Personal Data Protection

This Privacy Statement sets out the framework governing the processing of personal data carried out by Geneva International Airport (“AIG”) in connection with the use of its websites  www.gva.ch, www.gva.boutique, https://gva-durabilite.ch/, https://ppr.gva.ch/, https://shop.e-guma.ch/gva/fr/bons-cadeaux (the “Sites”) and/or its mobile application (the “App”), as well as the provision of related services.

Its purpose is, in particular, to inform users about the nature of the data collected, as well as the methods and purposes of its processing. It also informs individuals of their rights in relation to the use of their personal data and explains how to exercise them.

AIG places great importance on ensuring that all personal data processing is carried out in a responsible and lawful manner and implements the necessary practices to guarantee the protection of individuals’ privacy.

By browsing the Sites or connecting to the App, users declare that they accept the processing of their personal data in accordance with the provisions below.

This Privacy Statement does not apply to information collected by affiliated or third-party websites accessible from the Sites or containing links to the Sites.

2.1 GENERAL
AIG collects certain personal data from users in order to provide the services offered on the Sites. Personal data may also be collected to enable AIG to analyze the use of the Sites, in order to ensure smooth navigation and continuously improve the quality of the content provided.

All personal data processing is carried out in compliance with the applicable legal framework, including in particular the Geneva cantonal law on public information, access to documents and personal data protection (“LIPAD”, RSG A 2 08), its implementing regulation (“RIPAD”, RSG A 2 08.01), the Swiss Federal Act on Data Protection (“FADP”, RS 235.1), as well as Regulation (EU) 2016/679 on the protection of personal data (“GDPR”), within the limits of their respective scope of application.

To ensure enhanced protection of personal data against misuse, AIG continuously improves its security measures, taking into account technological developments and risks. However, it is the user’s responsibility to ensure that the data voluntarily provided is current and accurate and to inform AIG of any changes to their customer data.

Within the company, access to personal data is limited to employees involved in the purposes of processing, who are subject to strict confidentiality obligations and compliance with data protection regulations.

The processing of personal data may involve third parties selected by AIG, who must provide sufficient guarantees for lawful and secure data processing. Cases where personal data is shared with third parties are specified in this Privacy Statement.

2.2 ONLINE SERVICES
The website www.gva.ch offers users the possibility to subscribe to a number of online services to facilitate their travel.

To enable the provision of these services, AIG needs to collect the following personal information from the data subject:

[title, last name, first name, email, full postal address, service usage times, license plate number (ResaPark only), flight number, purpose of travel]

2.3 CONTESTS
AIG offers the possibility to participate in various online competitions throughout the year, allowing participants to win prizes related to AIG’s activities. These competitions are organized in collaboration with various partners, including airlines issuing flight tickets, participating hotels, or other event partners. The identity of these partners is clearly specified in each competition announcement.

Participation in competitions takes place on the website www.gva.ch and requires the collection of the following personal data:

[title, last name, first name, email, full postal address, phone number, date of birth]

2.4 NEWSLETTERS
The website www.gva.ch offers interested individuals (private persons, business partners) the possibility to subscribe to various newsletters in order to receive, by email, the latest information about AIG’s activities as well as its offers and those of third-party partners.

Subscription to newsletters is also offered when subscribing to online services (section 2.2), participating in competitions (section 2.3), or attending events.

Only subscribed individuals may receive the newsletter(s) to which they have subscribed.

When subscribing to a newsletter, the following personal data is collected:

[title, last name, first name, email]

Subscription to newsletters may also occur when participating in a competition, creating a customer account, or purchasing an online service.
Unsubscription from newsletters can be requested at any time by clicking on the “unsubscribe” option included in each newsletter or by email according to the details in section 8.

For sending newsletters, AIG uses an IT tool provided by Salesforce.

2.5 CUSTOMER ACCOUNT
Users may create a customer account to facilitate access to online services and the management of subscribed services. For this purpose, the following data is required:

[title, last name, first name, email, address]

The entered data is stored on AIG’s IT servers.

You may delete your customer account at any time by visiting www.gva.ch, logging in, and following the online procedure.

For customer data management, AIG uses an IT tool provided by Salesforce.

2.6 MOBILE APPLICATION
AIG offers the possibility to download the App to access online services more easily and obtain relevant travel information.

The application also uses cookies and tracking pixels (see section 2.7.1).

Users may allow the application to send notifications (travel information, disruptions, etc.). Users may also enable geolocation on their device to benefit from interactive maps and navigation features. These settings can be disabled at any time according to the device instructions.

2.7 WEBSITES
On its Sites, AIG uses cookies and pixels (web beacons) to optimize functionalities, provide content that meets user expectations, and facilitate navigation.

Data processing for analyzing Site usage, as described below, is carried out only with the user’s explicit consent.

2.7.1 Invisible pixels (web beacons)
Web beacons are small invisible digital images used by the Sites to collect information about the number of visitors, in particular to analyze the popularity of content. They are not used by Genève Aéroport to access users’ personal data but only to generate anonymous statistical data.

2.7.2 Cookies
Cookies are small text files automatically created by the Sites and stored on the user’s device (PC, smartphone, tablet, etc.). They collect data such as IP address, geographic origin, date and duration of visit, pages viewed, and navigation sequence.

Users may block cookies through their browser settings. However, disabling cookies may prevent certain Site functionalities from working.

2.7.3 Media and social networks
AIG uses social media platforms such as Facebook, Instagram, Twitter, LinkedIn, YouTube, Dailymotion, and TikTok to inform and engage with the public about Geneva Airport activities.

The Sites use Google Analytics provided by Google Inc. to analyze user navigation data. Collected data is not cross-referenced, and IP addresses are anonymized before storage.

These services are managed by third parties with their own policies.

Users may activate or deactivate social plugins. If activated, the browser connects to social network servers, which may receive the user’s IP address even without an account.

Users should consult the data protection policies of these providers. AIG does not control or assume responsibility for their use of data.

2.7.4 Publications
Messages posted on AIG’s social media pages may be read and freely used. Comments and reactions are reviewed by AIG staff, who may remove illegal, abusive, discriminatory, or harmful content. Users may be excluded without prior notice.

2.7.5 Chatbox
AIG provides a chatbox service on its website to answer user questions automatically. The IP address and message content are processed for this purpose.

2.8 PERSONALIZED OFFERS
With explicit user consent, customer data (name, email, address, subscribed services, visited Sites) may be used to develop personalized offers (email, SMS, push notifications, web teasers). Other partner companies may also send offers with user consent.

Users may refuse such communications at any time.

2.9 SYSTEM MAINTENANCE AND SECURITY
AIG may use user data for system maintenance and troubleshooting.

To strengthen IT security, AIG may conduct penetration tests, possibly involving specialized subcontractors, while limiting data access.

Strict confidentiality and data protection measures are enforced.

Users may withdraw their consent at any time, particularly regarding personalized offers.

Data is stored on secure servers with appropriate safeguards.

Personal data is retained only as long as necessary for service provision and legal compliance.

Once retention periods expire, data is systematically deleted.

Personal data collected is not sold by AIG.

To the extent necessary for the provision of services subscribed to by the user, AIG may transmit the collected data to service providers selected by AIG.

AIG complies with applicable legislation when communicating personal data to third parties and ensures that such parties provide an adequate level of data protection.

Within the framework of the processing of their personal data, data subjects may exercise the rights granted to them, including in particular:

• Right to information: the right to be informed in a clear and comprehensive manner about all personal data processing carried out by AIG;
• Right of access: the right to obtain confirmation as to whether or not personal data concerning them is being processed, and to access such data and obtain a copy;
• Right to rectification: the right to have inaccurate or incomplete personal data corrected or completed;
• Right to erasure: the right to request the deletion of personal data when it is no longer necessary for the purposes pursued, when consent is withdrawn, when the data subject objects to processing, or in the case of unlawful processing;
• Right to restriction of processing: the right, under certain conditions, to request restriction of processing, whereby only storage of personal data (excluding any other processing) will be carried out;
• Right to object: the right to object at any time to processing based on the data subject’s particular situation;
• Right to data portability: the right to receive personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where processing is based on consent or a contract and carried out by automated means.

For this purpose, data subjects may contact AIG directly by email as indicated in section 8.

AIG is not responsible for the content of affiliated or third-party websites that link to or refer to the Sites. AIG cannot be held liable, directly or indirectly, for the accuracy, validity, relevance, or legality of any information and/or documents on third-party websites. Users assume all risks associated with using links to third-party websites.

AIG recommends that users carefully read the terms and conditions and personal data protection policies applicable to such third-party websites, which may differ from those of AIG.

In any event, this Privacy Statement does not apply to third-party websites referenced. AIG disclaims all liability and provides no guarantees regarding the storage and processing of visitors’ personal data on third-party servers.

For any questions regarding personal data processing:

marketing@gva.ch / Genève Aéroport, Marketing Development, P.O. Box 100, 1215 Geneva 15, Switzerland.

This Data Protection Statement may be modified by AIG as necessary. Such modifications shall enter into force after a period of 30 working days. Data subjects are therefore invited to regularly consult this document in order to be informed of any changes.

This Privacy Statement is governed by Swiss law, excluding any conflict of law rules, and is subject to the jurisdiction of the courts of Geneva, Switzerland.