Data Protection and Internet Cookies Policy
Basel-Mulhouse Airport attaches the utmost importance to the protection of the personal data and privacy of its customers and of all website users.
This data Protection and Internet Cookies Policy describes the types of personal data that Basel-Mulhouse Airport may collect about you and the ways in which the Airport and its subcontractors may use that data.
Any processing of your personal data is carried out in compliance with current regulations and in particular Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, French Law No. 78-17 on data processing, files and individual freedoms of January 6, 1978 (amended) and the Swiss Federal Act on Data Protection (FADP) of September 25, 2020, last amended on September 1, 2023.
Users of any of the Airport’s websites confirm that they have read and accepted the terms of this Data Protection Policy and of the General Terms and Conditions of Use of the relevant website. Users who do not agree with these terms are free not to use the websites and not to provide any personal data.
ARTICLE 1 - DEFINITIONS
The following terms shall have the following meanings:
“Personal data” means any information pertaining to an identified or a directly or indirectly identifiable natural person.
"Processing of personal data” means any operation or set of operations performed on personal data by any process whatsoever (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of supply, or reconciliation).
"Data controller” means the natural or legal person who determines the purposes for which and the means by which personal data is processed, i.e. the purposes (“why”) and the means (“how”) of the processing. Generally and in practice, the data controller is the public or private entity acting as its legal representative.
"Subcontractor" means any legal or natural person or any other organisation that processes personal data on behalf of the data controller.
“Authorised third party” means the public authority, service or organisation that can access certain data contained in public or private file systems because it is expressly authorised to do so by law.
ARTICLE 2 - IDENTITY OF THE DATA CONTROLLER
Personal data is collected by Basel-Mulhouse Airport, a Franco-Swiss public entity having its registered office in BLOTZHEIM [postal address: BP 60120, 68304 SAINT LOUIS CEDEX], registered under SIRET number 778 971 424 00016, represented by Mr. Matthias SUHR as its Managing Director.
ARTICLE 3 - PERSONAL DATA COLLECTED, PURPOSES, LEGAL BASIS AND RETENTION PERIOD
As part of the services offered by Basel-Mulhouse Airport and for the operation of its websites www.euroairport.com, www.businesscenter.euroairport.com and www.advantages.euroairport.com, Basel-Mulhouse Airport collects personal data concerning you.
More specifically, the Airport may collect and use your personal data to provide the services offered, in particular through these websites, and to keep the data relating to you up to date, accurate and relevant in order to fulfill one or more of the following purposes at all times:
|
Purposes
|
Categories of collected data |
Legal basis |
Retention period |
|
Processing requests for information and making contact
Processing requests for support for people with reduced mobility |
Via the contact form: Identity and contact details
|
Legitimate interest |
The time required to process the requests |
|
Search and identification of relevant professional profiles to collect applications
|
Via the application contact form: identity, contact details, professional data (CV, cover letter)
|
Legitimate interest |
For a maximum of 2 years from the last contact with the applicant, except for objections by applicants
|
|
Pre-selection of applicants Assessment of the applicant's professional skills |
Job application (CV, contact details) |
Execution of a contract (pre-contractual measures) |
CV is kept for a maximum of 2 years |
|
Personnel recruitment |
Re-use of data collected during the hiring period for HR administration purposes |
Contract fulfillment
Legal obligation |
Employment period + 5 years in the archives starting with the employee's departure |
|
Management of the customer loyalty program |
Contact details, identity |
Contract fulfillment |
|
|
Management of customer and potential customer relationships (contracts, invoicing, creation of customer accounts, customer support, complaints, etc.)
|
Contact details, identity |
Contract fulfillment |
During the period of the business relationship
5 years in the archives, starting with the end of the business relationship |
|
Processing of parking spot reservations Parking lot management Parking ticket management (tickets with time stamp, prepaid tickets, billing cards, subscriptions, badges, bus station) Online booking of parking spots with secure payment process Access control by means of license plate read-outs Order management Complaint management |
Data regarding parking spot reservations: License plate, date and time of entry and exit
Contact details, identity
|
Contract fulfillment
|
Video surveillance: 1 month License plate read-outs: 31 days after the vehicle leaves the parking facility Payment information: 10 years Booking history in the user account: during the entire account activity until the user requests deletion or deletion after three years of inactivity. Booking history without creation of a user account: 1 year in the event of a complaint |
|
Processing of fraud cases, unpaid invoices, reclaimings from the parking department
Processing of fraud cases (fraud in the event of unauthorised passage through airport barriers without an airport ID or vehicle registration card before the barrier closes / "petit train") Processing of acknowledgements of debt Processing requests for the removal of light vehicles Processing the relocation of abandoned vehicles
|
License plate, identity and address |
Legitimate interest |
In the event of fraud: retention for 5 years from the disputed facts 5 years after occurrence of insolvency. As soon as unpaid invoices have been paid, there is a maximum period of 48 hours to delete the data. Data related to unpaid invoices can be archived for a further 5 years if the company is legally obliged to do so or if the company wishes to provide evidence in the event of a legal dispute within the statute of limitations
|
|
Issuance of specific driving or access authorisations |
Contact details, identity |
Legitimate interest
|
7 years from application date |
|
Provision of public Wi-Fi |
The user’s source IP and MAC address Target URL and target IP
Identification data: last name, first name and e-mail address which are requested from the user to enable the use of the hotspot service |
Consent |
Information about data traffic must be retained for 1 year from the date of recording (Article R. 10-13 of the French Code des postes et des communications électroniques)
|
|
Subscription to newsletters (business information, news, etc.) |
E-mail address |
Consent |
Until the withdrawal of consent |
|
Processing of reservation requests for meeting rooms (Business Center) |
Contact details, identity |
Legitimate interest |
Reservation period |
|
Participation in events offered by Basel-Mulhouse Airport - Organisation of competitions |
Contact details, identity |
Legitimate interest |
The time required to carry out the event
The time required to complete the competition and hand over the prize
No listings are retained |
|
Processing group visits on the airport platform Visitor management Identity check for visitors, carried out by the DGAC Signing signature lists |
Copy of a proof of identity
Last name, first name |
Consent |
5 years
|
|
Publication of images and videos for institutional purposes in compliance with image rights |
Photo |
Consent |
Until the withdrawal of consent |
|
Processing feedback and satisfaction surveys |
IP address |
Legitimate interest |
Time of registration on the online form |
|
Management of business and contact partners at the Airport
Carrying out administrative tasks related to: Contracts, orders, receipt of goods, invoices, payments and accounting in relation to accounts for suppliers and service providers |
Contact details, identity |
Processing necessary for the purposes of the legitimate interests pursued by the data controller |
Information about the processing of orders and deliveries is retained for 10 years |
|
Access control to the security zone with regulated access (ZSAR) via biometric facial recognition
|
Biometric data of personnel from different authorities (police, Gendarmerie, customs) and emergency services (Airport Rescue and Firefighting Department, SSLIA / SSIAP) to pass through the direct access gates into the ZSAR (security zone with regulated access);
Biometric data of airport personnel in possession of an airport ID card (TCA, Titre de Circulation Aéroportuaire) for access control and before entering the ZSAR |
Legal obligation
Regulation (EC) No 2320/2002, as amended by Regulation (EC) No 849/2004 of the European Parliament and of the Council of April 29, 2004;
Commission Regulation (EC) No. 622/2003 of April 4, 2003, as amended, inter alia, by Commission Regulation (EC) No. 831/2006 of June 2, 2006.
Decree of November 12, 2003 on security measures for air traffic;
Decree of April 6, 2022 amending the Decree of September 11, 2013 on aviation security measures for civil aviation |
Biometric data is checked in real time; the data is not retained |
In general, all of our customers' data is also collected for the purposes of invoicing, debt collection and accounting, in accordance with the contracts and the Airport's legitimate interest.
Before data is collected, you will be informed whether the provision of the requested personal data is mandatory or voluntary.
The data highlighted with an asterisk (*) in the form is mandatory. If this data is not provided, access to the services and their use by the person concerned is not possible or a request linked to a form cannot be fulfilled.
The provision of further data is optional. Your failure to provide this information will not affect the provision of agreed services or the response to requests for information, even if this may limit their relevance.
ARTICLE 4 - DISCLOSURE OF PERSONAL DATA
The personal data collected on this website is mainly intended for internal departments of the Airport that are authorised to have access to it.
In order to fulfill certain purposes and services offered, the personal data collected may be provided to the Airport's Subcontractors. Should the Airport entrust data processing to Subcontractors, it shall only use Subcontractors that offer sufficient guarantees with regard to the necessary technical and organisational measures to ensure that the processing meets the reliability and security requirements stipulated by the applicable legislation and that the rights of individuals are protected.
In accordance with the regulation in force, your personal data may be transferred to authorised third parties (public authorities, judicial authorities, court officers and ministerial officers) by a legal or regulatory provision in the context of a specific assignment or the exercise of a right of disclosure.
If the Airport receives a request for disclosure from a third party based on a legal or regulatory provision, it shall ensure that the continuing provision is in force and that it actually provides for a right of disclosure in favour of the requestor. The Airport ensures that only data specified in the legal or regulatory text is transmitted. In case of imprecision of the request, the Airport shall ensure that only data that it considers absolutely necessary to achieve the intended purpose is transmitted.
The disclosure of data is carried out in accordance with procedures that guarantee their security, by adapting the chosen measure to the type of data and the risks involved.
ARTICLE 5 - TRANSFER OF PERSONAL DATA TO RECIPIENTS OUTSIDE THE EUROPEAN UNION
The Airport may be required to transfer data to Switzerland, a country recognised by the European Commission as having an adequate level of data protection.
The Airport shall only communicate data abroad when it is absolutely essential to the provision of its services. The Airport shall then contractually stipulate compliance with the provisions on data protection and security of information with the recipients concerned and take all the necessary measures to ensure that third parties comply strictly with the warranties.
ARTICLE 6 - SECURITY MEASURES
Taking into account technological developments, implementation costs, the nature of the data to be protected, and the risks to individual rights and liberties, the Airport shall implement all appropriate technical and organisational measures to guarantee the confidentiality of the personal data collected and processed, and a level of security appropriate to the risk.
ARTICLE 7 - RIGHTS OF THE DATA SUBJECTS
In accordance with Regulation (EU) 2016/679 and the Swiss Federal Act on Data Protection, you have the right to request access to your personal data, rectification or deletion (the right to be forgotten), restriction of processing of your personal data and the right of portability of this data from Basel-Mulhouse Airport as the responsible data controller.
You may also object to the processing of your personal data for legitimate reasons.
You also have additional rights under national legislation, such as directives concerning the retention, deletion and disclosure of your personal data after your death.
Basel-Mulhouse Airport has a designated Data Protection Officer (DPO) whom you may contact in case of any problems.
To exercise your rights, please contact Basel-Mulhouse Airport:
- Postal address of the Data Protection Officer: DPO - Basel-Mulhouse Airport
BP 60120, F-68304 Saint-Louis Cedex
- E-mail: dpo@euroairport.com
In the context of such requests and to avoid identity fraud, we ask you to enclose a valid proof of identity.
If, after contacting us, you believe that your rights in relation to your personal data have not been respected, you may file a complaint with the competent data protection authority (Commission Nationale de l'Informatique et des Libertés - CNIL - for France or the Federal Data Protection and Information Commissioner - FDPIC - for Switzerland).
ARTICLE 8 - COOKIES
The Basel-Mulhouse Airport website uses cookies to ensure the functionality and optimisation of the website and the services provided. Cookies to ensure the functionality of the website, which do not require consent, make it easier to navigate and improve the user-friendliness of the websites.
The cookies installed on the website are used specifically for the following purposes:
- To maintain the current session on websites with login;
- To enable or facilitate electronic communication;
|
Name of the cookie |
Duration |
Purpose of the cookie |
|
accept_cookies |
1 year |
Banner for displaying cookies on the first website visit |
|
CHANGESESSIONID |
|
Your session’s ID on the server |
|
TSXXXXX |
|
Cookie to secure communication with the server |
|
external_no_cache |
|
A flag indicating whether the cache is disabled or not |
|
Frontend |
|
Your session’s ID on the server |
|
fe_typo_user |
7 days |
Allows you to obtain the latest version of the page you are visiting. |
|
PHPSESSID |
|
PHP session ID |
|
preferedLanguage |
1 year |
Language detection |
|
$identifier |
|
Use extension ViewHelper Displays nested content or "then" child once, then sets a cookie with $ttl, optionally locked to domain name, which makes the condition return FALSE as long as the cookie exists. |
|
session_name |
|
on first start of session |
|
ThemeCookieName |
|
save theme in cookie |
|
Kglhf |
Session |
Is used for maintaining sessions |
If your browser allows it, you can refuse the storage of cookies by configuring the parameters of your browser as described below:
For Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
For Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
For Google Chrome 4, Google Chrome 8 and later versions: https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DDesktop
For Safari: https://support.apple.com/en-us/HT201265
For Opera : https://help.opera.com/en/latest/web-preferences/
The User's attention is drawn to the fact that access to certain services and sections of the website may be impaired or even impossible.
The retention period for cookies varies depending on the type of cookie. We mainly use cookies that self-destruct after a session has ended. In this case, it is called a session cookie or a browser cookie. Cookies are for internal use only and are not accessible to third parties.
ARTICLE 10 - AMENDMENT OF THE DATA PROTECTION AND INTERNET COOKIES POLICY
Any changes to this Privacy Policy adopted by the Airport or required by law will be published on our websites and will take effect from the time of publication. As a result, we recommend that for each visit you take note of the latest version of the Policy which is always available on our websites.