Skip to content Skip to footer

 INFORMATION ON THE PROCESSING OF PERSONAL DATA
ai sensi dell’articolo 13 del Regolamento (UE) 2016/679

This information is provided by d-flight Spa (hereinafter, the "Company" or the "Data Controller") as data controller pursuant to Regulation (EU) No. 679/2016 (hereinafter, the "GDPR") and Legislative Decree No. 196/2003 and its ss. mm. ii. (hereinafter, the "Code" and jointly with the GDPR, the "Privacy Regulations "

ENAC is the data controller in relation to the provision of services through the platform d-flight [www.d-flight.it/web-app]

ENAV Spa is the data controller

d-flight Spa is sub data controller.

Identity and contact details of the data controller

ENAC, headquartered in Rome, via Castro Pretorio 118, is the data controller for the provision of services through the platform d-flight to which you may contact to exercise the rights recognized by Regulation (EU) 2016/679 at the following contact points:

d-flight Spa, with registered office in Rome, via Salaria 716, is the data controller in relation to activities related to marketing to whom you may contact for the exercise of the rights recognized by Regulation (EU) 2016/679 at the following contact points:

Data Protection Officer

Each Data Controller has appointed a Data Protection Officer, also referred to as the Data Protection Officer (DPO), who can be contacted, using the contact details provided in this policy, to receive more information about the processing of personal data and to obtain assistance in relation to any petitions addressed to the Data Controller regarding the protection of personal data.

  • The d-flight Data Protection Officer (DPO) can be contacted at the following email address: dpo@enav.it
  • The d-flight Data Protection Officer (DPO) can be contacted at the following email address: privacy.dpo@pec.enac.gov.it

Personal data processed

d-flight in connection with marketing related activities, will process the following categories of personal data, by way of example but not limited to:

  • dati identificativi e di contatto quali: nome, cognome (invio tramite email  di Carta di identità) , indirizzo mail, recapito telefonico;
  • dati relativi all’ordine effettuato, ad esclusione dei dati relativi al pagamento.

Consequences of non-disclosure of personal data

In cases where the provision of Personal Data (in particular personal data, e-mail address) is necessary, any refusal to indicate Personal Data makes it impossible to comply with the requests of the party concerned or to provide the services available or, again, to correctly fulfill the obligations imposed on the data controller in accordance with the applicable legislation.

Purpose and legal basis

Personal data will be processed by ENAC in connection with services related to the registration of users of the platform and the services provided through it, the registration of operators of the Remotely Piloted Systems (SAPRs) and the electronic identification service of SAPRs, where provided for by the regulations in force issued by ENAC.

The legal bases for the processing of personal data are identified:

  • in the performance of a contract to which the data subject is party or the performance of pre-contractual measures taken at the request of the data subject (Article 6(1)(b) of Regulation (EU) 2016/679);
  • in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(e) of Regulation (EU) 2016/679).

Personal data will also be processed by d-flight in connection with marketing-related activities (e.g.: invitations to events, presentation of new products and/or services, periodic sending of newsletters, satisfaction surveys on the quality of services by e-mail, mail and/or sms or telephone contacts), in the presence of an appropriate legal basis identified in the express consent of the data subject (Article 6(1)(a) of Regulation (EU) 2016/679).

Data communication

Personal data are processed by d-flight personnel, appointed to carry out the processing activities and duly instructed. The aforementioned data may be disclosed to any third parties acting as Data Processors, duly appointed pursuant to Article 28 of the GDPR. In any case, the disclosure of data subjects’ data to all parties legally entitled to access them remains unaffected. Furthermore, during the payment phase, the user is redirected to an environment external to the d-flight website, managed directly by the provider of the selected payment system, which processes the data as an independent Data Controller.

Retention of personal data

Personal data will be retained for the time strictly necessary to achieve the purposes for which they were collected and, in any case, within the time limits established by the applicable legislation. Data processed in the cloud environment are retained for 30 days from the deletion request submitted by the user through the dedicated d-flight functionality. Data relating to orders will be retained, in accordance with applicable tax regulations, for a period of 5 years, with the possibility of extension where the data are relevant for accounting or evidentiary purposes. In compliance with the applicable regulations, such data will be destroyed once the retention periods have expired from the date on which the reason for their processing ceased to exist.

Transfer of personal data to third countries or international organizations

The personal data subject to processing will not be disclosed and will not be transferred abroad to countries outside the European Economic Area (EEA). Should it become necessary, for technical or operational reasons, to transfer the data to third countries, such transfer will take place in compliance with the provisions set out in Chapter V of the GDPR, through the adoption of appropriate safeguards, such as the Standard Contractual Clauses approved by the European Commission, or only where another requirement compliant with the applicable Italian and European legislation exists.

Processing methods

The processing of personal data will be carried out using suitable electronic and/or telematic tools, including through cloud infrastructure, and appropriate technical and organizational measures are adopted to ensure the security and confidentiality of the data. Personal data are stored on servers located within the European Economic Area (EEA) and/or on additional infrastructures and services of technical providers necessary for technical and administrative management.

Processing of data provided through online d-flight services

This information notice is also provided for any collection of individual personal data (name, surname, email address, etc.) through the computerized procedures implemented via the email inboxes and online services made available by d-flight. The optional, explicit, and voluntary sending of email or submission of online forms entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the message. The legal basis for the processing described is the legitimate interest of the controller pursuant to Article 6(1)(f) of Regulation (EU) 2016/679.

 Rights of the interested party

Each data subject in relation to the personal data communicated may, at any time, exercise the rights granted to him/her under Articles 7 (withdrawal of consent at any time) and 15 to 21 of the GDPR including in particular:

  • obtaining confirmation as to whether or not personal data concerning you are being processed;
  • accessing and requesting copies of the following information: the purposes of the processing; the categories of personal data; the recipients or categories of recipients to whom the personal data have been or will be disclosed (including recipients in third countries or international organizations); the expected period of storage of the personal data or, if this is not possible, the criteria used to determine this period; the origin of the personal data where not collected from the data subject; the existence of automated decision making including profiling; and information on the logic used;
  • requesting the rectification of inaccurate personal data;
  • requesting deletion (right to be forgotten);
  • obtaining restriction of processing;
  • objecting to processing;
  • integration of incomplete personal data;
  • obtaining portability of data, through a structured, commonly used and machine-readable format and to transmit without hindrance such data to another data controller, where technically feasible.

The Data Subject may exercise the rights granted by the GDPR, where applicable, by submitting a request to the Data Controller or to the Data Protection Officer (DPO) using the contact details provided in this notice. 

 Right to lodge a complaint

If the data subject believes that the processing carried out by the Controller may have violated the applicable personal data protection regulations, they have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of Regulation (EU) 2016/679 at the following contact points:

 

Ultimo aggiornamento maggio 2026

 

Legal Notes | T&C D-Flight Services |
Join Us | Privacy | Cookie Policy
Call us
Free Number
Mon / Sat 9-19
Holidays excluded
Follow us on

D-FLIGHT S.p.A.
Via Salaria, 716 – 00138 Roma
Partita I.V.A. 14996981008
Reg. Imp. Roma – REA 1560988

logo_PNRR
mit
logo_italia-domani

Copyright © d-flight 2026 All rights reserved