What is the Privacy and Personal Data Protection Policy? It is the policy that establishes the terms under which ASA, Aeroportos e Segurança Aérea S.A., processes the personal data of its customers and the rights that these can exercise, in accordance with the General Legal Regime of Personal Data Protection for Individuals, approved by Law No. 133 / V / 2001 of January 22, as amended by Law 41/VIII/2013 of September 17 and Law No. 121/IX/2021, January 22, and other applicable national legislation on privacy and data protection. What is personal data and processing of personal data? Personal data is any type of information relating to a natural person. For example, their name, identification number, location data, contacts and even elements of their physical, economic or social identity. The processing of personal data is any operation performed, by automated and non-automated means, on such data – collection, recording, alteration, consultation, use, transmission and destruction. How does ASA, Aeroportos e Segurança Aérea S.A. collect customer data? ASA, Aeroportos e Segurança Aérea S.A., collects personal data in the scope of aeronautical information exchange. Examples: personal identification information – name, address, e-mail, telephone number and so on. In collecting and processing data, ASA, Aeroportos e Segurança Aérea S.A., complies with applicable legal obligations and observes the principles and rules of processing, requesting the customer’s consent when necessary for the processing of data. Is the customer’s personal data secure? ASA, Aeroportos e Segurança Aérea adopts various technical measures and organizational security measures in order to protect the personal data of its customers against loss, disclosure, alteration, improper or unauthorized processing or access. Can ASA, Aeroportos e Segurança Aérea, S.A. give access to customer data to third parties? ASA, Aeroportos e Segurança Aérea, S.A., may use third parties – subcontractors – to provide certain services, which may imply that these third parties have access to customers’ personal data. ASA ensures that these subcontracted entities comply with the applicable legal requirements and provide adequate data protection guarantees. What are the rights of the holders of personal data? Right of access – provision of information about the personal data held by the ASA. about the data subject and the processing of this data; Right of rectification – correction, updating or inclusion of information (which may be missing) concerning the data subject; Right to erasure of data (“right to forget”) – erasure of data; Right to limitation of processing – suspension / (temporary) cessation of data processing, compliance with applicable legal requirements; Right to portability – making available the personal data provided by the customer, in a structured format for current use and automatic reading, so that it can be transmitted to another entity; Right of opposition – withdrawing consent for data processing on this basis. How can the customer exercise their rights and access information about personal data management? ASA, Aeroportos e Segurança Aérea S.A., guarantees customers the exercise of their rights of access, portability, rectification, opposition, elimination and limitation of processing. Customers can exercise their rights by contacting ASA. What is the Cookies Policy of ASA, Aeroportos e Segurança Aérea S.A.? The ASA, Aeroportos e Segurança Aérea S.A. web platforms use cookies to improve user performance and the browsing experience, increasing the speed and efficiency of response on the one hand, and eliminating the need to repeatedly enter the same information on the other. What is a data breach? A data breach is a breach of security that accidentally or illegally causes the destruction, loss, alteration, unauthorized disclosure of or access to personal data processed by ASA, Aeroportos e Segurança Aérea, S.A. Examples of a data breach are: – The unauthorized verbal or written transmission of personal data; – Loss, theft or insecure storage of documents or devices (PC or cell phone); – Sending personal data to the wrong recipient; – Sending e-mail to a set of recipients using the “To” option instead of “Cco”.
