Privacy Policy - Third Party Employees

Check out the Privacy Policy applicable to third-party employees at Aena Brasil.

What is the purpose of this document?

The purpose of this document is to inform you about the processing of your personal data by Aena Brasil and, where applicable, by the service providers of Aena Brasil, in accordance with the applicable legislation on privacy and data protection, including, but not limited to the Federal Constitution, the Consumer Protection Code, the Civil Code, the European Data Protection Laws and Regulations, whenever applicable, the Civil Rights Framework for the Internet (Federal Law No. 12,965/14) and its decree regulator (Decree n.º 8.771/16), the General Data Protection Law (Law n.º 13.709/18) and other sectoral norms or rules on the subject.

Who is responsible for these treatments?

For the purposes of this Policy, it is up to AEROPORTOS DO NORDESTE DO BRASIL S/A (“AENA Brasil”), headquartered at Rua Barão de Souza Leão, 425, 19th floor, room 1901, Boa Viagem, Recife/PE, CEP 51.030- 300, registered with CNPJ nº 33.919.741/0001-20, to take decisions regarding the processing of personal data.

As controller, Aena Brasil is responsible for ensuring the security, privacy, and protection of personal data, and for adopting effective measures capable of proving compliance with and compliance with personal data protection rules and even the effectiveness of these measures as set out in this Policy. Aena Brasil is also responsible for guiding its employees and contractors who appear as operators regarding the practices to be adopted in relation to the protection of personal data.

What categories of personal data can be processed?

The types of personal data we process are as follows:

• Registration data (e.g., first name, last name, e-mail, address, RG, CPF)
• Professional life (e.g., curriculum, training, position)
• Personal life (e.g., parentage)
• Economic and financial data (e.g., related to means of payment)
• Location data (e.g., your flight details)
• Monitoring images (e.g., image, recording, voice); and/or
• Health data (e.g., airport medical appointments, medical history).

For what purposes do we process your personal data?

The personal data that you provide us directly or indirectly (i.e., through your employer), and those that may be collected or generated during such relationship, will be processed by Aena Brasil, directly or through its service providers. services, on an automated and non-automated basis, for the purposes indicated below. In any case, Aena Brasil considers that the privacy and protection of personal data is extremely important and, for this reason, ensures that your personal data will only be collected and processed for legitimate, specific, explicit, and previously informed purposes.

• Management of the provision of services and/or supply of products.
• Occupational risk prevention.
• Video surveillance for facility security.
• Issuance, management and control of credentials and access control. In the case of accreditations for access at airports, your personal data may be processed for analysis of criminal records and other purposes provided for in Anac regulations, in compliance with legal and regulatory obligations.
• Management of parking services (e.g., entry and exit control and monthly fee control), if applicable.
• Management of runway operations (e.g., platform driving, operational recordings, incident investigation, operational security and emergencies), if applicable.
• Management and control of the provision of medical assistance (in case of treatment by the airport medical service).
• Management, control and processing of claims, grievances and reports sent to Aena Brasil, if applicable.
• Regular exercise of rights in judicial, administrative or arbitration proceedings.
• Performance of representation and defense functions for/before Aena Brasil, if applicable.
• Assistance and control of the provision of services to authorities (e.g., management of visits, management of authorities rooms, registration and maintenance of institutional contacts), if applicable.
• Management of lost objects in airport complexes.
• Management of complaints through the Reporting Channel.
• If, for the performance of your duties and/or for the fulfillment of the contract with your company, it is necessary for you to establish contact with an employee of Aena Brasil, your professional contact data may be processed by Aena Brasil.
• Entry/exit registration and documentation archiving.

What is the legal basis for processing your data?

Your personal data are processed to the extent necessary for the performance of the contract signed between Aena Brasil and you, your employer and/or company represented by you, as well as for the fulfillment of legal or regulatory obligations, for the exercise regular exercise of rights in judicial, administrative or arbitration proceedings, in order to meet our legitimate interests and/or in other cases authorized by the applicable legislation and provided that it is strictly necessary for the fulfillment of specific purposes.

From what sources can we receive your personal data?

In general, Aena Brasil receives your personal data necessary to comply with the service provision contract and/or the applicable legislation or regulations directly from you or through the company you work for or represent.

How long do we store your personal data?

Your data will be stored throughout the relationship between Aena Brasil and your company, as well as for the period necessary to legally protect Aena Brasil from any liability.

With whom may your personal data be shared?

Your data may be shared with the following recipients: Judiciary bodies and other public and supervisory bodies, for compliance with legal or regulatory obligations and/or regular exercise of rights in judicial, administrative or arbitration proceedings.

• To the public security forces, to protect the life or physical safety of the holder or third parties and/or to comply with legal or regulatory obligations.
• The National Civil Aviation Agency (ANAC), for the regular exercise of rights in judicial, administrative or arbitration proceedings, and/or for compliance with legal or regulatory obligations (eg, regulatory inspection procedures).
• To companies belonging to the Aena Group, including its parent companies and affiliates, to comply with contractual, legal, or regulatory obligations, provide the services requested or authorized by you, guarantee our exercise of rights in judicial, administrative or arbitration proceedings or in other strictly necessary hypotheses.
• To the authorities that require it based on the applicable legislation.
• Service providers contracted by Aena Brasil to assist it in complying with its legal, regulatory, or contractual obligations or in carrying out its commercial activities. As an operator, such companies must process personal data according to the instructions provided by Aena Brasil, which will contractually require strong and sufficient guarantees that operators comply with the personal data protection obligations established in this Policy, in the Governance Program in Privacy of Aena Brasil, in the applicable legislation and in the guides, guidelines and instructions published by the competent authorities.

Aena Brasil declares, however, that any sharing or transfer will be carried out in compliance with the personal data protection requirements provided for in the applicable legislation and regulations.

In addition, considering that the Aena group has operations in several countries, as well as that Aena Brasil may store personal data in a “cloud”, a technology that allows the storage of information on servers located in Brazil or abroad, it is noteworthy that the personal data controlled by Aena Brasil may be processed in foreign countries, always adopting effective guarantees and security measures.

In any case, Aena Brasil clarifies that it will only carry out international data transfers in accordance with the applicable legislation and adopting appropriate technical and contractual standards and security measures.

What security measures are adopted during the processing of your data?

Aena Brasil, as the controller of the personal data referred to in this Policy, adopts, from conception and by default, security, technical and administrative measures capable of protecting personal data from unauthorized access and accidental or illegal situations of destruction, loss, alteration, communication, or any form of inappropriate or unlawful treatment.

Among the security measures implemented, it is included the control and tracking of user access to its internal systems (e.g., upon user and password request and collection of access logs), the protection of its systems and servers through the use of specific tools (e.g., antivirus and firewalls), and the backup of your databases.

Nevertheless, all Aena Brasil employees who need access to personal data have been properly instructed and are subject to confidentiality commitments, in order to ensure that such access will only occur in essential situations for achieving the desired purposes and provided that the necessary precautions.

In addition, Aena Brasil only hires a third party to assist in the provision of its services involving the processing of personal data if sufficient guarantees are presented that it adopts the necessary measures to meet the requirements set forth in this Policy and in the applicable legislation.

What to do if I have access to personal data in the performance of my duties?

Any individual who has access to personal data controlled by Aena Brasil must comply with applicable laws and regulations, as well as with all policies, procedures and security measures implemented by Aena Brasil.

Furthermore, pursuant to article 6 of the LGPD, data must be processed in accordance with the principles of transparency and prevention, so that adequate security is guaranteed. Likewise, the employee compromises to inform the staff who depend on him and who have access to or participate in the processing of personal data, of the obligation to maintain due confidentiality regarding them.

Workers who have access to data that are not within their competence must refrain from using and transmitting it to third parties, immediately informing Aena Brasil's Person in Charge of Personal Data Processing, who will coordinate the solution with those responsible. The worker must delete and/or return the files to which he has erroneously accessed.

How can you exercise your rights?

Pursuant to article 18 of the General Law for the Protection of Personal Data (Federal Law No. 13,709/2018), the holder of personal data has the right to obtain from Aena Brasil, in relation to the data processed by it, at any time and upon request:

• Confirmation of the existence of treatment
• Access to data
• Correction of incomplete, inaccurate or outdated data
• Anonymization, blocking or deletion of data that is unnecessary, excessive, or processed in violation of the applicable legislation
• Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets
• Elimination of personal data processed with the consent of the holder, observing the legal limits
• Information from public and private entities with which Aena Brasil shared data
• Information on the possibility of not providing consent and on the consequences of refusal
• Revocation of consent
• Petition regarding your data against Aena Brasil before the national authority; and
• Review of decisions taken solely on the basis of automated processing of personal data that affect your interests. You can exercise these and other rights related to privacy and protection of personal data provided for in the applicable laws and regulations in front of Aena Brasil through the following email address:

How can you contact our Personal Data Controller?

To clarify any doubts related to this Policy or the privacy and protection of personal data, you can contact our Person in Charge for the Processing of Personal Data through the following e-mail address: Finally, we emphasize that this Policy may be revised at any time to reflect changes in our activities or in the applicable legislation. Therefore, we recommend that you check this page periodically.

Updated on September 15th, 2021.