Skip to main content

Data Protection and Internet Cookies Policy

Basel-Mulhouse Airport attaches the utmost importance to the protection of the personal data and privacy of its customers and of all website users.
This data Protection and Internet Cookies Policy describes the types of personal data that Basel-Mulhouse Airport may collect about you and the ways in which the Airport and its subcontractors may use that data.


Any processing of your personal data is carried out in compliance with current regulations and in particular Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, French Law No. 78-17 on data processing, files and individual freedoms of January 6, 1978 (amended) and the Swiss Federal Act on Data Protection (FADP) of September 25, 2020, last amended on September 1, 2023.


Users of any of the Airport’s websites confirm that they have read and accepted the terms of this Data Protection Policy and of the General Terms and Conditions of Use of the relevant website. Users who do not agree with these terms are free not to use the websites and not to provide any personal data.

ARTICLE 1 - DEFINITIONS

The following terms shall have the following meanings:

Personal data” means any information pertaining to an identified or a directly or indirectly identifiable natural person.

"Processing of personal data” means any operation or set of operations performed on personal data by any process whatsoever (collection, recording, organisation, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission or dissemination, or any other form of supply, or reconciliation).

"Data controller” means the natural or legal person who determines the purposes for which and the means by which personal data is processed, i.e. the purposes (“why”) and the means (“how”) of the processing. Generally and in practice, the data controller is the public or private entity acting as its legal representative.

"Subcontractor" means any legal or natural person or any other organisation that processes personal data on behalf of the data controller.

Authorised third party” means the public authority, service or organisation that can access certain data contained in public or private file systems because it is expressly authorised to do so by law.

 

ARTICLE 2 - IDENTITY OF THE DATA CONTROLLER

Personal data is collected by Basel-Mulhouse Airport, a Franco-Swiss public entity having its registered office in BLOTZHEIM [postal address: BP 60120, 68304 SAINT LOUIS CEDEX], registered under SIRET number 778 971 424 00016, represented by Mr. Matthias SUHR as its Managing Director.

ARTICLE 3 - PERSONAL DATA COLLECTED, PURPOSES, LEGAL BASIS AND RETENTION PERIOD

As part of the services offered by Basel-Mulhouse Airport and for the operation of its websites www.euroairport.com, www.businesscenter.euroairport.com and www.advantages.euroairport.com, Basel-Mulhouse Airport collects personal data concerning you.

More specifically, the Airport may collect and use your personal data to provide the services offered, in particular through these websites, and to keep the data relating to you up to date, accurate and relevant in order to fulfill one or more of the following purposes at all times:

 

Purposes

 

Categories of collected data

 

Legal basis

 

Retention period

Processing requests for information and making contact

 

Processing requests for support for people with reduced mobility

Via the contact form: Identity and contact details

 

 

Legitimate interest

 

The time required to process the requests

Search and identification of relevant professional profiles to collect applications

 

 

Via the application contact form: identity, contact details, professional data (CV, cover letter)

 

 

Legitimate interest

 

For a maximum of 2 years from the last contact with the applicant, except for objections by applicants

 

Pre-selection of applicants

Assessment of the applicant's professional skills

Job application (CV, contact details)

Execution of a contract (pre-contractual measures)

 

CV is kept for a maximum of 2 years

Personnel recruitment

Re-use of data collected during the hiring period for HR administration purposes

Contract fulfillment

 

Legal obligation

Employment period + 5 years in the archives starting with the employee's departure

Management of the customer loyalty program

Contact details, identity

Contract fulfillment

 

Management of customer and potential customer relationships

(contracts, invoicing, creation of customer accounts, customer support, complaints, etc.)

 

 

Contact details, identity

 

Contract fulfillment

 

During the period of the business relationship

 

5 years in the archives, starting with the end of the business relationship

Processing of parking spot reservations

Parking lot management

Parking ticket management (tickets with time stamp, prepaid tickets, billing cards,

subscriptions, badges, bus station)

Online booking of parking spots with secure payment process

Access control by means of license plate read-outs

Order management Complaint management

 

Data regarding parking spot reservations: License plate, date and time of entry and exit

 

 

Contact details, identity

 

 

 

Contract fulfillment

 

 

Video surveillance: 1 month

License plate read-outs: 31 days after the vehicle leaves the parking facility

Payment information: 10 years

Booking history in the user account: during the entire account activity until the user requests deletion or deletion after three years of inactivity.

Booking history without creation of a user account: 1 year in the event of a complaint

Processing of fraud cases, unpaid invoices, reclaimings from the parking department 

 

Processing of fraud cases (fraud in the event of unauthorised passage through airport barriers without an airport ID or vehicle registration card before the barrier closes / "petit train")

Processing of acknowledgements of debt

Processing requests for the removal of light vehicles

Processing the relocation of abandoned vehicles

 

 

 

License plate, identity and address

 

Legitimate interest

In the event of fraud: retention for 5 years from the disputed facts

5 years after occurrence of insolvency. As soon as unpaid invoices have been paid, there is a maximum period of 48 hours to delete the data. 

Data related to unpaid invoices can be archived for a further 5 years if the company is legally obliged to do so or if the company wishes to provide evidence in the event of a legal dispute within the statute of limitations

 

Issuance of specific driving or access authorisations

Contact details, identity

 

Legitimate interest

 

3 years from application date

Provision of public Wi-Fi

The user’s source IP and MAC address

Target URL and target IP

 

Identification data: last name, first name and e-mail address which are requested from the user

to enable the use of the hotspot service

 

Consent

 

Information about data traffic must be retained for 1 year from the date of recording

(Article R. 10-13 of the French Code des postes et des communications électroniques)

 

Subscription to newsletters (business information, news, etc.)

 

E-mail address

 

Consent

 

Until the withdrawal of consent

Processing of reservation requests for meeting rooms (Business Center)

 

Contact details, identity

 

Legitimate interest

 

Reservation period

Participation in events offered by Basel-Mulhouse Airport - Organisation of competitions

 

Contact details, identity

 

Legitimate interest

 

The time required to carry out the event

 

The time required to complete the competition and hand over the prize

 

No listings are retained

Processing group visits on the airport platform

Visitor management

Identity check for visitors, carried out by the DGAC

Signing signature lists

Copy of a proof of identity

 

Last name, first name

 

Consent

 

5 years

 

Publication of images and videos for institutional purposes in compliance with image rights

 

Photo

 

Consent

 

Until the withdrawal of consent

Processing feedback and satisfaction surveys 

 

IP address

 

Legitimate interest

 

Time of registration on the online form

Management of business and contact partners at the Airport

 

Carrying out administrative tasks related to:

Contracts, orders, receipt of goods, invoices, payments and accounting in relation to accounts for suppliers and service providers

 

Contact details, identity

 

Processing necessary for the purposes of the legitimate interests pursued by the data controller

 

Information about the processing of orders and deliveries is retained for 10 years

 

Access control to the security zone with regulated access (ZSAR) via biometric facial recognition

 

 

 

Biometric data of personnel from different authorities (police, Gendarmerie, customs) and emergency services (Airport Rescue and Firefighting Department, SSLIA / SSIAP) to pass through the direct access gates into the ZSAR (security zone with regulated access);

 

Biometric data of airport personnel in possession of an airport ID card (TCA, Titre de Circulation Aéroportuaire) for access control and before entering the ZSAR

 

Legal obligation

 

Regulation (EC) No 2320/2002, as amended by Regulation (EC) No 849/2004 of the European Parliament and of the Council of April 29, 2004;

 

Commission Regulation (EC) No. 622/2003 of April 4, 2003, as amended, inter alia, by Commission Regulation (EC) No. 831/2006 of June 2, 2006.

 

Decree of November 12, 2003 on security measures for air traffic;

 

Decree of April 6, 2022 amending the Decree of September 11, 2013 on aviation security measures for civil aviation

 

 

Biometric data is checked in real time; the data is not retained

 

In general, all of our customers' data is also collected for the purposes of invoicing, debt collection and accounting, in accordance with the contracts and the Airport's legitimate interest.

Before data is collected, you will be informed whether the provision of the requested personal data is mandatory or voluntary.

The data highlighted with an asterisk (*) in the form is mandatory. If this data is not provided, access to the services and their use by the person concerned is not possible or a request linked to a form cannot be fulfilled.

The provision of further data is optional. Your failure to provide this information will not affect the provision of agreed services or the response to requests for information, even if this may limit their relevance.

 

ARTICLE 4 - DISCLOSURE OF PERSONAL DATA

The personal data collected on this website is mainly intended for internal departments of the Airport that are authorised to have access to it.

In order to fulfill certain purposes and services offered, the personal data collected may be provided to the Airport's Subcontractors. Should the Airport entrust data processing to Subcontractors, it shall only use Subcontractors that offer sufficient guarantees with regard to the necessary technical and organisational measures to ensure that the processing meets the reliability and security requirements stipulated by the applicable legislation and that the rights of individuals are protected.

In accordance with the regulation in force, your personal data may be transferred to authorised third parties (public authorities, judicial authorities, court officers and ministerial officers) by a legal or regulatory provision in the context of a specific assignment or the exercise of a right of disclosure.

If the Airport receives a request for disclosure from a third party based on a legal or regulatory provision, it shall ensure that the continuing provision is in force and that it actually provides for a right of disclosure in favour of the requestor. The Airport ensures that only data specified in the legal or regulatory text is transmitted. In case of imprecision of the request, the Airport shall ensure that only data that it considers absolutely necessary to achieve the intended purpose is transmitted.

The disclosure of data is carried out in accordance with procedures that guarantee their security, by adapting the chosen measure to the type of data and the risks involved.

ARTICLE 5 - TRANSFER OF PERSONAL DATA TO RECIPIENTS OUTSIDE THE EUROPEAN UNION

The Airport may be required to transfer data to Switzerland, a country recognised by the European Commission as having an adequate level of data protection.
The Airport shall only communicate data abroad when it is absolutely essential to the provision of its services. The Airport shall then contractually stipulate compliance with the provisions on data protection and security of information with the recipients concerned and take all the necessary measures to ensure that third parties comply strictly with the warranties.

 

ARTICLE 6 - SECURITY MEASURES

Taking into account technological developments, implementation costs, the nature of the data to be protected, and the risks to individual rights and liberties, the Airport shall implement all appropriate technical and organisational measures to guarantee the confidentiality of the personal data collected and processed, and a level of security appropriate to the risk.

 

ARTICLE 7 - RIGHTS OF THE DATA SUBJECTS

In accordance with Regulation (EU) 2016/679 and the Swiss Federal Act on Data Protection, you have the right to request access to your personal data, rectification or deletion (the right to be forgotten), restriction of processing of your personal data and the right of portability of this data from Basel-Mulhouse Airport as the responsible data controller. 

You may also object to the processing of your personal data for legitimate reasons. 

You also have additional rights under national legislation, such as directives concerning the retention, deletion and disclosure of your personal data after your death.

Basel-Mulhouse Airport has a designated Data Protection Officer (DPO) whom you may contact in case of any problems.

To exercise your rights, please contact Basel-Mulhouse Airport:

  • Postal address of the Data Protection Officer: DPO - Basel-Mulhouse Airport

BP 60120, F-68304 Saint-Louis Cedex

 

                
In the context of such requests and to avoid identity fraud, we ask you to enclose a valid proof of identity.

If, after contacting us, you believe that your rights in relation to your personal data have not been respected, you may file a complaint with the competent data protection authority (Commission Nationale de l'Informatique et des Libertés - CNIL - for France or the Federal Data Protection and Information Commissioner - FDPIC - for Switzerland).

 

ARTICLE 8 - COOKIES

The Basel-Mulhouse Airport website uses cookies to ensure the functionality and optimisation of the website and the services provided.  Cookies to ensure the functionality of the website, which do not require consent, make it easier to navigate and improve the user-friendliness of the websites.

The cookies installed on the website are used specifically for the following purposes:

  • To maintain the current session on websites with login;
  • To enable or facilitate electronic communication;

Name of the cookie

Duration    

Purpose of the cookie

accept_cookies

1 year

Banner for displaying cookies on the first website visit

CHANGESESSIONID

 

Your session’s ID on the server

TSXXXXX

 

Cookie to secure communication with the server

external_no_cache

 

A flag indicating whether the cache is disabled or not

Frontend

 

Your session’s ID on the server

fe_typo_user

7 days

Allows you to obtain the latest version of the page you are visiting.

PHPSESSID

 

PHP session ID

preferedLanguage

1 year

Language detection

$identifier

 

Use extension ViewHelper

Displays nested content or "then" child once, then sets a cookie with $ttl, optionally locked to domain name, which makes the condition return FALSE as long as the cookie exists.
"Once"-style ViewHelpers are purposed to only display their nested content once per XYZ, where the XYZ depends on the specific type of ViewHelper (session, cookie etc).

session_name

 

on first start of session

ThemeCookieName

 

save theme in cookie

Kglhf

Session

Is used for maintaining sessions

 

If your browser allows it, you can refuse the storage of cookies by configuring the parameters of your browser as described below:

For Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
For Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
For Google Chrome 4, Google Chrome 8 and later versions: https://support.google.com/chrome/answer/95647?hl=en-GB&co=GENIE.Platform%3DDesktop
For Safari: https://support.apple.com/en-us/HT201265
For Opera : https://help.opera.com/en/latest/web-preferences/ 

The User's attention is drawn to the fact that access to certain services and sections of the website may be impaired or even impossible.

The retention period for cookies varies depending on the type of cookie. We mainly use cookies that self-destruct after a session has ended. In this case, it is called a session cookie or a browser cookie. Cookies are for internal use only and are not accessible to third parties.

ARTICLE 10 - AMENDMENT OF THE DATA PROTECTION AND INTERNET COOKIES POLICY

Any changes to this Privacy Policy adopted by the Airport or required by law will be published on our websites and will take effect from the time of publication. As a result, we recommend that for each visit you take note of the latest version of the Policy which is always available on our websites.