Privacy statement PRM

In providing the PRM service, the following personal data may be processed:

• Contact details: title, initials, first and last name, telephone number, address details, date of birth and e-mail address.
• Assistance needs and support aids.
• Flight details, including:
  • Date and time of flight
  • Flight number
  • Aircraft seat number
  • Additional data, such as:
    • Onward flights from an outstation
    • Ticket number
    • Travel class
• Other information provided by the airlines
• Service data:
  • Creation date and time PAL/CAL/PSM (types of service)
  • PRM request creation date and time
  • Execution date and time PRM request
  • Process type (arriving, transferring, departing)
  • Start point PRM handling
  • Start time PRM processing
  • End point PRM handle
  • End time PRM handling
  • Source of notification
  • Connected / Non-connected (in other words: whether aircraft is connected to the terminal)
  • Self service
  • Absent
  • Partial flight path
• Camera images: if you use the PRM call points at Schiphol, a video connection will be established to provide the best possible assistance.

PRM services are provided at Schiphol in accordance with EC Regulation No 1107/2006 and the so-called interpretative guidelines of June 2012. Based on this PRM regulation, Schiphol is obliged to provide assistance to persons with reduced mobility so that they are able to fly. In this context, Schiphol processes personal data on the basis of the GDPR legal basis 'legal obligation to comply with the PRM Regulation'. Schiphol processes health data on the basis of the exception ground 'substantial public interest under Union law (PRM Regulation)'.

In addition, Schiphol performs analyses based on data processed by Schiphol during PRM service provision. The following data will not be processed for analysis purposes:

• the directly identifiable personal data, such as the passenger's name; and
• the special categories of personal data, such as the data that state something about the assistance required.

These analyses take place in order to improve the PRM service. Schiphol has a legitimate interest to do so.

The PRM service results in all passengers being able to use the airport and reach and/or leave their aircraft safely and on time via this route. Schiphol's interest is that it wants its airport to be as accessible as possible so that every passenger is able to travel via this route. These interests are societal in nature. Schiphol does not pursue a commercial goal when offering PRM services.

PRM service
Personal data processed by Schiphol in the performance of the PRM service will be retained for up to two years to deal with (possible) passenger complaints.

Analyses
Part of the data that Schiphol obtains from passengers in the context of providing PRM services is also used by Schiphol to perform analyses. To this end, the indirectly identifiable personal data are exported to a separate database. The data will be retained for a maximum of five years.

The PRM service is outsourced to a third party Axxicom Airport Caddy B.V. ("Axxicom"). Axxicom is a processor within the meaning of the GDPR.

With Schiphol's consent, Axxicom uses the following sub-processors, which process personal data on behalf of Axxicom:

• SITA: This company provides the global messaging infrastructure platform within the aviation sector, including in the area of PRM services on behalf of Schiphol, Axxicom and airlines, among others.
• ASC: Trigion Alarmcentrale B.V., also trading as AlarmServiceCentrale, a third party service provider engaged by Axxicom to manage the databases.
• ENAI: E.N.A.I. Systems B.V., a third-party service provider engaged by ASC, which maintains the databases and makes back-ups.
• Inform: a third-party service provider engaged by Axxicom, which provides Axxicom's planning system.

The airlines are involved in the PRM service, but have no access to the personal data that Schiphol (actually Axxicom) processes in this context.

Only anonymous reports are shared by Axxicom with the airlines.

The PRM service can be used by anyone who meets the definition of someone with reduced mobility as stated in the PRM Regulation. This makes the PRM service provided by Schiphol international in character.

At its core, the PRM service provides assistance to data subjects carried out in the Netherlands (Schiphol). It is possible that the data processing extends beyond the Netherlands itself. This is the case, for example, when a passenger residing abroad contacts Schiphol directly about the desired PRM service. It may also be the case that Schiphol receives, through the airline, personal data from passengers who are not in the Netherlands at that time.

No transfers of personal data take place by or to Schiphol's data processors outside the European Economic Area (EEA).

Access to, amendment and deletion of your personal data
You have the right to know what personal data on you are processed by Schiphol. If we have not obtained the data directly from you, you also have the right to know from what source they derive and to receive a copy thereof.

If your personal data proves to be incorrect, you can ask us to amend your data. You can also request us to delete personal data and to discontinue their use.

Restriction of processing and right to transfer your data
If in your opinion we are not processing your data in a correct manner, you can request a restriction of the processing.

You can also ask us to transfer your digital personal data to you or to another party in a readable and usable form.

Lodging an objection
You can also object to the processing of personal data by Schiphol. If you lodge an objection, we will in principle temporarily discontinue or restrict the processing. If your objection is accepted, we will definitively discontinue or restrict the processing.

Your request and our response
If you have a question, a request or if you wish to lodge a objection, email our Data Protection Officer via dpo@schiphol.nl. We will do our utmost to respond to your request in a timely manner.

We may ask you to send us a copy of a valid ID if this is necessary in order to confirm your identity.

If any part of your request is unclear to us, we may ask you to specify your request and/or to supplement it, to enable us to provide you with the best possible service.

Who is the controller?
This privacy statement is issued by Schiphol Nederland B.V. Our contact details:

Schiphol Nederland B.V.
P.O. Box 7501
1118 ZG Schiphol

How to contact our Data Protection Officer (DPO)
Schiphol has a Data Protection Officer (DPO) for all your questions concerning privacy. The DPO also provides advice to us and monitors compliance with the privacy laws and regulations by Schiphol.

Do you have any questions or requests concerning your data? If so, you can send an email to the DPO via dpo@schiphol.nl or send a letter to our postal address, for the attention of the Data Protection Officer. Together with your request, please provide your name, address, email address and telephone number.

If you are dissatisfied with the way in which we treat your privacy or handle your request or objection, you can file a complaint with the Dutch Data Protection Authority.

If necessary, we will update this privacy statement. This may be due to changes in policies, changes in the data processing operations or changes in the systems we use to process personal data.