Schiphol Nederland B.V. (Schiphol) operates in line with its key values of efficiency, hospitality, inspiration, sustainability and reliability. For Amsterdam Airport Schiphol, it is very important that you feel welcome at the airport and that your personal data is treated in a reliable and sustainable manner.
See also the Schiphol App Privacy Statement for use with the Schiphol App.
With this Privacy Statement, Schiphol wants to offer maximum transparency on how Schiphol treats personal data processed via the Schiphol app and for what purposes these data are used.. This Privacy Statement applies to all processing of your personal data by or on behalf of Schiphol and its subsidiaries at the Amsterdam Airport Schiphol location (Schiphol Real Estate B.V. and Schiphol Telematics B.V.).
This Privacy Statement applies to the following persons:
- Persons that use products or services offered via the Schiphol website, offered either by Schiphol or third parties (e.g. flights, vacations and parking).
- Persons that sign up to receive information from Schiphol (e.g. newsletters).
- People that provide us with feedback via our websites or social media channels.
- Visitors to our website.
- User of our app.
- Passengers and other visitors of Amsterdam Airport Schiphol.
This Privacy Statement does not apply to the processing of data conducted by third parties, such as airlines, handling agents, tenants, security companies and the Royal Netherlands Marechaussee. Schiphol has no access to this data processing by third parties or to the data involved, and cannot be held responsible for it.
Personal data processing
In specific cases, Schiphol needs to process your personal details to conduct its operations, such as your name, address, email address and any other details it may require. In such cases, Schiphol processes your personal details for communication purposes, to make bookings and/or payments or deal with a complaint. Personal data is processed based on the principles set out in the Personal Data Protection Act (Wbp).
The Data Protection Officer, who fulfils the tasks of the Data Protection Authority at Schiphol, will check that the personal data is being processed in accordance with the provisions of the Personal Data Protection Act.
For what purposes does Schiphol process your data?
Schiphol first determines why it needs to process certain data. Schiphol processes personal data for the following purposes:
1. To implement statutory regulations and tasks in the public interest.
a) Implementation of statutory regulations. There are a number of legal obligations that require personal details to be processed to comply with the statutory regulations. This includes such matters as incidents registration in the area of occupational health and safety and registrations related to civil aviation security.
When you use the automatic border passage, the system will store your data for 24 hours for the purpose of border control. Amsterdam Airport Schiphol manages this system, in the capacity of processor, by the order of the Royal Netherlands Marechaussee. The Royal Netherlands Marechaussee is the controller for these data, which it processes as part of its border control duties.
Third parties at the airport also process personal data in order to comply with statutory obligations, such as retailers that scan your boarding pass. By law, retailers are required to record whether a taxable or tax-free product was sold, which will depend on your destination: within or outside the EU. Retailers must also verify whether a customer is actually a passenger, rather than a Schiphol employee. The latter group is not eligible for the discount.
b) Safeguarding security. The safety of all visitors and Schiphol staff is paramount to us. Personal data that may be processed for this purpose include camera images, for example.
c) Protecting civil aviation. Since 1 April 2003, the government has tasked Schiphol with carrying out preventative security checks on passengers and baggage in the terminal. Schiphol has outsourced these tasks to security companies. Final responsibility for these security checks lies with the Minister of Security and Justice and the Royal Netherlands Marechaussee. In performing its task as the operator of the airport, Schiphol processes personal details for civil aviation security purposes. Personal details are processed for access control of employees at Schiphol, for example. Schiphol also uses security cameras in the terminal. As part of its security tasks, Schiphol processes boarding pass data provided at the security entryways (self-service boarding pass checks).
2. Supply of services and products to customers and passengers.
a) For the performance of agreements that Schiphol enters into via its website, Schiphol uses personal details, such as the details required for booking and paying for parking at the airport. Schiphol also processes the data of Privium members required for Privium services. Via its website, Schiphol also processes data relating to See Buy Fly products that interest its visitors.
b) Schiphol also processes your personal data in order to improve our services and to keep you informed about the services and products you purchase or may purchase from us, as explained in further detail in this privacy statement, unless you have objected to this use of your data.
c) If you are a Schiphol customer, we combine information we obtain when you purchase one or more products or services from us, such as Schiphol Parking, Privium and See Buy Fly. We do this for administrative purposes and in order to gain a complete overview of the products and services you have purchased from Schiphol. In turn, this will allow us to provide you with better service if you contact us and to offer you other products and services that may be of interest to you.
d) As well as the information you provide, we also request information from external sources that we consider reliable. We do this in order to improve our services and provide you with targeted offers. The sources concerned include market research agencies and data enrichment service providers.
3. Optimisation, monitoring and analysis of company processes and systems.
Schiphol processes personal details to optimise its business processes, such as the baggage process and passenger process. To better understand your experience at Schiphol as a passenger (and possibly optimise your travel experience), Schiphol processes your ‘passenger journey’ information for analytical purposes. Are you on the Schiphol grounds? If so, your personal details may be processed for that purpose.
To ensure your journey via Schiphol is as pleasant as possible, we measure the number of passengers to allow us to give you information on expected peaks and waiting times. In the terminal we therefore work with a Wi-Fi and Bluetooth tracking system. You are of course always free to switch off your Wi-Fi and Bluetooth. Schiphol uses sensors to trace Bluetooth and wifi signals. A device (mobile telephone, laptop, etc.) can be identified by its unique ‘MAC address’. This MAC address does not link to individual user data and personal information is not compromised.
Schiphol also uses camera images for crowd management; The goal is to gain insight into the number of people in queues, the density of people in spaces and the occupation of desks. With this information, we can also make predictions regarding numbers of passengers / visitors
You can find a detailed technical description of the measures Schiphol takes to protect your privacy.
4. Operation of Schiphol online services such as its website, the Schiphol app and social media.
a) The Schiphol website tracks general user data, such as the most frequently requested pages, without identifying specific users. The aim of this is to ensure our website keeps responding to the needs of our users as effectively as possible. This information may also be used to place more targeted information on the website, allowing us to further optimise the services we offer to you via the Schiphol website.
b) If you sign up for our online newsletter, you give us permission to use your email address to send you the newsletter and other information, such as offers and questionnaires. You can always unsubscribe from this via the link at the bottom of the newsletter page of every newsletter.
c) The Schiphol web server automatically collects IP addresses. Your IP address is a number with which computers on the network can identify your computer, so that data (such as internet pages) can be sent to your computer. You cannot be identified personally with an IP address. We use IP addresses to manage the website and ensure the information it contains is as relevant as possible.
d) During your visit to the Schiphol website, cookies are created and accessed by our systems. A cookie is a compact piece of information which is stored on your computer. Most browsers accept cookies; however, it is generally possible to change the settings of a browser so that it no longer accepts cookies. Schiphol uses functional cookies to ensure that the website is functioning optimally and is as relevant as possible. Functional cookies are deleted after you close your browser.
e) Social media. On our social media channels you will find offers as well as information, useful facts and news about Schiphol. These channels are an easy way to contact Schiphol, participate in discussions, respond to posted content or take action in some other way. We are always happy to exchange ideas with you and are curious about what you think of Schiphol and its services. Engaging with customers like this allows us to continually improve our service. We request that you do not post privacy-sensitive information of yourself or others (e.g. email address, name, address, telephone number) on these channels where anyone can access it, but that you share this information with us via a private message if necessary. Schiphol will only use the information you share with us to address your query and to improve our customer service. Schiphol reserves the right to delete privacy-sensitive data that is publicly accessible.
f) It is possible to click through to websites of other parties via the Schiphol website. Schiphol cannot be held liable for how these other parties treat personal information. We advise you to carefully read the policy statements of these other parties. The terms and conditions on those websites may vary from those of Schiphol.
g) Schiphol offers services via the Schiphol app. Click here for more information about these personal data via this app.
h) IT Security Purposes. Schiphol is committed to protecting your personal data, and we do this by way of IT Security monitoring. This aspect is important in connection with the increased monitoring of IT security at Schiphol.
5. Recruitment and selection
Schiphol only uses applicants’ personal data for recruitment and selection purposes. Schiphol will, unless required by law, not provide this information to other persons or bodies outside Schiphol Group without the applicant's express permission. The applicant's data shall be deleted no later than four weeks after the application process has been terminated, unless the personal data is retained for one year after termination of the application procedure due to possible future vacancies with prior consent of the person concerned. This permission and retention period are laid down in the Exemption Decree Act on Personal Data Protection.
Schiphol does everything within its power to protect your personal data against loss and unauthorised use. All Schiphol employees who have access to personal data as part of their work are required to maintain confidentiality. Your data will only be supplied to third parties if this is necessary for the performance of the aforementioned purposes. Schiphol has agreed in a data processing agreement with Schiphol partners who are responsible for performing certain services or parts thereof that they will also do everything within their power to protect your personal data and that they will comply with the provisions of the Data Protection Act.
Schiphol will endeavour to ensure that processed personal data are accurate and precise. Moreover, Schiphol will not process more personal data than necessary. In addition, the personal details of the parties concerned will not be retained by Schiphol longer than is necessary for the purposes for which they have been collected or for which they will be further processed. Schiphol has defined/will define a suitable retention time in each case for any personal data which it processes.
If you would like to know which data of yours Schiphol has and for what purposes it will be processed, or if you wish to amend your personal data or have it deleted, you can request access to your personal data or for it to be amended or deleted. You can also object to your personal data being processed. You can do this by sending an email to firstname.lastname@example.org.
Recipients of your data
The following individuals and/or organisations may receive your personal data:
a) Anyone at Schiphol who is responsible for carrying out or supervising tasks related to the processing of your personal data or anyone involved in this; b) processors and subprocessors contracted by Schiphol to perform certain tasks relating to the processing of your personal data; c) within the scope of the automatic border passage, the Royal Netherlands Marechaussee shall be provided with the personal data required for the performance of its duties; d) government bodies, agencies and organisations, such as the police and judicial authorities, to the extent required to fulfil their legal obligations.
Forwarding of details to countries outside the EU
In certain cases, Schiphol forwards personal data to countries outside the EU, but ensures that this takes place in accordance with the relevant legal requirements, e.g. using EU model contract conditions.
The Data Protection Officer keeps a public register of the data processed by Schiphol.
Questions, complaints and objections
This version was drawn up on 11 August 2017.
Schiphol Nederland B.V.
PO box 7501
1118 ZG Schiphol
Evert van de Beekstraat 202
1118 CP Schiphol