Privacy Policy - daa International

1. Privacy Statement Overview

At daa plc, in keeping with our commitment to be open with all passengers, customers, partners and employees, we have developed this Privacy Statement Overview, a quick and simple summary explaining how we manage, share and look after your information. We are determined to deliver a great welcome and a great service to all passengers, customers, and partners. To enable this, we need to collect a range of information about you, if you are a passenger – your name and flight details, or if you are a car park customer – your name, car registration and email address. This Privacy Statement covers people who may interact with us in the following ways: People that use products or services offered via daa People that sign up to receive information from daa, Dublin Airport, Cork Airport and The Loop (e.g. newsletters) People that send us feedback via our websites or social media channels Visitors to our websites Passengers and other visitors to daa-owned properties, Dublin Airport and Cork Airport. If you have any general queries about your experience in dealing with us, please contact info@daa-international.com. If you have any questions or comments about this Privacy Statement, please contact our Data Protection Officer by email at dataprotection@daa.ie or in writing at: Data Protection Officer, Cargo Building 6, Corballis Park, Dublin Airport.

2. Reasons for Processing your Data

We fully respect your right to privacy and undertake to only collect data as required to deliver the services you need, or with your clear permission and consent. In addition, we are required to implement statutory regulations in civil aviation as part of our role as an airport operator. The reasons for processing your data may include the following: 1. Delivering the passenger experience – our job is to get you through your airport journey as smoothly and comfortably as possible. Due to the highly regulated nature of air travel, we are required to process data for safety and security reasons as described in detail below. 2. Providing additional services at the airport – we provide additional services which you may choose to use to enhance your journey. In providing these services to you, we may need to gather some data. For example, these services may require that we process payments, and keep your name and other details, such as car registration and email address; we may gather details of your travelling companions or special dietary needs to enable us to plan and deliver the relevant travel services. Additional services we deliver directly include: 2.1. Car parking services to provide you with access to the most convenient parking locations – click here for further details and our Car Parking Privacy Statement. 2.2. Fast Track services to save you time getting through Security Screening – click here for further details and our Fast Track Privacy Statement. 2.3. Lounge services to help you relax or do some work before you fly – click here for further details and our Lounge Privacy Statement. 2.4. Airport Club services – membership provides convenience and unlimited access to services such as Airport Parking Security Fast Track, and Lounges in both Terminals 1 and 2 – click here for further details and our Airport Club Privacy Statement. 2.5. Platinum Services – our suite of travel services to optimise your journey includes premium departures and arrivals facilities, private check in, dedicated Security Screening, suites and chauffeur-driven escort to your plane – click here for further details and our Platinum Services Privacy Statement. 2.6. The Loop Retail Services – Duty Free – for in-store purchases, we do not collect personal data (we do not retain payment data in our shops). However, in order to provide duty free prices, we collect flight details as provided on your boarding card. The information collected is limited to the item purchased and flight information such as the airline and destination details. See here for the loop.ie and see here for Privacy Statement details. 2.7. The Loop Retail Services – ‘Click & Collect’ – we offer a ‘Click & Collect’ service that requires us to collect information to enable us to identify you at the point of collection and to communicate with you if you ask us to – see here for the loop.ie and see here for Privacy Statement details. 3. Providing free wi-fi while you use our airports – under Irish law, all ‘Internet Service Providers’ or ISPs are obliged to maintain records of internet access for a period of 12 months. As we do not collect your name as part of the wi-fi sign-up, we store the IP address assigned to you and the MAC address of the device you used to access to wi-fi service. We keep these records as required by law. 4. Protecting the welfare of passengers, visitors and staff at Dublin Airport – we may need to record personal details relating to any individuals involved in incidents or accidents in the airport or its environs. 5. We may also perform statistical analysis on passenger and customer flows to improve our services and plan for future enhancements to our airport facilities – in this situation, we will anonymise your data before any analysis is performed so we cannot identify you. 6. Ensuring the safety and security of civil aviation – this includes CCTV and Queue Measurement: 6.1. Safety and Security – Closed Circuit Television (CCTV) – as the operator of Dublin Airport and Cork Airport, daa are obliged to keep the airports and their environs safe and secure. To assist us in this, we operate CCTV security systems both landside and airside and our Airport Police manage these important security controls. CCTV images of you are considered to be personal data and we carefully safeguard access to these images. We retain all CCTV footage for 30 days. 6.2. Safety and Security – Queue Measurement – we are also obliged by statutory regulations in civil aviation to measure how long it takes to get you safely through the security screening process. We do this by monitoring passengers’ mobile devices while they move through the screening area. We only access the MAC address of your wi-fi or Bluetooth interface, and purge this data after six (6) years. You are free to switch off your wi-fi or Bluetooth as you go through security or the airport generally if you wish. 6.3. If you use the automatic border controls such as passport e-readers, you may be required to provide personal data. This system is controlled by Irish Naturalisation & Immigration Service (INIS) for the purpose of border control. 6.4. If purchasing goods from the retail outlets post US Preclearance, officially known as US Customs & Border Patrol (USCBP), your passport may be requested to verify your age and residency status. We are required to collect this data under the terms of the treaty to implement USCBP agreed between Ireland and the USA. 6.5. If travelling to the USA, you may have been asked to provide some personal information in advance. You may be asked to provide additional details at US Preclearance, officially known as US Customs & Border Patrol (USCBP). This information is collected by USCBP and daa has no access to this data. Click here for additional information on US Customs & Border Patrol.

3. Sharing Data with Partners

We may also need to share your data with partners such as your airline or their ground handler, to help get you to your destination. Where this data is provided by us to the third party to deliver a service to you, the processing is covered by this Privacy Statement. Where you provide your data directly to a third party, we have no involvement in that transaction or access to the data and the processing is the responsibility of the third party. An example of this would be going online to rent a car for collection at the airport.

4. Data Sharing with Law Enforcement

Where data is provided by us to a regulatory body or law enforcement agency to meet statutory or regulatory obligations, activities undertaken by those parties is outside our control and hence fall outside of the scope of this Privacy Statement. Agencies that we may be obliged to share information with include:

An Garda Síochana (National Police Service)
Garda National Immigration Bureau (GNIB)
Irish Naturalisation and Immigration Service (INIS)
Revenue – Irish Tax and Customs Service

5. daa CCTV

The purpose of this statement is to let you know what to expect when daa plc (daa) collects personal information via Closed Circuit Television (CCTV) cameras located through the Dublin Airport campus. With this Privacy Statement, we want to provide transparency on how we treat personal data and the purposes for which we collect data. This Privacy Statement applies to people that visit the Dublin Airport campus. This Privacy Statement does not apply to CCTV data processing by third parties, such as airlines, handling agents, or retail tenants. daa has no access to data processing by third parties or to the data involved, unless otherwise stated, and cannot be held responsible for it. We operate CCTV cameras located through the Dublin Airport campus, including in terminal buildings and surrounding environs. Your personal data may be collected through the operation of these CCTV cameras. The purpose for collecting the personal information that you provide is to allow us to:

Protect the safety of passengers and staff at Dublin Airport
Prevent, detect, and respond to criminal activity
Comply with our legal and regulatory obligations to safeguard and protect civil aviation
Investigate safety and security incidents in response to reported incidents, complaints, claims, or regulatory / compliance audits or other issues.

CCTV data may also be used to monitor passenger or vehicle flows or to conduct statistical analysis of those flows. This processing is carried out in daa’s legitimate interests and allows us to ensure we can continue to invest in the infrastructure to meet passengers’ future needs at Dublin Airport. This does not affect your rights as a data subject. See your rights in relation to your information below. We may be required to share your information to Comply with our legal and regulatory obligations Investigate safety incidents, security incidents or criminal activity. We may share personal data relating to you recorded on CCTV with:

Competent authorities such as An Garda Síochana or the Irish Aviation Authority
Third parties who operate retail outlets, or who provide services to passengers such as airlines or handling agents where we have a statutory obligation to do so.

All personal data collected for the purposes specified in this statement is processed inside the European Union (EU) or the European Economic Area (EEA) and will never be transferred to countries located outside the EU or the EEA. We retain CCTV footage for thirty (30) days. Any CCTV footage identified as relevant to a formally reported incident is retained for six (6) years from the date of the reported incident. Where an investigation or claim arising from a reported incident take longer than 6 years to be processed, the CCTV footage identified as relevant to that incident may be retained for longer than 6 years.

Your rights as a data subject are as follows:

Right of access – you have the right to find out if we hold any personal data relating to you. You also have the right to obtain a copy of any such personal data we hold on you. The request, referred to as a Data Access Request.
Right to rectification – you have the right to request we rectify any information we hold about you that is inaccurate.
Right to erasure – you have the right to request we erase any information we hold on you, provided there is valid grounds for doing so.
Right to restriction of processing – you have the right to request we temporarily restrict the processing of your personal data, provided there are valid grounds for doing so.
Right to object – you have the right to object to the processing of your personal data, namely in the case processing is carried out in the legitimate interests of daa.
Right to lodge a complaint – if you are unhappy with how we have acted in handling your personal data, you have the right to lodge a complaint with the supervisory authority in your EEA country of residence, place of work, or with the Office of the Data Protection Commissioner in Ireland.

6. Security and Confidentiality

Any personal information that you provide to daa or its subsidiaries will be treated with the highest standards of security and confidentiality and handled in accordance with Data Protection laws and the General Data Protection Regulation. Security of your personal data is very important to us. We take all reasonable technical and organisational measures to prevent the loss, misuse, unauthorised access, disclosure, or alteration of your personal data. These measures include:

We apply various levels of access control to restrict access to your personal information to daa employees and contractors who require a level of access as part of their role
We work with experienced, specialised vendors to develop and maintain our platforms
We regularly review and audit our security and data protection policies and procedures to ensure a high level of operational security is maintained.

7. Data Access Requests

You have a right to obtain a copy of any information relating to you kept on computer or in a structured manual filing system by daa. All you need to do is write to us and ask for it under the Data Protection Acts. We refer to these requests as Data Access Requests. Please download the PDF here for Data Access Request guidance.

8. Direct Marketing Communications and Permissions

If we wish to gather information to contact you, e.g. for marketing purposes, we will ask for your consent to do so in advance. If you have purchased products or services from us, we may offer you reminders or information to assist us in delivering those services unless you have asked us not to contact you in relation to products or services purchased. If you have provided consent, you can unsubscribe at any time to remove that consent. This Privacy Statement applies to individuals that have given their consent to avail of direct marketing communications from daa plc regarding promotions, products or services electronically via email, SMS and / or push notifications. We would like to provide you with information about new products, promotions, special offers, services and other information that we feel you may be interested in. As part of a purchase on our digital channels, we offer you the opportunity to opt in to our marketing communications. You will always be given the opportunity to withdraw that consent on every electronic communication you receive from daa plc by unsubscribing at any time. When you sign up to marketing communications, we’ll normally contact you by email, but we may also send you marketing texts if you have given us your mobile number for this purpose.

9. Cookies and Web Browsing

10. Changes to Privacy Policy

We review our Privacy Statements on a regular basis, and any updates will be highlighted in the version date below. This Privacy Statement was last updated on: October 5, 2020 and is effective from October 5, 2020.

11. Contact Us

If you have any general queries about your experience in dealing with us, please contact info@daa-international.com. If you have any questions or comments about this Privacy Statement, please contact our Data Protection Officer by email at dataprotection@daa.ie or in writing at: Data Protection Officer, Cargo Building 6, Corballis Park, Dublin Airport.

Table of Contents