Privacy and Cookie Notice for the career.ita-airways.com website


Italia Trasporto Aereo S.p.A., in the capacity of Data Controller (hereinafter “ITA Airways” or the “Controller”) – pursuant to Regulation (EU) 2016/679 (hereinafter “GDPR” or the “Regulation”) and Legislative Decree 196/2003 (hereinafter the “Privacy Code”) – undertakes to protect the confidentiality of the personal data of its website users. This Privacy Notice intends to specify which personal data we collect and process about you when you visit and interact with our career.ita-airways.com website (hereinafter the “Website”), in accordance with Articles 13 and 14 of the GDPR. However, this Notice does not apply to other websites accessed through links in this Website.
Regarding personal data processed in relation to the ITA Airways job application and selection procedure, please refer to the specific privacy notice, provided from time to time by the Data Controller, available in your personal profile and during the registration process.


At ITA Airways, we process your personal data based on the principles of fairness, lawfulness, transparency, purpose and storage limitation, data minimisation and accuracy, integrity and confidentiality, as well as the principle of accountability, as referred to in Article 5 of the GDPR.
By “processing of personal data”, we mean any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is Italia Trasporto Aereo S.p.A., in the person of its current legal representative, with registered office at Via XX Settembre 97, Rome (RM), 00187, unique taxpayer reference and VAT no. 15907661001, which may also be contacted at the PEC registered email address italiatrasportoaereo@legalmail.it. The Data Protection Officer of ITA Airways may be contacted at the Data Controller’s registered office, at the aforementioned postal address, as well as by email at dpo@ita-airways.com.

2. PERSONAL DATA WE COLLECT AND PROCESS

We collect and process any information relating to an identified or identifiable person, which may in particular consist of an identifier, such as your name, identification number, location data, and online identifier, or one or more factors specific to your physical, physiological, mental, economic, cultural or social identity, depending on the type of services requested (hereinafter simply “personal data”).

We process the following personal data via the Website:

a. Browsing data

During browsing, the IT systems and software procedures we use to operate the Website ordinarily collect certain personal data of users, which is then inherently transmitted through the Internet communication protocols. These data are not collected in order to be associated with identified data subjects, but they could, due to their nature, permit the identification of users through processing and association with data held by third parties. This category of data includes the user’s IP addresses or the domain names of the computers used to browse the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on how the Website is used, and to monitor its proper operation, to identify anomalies and/or abuse. The data are normally deleted after processing, unless they are needed to identify the perpetrators of possible cybercrimes capable of damaging the Website or third parties.

b. Data voluntarily provided by users

Except as provided for in other specific notices found in the various sections of the Website, this Notice also covers the personal data collected and processed in connection with voluntary subscription to the ITA Airways job opportunities newsletter, through the dedicated online form on the Website. In this case, we will process your identifying data (e.g. first name and last name) and your contact details, in particular your email address. This Notice also explains how we process your personal and identifying data (such as first name, last name and residential address) and your email address, when you register for a personal account on the Website.

c. Cookies and similar technologies

Cookies are small text files stored in a dedicated space on the hard drive of the device used to visit and browse the Website (e.g. computer, tablet, smartphone, etc.) and may require your prior consent to be installed. Cookies enable the Website to remember your actions and preferences (such as, for example, login details, chosen language, font size, other display settings, etc.), to avoid having to re-enter them again when you return to the Website or browse through it. Cookies are used for authentication purposes, session monitoring and saving information on user activities, and may also contain a unique identification code that tracks your activities, while browsing the Website, for statistical or advertising purposes. As you browse the Website, you may also receive cookies from other websites or web servers (known as “third-party” cookies). Certain operations would be impossible without the use of cookies, which, in some cases, are technically necessary for the Website to operate.
There are various types of cookies, with different characteristics and functions, which can remain on your computer or mobile device for different periods of time, such as “session cookies”, which are automatically deleted when you close the browser, or “persistent cookies”, which remain on your device for a predetermined length of time.
According to the applicable legislation, the use of cookies does not always require your consent. In particular, so-called "technical cookies" do not require consent because they are used solely to transmit a message over an electronic communications network, or for the extent strictly necessary to provide a service you explicitly requested. In other words, these cookies are essential for website operations, or necessary to perform the activities you request. The Italian Data Protection Authority (in its provision setting out streamlined procedures relative to privacy notices and the acquisition of consent for the use of cookies of 8 May 2014 – hereinafter simply the “Provision” – and, most recently, its guidelines on cookies and similar technologies of 10 June 2021 – hereinafter simply the “Guidelines”) has included the following cookies among the technical cookies, which do not require your consent for their use:


  1. first-party and third-party statistical or analytical cookies, provided that their capacity to identify individuals is reduced and that the third party does not cross-reference the information collected with data it already holds. These cookies are used to collect information, in aggregate form, on the number of users and website visitor patterns;
  2. browsing or session cookies, which, if disabled, will prevent you from using all the services available on the website;
  3. functionality cookies, for browsing a website according to a set of selected criteria (for example, language, products selected for purchase), to improve overall service quality.

On the other hand, “profiling cookies”, which are cookies designed to remember your preferences, to improve and customise your browsing experience and/or display marketing communications, in accordance with the preferences you express as you browse, as well as for third-party statistical or analytical cookies, require your prior consent, unless you take measures to reduce their ability to identify you and the third-party’s ability to cross-reference the information collected with other data it already holds.


  1. Types of cookies used by the Website and enabling/disabling them

SThe Website uses only necessary “technical” cookies, to operate properly and allow you to view its content, and disabling them would result in the Website malfunctioning. Technical cookies also include functionality cookies used to enable specific functions of the Website and for Website configuration based on your choices (for example, language), as well as to improve your browsing experience.


In detail, the Website installs the following cookies:


Type of cookie and owner Purpose Technical name Duration Category
(first/third party)
Technical/Necessary
(SAP)		 This cookie is installed on the user’s device during a session for user identification throughout the session. JSESSIONID [x2] Session First party
Technical/Necessary
(SAP)		 This cookie is used to maintain the session, to redirect the user from the public section of the website to the SAP SuccessFactors pages. route Session First party
Technical/Necessary
(SAP)		 This cookie is mandatory and is used to direct requests to the correct data centre.
If disabled, users will no longer be able to access the website.		 careerSiteCompanyId Session First party
Technical/Necessary
(SAP)		 This cookie is used to track a visit across multiple requests. dtCookie Session First party
Technical/Necessary
(SAP)		 This cookie is generated and used by the browser and is related to site preferences. PRF_COOKIE_DEFAULT Session First party
Technical/Necessary
(SAP)		 This cookie is used to distribute website traffic across different servers to optimise response times. BIGipServer# Session First party

Disabling technical cookies may prevent you from using the Website and viewing its content.
You can block or delete technical cookies (in whole or in part) using the specific web browser functions. To disable cookies, or for more information on how to set your cookie preferences via your web browser, please refer to the relevant instructions:

Internet Explorer
Firefox
Chrome
Safari
Opera
Edge

https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac

You will need to reset your cookie preferences if you use different devices or browsers to access the Website.
Regarding the collection source, personal data are collected directly while browsing the Website and when using the available services.


3. PURPOSE AND LEGAL BASIS FOR PROCESSING AND DATA PROVISION

  1. Browsing the Website, registering a personal account and managing security
    2.

    The Data Controller will process your personal data, referred to in paragraph 2, in accordance with Article 6(1)(b) of the GDPR (legal basis: performance of a contract or taking steps at the request of the data subject prior to entering into a contract), in order to enable browsing and to access the various Website sections, to allow you to register and manage your personal account, and to ensure the overall security and proper technical operation of the Website ("service provision purpose"). Providing your personal data for this purpose is optional but necessary to allow you to browse the Website and use the features reserved for registered users. If you fail to provide such data, the Data Controller may not be able to grant you access to the services offered.


  2. Subscribing to the ITA Airways job opportunities newsletter
    3.

    The Data Controller will process your personal data, subject to your specific consent pursuant to Article 6(1)(a) of the GDPR, to enable you to subscribe to the ITA Airways job opportunities newsletter and to email communications about the Company events, initiatives and professional opportunities, including new job postings and further employment opportunities ("newsletter subscription purpose").
    The legal basis for this type of processing is the free, specific and informed consent given by the data subject at the time of subscribing to the newsletter. You may withdraw your consent, or object to the processing of your data, at any time by contacting the Data Controller and/or the DPO at the contact details provided in paragraph 7 of this policy, or by using the dedicated unsubscribe link at the bottom of each email received. Withdrawal of consent does not affect the lawfulness of the processing activities prior to withdrawal. Providing your personal data for the newsletter subscription purpose is optional, and failure to give your consent will not entail any consequences, nor will it in any way affect your ability to access and browse the Website.


    Once provided, personal data may also be processed by ITA Airways for the following purposes:


  3. fulfilment of legal obligations, regulations or national and EU legislation to which the Data Controller is subject, including the provisions of the Data Protection Authority and/or the decisions of judicial and/or administrative authorities (“compliance purpose”). The legal basis for this purpose constitutes lawful processing of personal data pursuant to Article 6(1)(c) of the GDPR;

  4. in the event that it is necessary to establish, exercise or defend a right in court or out of court, including debt recovery (“defence purpose”), for the pursuit of the Data Controller’s legitimate interest pursuant to Article 6(1)(f), in that, once you provide your personal data it may become necessary to process the data in order to establish, exercise or defend a right in court, or whenever the judicial authorities exercise their functions.

4. PERSONAL DATA RECIPIENTS

We may disclose your Personal Data to the following parties (collectively referred to as the Recipients), for the purposes set out in paragraph 3 of this Notice:

  1. the parties authorised by the Data Controller pursuant to Articles 29 and 32 of the GDPR and Article 2-quaterdecies of the Privacy Code, in order to process personal data required to carry out activities that are strictly related to the use of the Website. These parties must undertake to observe strict confidentiality obligations or enter into an ad hoc confidentiality agreement;
  2. the parties acting as data processors, pursuant to Article 28 of the GDPR, on behalf of the Data Controller, especially those providing services required for the Website operations (e.g. hosting providers, technical maintenance service providers, suppliers providing services related to the management of the Website, etc.). The full list of data processors is available upon written request to the Data Controller and/or DPO, at the contact details provided in paragraph 7 of this Notice;
  3. the parties, entities or authorities to whom disclosure is mandatory under the law, or if required by the competent authorities. Such parties will process any personal data as independent data controllers.

5. TRANSFER OF PERSONAL DATA

The Data Controller will process and store the personal data it collects through the Website in its servers located in the European Economic Area (EEA). In certain specific circumstances (e.g. for purposes related to the electronic storage and management of data), some of your data may be provided to Recipients who may then transfer them to third countries. In this case, the Data Controller guarantees that the personal data transferred to Recipients located in third countries outside the EEA, or by international organisations, will be processed in accordance with the law, or any of the methods permitted by law, pursuant to Articles 44–49 of the GDPR, such as, for example, the consent of the data subject, the adoption of Standard Contractual Clauses approved by the European Commission, the selection of entities participating in international programmes for the free movement of data, in accordance with Recommendation 01/2020 adopted on 10 November 2020 by the European Data Protection Board.
Further information is available by sending a written request to the Data Controller and/or the DPO at the addresses indicated in paragraph 7 of this Notice.


6. STORAGE OF PERSONAL DATA

Personal Data processed for the purposes set out in section 3, points (a) and (b) of this Notice, will be stored by the Company solely for the time strictly required to fulfil those purposes, in accordance with the principles of data minimisation and storage limitation provided for in Article 5(1)(c) and (d) of the GDPR. Personal data processed for the purposes referred to in point (a) of paragraph 3 of this Notice will be stored for the time strictly required to fulfil the said purposes, namely, for the time required to perform the requested service, also taking into account the storage periods provided by law. For the newsletter subscription purpose referred to in point (b) of paragraph 3 of this Notice, your personal identification and contact details will be processed until you withdraw the consent given pursuant to Article 7 of the GDPR and/or until you object to the processing pursuant to Article 21 of the GDPR.
In any case, the Data Controller reserves the right to store the data for the time required to fulfil any regulatory obligations to which it is subject and/or to meet any defence requirements.
Further information regarding the data storage period, and the criteria used to determine such a period, may be requested by sending a written request to the Data Controller and/or the DPO at the addresses indicated in paragraph 7 of this Notice.


7. RIGHTS OF DATA SUBJECTS

Data subjects may exercise their rights and/or request information regarding the processing of their personal data by contacting the Data Controller and/or the DPO at the contact details provided below, preferably by including the phrase "Request to exercise privacy rights" in the subject line of the communication.


In particular, they may exercise the following rights at any time:

  1. right to withdraw the consent granted to processing (Article 7 of the GDPR) – You have the right to withdraw your consent to processing at any time, without this affecting the lawfulness of the processing carried out prior to the withdrawal;
  2. right of access (Article 15 of the GDPR) – You have the right to obtain confirmation as to whether or not your personal data are being processed, as well as the right to receive all information relating to such processing;
  3. right to rectification (Article 16 of the GDPR) – You have the right to obtain the rectification of your personal data, if it is incomplete or inaccurate;
  4. right to erasure (Article 17 of the GDPR) – In certain circumstances, you have the right to obtain the erasure of your personal data held in our records;
  5. right to restriction of processing (Article 18 of the GDPR) – Under certain conditions, you have the right to obtain the restriction of the processing of your personal data;
  6. right to data portability (Article 20 of the GDPR) – You have the right to transmit your personal data to another controller and to receive the data concerning you in a structured, commonly used and machine-readable format;
  7. right to object (Article 21 of the GDPR) – You have the right to object, at any time, to the processing of your personal data, setting out the reasons justifying the objection. The Data Controller reserves the right to assess such a request, which may be rejected if there are compelling legitimate grounds for the processing which override your interests, rights and freedoms. Furthermore, you may object to – and therefore stop receiving – marketing newsletters via the dedicated link found at the bottom of every commercial email received. In any case, you may always exercise this right by writing to the Data Controller and/or the DPO at the contact details provided below;
  8. right to lodge a complaint with the supervisory authority (Article 77 of the GDPR) – In accordance with the procedures set out in the following paragraph, if you consider that the processing concerning you infringes the data protection legislation, you may lodge a complaint with the supervisory authority of the Member State in which you habitually reside, work or where the alleged infringement occurred;
  9. right to effective judicial remedy (Article 79 of the GDPR).

To exercise any of your rights, you may contact the Data Controller, in the person of the legal representative of the Company, by sending a letter to the registered office at Via XX Settembre 97, 00187 Roma (RM), or by writing to the PEC registered email address italiatrasportoaereo@legalmail.it


Alternatively, you may contact the Data Protection Officer by sending a letter to the ITA Airways Data Protection Officer, Via XX Settembre 97, 00187 Roma (RM), or by sending an email to dpo@ita-airways.com, providing the following details:

  1. Your first name, last name and postal address
  2. The details of your request

8. AMENDMENTS

The Data Controller reserves the right to amend or simply update this Notice, in part or in full, also as a result of changes in the applicable legislation. The Data Controller therefore invites you to visit this section on a regular basis, to find out if a more recent and up-to-date version of the privacy notice has been issued.