Noise Action Plan Privacy policy

The data controller is Edinburgh Airport Limited, our contact details are available at the end of this policy (referred to in this policy as "we" or "us" or "our").

We are committed to doing the right thing when it comes to how we collect, use and protect information which can identify you, known as "personal data". That's why we've developed this privacy policy ("Policy"), which:

• sets out the types of personal data that we will collect;
• explains how and why we collect and use your personal data;
• explains when and why we will share personal data and with which other organisations; and
• explains the rights and choices you have when it comes to your personal data.

This Policy provides information about how we process personal data obtained in connection with our consultation regarding our Noise Action Plan 2018-2023 (the "Consultation"). The Consultation documentation (including the Consultation Questionnaire) will be available at nap.edinburghairport.com (the "Website") and/or supplied in paper format upon request to Progressive Partnership, Q Court, 3 Quality Street, Edinburgh, EH4 5BP. The Consultation FAQs will be published online and will be available in paper format on request.

Personal information that we collect via the Website or Postal Responses

When you use the Website, as is the case with most websites, certain limited information (such as your browser type, cookies, web browsing preferences and IP address) will be directly collected by us automatically.

Where you chose to respond to the Consultation, we will also directly collect and store personal data about you to enable us to process and analyse the responses. You can see the information you are asked to provide in the Consultation Questionnaire, but by way of illustration this will include:

• your name;
• your property details including details relating the type of property (e.g. semi-detached) and your postcode;
• your flying profile, including the airport that you last flew from;
• and (if you chose to provide such information) equality and diversity information, which includes your gender, age category, marital status, information relating to dependants living in your household, and employment status (where you identify as being an elected official).

Sensitive Personal Data - To the extent permitted by applicable laws we may also collect and process a limited amount of personal data falling into special categories, sometimes called "sensitive personal data". For the purpose of the Consultation, this includes information relating to physical or mental health (see questions C6 and C7 which are optional) and potentially information regarding sexual life (see questions C3, C4 and C5, which are optional).

The Consultation Questionnaire contains a number of free text fields. None of the related questions require you to provide any personal data, but you are free to choose to do so if you feel it is relevant information.

If you opt to be kept up to date on the Consultation process by e-mail we will also collect and process your e-mail address and if you opt to be kept up to date on the Consultation process by post we will also collect and process your postal address.

If you provide us with personal data about others, for example if you are a representative of your local council, you must ensure that those individuals are aware that you are providing us with their personal data and how we will use it, and that they do not object to that use.

How we use personal data

We use the personal data collected from the Consultation participants for a number of purposes, including to:

1. map and analyse for the purposes of the Consultation the areas from which responses have been received (using postcodes) in terms of proximity to Edinburgh Airport and current flight paths;
2. analyse all responses and use the information for the purposes of the Consultation including to finalise Edinburgh Airport's Noise Action Plan for 2018-2023;
3. analyse all equality and diversity information to publish a report, on an aggregated, non-identifiable basis, on the range of participants taking part in the Consultation;
4. on occasion, work with the Consultation Institute in delivery of the Consultation;
5. provide participants with updates on the Consultation process if they opt-in to receive them; and
6. transfer data to any entity which may acquire rights in Edinburgh Airport.

Why we collect and use your personal data and our legal basis

We generally process your personal data under one of the following legal bases:

• the processing for purposes detailed at 1, and 6 above is necessary for the legitimate interests pursued by us (in understanding the geographic spread of local views on the Consultation as that impacts our commercial operation and plans as an Airport, and in order to benefit from any future sale, disposal or transfer of any of the business, assets, or rights in Edinburgh Airport), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data;
• the processing for the purpose detailed at 2, and 4 above is necessary for compliance with a legal obligation to which we are subject, in particular under European Parliament and Council Directive for Assessment and Management of Environmental Noise 2002/49/EC, more commonly referred to as the Environmental Noise Directive (END) and the Environmental Noise (Scotland) Regulations 2006 we have a legal obligation to update our Noise Action Plan every 5 years and this Consultation is necessary to allow us to do that; or
• the processing for the purpose detailed at 3 above is necessary for the substantial public interest of identifying or keeping under review the existence or absence of equality of opportunity or treatment
between groups of people; and
• based on your consent, where you elect to receive updates from us (purpose 5 above).

Communications from us

Where you have indicated that you would like to receive updates on the Consultation process we may send communications in the form of email or postal updates to tell you about developments in the Consultation. Please notify us of any changes to your personal data which you have provided to us if you wish to continue to receive updates. You can unsubscribe from receiving updates by email by clicking the "unsubscribe" link in our e-mail communications or please notify us in writing if you receive postal updates and no longer wish to receive them.

Providing information to others

For the purpose of this Consultation, we will be working closely with and may be sharing personal data with:

1. the Scottish Government;
2. our air traffic control service provider and other professional consultants assisting us with carrying out the Consultation;
3. Progressive Partnership, who will host the online Edinburgh Airport Noise Action Plan Consultation Questionnaire, collect and record paper and online responses and conduct a data analysis of all responses received as part of the Consultation; and
4. the Consultation Institute, who we may seek advice from or use to assist with delivery of the Consultation.

The other third parties with whom we may need to share personal data to help us run the Consultation include:

• our owner, (see Working with other service providers and group companies below);
• third party service providers who process information on our behalf to help run some of our internal business operations, IT services and customer services (see Working with other service providers and group companies); and
• law enforcement bodies in order to comply with any legal obligation or court order and, where we are otherwise requested to provide information, we may provide it but only in accordance with applicable privacy and data protection laws.

We may disclose or share your personal data with such partners in order that we may operate the Website and organise and run the Consultation. We will only share information with such organisations in accordance with this Policy.

The Scottish Government is often subject to Freedom of Information requests (FOI), and any information we supply to the Scottish Government as part of this Consultation may also be provided by them in response to FOIs. However, the Scottish Government must also comply with data protection legislation and should not provide your personal data in response to FOI requests if the disclosure of information would contravene data protection legislation.

Please note that any further correspondence (if any) that you may receive from any of the recipients described above will not be governed by this Policy.

Working with other service providers and our group companies

For operational reasons, we may transfer personal data to service providers and our owner who help us manage our systems and processes. These parties may be located in the UK, other countries in the European Economic Area or elsewhere in the world. Different privacy laws may apply in these countries.

We only make these arrangements or transfers where we are satisfied that adequate levels of protection are in place to protect any information held in that country or that the service provider acts at all times in compliance with applicable privacy laws. Where required under applicable laws we will take measures to ensure that personal data handled in other countries will receive at least the same level of protection as it is given in your home country. In particular, where required by applicable data protection laws, we have ensured that such third parties sign standard contractual clauses as approved by the European Commission or other supervisory authority. You can obtain a copy of such safeguards by contacting us (see section below). We may redact data transfer agreements or related documents (i.e. obscure certain information contained within these documents) for reasons of commercial sensitivity.

In the event your personal data is transferred to a foreign jurisdiction, it may be subject to the laws of that jurisdiction and we may be required to disclose it to the courts, law enforcement or governmental authorities in those jurisdictions but we will only do so where required by applicable laws.

Keeping information secure

We invest appropriate resources to protect your personal data from loss, misuse, unauthorised access, modification or disclosure. However, no internet-based site can be 100% secure and we cannot be held responsible for unauthorised or unintended access that is beyond our control. Information held on our computer systems and in our paper filing systems is secure to guard against unauthorised or unlawful processing or accidental loss, destruction of, or damage to personal data. We only authorise access to employees who need it to carry out their job responsibilities.

Keeping your records

We keep records for as long as required to operate the Website and run the Consultation in accordance with legal and regulatory requirements. Where your information is no longer required, we will ensure it is disposed of in a secure manner.

Cookies

Our Website uses cookies (which includes third party cookies) to support analytics functionality.

Cookies are small computer files which are downloaded onto your device and collect information about the way in which you navigate and use our Website and the Internet. The information provided by cookies helps us to provide you with a more personal experience and allows us to make improvements to our Website over time. You may delete and block all cookies or decide to just block certain types of cookie via your browser setting. However, if you choose to block or delete cookies, this may affect the functionality of the Website.

To find out more about cookies, visit www.aboutcookies.org and our Cookies Policy accessible at http://www.edinburghairport.com/help/policies/privacy-notice#Privacyandcookies

Analytics

We use analytics tools on our Website to identify service issues and to help us improve our Website. These tools may be provided by third-party service providers and may include the collection and tracking of certain data and information regarding the characteristics and activities of visitors to our Website. In particular, the Website uses Google Analytics, a web analysis service from Google Inc. Google's Privacy Policy, which explains how Google Analytics uses your information, can be found here: https://www.google.com/policies/privacy/.

We may use the information in order to conduct profiling. Profiling means using automated processes without human intervention (such as computer programmes) to analyse your personal data in order to evaluate your behaviour, such as to allow us to better evaluate how to provide our questionnaires in the future based on the information we know or infer about you, for example based on how long it took you to answer a certain question on the Website.

You may request further details on our tools and the relevant third parties from us.

Access and other rights

You have a number of rights in relation to your personal data.

You may request access to your data, correction of any mistakes in our files, erasure of records where no longer required, restriction on the processing of your data, object to the processing of your data which is carried out on a legitimate interest basis, and ask for further information in relation to profiling or the basis for international transfers. You may also exercise a right to complain to your supervisory authority.

When exercising any of the rights listed below, we will ask you to provide proof of your identity. If your request is excessive, we may levy a small fee.

More information about each of these rights is accessible below

• Access. You can ask us to: confirm whether we are processing your personal data; give you a copy of that data; provide you with other information about your personal data such as what data we have, what we use it for, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, how you can make a complaint, where we got your data from and whether we have carried out any profiling, to the extent that such information has not already been provided to you in this Policy.


• Rectification. You can ask us to rectify inaccurate Information. We may seek to verify the accuracy of the data before rectifying it.


• Erasure. You can ask us to erase your personal data, but only where: it is no longer needed for the purposes for which it was collected; you have withdrawn your consent (where the data processing was based on consent); following a successful right to object (see 'Objection' below); it has been processed unlawfully; or to comply with a legal obligation to which we are subject.
  
  We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
  
  There are certain other circumstances in which we are not required to comply with your erasure request, although these two are the most likely circumstances in which we would deny that request.


• Restriction. You can ask us to restrict (i.e. keep but not use) your personal data, but only where: its accuracy is contested (see 'Rectification' above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; you have exercised the right to object, and verification of overriding grounds is pending.
  
  We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.


• Objection. You can object to any processing of your personal data which has our 'legitimate interests' as its legal basis, if you believe your fundamental rights and freedoms outweigh our legitimate interests.
  
  Once you have objected, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.


• Withdrawal of Consent. You can withdraw your consent in respect of any processing of personal data which is based upon a consent which you have previously provided, which for the Consultation means withdrawing your consent to receive updates from us by email. You can withdraw your consent by contacting us using the details provided below or using the unsubscribe links in the emails.

Complaints Process

If you have a complaint about how we have handled your personal data you may contact us using the details below and we will investigate your complaint. You may also contact the Information Commissioner's Office with any complaint if you remain unsatisfied.

Third party sites

This Policy only applies to the Website. If you land on our Website from other websites (including http://www.edinburghairport.com/) or move to other sites from our Website you should read the separate privacy policies.

Updates

This Policy was created on 8 February 2018.

From time-to-time, we may update this Policy. We will notify you about material changes by either sending an email message if you provided one to us or by prominently posting a notice on the Website. We encourage you to periodically check back and review this Policy so that you always know what information we collect, how we use it, and with whom we share it.

Contact

If you have any questions about this Policy, or would like to exercise your rights with respect to your personal data, please contact us via the feedback option on Edinburgh Airport's website http://www.edinburghairport.com/help/contact-us/feedback and mark your feedback for the attention of "Noise Action Plan Consultation Team - Privacy Policy Queries".

You can also contact us in the following ways:

• At edicommunications@edinburghairport.com
• Edinburgh Airport Noise Action Plan Consultation Team - Privacy Policy Queries, Progressive Partnership, Q Court, 3 Quality Street, Edinburgh, EH4 5BP