The present Notice refers to the processing of individuals’ personal data in their capacity as principals of individual person legal entities, shareholders or associates of legal persons and individual partnerships that are likely to cooperate with Athens International Airport S.A. (AIA). AIA recognizes and respects the importance of data privacy and is committed to data availability, integrity and confidentiality for the entire period is maintained. The Notice provides you with useful information on how and why AIA processes your personal data on the subject process and outlines your respective rights, in compliance with applicable data protection legislation.

1. Data Controller: “Athens International Airport S.A.” (AIA), with corporate seat at Administration Building (B17), Spata Attica, postal code 190 19, is the Data Controller for this process, as defined in EU Regulation 2016/679 and holds all rights and obligations reserved for such capacity under the Law.
   
   AIA’s authorized representative:   Mr. N. Kalyvas, Head, Credit Control & Collection Management
                                                         e-mail: KalyvasN@aia.gr
2. Contacting AIA’s Data Protection Officer:
   a. Through AIA’s website:  https://www.aia.gr/privacy
   b. Through email at this mail address: privacy@aia.gr
   c. By correspondence at the following postal address:
       Manager, Data Protection & Compliance Dept.
       Athens International Airport S.A.
       Administration Building (B17)
      190 19 Spata, Attica
3. Types of personal data processed: Identification data, date of birth and place of residence of legal representatives and shareholders of corporations and partners of commercial entities and individual companies.  
4. The legal basis and purpose of processing:The fulfillment of Data Controller’s legitimate interest in regards with the right of economic freedom that guarantees commercial loyalty, reliability and security of transactions. The fulfillment of this interest is achieved by accessing correct and up-to-date information about the credit and generally financial situation of active and potential new AIA business partners. Minimizing the risks of contracts with unreliable business partners and generally creating bad debts forms the basis for protecting commercial credit and enhancing financial transactions.
5. Third party processing:  Data processing is carried out legally by professional bodies with which AIA concludes service contracts for the collection and analysis of data regarding the financial performance of active and potential AIA business partners, ensuring that the personal data is protected by the process while the interests of the involved data subjects are not affected.
6. Retention Period: The personal data collected shall be kept in a secure AIA electronic record for as long as it is required to recognize, exercise or defend any legitimate right thereof.
7. Data subject rights to access and manage personal data: In accordance with the personal data legislation in force, data subjects may exercise their right to affirm the lawful processing of their personal data. Furthermore, their rights to access, rectify, delete, transfer their data and request the objection or restriction of data processing may be applied. The exercise of any of the above rights is subject to applicable regulatory, or operational restrictions. Any such request should be communicated to AIA’s Data Protection Officer.
8. Right to lodge a complaint with the competent Data Protection Authority (DPA): Data subjects have the right to lodge a complaint  before the competent Hellenic Data Protection Authority (DPA) at their website (www.dpa.gr) if they consider that the processing of their personal data by AIA is carried out in a way that violates the Regulation 2016/679 and the Greek Law 4624/2019.