Privacy of personal data

P.C. "SARAJEVO" INTERNATIONAL AIRPORT LLC SARAJEVO (the Company) approaches the protection of personal data with great care and undertakes extensive activities to safeguard the privacy of personal data.

The Company processes only those personal data that are necessary within the scope of its business activities and exclusively when such processing is:

  • necessary for compliance with legal obligations;
  • necessary for the performance of contractual obligations or pre-contractual actions;
  • necessary for the purposes of the legitimate interests of the Company;
  • based on the consent of the data subject, exclusively where no other legal basis is applicable.

This Privacy Policy and individual privacy notices provide a transparent and accessible overview of how the Company handles personal data. The privacy notices describe which personal data we collect, how long we retain them, and which rights you, as data subjects, may exercise.

At Sarajevo International Airport, there are several different organizations that, within the scope of their activities, may collect various personal data (e.g. the Border Police Unit, airlines, retail and service facilities, etc.). As a rule, the Company does not have access to the personal data collected and processed by these organizations, except in cases where we are expressly entrusted under contractual obligations to carry out personal data processing activities on behalf of some of these organizations (e.g. the processing of personal data in the passenger check-in and handling process in accordance with contractual obligations with airlines). For more information on how your personal data are handled, please contact these organizations directly.

Privacy Statements

For each of the services/activities in which the Company collects and processes personal data in the following sections, individual privacy statements state the type and scope of personal data that we collect/process, the reasons for their collection/processing, how long we keep them, with whom we share them, and what rights you have regarding your personal data.

2) Personal data in interactions with SARAJEVO International Airport via electronic media:

Website SIA application Social networks Web cookies ("cookies") Complaints E-COMMERCE

3) Work at SARAJEVO International Airport and work for SARAJEVO International Airport:

In its day-to-day operations, Sarajevo International Airport maintains contractual and other relationships with various parties (e.g. employees/workers, visitors, external operational staff, suppliers, and users of complementary services, among others) and therefore has a need to collect and process a certain set of personal data. The Company keeps records of personal data processing activities in accordance with the law.

The Company, as the Data Controller, processes personal data through the following records:

  • Records of employees and members of the Company’s management bodies
  • Video surveillance records
  • Records of persons and vehicles accessing and using the premises of Sarajevo International Airport
  • Records of external users of the PACS system and keys
  • Records of customers and users of non-aviation services
  • Records of candidates (vacancies, job postings)
  • Records of candidates for training under public calls for the employment of seasonal workers
  • Records of persons engaged under contracts for services or contracts for temporary and occasional work, as well as persons performing student internships
  • Records of users of VIP lounge and business class lounge services
  • Records of users of the Lost and Found Department services
  • Records of external operational staff of the Training Center for professional personnel
  • Records of external users of the services of the Training Center for professional personnel
  • Records of recipients/importers of goods in the customs warehouse
  • Records of customer complaints
  • Records of persons issued MAS identification cards
  • Records of personal data of employees and members of the Company’s management bodies for the purposes of access control, security, and occupational health and safety
  • Records of persons for whom requests are submitted for the issuance of permits to move and remain within the border crossing area at MAS

The purpose of data processing, as well as the retention periods, are defined within each individual record. For personal data processing operations which, by virtue of their nature, scope, context, or purpose, may present a high risk to the rights and freedoms of data subjects—including but not limited to video surveillance—the Company carries out a Data Protection Impact Assessment (DPIA) in accordance with applicable regulations. In the event of a transfer of personal data outside Bosnia and Herzegovina, the Company ensures that such transfer is carried out exclusively with the application of appropriate safeguards prescribed by law, including standard contractual clauses or other protection mechanisms recognized by applicable regulations.

The Company does not carry out automated decision-making or profiling that would produce legal effects or significantly affect data subjects within the meaning of the Law on the Protection of Personal Data.

Your rights regarding the processing of personal data

In order to exercise your rights, you can contact us in writing or by email:

Personal Data Protection Officer

Address:

P.C. "SARAJEVO" INTERNATIONAL AIRPORT LLC SARAJEVO

Kurta Schorka Street No. 36,

71210 SARAJEVO, Bosnia and Herzegovina

E-mail: dpo@sarajevo-airport.ba

Depending on the legal basis, your rights to the processing of personal data may include the following:

  1. The right to information about the processing of personal data;
  2. The right to access personal data;
  3. The right to correct personal data;
  4. Right to erasure;
  5. Right to restriction of processing;
  6. Right to portability of personal data;
  7. The right to object;
  8. Rights related to automated data processing and profiling.

Exercising the aforementioned rights will depend on the specific type of data processing and will be possible if it is applicable in accordance with the regulations and/or technically feasible in relation to the specific processing of personal data. Also, it is important to know that the right to erasure does not apply in cases where processing is necessary to fulfill legal obligations, establish, realize or defend legal claims and the like.

Please note that you have the right to request the above rights as they are applicable in relation to specific processing, but according to the regulations on the protection of personal data, we are obliged to confirm your identity before providing any information or providing an explanation in case we are unable to comply with your request. In case of a request from your side, we will inform you whether your request has been approved. Also, if you believe that one of your rights has been violated, you can file a complaint with the Agency for the Protection of Personal Data in Bosnia and Herzegovina, Dubrovačka Street No. 6, 71000, SARAJEVO or by e-mail: azlpinfo@azlp.ba

Personal data controller

P.C. "SARAJEVO" INTERNATIONAL AIRPORT LLC SARAJEVO

Address:

Kurt Schork, 36, 71210 SARAJEVO, Bosnia and Herzegovina

Contact for submitting a request: Personal Data Protection Officer (DPO); E-mail: dpo@sarajevo-airport.ba

Security of personal data

The technical and organizational measures (including all relevant certificates) applied to ensure the privacy of personal data are as follows:

  • Measures of anonymization, pseudonymization and encryption of personal data;
  • Measures to ensure permanent confidentiality, integrity, availability and resilience of processing systems and services;
  • Measures to ensure the ability to timely reestablish the availability of personal data and access to them in the event of a physical or technical incident;
  • Procedures for regular testing, assessment and evaluation of the effectiveness of technical and organizational measures to guarantee processing security;
  • Measures for user identification and authorization;
  • Data protection measures during transmission;
  • Data protection measures during storage;
  • Measures to ensure physical protection of locations where personal data is processed;
  • Measures to ensure logging of event data;
  • Measures to ensure system configuration, including default configuration;
  • Measures to ensure data reduction;
  • Data quality assurance measures;
  • Measures to ensure the time limit of data storage;
  • Measures to ensure data portability and ensure erasure.

Personal Data Breach Response

In the event of a personal data breach, P.C. "SARAJEVO" INTERNATIONAL AIRPORT LLC SARAJEVO shall, without undue delay and no later than 72 hours after becoming aware of the breach, notify the Personal Data Protection Agency of Bosnia and Herzegovina, unless it is unlikely that the breach would result in a risk to the rights and freedoms of data subjects. Where the personal data breach is likely to result in a high risk to the rights and freedoms of data subjects, the Company shall, without undue delay, inform the affected data subjects in a clear and comprehensible manner.

Changes to the Privacy Policy

P.C. "SARAJEVO" INTERNATIONAL AIRPORT LLC SARAJEVO reserves the right to amend this Privacy Policy and will publish all changes to the Privacy Policy on its official website.