Image de l'icône
Lyon Aéroports
Téléchargez l’application Lyon Aéroports
Télécharger

Personal data protection policy

Edito données personnelles header

Personal data

How we protect your personal data 

 

AEROPORTS DE LYON is required, within the framework of its activities, to process Personal Data (as defined below) concerning its customers and prospective customers. AEROPORTS DE LYON is committed to protecting its customers’ personal data and ensures that such data is processed securely in accordance with the regulations in force. 

AEROPORTS DE LYON undertakes to comply with the legal and regulatory provisions in force relating to Information Technology, Files and Civil Liberties, in particular with the amended Act No. 78‐17 of 6 January 1978 of the French Parliament and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and to the free movement of such data (hereinafter referred to as the “Regulations”). 

The purpose of this policy is to inform the data subjects of the main data processing involving their personal data.

The following definitions are used in the Personal Data policy

  • Personal Data:

refers to all information that, directly or indirectly, identifies a natural person or makes a natural person identifiable, and, more specifically, the data specified below. 
•    Data Subject: 
refers to the natural person whose Personal Data is collected and processed by AEROPORTS DE LYON or a Data Processor. 
•    Processing: 
refers to any operation or set of operations carried out using automated or manual processes in electronic or paper format, such as the collection, recording, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, or distribution of Personal Data. 
•    Data Controller: 
refers to the natural or legal person, public authority, service, or other body that, alone or jointly with others, defines the purposes and means of processing of the data. 
•    Data Processor: 
refers to any person outside of AEROPORTS DE LYON who performs any activity on behalf of AEROPORTS DE LYON resulting in any form of access to Personal Data. 
•    Websites: 
refers to the websites of AEROPORTS DE LYON with the following URL addresses:



PASSENGER CUSTOMERS

  • www.lyonaeroports.com: Corporate website of Aéroports de Lyon: practical information about the airport, flights and destinations.
  • store.lyonaeroports.com  :  Products and services provided by Aéroports de Lyon and its partners
  • https://www.skiairports.com :  Web portal for booking transport for Alpine ski resorts


BUSINESS CUSTOMERS PARTNERS AND SUPPLIERS 
 

  • entreprises.lyonaeroports.com : Portal for Aéroports de Lyon partner sites
  • https://cargoport.lyonaeroports.com : Website dedicated to Cargo activities
  • https://businessaviation.lyonaeroports.com : Website dedicated to business aviation activities
  • https://immobilier.lyonaeroports.com : Website dedicated to real estate activities
  • https://cdm.lyonaeroports.com : Website for real-time flight data-sharing (controlled access)
  • https://compagnies.lyonaeroports.com : Website for airlines
  • https://pro.lyonaeroports.com : Website for travel agencies
  • https://commerces.lyonaeroports.com :  Website for airport retailers
  • https://publicite.lyonaeroports.com :  Website for airport advertisers
  • https://achats.lyonaeroports.com : Website for suppliers applying for public procurement contracts with Aéroports de Lyon
  • https://transports.lyonaeroports.com  : Website dedicated to road passenger transport professionals 
GENERAL PUBLIC
  • www.satoemplois.com : Website for jobs at Aéroports de Lyon 
    Aéroports de Lyon news website
  • https://developpementdurable.lyonaeroports.com : Website dedicated to sustainable development

AEROPORTS DE LYON regularly updates this personal data Protection Policy. Any changes shall be communicated by email to the Data Subjects, who may withdraw their consent at any time by notifying the AEROPORTS DE LYON Personal Data Protection Officer at the following email address: donnees‐personnelles@lyonaeroports.com. This policy was published on: d’AEROPORTS DE LYON à l’adresse courriel suivante donnees-personnelles@lyonaeroports.com
This policy was published on January 06, 2025



As a passenger customer

  

AEROPORTS DE LYON acts as Data Controller for the implemented data processing. 
Please consult the Website’s Legal Notices for more information about AEROPORTS DE LYON
For certain data processing, however, AEROPORTS DE LYON acts as data processor on behalf of airlines or the French State.

  

The following data processing operations are implemented for the purposes described and with the legal grounds specified in the lawful bases. The operations process the following data in line with the retention periods stated. 
Some data processing is implemented via the websites stated under DEFINITIONS; other processing is implemented directly at Lyon‐Saint Exupéry Airport.

Consult the document

  

Only authorised persons of Aéroports de Lyon can access the personal data. 
AEROPORTS DE LYON declares that it uses Data Processors for the hosting of Personal Data and for the fulfilment of the Processing Purposes. 
Personal data may be transferred to third parties for business purposes, including to airlines, to certain service providers involved in data processing, and to certain State executive bodies 

Consulter le document

  

AEROPORTS DE LYON is committed to implementing the following security measures: 
(a)    physical security measures designed to prevent unauthorised access to Personal Data, 
(b)    identity and access checks via an authentication system and a password policy, 
(c)    an Authorisation Management System, and, 
(d)    processes and systems for tracking all actions carried out on the AEROPORTS DE LYON information system and for reporting any incidents affecting Personal Data, in accordance with the Regulations. 

AEROPORTS DE LYON also applies the following principles:

  • For new data processing operations: privacy by design/by default
  • For staff: awareness campaigns and training sessions on personal data protection
  • For data processors: framing of the data processing entrusted to data processors in a contractual appendix


AEROPORTS DE LYON shall notify the supervisory authority concerned, and the Data Subject if necessary, of any Personal Data breach within no more than 72 hours of having been informed of it, by sending an email to the email address provided. This notification shall be accompanied by any relevant documentation.

  

In accordance with the regulations in force, you have the right to access and rectify your personal data and request its deletion and portability. You can also oppose the processing of the data or request that this processing be limited. 

If you have consented to the processing of your personal data, you can withdraw this consent at any time. You also have the right to define directives on the retention or deletion of your data after your death. 

You should contact the Aéroports de Lyon Personal Data Protection Officer (DPO) for any request concerning the exercise of the aforementioned rights. 

You can contact the Aéroports de Lyon Personal Data Protection Officer (DPO) by sending an email to: donnees‐personnelles@lyonaeroports.com with proof of your identity and specifying the right you wish to exercise. 
  
If, after contacting us, you feel that your rights to your data are not being respected, you can submit a complaint to the CNIL (www.cnil.fr/en).

ZENLINE, an innovative free slot reservation service enabling access to security checks without waiting, is offered by AEROPORTS DE LYON as an experimental service at Terminal 1 of Lyon-Saint Exupéry Airport.

LEGAL BASIS AND PURPOSES OF PROCESSING

The processing of personal data is based on the user's consent during the reservation of the ZENLINE service. The collected data is intended to allow the user to book a time slot for access to the ZENLINE security checkpoint at Terminal 1. The reservation is automatically linked to the boarding pass, enabling access to the ZENLINE passage via a boarding pass scan. Additionally, the data provided is used to collect user feedback on the service to improve the offering.

Providing data is necessary for the execution of this service; refusal to provide data will make it impossible to use the ZENLINE service. Furthermore, with the informed and unambiguous consent of the user, AEROPORTS DE LYON may process personal data for marketing purposes (sending newsletters, commercial information, and surveys). Refusal of this consent will not affect the use of the ZENLINE service.

CATEGORIES OF DATA PROCESSED

The data processed includes the first and last names of passengers/companions provided during the online reservation, email address, flight number, flight date, and airline. If the reservation is made for a third party, the user must ensure that the person concerned has read this Personal Data Protection Policy. By proceeding, the user agrees to inform the said person of the communication of their data to AEROPORTS DE LYON and releases AEROPORTS DE LYON from any liability in case of improper communication of such information.

Use of Data for Operational Purposes

The personal data collected as part of the ZENLINE service is also processed for operational purposes strictly necessary for the proper functioning of the service. This includes, in particular: • Verifying and matching the reservation with the passenger's boarding pass and flight information, as well as that of any accompanying persons, to ensure smooth and secure access to the ZENLINE lane. • Managing any anomalies or errors detected during the access process, in order to enable manual or automatic correction of malfunctions and to continuously improve the quality and reliability of the service. These processing activities are based on AÉROPORTS DE LYON's legitimate interest in ensuring the proper execution and optimization of the ZENLINE service, while respecting the rights and freedoms of the data subjects. The data used for these purposes will be limited to what is strictly necessary and will be processed only by authorized personnel or by the subcontractor responsible for the technical management of the service, within the scope of their respective duties.

Use of Data for Information/Marketing Purposes

As part of their travel preparation, passengers may receive transactional communications related to their flight (such as reminders, practical information, or service notifications), which are necessary for preparing the trip. Subject to their explicit consent (opt-in), passengers may also receive personalized commercial communications from AÉROPORTS DE LYON's, including promotional offers and specific information. Passengers may withdraw their consent at any time, in accordance with applicable personal data protection regulations.

PROCESSING METHODS

The data is processed in compliance with applicable regulations, using manual, computer, and electronic systems, ensuring the security and confidentiality of information. Passengers must scan their boarding passes according to standard procedures. For more details, please consult the privacy policy at https://www.lyonaeroports.com/en/privacy-policy . A confirmation email will be sent after the reservation; in case of an issue, this email will allow airport staff to verify access to the ZENLINE service. Users can consult, modify, or cancel their reservation at any time via the link in the confirmation email.

DATA RETENTION PERIOD

Personal data related to the reservation will be retained for the duration necessary for the use of the service, i.e., up to 72 hours after its use, and then deleted. For information on data retention related to security checks, consult the privacy policy. Marketing data will be retained for 3 years unless the user explicitly withdraws their consent.

DATA RECIPIENTS

Within AEROPORTS DE LYON, only individuals authorized by the Data Controller may access personal data as part of their duties. AEROPORTS DE LYON also works with COPENHAGEN OPTIMIZATION as a processor for managing this reservation service; they may also access data within the scope of their involvement.

DATA TRANSFER OUTSIDE THE EU

The data will neither be disclosed nor transferred outside the European Economic Area.

RIGHTS OF DATA SUBJECTS

Under Articles 15 to 22 of the GDPR, users have specific rights, including access, rectification, erasure, restriction of processing, withdrawal of consent, data portability, and the right to object. The Data Controller may refuse the exercise of this right to object if there are compelling legitimate grounds for continuing the processing. Users can exercise these rights via the link in their reservation or by withdrawing their consent to promotional emails through the opt-out link at the bottom of received emails.



As a Business customer, partner or supplier

  

AEROPORTS DE LYON acts as Data Controller for the implemented data processing. 
Please consult the Website’s Legal Notices for more information about AEROPORTS DE LYON
For certain data processing, however, AEROPORTS DE LYON acts as data processor on behalf of airlines or the French State.

  

AEROPORTS DE LYON acts as Data Controller for the implemented data processing. 
Please consult the Website’s Legal Notices for more information about AEROPORTS DE LYON
For certain data processing, however, AEROPORTS DE LYON acts as data processor on behalf of airlines or the French State. 
Consulter le document

  

Only authorised persons of Aéroports de Lyon can access the personal data. 
AEROPORTS DE LYON declares that it uses Data Processors for the hosting of Personal Data and for the fulfilment of the Processing Purposes. 
  
Personal data may be transferred to third parties for business purposes, including to airlines, to certain service providers involved in data processing, and to certain State executive bodies. The data processors used are as follows: 

Consulter le document

  

AEROPORTS DE LYON is committed to implementing the following security measures: 
(a)    physical security measures designed to prevent unauthorised access to Personal Data, 
(b)    identity and access checks via an authentication system and a password policy, 
(c)    an Authorisation Management System, and, 
(d)    processes and systems for tracking all actions carried out on the AEROPORTS DE LYON information system and for reporting any incidents affecting Personal Data, in accordance with the Regulations. 

AEROPORTS DE LYON also applies the following principles:

  • For new data processing operations: privacy by design/by default
  • For staff: awareness campaigns and training sessions on personal data protection
  • For data processors: framing of the data processing entrusted to data processors in a contractual appendix


AEROPORTS DE LYON shall notify the supervisory authority concerned, and the Data Subject if necessary, of any Personal Data breach within no more than 72 hours of having been informed of it, by sending an email to the email address provided. This notification shall be accompanied by any relevant documentation.

  

In accordance with the regulations in force, you have the right to access and rectify your personal data and request its deletion and portability. You can also oppose the processing of the data or request that this processing be limited. 

If you have consented to the processing of your personal data, you can withdraw this consent at any time. You also have the right to define directives on the retention or deletion of your data after your death. 

You should contact the Aéroports de Lyon Personal Data Protection Officer (DPO) for any request concerning the exercise of the aforementioned rights. 

You can contact the Aéroports de Lyon Personal Data Protection Officer (DPO) by sending an email to: donnees‐personnelles@lyonaeroports.com with proof of your identity and specifying the right you wish to exercise. 

If, after contacting us, you feel that your rights to your data are not being respected, you can submit a complaint to the CNIL (www.cnil.fr/en)



As an applicant for a job

  

AEROPORTS DE LYON acts as Data Controller for the implemented data processing. 
Please consult the Website’s Legal Notices for more information about AEROPORTS DE LYON .

  

The following data processing operations are implemented for the purposes described and with the legal grounds specified in the lawful bases. 
The operations process the following data in line with the retention periods stated. 
Consulter le document

  

Only authorised persons of Aéroports de Lyon can access the personal data. 
AEROPORTS DE LYON declares that it uses Data Processors for the hosting of Personal Data and for the fulfilment of the Processing Purposes.  
The data processors used are as follows: 
Consulter le document

  

AEROPORTS DE LYON is committed to implementing the following security measures: 
(a)    physical security measures designed to prevent unauthorised access to Personal Data, 
(b)    identity and access checks via an authentication system and a password policy, 
(c)    an Authorisation Management System, and, 
(d)    processes and systems for tracking all actions carried out on the AEROPORTS DE LYON information system and for reporting any incidents affecting Personal Data, in accordance with the Regulations. 

AEROPORTS DE LYON also applies the following principles:

  • For new data processing operations: privacy by design/by default
  • For staff: awareness campaigns and training sessions on personal data protection
  • For data processors: framing of the data processing entrusted to data processors in a contractual appendix


AEROPORTS DE LYON shall notify the supervisory authority concerned, and the Data Subject if necessary, of any Personal Data breach within no more than 72 hours of having been informed of it, by sending an email to the email address provided. This notification shall be accompanied by any relevant documentation

  

In accordance with the regulations in force, you have the right to access and rectify your personal data and request its deletion and portability. You can also oppose the processing of the data or request that this processing be limited. 

If you have consented to the processing of your personal data, you can withdraw this consent at any time. You also have the right to define directives on the retention or deletion of your data after your death. 

You should contact the Aéroports de Lyon Personal Data Protection Officer (DPO) for any request concerning the exercise of the aforementioned rights. 

You can contact the Aéroports de Lyon Personal Data Protection Officer (DPO) by sending an email to: donnees‐personnelles@lyonaeroports.com with proof of your identity and specifying the right you wish to exercise. 

If, after contacting us, you feel that your rights to your data are not being respected, you can submit a complaint to the CNIL (www.cnil.fr/en).

You use the Lyon Airport web application

How we protect your personal data

 

WHAT DATA PROCESSING ? WHAT ARE THE LAWFUL BASES ? USING WHAT DATA ?
The following data processing operations are implemented for the purposes described and with the legal grounds specified in the lawful bases. The operations process the following data in line with the retention periods stated.
Some data processing is implemented via the websites stated under DEFINITIONS; other processing is implemented directly at Lyon‐Saint Exupéry Airport.
 

Data processingGoalLawful basesDataStorage time
Customer account managementCustomer relationship managementContract executionCivility
Name/First name
e-mail address
Password		3 years after last trade exchange
Product and services purchasesCustomer relationship managementContract executionMandatory data
- Civility
- Name/First name
- e-mail address
- Password,
- Purchase history (Product/service purchased, dates),

Optional data
- License plate
- Information about flight/train (schedule, destination, terminal),
- Phone location
- Boarding pass (Through camera)		3 years after use


The processing does not involve an automated decision. No processing is carried out for other purposes.

WHO HAS ACCESS TO THE DATA? WHERE IS THE DATA STORED? 
Only authorised persons of Aéroports de Lyon can access the personal data.
AEROPORTS DE LYON declares that it uses Data Processors for the hosting of Personal Data and for the fulfilment of the Processing Purposes.
Personal data may be transferred to third parties for business purposes, including to airlines, to certain service providers involved in data processing, and to certain State executive bodies

The subcontractors used are the following:

ProcessingSubcontractorData hostingData recipientData transfer outside the EU
Passenger itinerary: Lyon Aéroport mobile applicationAtipikSwitzerland Switzerland


HOW IS THE DATA SECURED?

AEROPORTS DE LYON is committed to implementing the following security measures:
(a)    physical security measures designed to prevent unauthorised access to Personal Data,
(b)    identity and access checks via an authentication system and a password policy,
(c)    an Authorisation Management System, and,
(d)    processes and systems for tracking all actions carried out on the AEROPORTS DE LYON information system and for reporting any incidents affecting Personal Data, in accordance with the Regulations.
(e) secured communication protocols for sending data between systems.

AEROPORTS DE LYON also applies the following principles:

  • For new data processing operations: privacy by design/by default
  • For staff: awareness campaigns and training sessions on personal data protection
  • For data processors: framing of the data processing entrusted to data processors in a contractual appendix

USER-GENERATED CONTENT


You posted content on a website or social network that may contain: 
-    a photograph or video taken by You, 
-    other identifying information associated with your post, such as your username, image, caption and hashtags and additional content you may choose to provide, such as your first name and surname and your email address (hereinafter referred to as “User Content”). 

AEROPORTS DE LYON posted a comment under Your post to obtain Your consent, containing a link to this AEROPORTS DE LYON Privacy Policy, in particular, this section on:
-    processing of the personal data contained in this User Content, including, in particular: your image (photograph or video), your first name and surname, and your email address. 
-    use of the User Content, implicating the terms of use of intellectual property rights for User Content defined below. 

By replying to the comment from AEROPORTS DE LYON with the hashtag #YESADL (the “consent Hashtag”), You or the organisation or person you represent unconditionally agree to be bound by the terms of the AEROPORTS DE LYON Privacy Policy, in particular, this section.

If You do not accept all the terms of this agreement, do not post the consent Hashtag. If You agree to this Policy on behalf of an organisation or an individual, You state that You have the authority to do so.


LEGAL BASIS FOR PROCESSING PERSONAL DATA

Processing of the personal data contained in Your User Content is based on Your consent, in accordance with Article 6 of the GDPR. 
By replying to the comment from AEROPORTS DE LYON with the hashtag #YESADL (the “consent Hashtag”), You or the organisation or person you represent consent to the processing of Your personal data contained in the User Content referred to above. 


INFORMATION AND RIGHTS RELATING TO PERSONAL DATA

Specific terms concerning access, hosting, security and the exercise of rights relating to personal data contained in User Content are available in this Privacy Policy, in the sections dedicated to each of these subjects. 

Thus, for example, to exercise your rights concerning personal data contained in User Content, You can refer to the section “How do I exercise my personal data rights?” in this Policy. 

By posting the consent Hashtag in your reply to the comment from AEROPORTS DE LYON, you consent to transfer of the information in the User Content to AEROPORTS DE LYON's third-party processors, in particular Adalong, as mentioned and described in the section “Who has access to the data?” in this Policy.

You acknowledge that you have read all the terms of this Policy and agree to them before giving your consent by replying to the comment from AEROPORTS DE LYON.


INTELLECTUAL PROPERTY

By replying to the comment from AEROPORTS DE LYON with the hashtag #YESADL, You grant AEROPORTS DE LYON a non-exclusive, worldwide patrimonial right free of charge for a 5-year period to use, reproduce, publish, display, adapt and disseminate the User Content in the context of marketing operations and promotion of the activities of AEROPORTS DE LYON in any way, on all currently-existing networks and media or those yet to be invented, including, without limitation, on the websites and digital communication channels of AEROPORTS DE LYON, for example in the stories created by AEROPORTS DE LYON, retailer websites, marketing emails and social networks, including in paid advertisements on social networks for which You will not be paid.


REPRESENTATIONS AND WARRANTIES

You retain all rights, titles and interests in and to the User Content, without prejudice to the rights granted above, and represent and warrant that (i) You own all the rights to Your User Content, or, if the User Content is subject to third-party proprietary rights, You have all necessary licences, rights, consents and authorisations to post the User Content that You submit and to grant the rights provided for and granted to AEROPORTS DE LYON under this Policy, as part of this programme and without financial consideration; (ii) You are 18 years of age or older, (iii) You are legally authorised to post the User Content, and the use of the proprietary rights of third parties contained in Your User Content, as described in this Policy, will not infringe, in particular without being limited to, registered trademark rights, privacy rights, publicity rights or other proprietary rights, of any third party or of any law, and (iv) Your User Content is not libellous, defamatory, obscene, pornographic, abusive, indecent, threatening, harassing, hateful or offensive.


DISCLAIMER

By replying to the comment from AEROPORTS DE LYON with the hashtag #YESADL, You discharge and agree to defend, indemnify and hold harmless AEROPORTS DE LYON from any liability, claims and expenses, including reasonable lawyers' fees, relating to any breach or alleged breach on Your part of any of the terms and conditions set out in this Policy, in particular, concerning the rights You warrant that You hold to the User Content.