. Consent to use cookies/allow cookies is the legal basis for personal data processing in line with GDPR.

b. Camera Systems (CCTV)

In order to protect life, health and property from unlawful conduct, Prague Airport uses camera systems with recording. The cameras are installed in the premises of Václav Havel Airport Prague, as well as in certain premises where Prague Airport is located. Fulfillment of legal obligation, protection of interests essential for life of persons and protection of legitimate interests of Prague Airport is the legal basis for personal data processing in this case in line with GDPR.

c. Sending Newsletters to Persons Using Services and Products of Prague Airport (Direct Marketing)

Prague Airport is authorized to process your personal data which you provided to it when you used services and products provided by Prague Airport, on the legal basis – controller´s legitimate interest. Prague Airport uses profiling in order to personalize newsletters.

d. Sending Newsletters

We will send you news about our services and products based on your consent to personal data processing. You may recall the consent to receive newsletters at any time. Prague Airport uses profiling in order to personalize newsletters.

e. Applications for Statement Regarding Engineering Networks and Buffer Zones

Airport processes applicant´s personal data for the purpose of handling application for a statement regarding engineering networks and Prague Airport Ruzyně buffer zones. The legal basis for processing is a legitimate interest of Prague Airport.

f. Lounges (VIP Service Club Continental, Private Check-in Service, Erste Premier Lounge, Mastercard Lounge, Raiffeisenbank Lounge

Prague Airport is obliged to process personal data of lounge customers in order to perform a contract (by ordering the lounge service a contractual relation between Prague Airport and a customer is established), but also to fulfil a legal obligation (legal regulations governing rights and obligations connected to consumer protection and bookkeeping).

Within this service Prague Airport has a legitimate interest in promotion of services it provides; for this reason it sends newsletter to customers. A customer has the right to cancel sending of newsletters at any time. Prague Airport will then stop sending commercial messages to you.

g. Aeroparking (online reservation)

Prague Airport is obliged to process personal data of Aeroparking customers for performing a contract (by parking reservation service a contractual relation between Prague Airport and a customer is established) but also to fulfil a legal obligation (legal regulations governing rights and obligations connected to consumer protection and bookkeeping).

Within this service Prague Airport has a legitimate interest in promotion of services it provides; for this reason it sends newsletter to customers. A customer has the right to cancel sending of newsletters at any time. Prague Airport will then stop sending commercial messages to you.

h. Airport Tours

Prague Airport is obliged to process personal data of tour customers at Václav Havel Airport Prague for a number of reasons. Based on a requirement laid down in Regulation (EC) No. 300/2008, 272/2009 and 185/2010 of the European Parliament and of the Council laying down common rules in the field of civil aviation security, as amended, and in accordance with the General Data Protection Regulation (GDPR), the entry to restricted areas of Václav Havel Airport Prague, where the tours take place, is possible solely after clear identification of a tour customer. Prague Airport requires the provision of your personal data in necessary scope for this purpose. With regard to the fact that entry to restricted areas of Václav Havel Airport Prague is subject to strict security rules, Prague Airport may not allow entry to customers who cannot be identified.

Prague Airport is also obliged to process personal data of tour customers for performing a contract (by ordering the tour a contractual relation between Prague Airport and a customer is established), but also to fulfil a legal obligation (legal regulations governing rights and obligations connected to consumer protection and bookkeeping).

Within this service Prague Airport has a legitimate interest in promotion of services it provides; for this reason it sends newsletter to customers. A customer has the right to cancel sending of newsletters at any time. Prague Airport will then stop sending commercial messages to you.

i. One-Time Entry of Persons and Vehicles to Restricted Areas of Václav Havel Airport Prague

Prague Airport is obliged to process personal data of persons entering restricted areas of Václav Havel Airport Prague; this obligation arises from Commission Implementing Regulation (EU) 2015/1018 of 29 June 2015 laying down a list classifying occurrences in civil aviation subject to be mandatorily reported under Regulation (EU) No 376/2014 of the European Parliament and of the Council and pursuant to Article 31(2) of Act No. 49/1997 Coll., on Civil Aviation and on Amendment to Act No. 455/1991 Coll., on Trades Licensing (Trade Licensing Act), as amended. Failure to provide personal data may cause that one time entry of persons and vehicles to restricted areas of Václav Havel Airport Prague will be denied.

j. Entering Prague Airport buildings

Prague Airport has legitimate interest to process personal data of persons entering buildings owned by Prague Airport. The purpose of this personal data processing is to protect people and property of Prague Airport, as well as to ensure safety of civil aviation.

k. Incentive Programme

Prague Airport is obliged to process personal data of applicants for financial support for purposes of assessing the application and eventual provision of the financial support. In this case, the legal basis for personal data processing is the legitimate interest of Prague Airport.

l. Grant programs

Letiště PrahaPrague Airport processes personal data of applicants for assessing his/her grant application. Prague Airport´s legitimate interest is the legal basis for personal data processing in this case.

m. Energoportál

Prague Airport processes personal data of persons filing their queries through Energoportál. The purpose of personal data processing is to handle queries (without the provision of your personal data Prague Airport would not be able to reply to the queries). Prague Airport´s legitimate interest is the legal basis for personal data processing in this case.

n. Queries, Complaints, Suggestions

Prague Airport´s legitimate interest is to process personal data of inquirers. Without the provision of your personal data Prague Airport would not be able to handle queries, complaints or suggestions. Prague Airport´s legitimate interest is the legal basis for personal data processing in this case.

o. Voluntary Safety Reports

Letiště Praha Prague Airport processes personal data of a notifier to assess a voluntary safety report; without the provision of your personal data Prague Airport would not be able to duly assess safety reports. Prague Airport´s legitimate interest is the legal basis for personal data processing in this case.

p. Application for Provision of Information under Act No. 106/1999 Coll., on Free Access to Information

Prague Airport has, in a given case, the legal obligation to process applicant´s personal data based on the provision of Section 14 of Act No. 106/1999 Coll., on free access to information. The reason for provision of personal data by the applicant to Prague Airport is given in the provision of Section 14(2) of Act on Free Access to Information. In accordance with this provision the applicant is obliged to provide personal data in the application for information. Failure to provide applicant´s personal data may cause that the application for provision of information will be denied.

q. Attending Events Held by Prague Airport

Prague Airport processes personal data in relation to professional conferences, seminars but also other social events. In order to allow a person to attend a given event Prague Airport may require registration; basic identification data are required in order to register. The legal basis for processing of these personal data is contract performance – in accordance with GDPR (if the event is paid) and fulfillment of a legal obligation. In case of free events Prague Airport processes personal data to protect legitimate interests.

r. Identification for Purposes of Contract Conclusion

It is necessary to process your personal data in order to conclude a contract and perform it (identification of a contracting party). Prague Airport processes personal data in the necessary scope in relation to the purpose for which they are processed. The legal basis for processing of these personal data is contract performance – in accordance with GDPR and fulfillment of a legal obligation imposed upon Prague Airport.

Prague Airport states that it does not process and will not process personal data in manner which is in conflict with the purpose for which personal data were provided by you.

5. Consent to Personal Data Processing

The consent to personal data processing as the legal basis for personal data processing is used when Prague Airport may not process personal data based on another legal basis (such as sending commercial messages to a person who does not use services or products of Prague Airport).

The granted consent to personal data processing may be recalled at any time.

6. Personal Data Sharing

In certain cases, personal data may be processed also by other companies within the Prague Airport group, namely Czech Airlines Technics, a. s., Czech Airlines Handling, a. s., as third parties who process personal data for Prague Airport based on a contract (personal data processors). Personal data processors as well as Prague Airport pay attention to due protection of your personal data.   

Personal data may also be transmitted to state authorities, which have a right (based on special legal regulations) to require given personal data from Prague Airport, as the personal data controller.

7. Personal Data Security

Prague Airport has implemented technical and organizational measures to ensure a due level of your personal data security. Prague Airport uses a variety of technologies and procedures to protect your personal data. Prague Airport has implemented regular testing and risk assessment processes connected to personal data processing in order to ensure processing security.

The transfer of personal data outside the EU territory is solely for the fulfillment of obligations, that are in accordance with the requirements for aviation security. When Prague Airport transmits or is obliged to transmit personal data to third parties it always chooses contractual partners providing at least the same level of security as Prague Airport.

When Prague Airport is obliged to transmit personal data to state authorities it uses solely the most secure way of communication and transmission of personal data.

8. Retention Period

Prague Airport pays attention to store personal data you have provided only for a necessary period and after lapse thereof your personal data will be deleted immediately.  

Prague Airport stores your personal data only for a period:

  • necessary for the fulfillment of processing purpose (provision of a service or product);
  • stipulated by legal regulations applying to Prague Airport;
  • for which Prague Airport´s legitimate interests in personal data processing exist (protection of rights in case of court disputes or administrative proceedings, claim collection etc.)

The period of personal data processing depends on a specific case of personal data processing, therefore it may differ in each case.

9. Data subject´s rights

If Prague Airport processes your personal data, you have the following rights arising from GDPR as the data subject

a. Right to Recall Consent to Personal Data Processing

If Prague Airport processes your personal data based on a legal basis – consent to personal data processing (consent to personal data processing was granted to Prague Airport by you) you have the right to recall this consent. Prague Airport undertakes not to further processes your personal data it has been processing based on your consent. Prague Airport rarely uses the consent to personal data processing as the legal basis for personal data processing, usually only for the purposes of sending newsletters to persons who do not use services and products provided by Prague Airport.

b. Right to Access Personal data

You have the right to receive information from Prague Airport whether it processes your personal data.

c. Right to Rectification

You have the right to request Prague Airport to rectify inaccurate personal data it process about you.

d. Right to Deletion

In cases listed in GDPR you have the right to request Prague Airport to delete your personal data that are processed.

e. Right to Restriction of Personal Data Processing

In cases listed in GDPR you have the right to request Prague Airport to restrict processing of your personal data.

f. Right to Portability

You have the right to request Prague Airport to transmit all personal data it processes about you to another controller.

​​g. Right to Object

You have the right to object to personal data processing by Prague Airport in the cases listed in GDPR;

h. Right Not to Be a Subject of Any Decision Based Entirely on Automated Processing

i. Right to File a Complaint with a Supervisory Authority

You have the right to file a complaint against personal data processing by Prague Airport. The Office for Personal Data Protection is the supervisory authority – registered office at Pplk. Sochora 727/27, post code 170 00, Prague 7.

We would like to inform you that the scope of your rights connected to personal data processing depends on the legal basis for personal data processing.

10. Contact

If you have any other questions regarding personal data processing or a complaint, you can contact us; please, contact us in writing at Letiště Praha, a. s., K letišti 1019/6, Ruzyně, 161 00, Prague 6.

We will reply to your questions or complaints in the shortest possible time, however, at the latest within 30 days after we have received you question or complaint.

If you, as the data subject, assert any of your rights arising from GDPR to every data subject, we would like to ask you, in order to handle your questions as soon as possible, to state what right you are asserting.  

In view of the fact that Prague Airport is obliged, in accordance with GDPR, to verify identity of a data subject who is asserting his/her rights, Prague Airport may, in cases when it is not possible to verify your identity and when Prague Airport has reasonable doubts about your identity, request you to present an identity document or other document for proving identity, in the Prague Airport´s registered office. This procedure will ensure that Prague Airport will not allow other person to assert the rights of the data subject (for example a person who passes himself/herself as you in order to harm you).    

11. Data Protection Officer

Ing. Lukáš Ondráček is the data protection officer for Prague Airport, you can contact him by email at:  dpo@prg.aero

12. Basic Terms

This text explaining personal data processing includes a number of specific terms. We would like to explain basic specific terms of personal data protection.    

Term

Definition

Personal data

Personal data means any information relating to an identifiable natural; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name and surname, birth date, identification number, age, marital status etc.

Special personal data category (sensitive data)

Special personal data category means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, also genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. These personal data may damage a particular person in society, school or may cause discrimination.

Personal data processing

Personal data processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Processing means in particular collection, recording, organization, structuring, storage on information media, disclosure, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, publishing, storage, exchange, sorting or combination, blocking and destruction.

Data subject

Data subject is a natural person to whom the personal data relate and who may be identified based on these personal data.

Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent to personal data processing

Consent to personal data processing is one of the legal titles based on which the controller may process data subject´s personal data. Solely freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her is considered consent to personal data processing.

Purpose of personal data processing

Legal basis (reason) based on which the controller is entitled to process personal data.

Legal basis for personal data processing

The controller is authorized to process personal data solely when it has a certain legal basis for it. The controller may process personal data for various purposes and there must be a legal basis for each purpose of personal data processing.  

Genetic data

These are personal data relating to the genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person.

Biometric data

Biometric data means personal data resulting from specific technical processing relating to the physical or physiological characteristics of a natural person, which allow the unique identification of that natural person, such as facial images or dactyloscopic data etc.

Cookies

Cookies are short text files which a visited website sends to the browser. They allow the website to record information about your visit, such as the preferred language and settings. The next visit to that website will be easier and more productive.

Automated personal data processing

It is a method of personal data processing when solely information technology is used for processing (without any human intervention). 

GDPR

General Data Protection Regulation – acronym used for Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

 

13. Legal regulations

Prague Airport adheres to valid legal regulations when processing your personal data, in particular GDPR, laws regulating privacy protection and confidentiality, as well as other legal regulations.

The main legal regulations for personal data protection or those that are directly related to data protection are listed below:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) - GDPR;
  • Act No. 110/2019 Coll.., act on personal data protection;
  • Act No. 89/2012 Coll., the Civil Code;
  • Act No. 480/2004 Coll., on certain information society services;
  • Act No. 634/1992 Coll., on consumer protection.
  • Commission Decision (EU) No 2000/518 / EC on the adequate protection of personal data in Switzerland;
  • Commission Decision (EU) No 2016/1250 on an adequate level of protection provided by the EU-US Privacy Shield.