Skip to main content




ANA – Aeroportos de Portugal, S. A. (hereinafter referred to as “ANA”) is committed to ensuring the privacy and protection of the personal data of all those who relate to ANA, namely the users of the website

This Privacy Policy is supplemented by its Terms and Conditions.

Who is responsible for processing personal data?

The data controller is ANA-Aeroportos de Portugal, S. A.

Rua D, Edifício 120, Aeroporto de Lisboa

1700-008 Lisboa

Telephone: 21 841 35 00

What personal data do we collect?

We collect the users’ personal data when they book any of the services available at our airports, by filling out a form. When booking a service, users must enter their name, email address, telephone number and billing information for the service. The personal data collected is essential for ANA to provide the service. Any provision of personal data implies knowledge and acceptance of this Privacy Policy.

For what purpose do we use personal data?

The personal data we collect is used to provide services, manage customers and fulfil legal and tax obligations.

The contact information provided by the user on the form will be used exclusively for the purpose of sending him/her information and updates regarding the service in question.

Users may choose to receive promotional content, such as newsletters, via email. To do so, the user must expressly indicate this by selecting the corresponding option on the service application form.

For the above mentioned purposes and in order to provide the services, the users’ personal data may be processed by ANA or on its behalf by processors.

In such case, these processors are obliged to provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the legal requirements and ensure the protection of the rights of the data subject, namely with regard to security and confidentiality.

The personal data we collect will not be transmitted to third parties without the express consent of the data subject, except when the requested service so requires, in which case ANA will request these third parties to use appropriate technical and organizational measures to fulfil the legal requirements and ensure the protection of the rights of the data subject, namely with regard to security and confidentiality.

When needed, and in order to meet its legal obligations, ANA may allow legal, public security, tax or regulatory authorities to access the users’ personal data.

How long is your personal data stored?

Personal data will be stored for no longer than necessary for the purpose for which the personal data were processed, notwithstanding data retention periods provided for by the law.

What are my rights as data subject?

Users have the right to request that ANA allows them access to their personal data, and acknowledges their right to its portability, rectification and erasure. Users have also the right to object processing, except for personal data which is essential for the services requested from ANA or for the fulfilment of legal obligations.

Users have the right to withdraw their consent at any time. However, such withdrawal does not compromise the lawfulness of any processing done, based on prior consent.

In the event of a personal data breach likely to result in a high risk to the rights and freedoms of the users, ANA shall communicate the personal data breach to the data subject without undue delay.

Users may lodge a complaint with the Portuguese supervisory authority (Comissão Nacional de Proteção de Dados) without prejudice to the right to contact ANA’s Data Protection Officer with regard to all issues related to processing of their personal data and to the exercise of their rights.

Who can I contact to exercise my rights as a data subject?

ANA has designated a Data Protection Officer, who can be contacted directly via letter at:


Rua D, Edifício 120, Aeroporto de Lisboa

1700-008 Lisboa

or via email at:

What measures does ANA take to ensure the security of my personal data?

ANA shall implement adequate technical and organizational measures to ensure a level of security appropriate to the risk, namely with regard to security and confidentiality, in order to protect users’ personal data against unauthorized and unlawful processing and against accidental loss, destruction, disclosure, damaged or alteration.

After a transaction, information regarding payment methods (debit card, credit card, or other) will not be stored in our system.

These technical and organizational measures are regularly tested, assessed and evaluated, in order to ensure the security of the processing.

The website is monitored by specific tools to detect and eliminate potential cyber-attacks.

Use of Cookies

Cookies are small data files stored on your computer through the browser. They have no harmful effect on it and do not contain viruses, retaining only information related to your preferences, which does not include your personal data. You can consult ANA's Cookie Policy here

Updating of Privacy Policy

If ANA decides to modify its privacy policy, this web page will be updated.


May 2018