Processing of personal data

Introduction

LETIŠTĚ BRNO a.s. (hereinafter referred to as “Brno Airport”) ensures the protection of personal data that it processes for specific purposes.  Personal data is processed in accordance with personal data protection legislation, in particular Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the "GDPR"). Privacy protection in the processing of personal data is a priority for Brno Airport. We treat the processing of personal data as strictly confidential.

Brno Airport hereby informs you about the processing of your personal data, the conditions and scope of its processing, the protection of personal data and your rights relating to the processing of personal data.

Basic terms

Technical terms are used in the text. For clarity, we provide a basic explanation of these terms.

Personal data: Personal data is any information about an identifiable natural person; an identifiable person is a person who can be identified directly or indirectly, in particular by reference to a specific identifier, such as name and surname, date of birth, identification number, age, marital status, etc.

Special categories of personal data (sensitive data): Special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or sex life or sexual orientation. This data may harm a person, e.g. in society, at work, at school, or may be a source of discrimination.

Data subject: The data subject is the natural person to whom the personal data relates and who can be identified on the basis of this personal data.

Processor: The processor of personal data is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

Processing of personal data: Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. Processing means, in particular, the collection, recording, organisation, structuring, storage on information carriers, disclosure, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, publication, storage, exchange, sorting or combination, blocking and destruction.

Consent to the processing of personal data: Consent to the processing of personal data is one of the legal grounds on which the controller may process the personal data of the data subject. Only a free, specific, informed and unambiguous expression of will by which the data subject gives his or her consent to the processing of personal data by means of a statement or other clear confirmation is considered consent.

Purpose of personal data processing: The legal basis (reason) on which the controller is entitled to process personal data.

Legal basis for the processing of personal data: The controller is only entitled to process personal data if it has one of the legal bases for doing so. The controller may process personal data for various purposes, but it must have the appropriate legal basis for each purpose.

Biometric data: Biometric data is personal data resulting from specific technical processing relating to the physical or physiological characteristics of a natural person, which allows for the unique identification of that person, e.g. facial images or dactyloscopic data, etc.

Genetic data: Personal data relating to the genetic characteristics of a natural person, which provide unique information about their physiology or health.

Automated processing of personal data: A method of processing personal data that uses only computer technology (without human intervention).

Cookies: Cookies are short text files that a visited website sends to your browser. They allow the website to record information about your visit, e.g. your preferred language and settings. This can make your next visit to the website easier and more productive.

GDPR: General Data Protection Regulation – an abbreviation used to refer to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Brno Airport – personal data controller and processor

Brno Airport, as a controller or, in certain cases, as a processor of personal data, processes personal data in accordance with the GDPR and relevant legislation, to the extent necessary for the relevant purpose, in connection with its business activities. We store personal data securely for the necessary period of time, as required by relevant legal regulations or internal standards of Brno Airport. In the case of children's personal data, we only process it when the child's legal representative acts on their behalf.

Contact details:
LETIŠTĚ BRNO a.s.
Letiště Brno – Tuřany 904/1, Tuřany
627 00 Brno

Data box: gkvexxm

Email: sekretariat@brno-airport.cz


LETIŠTĚ BRNO a.s. is registered in the Commercial Register maintained by the Regional Court in Brno, Section B, File 3546.

Personal data

Brno Airport processes personal data only for specific legitimate purposes, always to the extent necessary in relation to the purpose for which it is processed. The processing of personal data is necessary to provide the services we offer you as part of our business activities and due to the legal obligations that regulate our activities.

Brno Airport processes, in particular, the personal data of persons to whom we provide services, i.e. our customers, persons with whom we enter into contractual relationships for the purpose of fulfilling a contractual relationship, persons with whom we communicate, e.g. for handling complaints, requests, inquiries, sending commercial communications, or for reasons of legitimate interest of the personal data controller, etc. In accordance with regulations on the protection of civil aviation against unlawful acts, we also process personal data on persons entering the non-public area of the airport.

For the above purposes, Brno Airport processes the following categories of personal data in particular:

  • Identification data (e.g. name and surname, date of birth, ID card number, birth number, etc.),
  • Contact details (e.g. residential address, telephone number, e-mail address, etc.),
  • Other data (e.g. video recordings from security cameras located on the premises of Brno Airport and/or in other buildings used or managed by Brno Airport, etc.).
Areas of personal data processing

Brno Airport processes the personal data provided for specific purposes, which are usually related to the provision of services or products, the fulfilment of legal obligations, the exercise of rights and obligations under contracts, or the protection of the legitimate interests of Brno Airport.

Brno Airport declares that it does not and will not process personal data in a manner that is inconsistent with the purpose for which the personal data was provided by you.

Below is an illustrative list of situations in which Brno Airport processes personal data:

a) Visiting/using the Brno Airport website

We use cookies to ensure the convenient use of the Brno Airport website (personalisation of content) and to analyse traffic. The legal basis for the processing of this personal data is, in accordance with the GDPR, consent to the setting of cookies/permission for cookies.

b) Camera systems (CCTV)

In order to protect life, health and property from unlawful acts and to protect civil aviation from unlawful acts, Brno Airport uses CCTV systems with recording, which are installed on the premises of Brno Airport, as well as in other areas where Brno Airport operates.

The legal basis for the processing of this personal data is, in accordance with the GDPR, the fulfilment of a legal obligation, the protection of vital interests of individuals and the protection of the legitimate interests of Brno Airport.

c) Lounges and related premium services

Brno Airport processes the personal data of customers of selected premium services (e.g. airport lounges, priority services, etc.) for the purposes of fulfilling a contract (the ordering of a service creates a contractual relationship between Brno Airport and the customer) and for the purposes of fulfilling legal obligations (legal regulations governing rights and obligations in relation to consumer protection and accounting).

d) Parking (online reservations)

Based on a contractual relationship, Brno Airport processes the personal data of parking customers (including the processing of online reservations) for the purposes of fulfilling the contract and for the fulfilment of legal obligations (in particular regulations related to consumer protection and accounting).

e) Access to Brno Airport buildings

Brno Airport has a legitimate interest in processing the personal data of persons entering buildings owned or managed by Brno Airport. The purpose of processing your personal data is to protect the persons and property of Brno Airport and to protect civil aviation from unlawful acts.

f) One-time entry of persons and vehicles into the non-public area of Brno Airport

Brno Airport processes the personal data of persons who enter or drive into the non-public area of Brno Airport on a one-off basis, to the extent and in the manner resulting from the applicable legislation for the purpose of the process of approving and recording entry and access to the non-public area of the airport. This obligation arises in particular from Act No. 49/1997 Coll., on civil aviation and amending and supplementing Act No. 455/1991 Coll., on trade licensing (Trade Licensing Act), as amended, Regulation (EC) No. 300/2008 of the European Parliament and of the Council on common rules in the field of civil aviation security and implementing Commission Regulation (EU) No. 2015/1998 laying down implementing measures for the application of common rules and security measures and relevant internal regulations.

Failure to provide personal data may result in persons being denied one-time entry and access to the non-public area of Brno Airport.

g) Application for an airport identification card

Brno Airport also processes personal data for the purpose of issuing airport identification cards and related authorisations for entry into the non-public area of Brno Airport, to the extent and under the conditions set out in internal and security regulations.

h) Questions, suggestions, complaints

Brno Airport has a legitimate interest in processing the personal data of enquirers. Without the provision of personal data, Brno Airport would not be able to properly handle enquiries, complaints or suggestions. In this case, the legal basis for the processing of personal data is the legitimate interest of Brno Airport.

ch) Online forms and communication channels

Brno Airport processes the personal data of persons who send enquiries via contact forms or other communication channels. The purpose of the processing is to handle the enquiry (without the provision of personal data, Brno Airport may not be able to respond). In this case, the legal basis for the processing of personal data is the legitimate interest of Brno Airport.

i) Support programmes (incentives, etc.)

Brno Airport processes the personal data of applicants for financial support for the purpose of evaluating the application and providing possible support. The legal basis for the processing of personal data in these cases is the legitimate interest of Brno Airport.

j) Voluntary safety reports

Brno Airport processes the personal data of the reporting person for the purpose of evaluating voluntary safety reports; without the provision of the reporting person's personal data, Brno Airport would not be able to properly assess the report. In this case, the legal basis for the processing of personal data is the legitimate interest of Brno Airport.

k) Participation in events organised by Brno Airport

Brno Airport processes personal data in connection with the organisation of professional conferences, seminars and other social events. In some cases, registration is required to participate; basic identification data is required for registration.

The legal basis for the processing of this personal data is, in accordance with the GDPR, the performance of a contract (if participation in the event is subject to a fee) and the fulfilment of a legal obligation. For free events, Brno Airport processes personal data for the purpose of protecting its legitimate interests.

l) Airport tours

Brno Airport processes the personal data of visitors to excursions at Brno Airport for several reasons. Based on the requirements of Regulation (EC) No 300/2008 of the European Parliament and of the Council establishing common rules in the field of civil aviation security, as amended, and the relevant related Council Implementing Regulations (EC), access to the non-public areas of Brno Airport where the tour takes place is only permitted on the basis of the unambiguous identification of the tour participant.

For this purpose, Brno Airport requires the provision of personal data to the extent necessary. As access to non-public areas of the airport is subject to strict security rules, Brno Airport cannot allow access to unidentifiable participants.

Brno Airport also processes the personal data of excursion participants for the purpose of fulfilling the contract (the booking of an excursion creates a contractual relationship between Brno Airport and the visitor) and for the purpose of fulfilling legal obligations (e.g. regulations concerning consumer protection and accounting).

m) Identification for the purpose of concluding a contract or providing a service

In order to conclude and perform a contract or provide a service based on an order or request (e.g. a request for training flights), it is necessary to process your personal data (identification of the contracting party). Brno Airport always processes personal data to the extent necessary for the purpose of processing.

The legal basis for processing is, in accordance with the GDPR, the performance of a contract and the fulfilment of a legal obligation applicable to Brno Airport.

n) Personnel agenda

Brno Airport processes personal data related to personnel agenda (job interviews, recruitment of permanent and seasonal workers, student internships, etc.) always to the extent necessary for the purpose of processing.

o) Requests for statements on the existence of utility networks and protection zones in connection with Brno Airport

For the purpose of processing requests for statements on the existence of utility networks and protection zones related to the operation of Brno Airport, Brno Airport processes the personal data of the applicant. The legal basis for the processing of personal data is the legitimate interest of Brno Airport.

Consent to the processing of personal data

Consent to the processing of personal data, as a legal basis, is used when Brno Airport cannot process personal data on the basis of another legal basis.

You may withdraw your consent at any time.

Sharing of personal data

In some cases, personal data may also be processed by other entities that are financially or operationally linked to Brno Airport, as well as by third parties that process personal data for Brno Airport on the basis of a contract (personal data processors). Personal data processors, like Brno Airport, take appropriate measures to protect your personal data.

Personal data may also be transferred to state authorities which, on the basis of special legal regulations, have the right to request such personal data from Brno Airport as the personal data controller.

Personal data security

The technical and organisational measures implemented by Brno Airport are designed to ensure an adequate level of security for your personal data. We use various technologies and procedures to protect your personal data. At the same time, we have processes in place for regularly testing and evaluating the risks associated with the processing of personal data in order to ensure the security of the processing.

Personal data is transferred outside the EU exclusively for the purpose of fulfilling obligations that correspond to the requirements for ensuring safety in air transport. In cases where Brno Airport transfers or is obliged to transfer personal data to third parties, it only selects contractual partners who ensure at least the same level of security as Brno Airport.

If Brno Airport is obliged to transfer personal data to state authorities, it uses the most secure means available for communication and transfer of personal data.

Retention of personal data

Brno Airport ensures that the personal data provided is stored only for the necessary period of time and that it is properly deleted after this period has expired.

Brno Airport stores personal data only for the period:

  • necessary to fulfil the purpose of processing (provision of a service or product),
  • required by the legal regulations applicable to Brno Airport,
  • the duration of Brno Airport's legitimate interests in processing personal data (debt collection, protection of rights in the event of legal disputes or administrative proceedings, etc.).

The period of personal data processing varies depending on the specific situation.

Rights of the data subject

If Brno Airport processes your personal data, you have the following rights as a data subject under the GDPR:

a) Right to withdraw consent to the processing of personal data

If Brno Airport processes personal data on the basis of consent (consent was given to Brno Airport by you), you have the right to withdraw this consent at any time. Brno Airport undertakes not to further process personal data processed on the basis of consent after consent has been withdrawn.

Brno Airport uses consent as a legal basis only in exceptional cases.

b) Right of access to personal data

You have the right to obtain information from Brno Airport as to whether it processes your personal data.

c) Right to rectification

You have the right to request the correction of incorrect or incomplete personal data that Brno Airport processes about you.

d) Right to erasure

The GDPR specifies cases in which you have the right to request the erasure of personal data processed about you by Brno Airport.

e) Right to restriction of processing

The GDPR specifies cases in which you have the right to request the restriction of the processing of personal data that Brno Airport processes about you.

f) Right to object

The GDPR specifies cases in which you have the right to object to the processing of your personal data by Brno Airport.

g) Right to data portability

You have the right to request that Brno Airport transfer all personal data it processes about you to another controller.

h) Right not to be subject to a decision based solely on automated processing

i) Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint about the processing of personal data by Brno Airport.

The supervisory authority is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 727/27, 170 00 Prague 7.

Please note that the scope of rights related to the processing of personal data depends on the legal basis for processing.

Data Protection Officer

The Data Protection Officer for Brno Airport is:

JUDr. Petra Krupová

petra.krupova@brno-airport.cz

Contact

If you have any questions regarding the processing of personal data or if you have a complaint, please contact us.

Please contact us in writing at the following address:

LETIŠTĚ BRNO a.s.

Letiště Brno – Tuřany 904/1, Tuřany
627 00 Brno

Data box: gkvexxm

Email: sekretariat@brno-airport.cz

 

We will respond to your questions or complaints as soon as possible, but no later than 30 days from the date of receipt.

If, as a data subject, you exercise any of your rights under the GDPR, we kindly ask you to specify which specific right you are exercising so that we can process your request as quickly as possible.

Given that Brno Airport is required to verify the identity of data subjects exercising their rights in accordance with the GDPR, in cases where it is not possible to verify your identity and there are reasonable doubts about your identity, Brno Airport may request that you present your ID card or another document to verify your identity at the headquarters of Brno Airport. This procedure ensures that Brno Airport does not allow another person to exercise your rights.

Legal regulations

When processing personal data, Brno Airport complies with applicable legal regulations, in particular the GDPR, legal regulations governing privacy and confidentiality, as well as other specific legal regulations.

The main legal regulations in the area of personal data protection (or regulations related to data protection) include, in particular:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR),
  • Act No. 110/2019 Coll., the Personal Data Protection Act, as amended,
  • Act No. 89/2012 Coll., Civil Code, as amended,
  • Act No. 480/2004 Coll., on Certain Information Society Services, as amended,
  • Act No. 634/1992 Coll., on Consumer Protection, as amended,
  • Commission Decision (EU) No. 2000/518/EC on the adequate protection of personal data in Switzerland,
  • Commission Decision (EU) No. 2016/1250 on the adequate level of protection provided by the EU-US Privacy Shield.

LETIŠTĚ BRNO a.s. uses cookies on its website. Your consent is required to use some cookies. You can give your consent by clicking on the "Consent" button. You can also refuse the use of cookies. Only selected cookies can be enabled or changed via the "Settings" button.

Setting preferences

Technical cookies

Technical cookies are necessary for the proper functioning of the LETIŠTĚ BRNO a.s. website and all the features it offers. We do not require your consent to use technical cookies on our website. For this reason, technical cookies cannot be individually disabled or enabled.

Analytical cookies

These cookies collect and analyse web traffic and usage of the LETIŠTĚ BRNO a.s. website in real time. The real-time behavioural data allows us to always offer relevant content and prevent specific display errors.

Marketing cookies

LETIŠTĚ BRNO a.s. needs your consent to use statistical and analytical cookies. If you do not give your consent, statistical and analytical cookies will not be stored on your terminal device. By pressing the "Allow All" button you agree to the use of all cookies on the website of LETIŠTĚ BRNO a.s. By pressing the "Allow Selected" button you agree to the use of the cookies you have selected. By pressing the "Decline All" button, you refuse the use of all cookies placed on the LETIŠTĚ BRNO a.s. website, with the exception of technical cookies, which cannot be individually deactivated or activated.