Personal Data Protection Notice
Athens International Airport S.A (AIA) has deployed a mobile device management technology from Microsoft “The Intune Company Portal” which authorizes access to corporate applications and resources through portable internet connected devices (notebooks, tablets or mobile phones).
AIA bears the role of Data Controller and holds all rights and obligations reserved for such capacity under the legislation.AIA acknowledges and respects the importance of your data privacy and commits to safeguard their availability, integrity and confidentiality for the whole period these are retained. This Notice provides you with useful information on the purpose and the means that your personal data is collected and processed and describes your rights regarding such processing, in compliance with applicable data protection legislation.
Personal data processed
- Device model/serial (IMEI)/IP/Mac Address
- Name/surname
- Employee function and Department
- Building
- Company email address
- Company land line number
- Mobile phone No
Data subjects affected
- AIA employees, possessing a corporate-owned mobile device and supported-cellular plan
- AIA employees, possessing a privately-owned mobile device, who wish to have access to their corporate resources (e.g. One Drive, Outlook 365, etc.).
Lawfulness and purpose of processing
The personal data processed in the Intune Company Portal is necessary to serve AIA’s legitimate interest to ensure confidentiality, integrity and availability of its corporate information and resources remotely accessed by such mobile devices.
Intune Company Portal provides protection for such portable devices with the capability to remotely wipe the device memory or remove access to installed application and data in the event of theft or accidental loss.
When you enroll a device, you give AIA permission to view certain pieces of information:
- Device name, serial number, model & manufacturer
- Operating system and version
- Application inventory and app names. On personal devices, AIA can only see your managed app inventory. On corporate-owned fully managed and dedicated devices, AIA can see all of your app inventory. On corporate-owned devices with a work profile, AIA can only see the app inventory in your work profile.
- Device owner
- Phone number for corporate devices.
AIA can never have access to:
- Passwords
- Calling and web browsing history
- Location
- Email and text messages
- Contacts
- Calendar details
- Pictures, including what's in the photos application or camera roll
- Files
- For corporate-owned devices with a work profile, the applications and data in your personal profile.
Data Processor
The “Intune Company Portal” is provided as a cloud service by Microsoft S.A., which carries the duties of Data Processor on behalf of AIA, under European and national legislation. Microsoft ensures compliance to such provisions. (https://docs.microsoft.com/en-us/mem/intune/protect/privacy-personal-data)
The “Intune Company Portal” utilizes the Microsoft Azure cloud hosting services.
Microsoft Azure ensures GDPR compliance. (https://azure.microsoft.com/en-in/blog/protecting-privacy-in-microsoft-azure-gdpr-azure-policy-updates/)
Retention Period:
Access to your mobile device data is active for the duration of your access rights to AIA corporate resources. The removal of your user account for whatever reason shall result to the immediate termination of the service and denial of access to such corporate resources through the enabled mobile device.
Your rights to access and manage your personal data:
Personal data legislation in force gives you the right to be able to affirm that your personal data is being processed lawfully. You may exercise the rights of data access, rectification, deletion, transfer and also, the rights of data processing objection and restriction. Your requests to exercise any of your rights, should be communicated to AIA’s Data Protection Officer ext. +2103537211, [email protected]. Furthermore, you may lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)
Note: The exercise of any of your above rights is subject to applicable regulatory, or operational restrictions.
Extensive information on the handling of data subject requests by Microsoft S.A.: https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-azure?view=o365-worldwide