Personal data protection policy
Aéroports de la Côte d'Azur (ACA) seeks to develop a relationship of trust with its customers and professional partners. The personal information you share with us is kept secure, providing you with the best possible service. We will not sell your personal information to other companies.
The purpose of this review of our personal data protection policy is to inform you of how we process your data.
1. Name and address of the data controller
The data controller of your personal information, as defined by the data protection regulations, is the Aéroports de la Côte d'Azur, a public limited company with capital of €148,000, whose head office is located at the Nice Côte d'Azur Airport, Rue Costes & Bellonte, BP 3331 06206 Nice Cedex 3, and listed with the Nice Companies Register under number 493 479 489 - firstname.lastname@example.org .
2. Name and address of the data protection officer
Our data protection officer is:
Ms Julie BIARESE
3. Methods of processing personal data
We use your data solely with your prior consent, for the purposes of enacting a contract or for a legitimate interest.
Except in the cases detailed below, ACA staff alone have access to your data in order to perform the ordered services and respond to messages sent via our website's contact form.
Your data is also processed in the following instances:
- To send you our newsletter
- To send you information on the status of the flight you are tracking.
- To send you, via our Nice Airport mobile application, notifications concerning so-called "crisis" information i.e. important updates on air traffic disruptions, access to the platform following weather events, or other.
3.1. Receiving our e-newsletter
In order to receive our e-newsletter, which includes information and promotional emails about our products and services, you shall provide us with your last name, first name, and email address.
The processing of this data relies on your consent and is only intended to keep you informed of our announcements and new projects.
Our e-newsletter is sent via the Cabestan Company - 7/11 quai André Citroën, 75015 Paris, with an appropriate level of data protection. As a subsidiary of La Poste Group, Cabestan applies the Group's privacy and data protection policy, available here: https://www.laposte.fr/particulier/politique-de-protection-des-données .
To improve the quality of our services, we analyse the readership of our e-newsletters. For this purpose, the newsletters contain web beacons and tracking pixels. We record the moment you read our e-newsletter and the links you click on.
For the processing of this data, your consent is requested at the time you register for the e-newsletter. A reference to this personal data protection policy is also provided.
You can unsubscribe from our e-newsletter at any time by clicking on the "unsubscribe" link at the bottom of each email or by sending us an email at email@example.com .
3.2 Our communication via the contact form, by email, or telephone
On our website is a contact form to communicate with us.
To this end, you indicate your surname, first name, and email address along with the subject of your request. Specifying your address, phone number, or any other data in the body of the message, is optional.
Telephone contact or via the provided email address is also possible. In this case, the user's personal data transmitted during the conversation or in the body of the email is recorded.
The data processed from these two contact methods is done with your consent, enabling us to answer any questions you may have.
To process customer requests, we use software from the EPTICA Company, 63 bis rue de Sèvres, 921000 Boulogne-Billancourt. EPTICA manages customer emails and controls their processing. EPTICA processes for us the names, content, and technical information of the communications. This is carried out as part of an on-demand data processing system with an appropriate level of data protection. Further information on EPTICA's processing of data can be found in the data protection statement at https://www.eptica.com/fr/mentions-legales-vie-privee .
3.2.2. Customer Relations Area
We handle information requests and complaints that were sent by email via EPTICA software.
Customer contact information is used during exchanges to provide the requested response. This data is automatically held for five years in the software's archive storage.
Claims are processed by mail or email. The data is stored in an Excel document that we archive for ten years.
We also answer all requests by phone. Telephone communications may be recorded for security and/or training purposes, but you nonetheless have the option to object to this by informing the operator taking your call. Note that recordings are retained for a period of 1 month following the call.
Your data is erased once it is no longer essential for the purposes of their collection. This occurs if circumstances make it possible to conclude with certainty that the subject of our exchange is definitely clarified.
3.3 Your user account and your orders placed with ACA
If you create a user account, subscribe to Park&Fly, or order a service from ACA for Click and Park, Nice Access, VIP Reception, or VIP Lounge products, the following data may be registered according to the type of services ordered:
. First and last name
. Postal address (street name, number, postal code, and city)
. Date and place of birth
. Phone number
. Email address
. License plate number and entrances/exits
. Password chosen by the user
. Optional consent to receive newsletters
. Method of payment used, only if an order is placed
. Date and time of the order.
The order information for products and services for business customers is detailed in the annex to this Policy and can be found online on the B2B portal.
Depending on the payment method, these details are recorded by the corresponding service provider who is solely liable for them. You will find more information about the processing of such data with these payment service providers:
PayPal: The data controller is PayPal (Europe) Sarl and Cie, S.C.A., 22-24 boulevard Royal, L-2449 Luxembourg. You can find the information on data protection and possible credit checks by the other payment service providers at: https://www.paypal.com/fr/webapps/mpp/ua/privacy-full?locale.x=fr_FR
American Express Payment Services Limited is the data controller. It is a US company having its administrative office and European branch in the United Kingdom, at Belgrave House, 76 Buckingham Palace Road, London SW1W 9T. You can find the information on data protection and possible credit checks by the other payment service providers at: https://www.americanexpress.com/fr/legal/politique-de-protection-des-donnees-personnelles.html
Caisse de Crédit Mutuel Nice Avenue is the data controller. It is a cooperative limited liability company with variable capital, having its head office at 29 Avenue Jean Médecin, 06000 Nice. You can find the information on data protection and possible credit checks by the other payment service providers at: https://www.cmcicpaiement.fr/fr/aide/informations-legales/protection-donnees.html
We send you emails related to the sale of our services for confirmation and follow up. These emails are sent as part of an on-demand data processing system with an appropriate level of data protection.
If you order services on our website indicating your email address, we shall use it to send you our newsletter. In such case, only advertisements related to our own services will be sent to you. We also send reminders about uncompleted orders and to request your participation in surveys. In addition, you receive an email if you make transactions in a particularly regular manner or if you have not made any transactions for an extended period.
We retain this data only for the duration of our contractual relationship and for the period of our liability, before permanently deleting them.
This data is also retained to enable you to login to your Club Airport Premier account.
3.4 Your programme Club Airport Premier program
When you join Club Airport Premier, in addition to the data required to create a user account listed in Section 3.3, the following data is collected with your consent:
. Your date of birth;
. The number of loyalty points credited to your account and their use;
. Dates and destinations of trips made;
. The services you enjoy as a Club Airport Premier member;
. The login time and date to the www.nice.aeroport.fr website;
. The source used to access the www.nice.aeroport.fr website, namely the Internet, an iOS application, an Android application, or other;
. Communication with ACA or with one of its partners as part of the services offered to Club Airport Premier members. These include the amount and date of purchases made at the Club Airport Premier partner stores.
We use this data:
. To provide services to Members; and
. To improve our services.
. For accounting and auditing, security and safety, fraud prevention and investigation, development, maintenance, and testing of systems;
. To manage and administer the Programme,
. To credit and check members' accounts when necessary,
. To determine a customer profile in the context of market analysis or marketing studies conducted by ACA's Sales and Marketing Department;
. To communicate information to the Club Airport Premier members about the loyalty program, including information about its benefits;
. To present to the Club Airport Premier members other products or services offered by ACA or its partners;
. For the purposes of direct marketing,
. To conduct market studies,
. To contact Club Airport Premier members.
This data is also stored to allow logging in to your e-commerce account.
4. Data security
We implement technical and organisational measures to protect your data, including encryption, anonymisation, and physical security procedures.
We require our staff and all third parties working for ACA to adhere to strict work practices related to security and data protection. These include contractual obligations under which they commit to ensuring the confidentiality of personal data and to applying rigorous data transfer measures.
Your personal data is used internally for the proper execution of your orders and to reinforce and personalise the communication between our various services and you.
We do not share your personal information with third parties, except those service providers specifically referred to in this policy statement. Communicating your data to our service providers only occurs for the purposes specified above e.g. hosting, technical data processing, and diagnosis and improvement of services.
6. Your rights relating to data processing
In accordance with the personal data protection regulations, you have a right to access, rectify, and delete your data, as well as the right to oppose or request the limitation of their processing. You also have the right to the portability of your data. For this, simply send us a request to the email or postal address indicated in Section 1, stating your name, first name, and address.
Furthermore, you have the right to lodge a complaint with a supervisory authority if you feel that the processing of your data constitutes a violation of the data protection regulations, in accordance with Article 77 of the European Data Protection Regulations.
7.1 Operating cookies
- hideprehome: stores the user’s choice of pre-home for the mobile version: mobile version or desktop version.
- expandmenu: stores the menu status (expanded or closed) for the mobile version.
- cnilCookies: stores user acceptance of nice.aeroport cookies.
- is_logged_in: stores whether user is logged in to the website.
- resolution: stores user’s screen resolution.
These cookies are used for the proper functioning of the site, the user accounts, and the control system. More specifically, these cookies allow us to:
. Store the user's choice between displaying the site in mobile, tablet, or computer version.
. Store the menu status (expanded or closed) for the mobile version.
. Store user acceptance of nice.aeroport cookies.
. Store user's screen resolution.
. Analyse the browsing on our site to improve it.
We use two types of cookies - session cookies and persistent cookies. Session cookies are automatically deleted when you close your browser. However, persistent cookies can be used again the next time you connect to the ACA website.
By disabling cookies, certain portions of our website will not be able to function properly.
7.2 Cookies for navigation and statistics analysis
We also allow Google Analytics and Google Optimize to install such technologies on our site. These are analytical services of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. It is used for custom data processing with an appropriate level of data protection (EU-USA Data Protection Shield (C (2016) 4176 final)).
- Google Analytics and Google Optimize help us in particular to analyse your browsing habits on our site. For example by noting the way you connected to it, as well as offering you a better experience and marketing and advertising our articles on our site and on third party sites. To prevent Google Analytics and Google Optimize from using your information for analytical purposes, you can install the browser add-on for disabling them by clicking here .
7.3 Advertising cookies
We use the following service providers to get back to you:
. Eperflex (email-reflex.com) analyses your data in order to personalise your customer experience and to post recommendations concerning our services. Eperflex is a service of Rentabiliweb Marketing, headquartered at 55 rue Raspail, 92300 Levallois-Perret, France. This service operates as a subcontractor with an appropriate level of data protection for a company within a member state of the European Union. You will find data protection information at: https://www.eperflex.com/mentions-legales/ .
You can exercise your rights by sending an email to the following address: firstname.lastname@example.org .
. Critéo (criteo.com) analyses your data in order to personalise your customer experience and to post recommendations concerning our services. Critéo is a service of the Critéo company, headquartered at 32 rue Raspail, 75009 Levallois-Perret, France. This service operates as a subcontractor with an appropriate level of data protection for a company within a member state of the European Union. You will find data protection information at: https://www.criteo.com/fr/privacy/ .
You can exercise your rights by sending an email to the following address: email@example.com .
. Google Adwords (doubleclick.net) is used by Google DoubleClick to record and report the actions of the site user after they have seen or clicked on one of the advertiser's ads for the purpose of measuring effectiveness and presenting ads.
7.4 Deleting cookies
You can delete these cookies at any time by configuring your browser.
You can configure your web browser to save cookies in your device or, on the contrary, block third party cookies, systematically or depending on their source. You can also configure your web browser to give you the option of accepting or blocking temporary cookies before they are likely to be saved onto your device.
Configuring cookie management is different on each web browser. Your browser’s help menu explains how to select your cookie management choices.
- For Internet Explorer™: click here .
- For Safari™: click here .
- For Chrome™: click here .
- For Firefox™: click here .
- For Opera™: click here .
You will find more information about this on the CNIL website .