Privacy statement PRM

Schiphol Nederland B.V. (‘Schiphol’) is committed to protecting your privacy. In this privacy statement, we explain how we handle the personal data we process within our services for Passengers with Reduced Mobility (PRM):

PRM-assistance

What personal data do we process?
In providing the PRM-assistance, the following personal data may be processed:

  • Contact details: title, initials, first and last name, telephone number, address details, date of birth and e-mail address.
  • Assistance needs and support aids.
  • Flight details, including:
    • Date and time of flight
    • Flight number
    • Aircraft seat number
    • Additional data, such as:
      • Onward flights from an outstation
      • Ticket number
      • Travel class
  • Other information provided by the airlines
  • Service data:
    • Assistance type, based on the internationally recognized PRM codes (WCHR, WCHS, WCHC, DEAF, BLND, DEAF/BLND, DPNA).
    • PRM request creation date and time
    • Execution date and time PRM request
    • Process type (arriving, transferring, departing)
    • Start point PRM handling
    • Start time PRM handling
    • End point PRM handle
    • End time PRM handling
    • Source of the request
    • Connected / Non-connected (in other words: whether aircraft is connected to the terminal)
    • Self service
    • Absent
    • Partial flight path
  • Notes or comments made during direct contact, for example, during communication via a callpoint, interaction with staff in the assistance waiting area, or during the provision of the assistance.

To provide PRM-assistance, we receive personal data provided by the passenger to the airline. Usually, we receive this data via SITA, the company that provides the global messaging infrastructure platform within the aviation sector.

Why do we process your personal data?
The PRM-assistance at Schiphol is provided in accordance with EC Regulation No. 1107/2006 and the so called interpretative guidelines. Based on this this PRM Regulation, Schiphol is obligated to assist persons with reduced mobility to enable them to fly. In this context, Schiphol processes personal data based on the GDPR legal basis of ‘legal obligation to comply with the PRM Regulation.’ Schiphol processes health data under the exception of ‘substantial public interest under Union law (PRM Regulation).’

In addition, Schiphol conducts analyses based on data processed during the provision of the PRM-assistance. These analyses aim to improve the PRM-assistance. Schiphol has a legitimate interest in performing these analyses. The PRM service ensures that all passengers can use the airport and safely and timely reach or leave their aircraft via this route. Schiphol's interest lies in making its airport as accessible as possible, ensuring that every traveler can use this route. These interests are of a societal nature. Schiphol does not pursue commercial objectives when offering the PRM-assistance.

How long do we retain your personal data?
Personal data processed by Schiphol in the performance of the PRM-assistance will be retained for up to two years to deal with (possible) passenger complaints.

Who do we share your personal data with?
The PRM-assistance is outsourced to a third party Axxicom Airport Caddy B.V. ("Axxicom"). Axxicom is a processor within the meaning of the GDPR.
With Schiphol's consent, Axxicom uses the following sub-processors, which process personal data on behalf of Axxicom:

  • ASC: Trigion Alarmcentrale B.V., also trading as AlarmServiceCentrale, a third party service provider engaged by Axxicom to manage the databases.
  • ENAI: E.N.A.I. Systems B.V., a third-party service provider engaged by ASC, which maintains the databases and makes back-ups.
  • Inform: a third-party service provider engaged by Axxicom, which provides Axxicom's planning system.

The airlines are involved in the PRM-assistance, but have no access to the personal data that Schiphol (actually Axxicom) processes in this context. Only anonymous reports are shared by Axxicom with the airlines.

PRM-callpoint

What personal data do we process?
When the passenger uses the PRM call point, a direct connection is established between the passenger and an Axxicom staff member (the third party responsible for providing PRM services). This enables Schiphol to deliver the best possible service by utilizing the following features:

  • Audio Function: During the use of the PRM call point, the conversation (and thereby the passenger's voice) is shared in real-time with an Axxicom staff member.
  • Video Function: The video connection ensures that an image of the passenger is shared with an Axxicom staff member, while bystanders are not recognizable on screen due to the blur function

Why do we process your personal data?

  • Audio Function: To enable verbal communication. This is especially useful in situations where rapid interaction is required, and textual communication would be too slow or impractical.
  • Video Function: To provide a visual representation of the passenger requiring assistance. This allows the staff member to better identify (and relay) which passenger needs support, improving the quality of the assistance provided.

Specifically for the PRM call point, a legal basis can be found in the obligation set out in Article 7, paragraph 3, of the PRM Regulation. Schiphol is required to make all reasonable efforts to assist PRM passengers without a reservation. This service is best provided through the PRM call point, as it is the most effective way to clearly identify the needs of the PRM passenger and take appropriate action based on this information.

How long do we retain your personal data?
The PRM call point only establishes a connection when you make a call. Images and audio are shared in real-time (live) with the Axxicom staff member and are not stored.

Who do we share your personal data with?
The software provider for the call and audio function manages the technical operations remotely and therefore has access to the personal data. A data processing agreement has been established with this party.

Do we process your personal data outside the European Economic Area? Schiphol processes your personal data primarily within the European Economic Area. In some cases, the software provider for the audio and video functions requires access to perform technical management. This also involves access to personal data. The software provider is based in the US and is certified under the EU-US Data Privacy Framework. The European Commission has determined that the US provides an adequate level of data protection in this case. As a result, personal data from the European Economic Area can be transferred to the US without the need for additional measures.

Autonomous Wheelchair

What personal data do we process?
When you use the Autonomous Wheelchair, we process the following personal data:

  • Wheelchair number
  • Location of the wheelchair
  • Route taken by the wheelchair
  • Status of the wheelchair (in use)

Why do we process your personal data?

Safety and Support: If a wheelchair stops in an unusual place or gets stuck, this can be quickly detected, and immediate action can be taken. This enhances user safety and prevents operational disruptions. In case of technical issues or if a passenger needs assistance, the exact location can be quickly determined to provide help.
Efficiency: By knowing the real-time location of the autonomous wheelchairs, Schiphol can efficiently manage and deploy these wheelchairs where they are most needed. This prevents unnecessary downtime. Passengers needing a wheelchair will have shorter waiting times.
Data analysis and planning: Collecting data on the use of autonomous wheelchairs provides insights into peak times, frequently used routes, and the efficiency of current deployment. This helps in planning and improving future services and determining the required number of wheelchairs at specific times and locations.

Schiphol bases the processing of personal data for these purposes on the legal basis of ‘legitimate interest’.

How long do we retain your personal data?
Your personal data will be deleted 48 hours after using the wheelchair.

Who do we share your personal data with?
The technical management of the wheelchair and the application in which the personal data are processed is handled by an external supplier. Consequently, they also have access to the personal data.

Do we process your personal data outside the European Economic Area?
Schiphol process your personal data in principle only within the European Economic Area. As needed, the external supplier, has access to your personal data from Japan. The European Commission has determined that Japan provides an adequate level of data protection. The effect of this decision is that personal data can flow from the European Economic Area to Japan without any further safeguard being necessary.

Which rights do you have?

Access to, amendment and deletion of your personal data
You have the right to know what personal data on you are processed by Schiphol. If we have not obtained the data directly from you, you also have the right to know from what source they derive and to receive a copy thereof.

If your personal data proves to be incorrect, you can ask us to amend your data. You can also request us to delete personal data and to discontinue their use.

Restriction of processing
If in your opinion we are not processing your data in a correct manner, you can request a restriction of the processing.

Lodging an objection
You can also object to the processing of personal data by Schiphol. If you lodge an objection, we will in principle temporarily discontinue or restrict the processing. If your objection is accepted, we will definitively discontinue or restrict the processing.

You can also ask us to share the rationale of our legitimate interest.

Your request and our response
If you have a question, a request or if you wish to lodge a objection, email our Data Protection Officer via dpo@schiphol.nl. We will do our utmost to respond to your request in a timely manner.

We may ask you to send us a copy of a valid ID if this is necessary in order to confirm your identity.

If any part of your request is unclear to us, we may ask you to specify your request and/or to supplement it, to enable us to provide you with the best possible service.

Whose privacy statement is this and how can you contact us?

Who is the controller?
This privacy statement is issued by Schiphol Nederland B.V. Our contact details:

Schiphol Nederland B.V.
P.O. Box 7501
1118 ZG Schiphol

How to contact our Data Protection Officer (DPO)
Schiphol has a Data Protection Officer (DPO) for all your questions concerning privacy. The DPO also provides advice to us and monitors compliance with the privacy laws and regulations by Schiphol.

Do you have any questions or requests concerning your data? If so, you can send an email to the DPO via dpo@schiphol.nl or send a letter to our postal address, for the attention of the Data Protection Officer. Together with your request, please provide your name, address, email address and telephone number.

How to lodge a complaint with the Dutch Data Protection Authority?

If you are not satisfied with the way we handle your privacy or the handling of your request or objection, you can submit a complaint to the the Dutch Data Protection Authority.

Where can you find the latest version of this privacy statement?

If necessary, we will update this privacy statement. This may be due to changes in policies, changes in the processes in which we incorporate your personal data or changes in the systems we use to process data.

This version was issued in November 2024.