Skip to main content

Data Protection and Internet Cookies Policy

Basel-Mulhouse Airport attaches the utmost importance to the protection of the personal data and privacy of its customers and of all website users.
This data Protection and Internet Cookies Policy describes the types of personal data that Basel-Mulhouse Airport may collect about you and the ways in which the Airport and its subcontractors may use that data.

Any processing of your personal data is carried out in compliance with current regulations and in particular Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, French Law No. 78-17 on data processing, files and individual freedoms of January 6, 1978 (amended) and the Swiss Federal Act on Data Protection (FADP) of September 25, 2020, last amended on September 1, 2023.

Users of any of the Airport’s websites confirm that they have read and accepted the terms of this Data Protection Policy and of the General Terms and Conditions of Use of the relevant website. Users who do not agree with these terms are free not to use the websites and not to provide any personal data.


The following terms shall have the following meanings:

Personal data” means any information pertaining to an identified or a directly or indirectly identifiable natural person.

"Processing of personal data” means any operation or set of operations performed on personal data by any process whatsoever (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of supply, or reconciliation).

"Data controller” means the natural or legal person who determines the purposes for which and the means by which personal data is processed, i.e. the purposes (“why”) and the means (“how”) of the processing. Generally and in practice, the data controller is the public or private entity acting as its legal representative.

"Subcontractor" means any legal or natural person or any other organisation that processes personal data on behalf of the data controller.

Authorised third party” means the public authority, service or organisation that can access certain data contained in public or private file systems because it is expressly authorised to do so by law.



Personal data is collected by Basel-Mulhouse Airport, a Franco-Swiss public entity having its registered office in BLOTZHEIM [postal address: BP 60120, 68304 SAINT LOUIS CEDEX], registered under SIRET number 778 971 424 00016, represented by Mr. Matthias SUHR as its Managing Director.


As part of the services offered by Basel-Mulhouse Airport and for the operation of its websites, and, Basel-Mulhouse Airport collects personal data concerning you.

More specifically, the Airport may collect and use your personal data to provide the services offered, in particular through these websites, and to keep the data relating to you up to date, accurate and relevant in order to fulfill one or more of the following purposes at all times:




Categories of collected data


Legal basis


Retention period

Processing requests for information and making contact


Processing requests for support for people with reduced mobility

Via the contact form: Identity and contact details



Legitimate interest


The time required to process the requests

Search and identification of relevant professional profiles to collect applications



Via the application contact form: identity, contact details, professional data (CV, cover letter)



Legitimate interest


For a maximum of 2 years from the last contact with the applicant, except for objections by applicants


Pre-selection of applicants

Assessment of the applicant's professional skills

Job application (CV, contact details)

Execution of a contract (pre-contractual measures)


CV is kept for a maximum of 2 years

Personnel recruitment

Re-use of data collected during the hiring period for HR administration purposes

Contract fulfillment


Legal obligation

Employment period + 5 years in the archives starting with the employee's departure

Management of the customer loyalty program

Contact details, identity

Contract fulfillment


Management of customer and potential customer relationships

(contracts, invoicing, creation of customer accounts, customer support, complaints, etc.)



Contact details, identity


Contract fulfillment


During the period of the business relationship


5 years in the archives, starting with the end of the business relationship

Processing of parking spot reservations

Parking lot management

Parking ticket management (tickets with time stamp, prepaid tickets, billing cards,

subscriptions, badges, bus station)

Online booking of parking spots with secure payment process

Access control by means of license plate read-outs

Order management Complaint management


Data regarding parking spot reservations: License plate, date and time of entry and exit



Contact details, identity




Contract fulfillment



Video surveillance: 1 month

License plate read-outs: 31 days after the vehicle leaves the parking facility

Payment information: 10 years

Booking history in the user account: during the entire account activity until the user requests deletion or deletion after three years of inactivity.

Booking history without creation of a user account: 1 year in the event of a complaint

Processing of fraud cases, unpaid invoices, reclaimings from the parking department 


Processing of fraud cases (fraud in the event of unauthorised passage through airport barriers without an airport ID or vehicle registration card before the barrier closes / "petit train")

Processing of acknowledgements of debt

Processing requests for the removal of light vehicles

Processing the relocation of abandoned vehicles




License plate, identity and address


Legitimate interest

In the event of fraud: retention for 5 years from the disputed facts

5 years after occurrence of insolvency. As soon as unpaid invoices have been paid, there is a maximum period of 48 hours to delete the data. 

Data related to unpaid invoices can be archived for a further 5 years if the company is legally obliged to do so or if the company wishes to provide evidence in the event of a legal dispute within the statute of limitations


Issuance of specific driving or access authorisations

Contact details, identity


Legitimate interest


7 years from application date

Provision of public Wi-Fi

The user’s source IP and MAC address

Target URL and target IP


Identification data: last name, first name and e-mail address which are requested from the user

to enable the use of the hotspot service




Information about data traffic must be retained for 1 year from the date of recording

(Article R. 10-13 of the French Code des postes et des communications électroniques)


Subscription to newsletters (business information, news, etc.)


E-mail address




Until the withdrawal of consent

Processing of reservation requests for meeting rooms (Business Center)


Contact details, identity


Legitimate interest


Reservation period

Participation in events offered by Basel-Mulhouse Airport - Organisation of competitions


Contact details, identity


Legitimate interest


The time required to carry out the event


The time required to complete the competition and hand over the prize


No listings are retained

Processing group visits on the airport platform

Visitor management

Identity check for visitors, carried out by the DGAC

Signing signature lists

Copy of a proof of identity


Last name, first name




5 years


Publication of images and videos for institutional purposes in compliance with image rights






Until the withdrawal of consent

Processing feedback and satisfaction surveys 


IP address


Legitimate interest


Time of registration on the online form

Management of business and contact partners at the Airport


Carrying out administrative tasks related to:

Contracts, orders, receipt of goods, invoices, payments and accounting in relation to accounts for suppliers and service providers


Contact details, identity


Processing necessary for the purposes of the legitimate interests pursued by the data controller


Information about the processing of orders and deliveries is retained for 10 years


Access control to the security zone with regulated access (ZSAR) via biometric facial recognition




Biometric data of personnel from different authorities (police, Gendarmerie, customs) and emergency services (Airport Rescue and Firefighting Department, SSLIA / SSIAP) to pass through the direct access gates into the ZSAR (security zone with regulated access);


Biometric data of airport personnel in possession of an airport ID card (TCA, Titre de Circulation Aéroportuaire) for access control and before entering the ZSAR


Legal obligation


Regulation (EC) No 2320/2002, as amended by Regulation (EC) No 849/2004 of the European Parliament and of the Council of April 29, 2004;


Commission Regulation (EC) No. 622/2003 of April 4, 2003, as amended, inter alia, by Commission Regulation (EC) No. 831/2006 of June 2, 2006.


Decree of November 12, 2003 on security measures for air traffic;


Decree of April 6, 2022 amending the Decree of September 11, 2013 on aviation security measures for civil aviation



Biometric data is checked in real time; the data is not retained


In general, all of our customers' data is also collected for the purposes of invoicing, debt collection and accounting, in accordance with the contracts and the Airport's legitimate interest.

Before data is collected, you will be informed whether the provision of the requested personal data is mandatory or voluntary.

The data highlighted with an asterisk (*) in the form is mandatory. If this data is not provided, access to the services and their use by the person concerned is not possible or a request linked to a form cannot be fulfilled.

The provision of further data is optional. Your failure to provide this information will not affect the provision of agreed services or the response to requests for information, even if this may limit their relevance.



The personal data collected on this website is mainly intended for internal departments of the Airport that are authorised to have access to it.

In order to fulfill certain purposes and services offered, the personal data collected may be provided to the Airport's Subcontractors. Should the Airport entrust data processing to Subcontractors, it shall only use Subcontractors that offer sufficient guarantees with regard to the necessary technical and organisational measures to ensure that the processing meets the reliability and security requirements stipulated by the applicable legislation and that the rights of individuals are protected.

In accordance with the regulation in force, your personal data may be transferred to authorised third parties (public authorities, judicial authorities, court officers and ministerial officers) by a legal or regulatory provision in the context of a specific assignment or the exercise of a right of disclosure.

If the Airport receives a request for disclosure from a third party based on a legal or regulatory provision, it shall ensure that the continuing provision is in force and that it actually provides for a right of disclosure in favour of the requestor. The Airport ensures that only data specified in the legal or regulatory text is transmitted. In case of imprecision of the request, the Airport shall ensure that only data that it considers absolutely necessary to achieve the intended purpose is transmitted.

The disclosure of data is carried out in accordance with procedures that guarantee their security, by adapting the chosen measure to the type of data and the risks involved.


The Airport may be required to transfer data to Switzerland, a country recognised by the European Commission as having an adequate level of data protection.
The Airport shall only communicate data abroad when it is absolutely essential to the provision of its services. The Airport shall then contractually stipulate compliance with the provisions on data protection and security of information with the recipients concerned and take all the necessary measures to ensure that third parties comply strictly with the warranties.



Taking into account technological developments, implementation costs, the nature of the data to be protected, and the risks to individual rights and liberties, the Airport shall implement all appropriate technical and organisational measures to guarantee the confidentiality of the personal data collected and processed, and a level of security appropriate to the risk.



In accordance with Regulation (EU) 2016/679 and the Swiss Federal Act on Data Protection, you have the right to request access to your personal data, rectification or deletion (the right to be forgotten), restriction of processing of your personal data and the right of portability of this data from Basel-Mulhouse Airport as the responsible data controller. 

You may also object to the processing of your personal data for legitimate reasons. 

You also have additional rights under national legislation, such as directives concerning the retention, deletion and disclosure of your personal data after your death.

Basel-Mulhouse Airport has a designated Data Protection Officer (DPO) whom you may contact in case of any problems.

To exercise your rights, please contact Basel-Mulhouse Airport:

  • Postal address of the Data Protection Officer: DPO - Basel-Mulhouse Airport

BP 60120, F-68304 Saint-Louis Cedex


In the context of such requests and to avoid identity fraud, we ask you to enclose a valid proof of identity.

If, after contacting us, you believe that your rights in relation to your personal data have not been respected, you may file a complaint with the competent data protection authority (Commission Nationale de l'Informatique et des Libertés - CNIL - for France or the Federal Data Protection and Information Commissioner - FDPIC - for Switzerland).



The Basel-Mulhouse Airport website uses cookies to ensure the functionality and optimisation of the website and the services provided.  Cookies to ensure the functionality of the website, which do not require consent, make it easier to navigate and improve the user-friendliness of the websites.

The cookies installed on the website are used specifically for the following purposes:

  • To maintain the current session on websites with login;
  • To enable or facilitate electronic communication;

Name of the cookie


Purpose of the cookie


1 year

Banner for displaying cookies on the first website visit



Your session’s ID on the server



Cookie to secure communication with the server



A flag indicating whether the cache is disabled or not



Your session’s ID on the server


7 days

Allows you to obtain the latest version of the page you are visiting.



PHP session ID


1 year

Language detection



Use extension ViewHelper

Displays nested content or "then" child once, then sets a cookie with $ttl, optionally locked to domain name, which makes the condition return FALSE as long as the cookie exists.
"Once"-style ViewHelpers are purposed to only display their nested content once per XYZ, where the XYZ depends on the specific type of ViewHelper (session, cookie etc).



on first start of session



save theme in cookie



Is used for maintaining sessions


If your browser allows it, you can refuse the storage of cookies by configuring the parameters of your browser as described below:

For Internet Explorer:
For Firefox:
For Google Chrome 4, Google Chrome 8 and later versions:
For Safari:
For Opera : 

The User's attention is drawn to the fact that access to certain services and sections of the website may be impaired or even impossible.

The retention period for cookies varies depending on the type of cookie. We mainly use cookies that self-destruct after a session has ended. In this case, it is called a session cookie or a browser cookie. Cookies are for internal use only and are not accessible to third parties.


Any changes to this Privacy Policy adopted by the Airport or required by law will be published on our websites and will take effect from the time of publication. As a result, we recommend that for each visit you take note of the latest version of the Policy which is always available on our websites.