Customer Privacy and Cookie Policy
Customer Privacy Policy – Avolta
This Privacy Policy explains how Dufry International AG (“Avolta”) and its affiliated companies (collectively, “Avolta Group”) collect, use, and protect personal data pertaining to you, as one of our customers (“Customers”). This applies when you use our mobile applications (such as the Club Avolta App if you are a member of Club Avolta loyalty program or other mobile applications, collectively “Apps”), visit our websites (“Websites”), when you visit or make purchases at our stores, use our Reserve & Collect service, or when you otherwise purchase or make use of our products or services (collectively, “Services”).
For information on how we use cookies and similar tracking technologies on our online services or tools, please refer to our Customer Cookie Policy, or to the Cookie Policy otherwise made available to you in the Apps or Websites you are visiting. The Cookie Policy provides details on the types of cookies we use, their purposes, and how you can manage your preferences. We do not currently respond to browser do-not-track signals, unless required by law.
Please note that, depending on your location, you may have some additional rights or there may be more specific information of which you should be aware. Please review the “Country Specific Information” below to see if any applies to you.
1. Who is the data controller?
The entity responsible for the processing of your personal data is Avolta. Avolta determines the purposes and means of the processing activities described in this Privacy Policy, including those related to your contractual relationship with Avolta and your participation in our loyalty programs (such as Club Avolta), if you are a member.
At the same time, please note that if you visit the Website of another entity of the Avolta Group, purchase or make use of our Services at a store operated by another entity of the Avolta Group, or if another entity of Avolta Group otherwise collects your personal data (e. g., through the store’s CCTV system), that entity will be responsible for processing your personal data.
Avolta or the respective entity of the Avolta Group determines the purposes and means of your personal data processing and therefore acts as the data controller(s) for your personal data (referred to in this Privacy Policy as “Company,” “we,” or “us”). The Company is responsible for ensuring compliance with applicable data protection laws in its jurisdiction regarding the processing of your personal data.
For any doubts regarding the specific contact details and / or the identity of the data controller for your personal data, please reach out to us by using the contact details in Section 9 below (“How can you contact us?”).
Please note that this Privacy Policy does not create contractual rights or obligations.
2. What personal data do we process?
The Company processes different types of your personal data, to the extent permitted under applicable laws and for the purposes set out below in Section 3 (“Why and how we use your personal data?”). If you do not provide certain personal data when requested, we may not be able to enter into or perform a contract with you or we may be prevented from complying with our legal obligations. At the time of data collection, we will indicate whether the data collection is optional and what are the consequences of failing to provide us with that personal data.
In particular, depending on your interaction with us (e.g., whether you are a member of our loyalty programs or whether you are not a member but visit one of our stores), we collect and process the following categories of personal data:
- Personal identifiers and contact information: your name, surname, contact details (e.g., email address, phone number), customer ID (if you are a member of one of our loyalty programs), flight number, Passenger Name Record (PNR), flight destination and passport number (when you make purchases at our stores). If you choose to participate in one our surveys following your visit to one of our stores, we also collect your nationality, age, reason for the visit, and the store that you have visited;
- Transaction information: information about the products you buy, their prices, payments methods and other personal data necessary to process your payments (e.g., last digits of your credit card / payment instrument information) for purchases online or in store;
- Account information: if you have set up an account on our Websites or signed up on our Apps, we will also process your username and password;
- Other personal data: any additional personal data that you provide to us when you interact with us or use our Services (e.g., when you reach out to us by email, telephone, or when you make a request or interact with our customer support service);
- Browsing data and other information: this includes information that is automatically collected by the Website and / or Apps as part of their routine operations, such as user interactions, events, demographic properties, traffic source information, session data, conversion data, ecommerce data and aggregated metrics;
- Images: if you visit our stores, we also collect your images caught on camera by our CCTV systems (where these are present).
Sensitive Personal Data
Generally, we do not intentionally collect or process personal data revealing your racial or ethnic origin, religious or philosophical beliefs, political opinions, trade union membership, genetic data, biometric data for uniquely identifying purposes, or data concerning your health, sex life, or sexual orientation (“Sensitive Personal Data”). We therefore kindly ask you to refrain from sharing any Sensitive Personal Data with us. Please note that, should we receive personal data that qualifies as Sensitive Personal Data, we will proceed with the immediate deletion of such information.
3. Why and how we use your personal data?
(i) Why we process your personal data and on what grounds?
We process your personal data for the following purposes and on the following legal bases:
- Providing you our Services – We will process your personal data for the provision of the Services that you have requested, under the terms of our contractual agreement with you. This includes the processing of your personal data for the establishment and subsequent management of our contractual relationship with you, such as the management of your account (if you have set up one on our Websites or Apps), loyalty program management and the sending of communications related to the performance of such contractual relationship. This also includes communications to assist with your shopping experience, such as reminders about products you have added to your shopping basket and other notifications regarding your orders. The processing of your personal data for this purpose is based on the necessity to perform and manage our contractual relationship with you;
- Responding to your inquiries and support requests – We will process your personal data to respond to requests for information or support requests you may have. The processing of your personal data for this purpose is based on the necessity to perform and manage our contractual relationship with you;
- Complying with legal obligations – Your personal data is processed for the purpose of meeting our legal obligations, including recordkeeping and internal and external reporting requirements under various global legal frameworks. This also includes compliance with any other applicable legal requirement in the relevant jurisdiction (e.g., tax obligations, or responding to legal requests from competent authorities). The legal requirements to which we are subject serve as the legal basis for the processing of your personal data for this purpose;
- Protecting our interests and those of third parties – Where needed, your personal data may be used to investigate and address legal claims or to otherwise protect our rights and interests and those of third parties in legal proceedings, as well as in pre-contentious situations. This purpose also includes the processing of your personal data for ensuring the security of our systems and premises, for reporting potentially illegal activities perpetrated against us, and for preventing or detecting any abuse or fraudulent activity against us. This includes ensuring compliance with the terms and rules of our loyalty programs (such as Club Avolta), if you are a member. The processing of your personal data for this purpose is based on our legitimate interest, or another adequate legal basis depending on the specific jurisdiction, in protecting our rights and those of third parties;
- CCTV – When you visit our stores, we may process your personal data through our CCTV systems (where these are established). The purpose of CCTV usage is to ensure the safety and security of our property, premises, and staff, as well as to prevent and detect criminal activities. The recording of CCTV footage is based on our legitimate interest, or another adequate legal basis depending on the specific jurisdiction, in maintaining security at our locations;
- Marketing – We may process your personal data to send you personalised communications or notifications promoting our Services via email, SMS, WhatsApp, push notifications, or WeChat (where applicable). Additionally, we may contact you to conduct market research, invite you to participate in customer satisfaction surveys, or seek your opinion on our Services. Please note that you have the option to specify your preferred contact channels when providing your consent. Additionally, you can update your preferences at any time by accessing the Preference Page or the dedicated area of your account (if you are a registered user), as detailed in Section 9 (“How can you contact us?”). This processing is based on your prior consent. Please note that in certain jurisdictions, we may be able to send you marketing communications related to products and services similar to those you have already purchased without the need to collect your prior consent, subject to your right to object to such communications. With your consent, we may also use your travel details, including information from your Passenger Name Record (PNR), to offer you personalized travel services and offers while you navigate our Websites or use our Apps;
- Customer satisfaction surveys and Services improvement – If you voluntarily choose to participate in one of our customer satisfaction surveys (in particular, by scanning the QR available at one of our stores), we also process your personal data to collect your opinion and evaluation of our Services. The processing of your personal data for this purpose is based on our legitimate interest in collecting your feedback to improve our Services;
- Mergers and acquisitions – Your personal data may also be processed in connection with corporate transactions we may undertake, such as mergers, acquisitions, or the sale or transfer of all or part of our assets or business, including the related due diligence process. The processing activities conducted for this purpose are based on our legitimate interest in conducting and managing such corporate transactions.
Where required by applicable law, we have carried out balancing tests for the data processing based on our or a third party’s legitimate interests to ensure that such legitimate interest is not overridden by your interests, fundamental rights, or freedoms. For more information on our balancing tests, you may reach out to us by using the contact details in Section 9 below (“How can you contact us?”).
Please also note that, in certain jurisdictions, we may need to seek your consent before conducting one or more processing activities described above, where so required by applicable local law.
(ii) How we process your personal data
Your personal data will be processed by the Company by electronic means as well as by organized filing systems of hardcopy documents.
Currently, we do not use automated decision-making processes or profiling in the context of Customers processing activities that may produce legal effects and that may otherwise significantly affect you.
4. Where do we collect your personal data?
Your personal data may be collected:
- Directly from you (e.g., when you sign up on our Websites or our Apps, submit queries or responses to our customer satisfaction surveys, or otherwise communicate or interact with us);
- Automatically from your interaction with us (e.g., when you browse our Websites or use our Apps);
- Information from other sources and, in particular, from other Avolta Group entities, from our partners, and, where applicable, service providers.
Third parties sharing your personal data with us are required to have a legal basis for doing so: once received, we process your personal data according to this Privacy Policy and any applicable laws.
5. With whom do we share your personal data?
Where necessary for the Company to offer its Services to you, to perform its contract with you, and for the other purposes described in this Privacy Policy, we may share your personal data on a strict need-to-know basis with other entities within the Avolta Group. This sharing will occur only where it is lawful and required for the purposes outlined in Section 3 above (“Why and how we process your personal data?”).
Additionally, we may share your personal data with the following categories of recipients globally, in accordance with applicable data protection laws:
- Avolta senior management, legal department, compliance personnel, and human resource managers and staff for any of the purposes described in Section 3 above (“Why and how we process your personal data?”);
- Governmental organizations or agencies: including law enforcement, immigration authorities, and port/airport/railway authorities in various countries, as required by law or for security clearance purposes. This includes applicable tax, and mandatory fund administrators;
- External advisors: such as legal counsel and auditors operating internationally or in specific regions. This also includes financial consultants and professional advisers;
- Commercial partners: only if permitted by applicable laws and with appropriate safeguards in place. This includes Avolta Group service providers or other third parties where this is helpful to developing the business (for example, to compete for, or meet obligations under, an existing or possible contract);
- Airport authorities or other operators or landlords who govern your access to their premises at secure locations at the airports or other venues and require restricted access rights to be administered by such authorities to allow such access to be granted to you;
- Third-party service providers: These include vendors that assist us in operating our business and in offering and providing our Services, such as providers of information technology and IT support services, marketing agencies, and other service providers connected to or supporting the provision of our Services. These providers process personal data on our behalf under strict contractual agreements that ensure data security and confidentiality in line with global best practices and local legal obligations. These providers generally act as data processors on our behalf;
- Judicial authorities, arbitration tribunals, and counsel and advisors involved in the relevant litigation or dispute (where applicable);
- In the event of a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, purchase or sale of assets, or transition of service to another provider, your information may be sold or transferred as part of such a transaction, as permitted by law and/or contract.
In addition, we may provide data to a third party if we believe in good faith that we are required to do so for legal reasons or that this is necessary to prevent harm or injury to us, our staff, users or members of the public, or if we need to do so to defend our legal rights. For example, we may provide personal data if we are ordered by a court to do so.
The Company takes appropriate measures to ensure that anyone receiving your personal data maintains its confidentiality and security in accordance with global standards and local requirements.
6. For how long do we retain your personal data?
Our retention policies require that personal data be retained for no longer than required to fulfil the purposes for which it was collected.
In general, the following criteria apply:
- Personal data that is collected in connection with the provision of our Services to you is retained for the time strictly necessary to manage our contractual relationship with you and for the time permitted by applicable laws to protect our interests (including any statutory limitation periods for potential claims arising from that relationship, which is generally set in ten years);
- Personal data processed in compliance with the legal obligations to which we are subject will be kept for the period required by law;
- Personal data processed in the context of surveys that we conduct to understand your level of customer satisfaction or to otherwise collect your feedback and opinion on our Services will be anonymized and aggregated, once the individual analysis of your responses is complete;
- Personal data processed to protect our interests and those of third parties is kept for the time permitted by applicable law to protect our interests and those of third parties;
- Personal data processed on the basis of your consent is retained for as long as we maintain your consent to such processing activities, unless a shorter retention period is applied in accordance with our policies and applicable legislation;
- CCTV footage is typically retained for the time permitted by applicable law and unless a longer retention period is justified for the purposes of detecting or investigating potential security threats at our locations or where so requested by competent enforcement authorities according to applicable law.
Please note that the retention periods indicated above may be subject to changes and adjustments in specific jurisdictions, as needed to comply with applicable legal requirements. In specific circumstances, and in accordance with applicable law, the Company may also retain your personal data for longer periods of time (such as for the duration of the relevant statute of limitation), so that we have an accurate record of your conduct in the event of any dispute. In all cases, where your information is no longer required, the Company will ensure it is disposed of in a secure manner.
For more detailed information on the retention periods that we apply to the different data categories, please reach out to us by using the contact details provided in Section 9 below (“How can you contact us?”).
7. Do we transfer your personal data outside your country/region?
As a global multinational company operating worldwide, we may need to transfer your personal data to countries outside your country or region. This may occur, for example, when the entities of the Avolta Group or its service providers are located in other countries that may have different data protection laws than your country of residence.
For all such international transfers, we implement appropriate safeguards or other transfer tools in accordance with applicable data protection laws, including but not limited to:
- Standard contractual clauses approved by relevant authorities (e.g., the European Commission's EU Standard Contractual Clauses) alongside any necessary supplementary measures where applicable;
- Adequacy decisions adopted by the European Commission or other competent body in the relevant jurisdiction under which it is established that the recipient country provides an adequate level of data protection;
- Any other lawful transfer mechanisms as permitted by local laws, including, where so required, your consent to the transfer (in which case we will take appropriate steps to seek your consent).
We will also implement any necessary supplementary measures to ensure that your personal data receives an adequate level of protection in the recipient country, in accordance with applicable legal requirements. We will also be mindful of any data localization requirements in specific regions.
8. What are your rights?
Depending on the data protection laws applicable in your jurisdiction, you may be entitled to exercise the following rights by contacting us as specified below in Section 9 (“How can you contact us?”):
- Access: to obtain confirmation as to whether or not your personal data is being processed and to access such personal data;
- Rectification: to request the correction of inaccurate or incomplete personal data;
- Erasure (or “right to be forgotten”): to request the deletion of your personal data;
- Restriction: to request the restriction of the processing of your personal data;
- Data portability: to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller;
- Object: to object to the processing of your personal data in certain situations, based on relevant grounds related to your particular situation, which you believe must prevent us from processing your personal data;
- Withdraw consent: to withdraw your consent (if the processing of your personal data is based on your consent under applicable law), at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You also have the right to lodge a complaint with the relevant data protection supervisory authority in the country of your habitual residence, place of work, or place of any alleged infringement, if you believe our processing of your personal data infringes applicable laws. Depending on the specific laws applicable in your jurisdiction, you may also be entitled to the right to claim compensation for the damages arising from the unlawful processing of your personal data.
The specific rights available to you may vary depending on your location and the applicable data protection laws.
9. How can you contact us?
If you wish to exercise your rights or to otherwise request additional information on the processing of your personal data, you can contact us by sending a written request to the following e-mail address: privacy@avolta.net or to the following postal address: Dufry International AG, Brunngässlein 12 Basel, 4052 Switzerland Attention: Global Data Protection Officer.
Regarding marketing communications, you may also adjust your preferences through our Preference Page. If you are an authenticated user (i.e., you have set up your account on one of our Websites or on our Apps), you may also adjust your marketing preferences by using the dedicated section within your account. Alternatively, you may revoke your consent to receiving marketing communications by clicking the “Unsubscribe” link located in the footer of such communications.
To process your request, we may need to verify your identity. In compliance with applicable data protection law, we aim to respond to your request within one month of receipt (or a shorter period if required by local laws). If we are unable to respond within this timeframe, we will inform you of this delay and the reasons for it. Please note that, in some cases, it is possible that our response will be delayed, limited, or excluded based on applicable local legislation.
We will generally respond to your requests free of charge. However, under certain circumstances (e.g., if your requests are manifestly unfounded or excessively repetitive), we may charge a reasonable fee based on administrative costs, as permitted by applicable law. In some jurisdictions, rights related to the personal data of deceased individuals may be exercised by their legal representatives or family members as per local regulations.
10. What is not covered by this Privacy Policy?
This Privacy Policy explains and covers the processing activities we carry out as data controller. This Privacy Policy does not cover processing activities carried out by parties other than the Company which process personal data for independent processing purposes. We do not assume responsibility for the processing of your personal data by these third parties. For example, please note that this Privacy Policy does not cover the processing activities conducted by our partners or by other independent business owners that may have entered into partnerships with us (e.g., for the operation of any of our loyalty programs such as Club Avolta, if you are a member). Please refer to their own privacy practices for information on how they collect and use their own customers’ personal data.
Please also note that you may receive more specific privacy notices, covering other processing activities that we may undertake with respect to your personal data.
11. Changes to our Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our global practices or legal requirements. Any changes will be effective when posted on our Websites or Apps. We encourage you to review this Privacy Policy periodically. In the event of substantial changes, we will notify you of such changes, as required by applicable law. If you do not agree with any changes, you should refrain from continuing to use our services or access our websites or Apps.
Last updated: 15 October 2025
Country Specific Information
TURKEY
To the extent the processing of your personal data falls within the scope of the data protection laws of Türkiye, Turkish Data Protection Law numbered 6698 (“TDPL”) will be applicable to the data processing activities described in this Privacy Policy.
Sensitive Personal Data
If the processing activities described in this Privacy Policy involve the collection of personal data that qualifies as Sensitive Personal Data under TDPL is collected, we will only be able to lawfully process such data upon your explicit consent for the purposes mentioned in Section 3 above (“How and why we use your personal data?”), unless another legal basis applies. In such cases and where so required by the TDPL, we will take the necessary steps to seek your consent.
Data Subjects’ Rights
Under TDPL, if your request is to be responded to in writing, you may be charged per page over ten pages. In cases where the request is responded to by means of a recording medium like a CD or a flash memory, you may be charged at the cost of the recording medium.
CHINA
To the extent the processing of your personal data falls within the scope of data protection laws in China, the Personal Information Protection Law of the People’s Republic of China (“PIPL”) as well as other relevant Chinese data protection laws, regulations, guidelines and standards will be applicable to the data processing activities described in this Privacy Policy.
Sensitive Personal Data
Some of the personal data we collect for the purposes described in this Privacy Policy may be classified as Sensitive Personal Data under PIPL. Where this is the case, where the processing is not specifically mandated by or conducted in connection with a legal obligation to which we are subject and where none of the other legal bases provided by PIPL is applicable, we may need to collect your consent in order to lawfully process such Sensitive Personal Data for the purposes mentioned under Section 3 above (“Why and how we use your personal data?”). In such cases and where so required by the PIPL, we will take the necessary steps to seek your consent.
Transfer of Personal Data
As mentioned in Section 7 above (“Do we transfer your personal data outside your country/region?”), as a global company operating in the food & beverage and travel retail sectors worldwide, we may need to transfer your personal data to countries or regions outside China. In such cases and where so required by the PIPL, we will take the necessary steps to seek your consent to such transfer and adopt other mandatory measures.
Legal Basis
Since legitimate interest is not recognised as a valid legal ground for the processing of your personal data under the PIPL, in order to carry out some of the activities described in Section 3 above (“Why and how we use your personal data?”), we may need to collect your prior consent. In such cases and where so required by the PIPL, we will take the necessary steps to seek your consent.
Data sharing with Avolta Group entities
As explained in Section 5, we may share your personal data with Avolta Group entities that are located outside of the People’s Republic China for the same purposes within the same retention period as described in this Privacy Policy.
The overseas entities that may receive your personal data will be communicated to you upon your request via the contact e-mail address or the postal address in Section 9. For the processing of your personal data by these entities, you may also contact us via the contact e-mail address or the postal address in Section 9 to exercise your statutory rights under Chinese law in respect of your personal data.
MEXICO
To the extent the processing of your personal data falls within the scope of the data protection laws of Mexico, Federal Law on the Protection of Personal Data Held by Private Parties (“LFPDPPP”) will be applicable to the data processing activities described in this Privacy Policy.
Sensitive Personal Data
If the processing activities described in this Privacy Policy involve the collection of personal data that qualifies as Sensitive Personal Data under LFPDPPP, we will only be able to lawfully process such personal data upon your consent for the purposes mentioned under Section 3 above (“Why and how we use your personal data?”), unless the processing is specifically mandated by or conducted in connection with a legal obligation to which we are subject. In such cases and where so required by the LFPDPPP, we will take the necessary steps to seek your consent.
Transfer of Personal Data
As mentioned in Section 7 above (“Do we transfer your personal data outside the country/region?”), as a global company operating in the food & beverage and travel retail sectors worldwide, we may need to transfer your personal data to countries or regions outside Mexico. Unless a statutory exception applies and where so required by LFPDPPP, we will take the necessary steps to seek your consent to such transfer and adopt other mandatory measures.
US – California
To the extent the processing of your personal data falls within the scope of the California Consumer Privacy Act (“CCPA”) this section applies and supplements the information provided in the general Privacy Policy. As used in this section, Personal Information and Sensitive Personal Information are used as defined in the CCPA. For example, under the CCPA, Sensitive Personal Information is defined to include data such as social security or state identification card number, immigration status, genetic data, and account log-in in combination with any required security or access code.
Below, we identify (1) the categories of Personal Information and, where applicable, Sensitive Personal Information that we plan to collect and use, and have collected and used within the preceding twelve months; (2) the categories of recipients to which we have disclosed each category of Personal Information or, where applicable, Sensitive Personal Information for our operational business purposes within the preceding twelve months; and (3) the categories of Personal Information and, where applicable, Sensitive Personal Information, we have sold or shared within the preceding twelve months, as “sale” and “sharing” are defined in the CCPA.
We do not sell Personal Information in the traditional sense of the word, for monetary consideration. However, because the definitions of “Sale” and “Sharing” under the CCPA are broad enough to potentially include the disclosure of your information to certain types of advertising and marketing partners, we provide consumers with the right to opt-out of any such Sale or Sharing of their Personal Information. We do not knowingly Sell or Share the Personal Information of anyone under 16 years old.
Category of Personal Information Collected
|
Category of Personal Information Collected
|
Disclosed to Which Categories of Recipients for Operational Business Purposes | Sold and/or shared? If so, to Which Categories of Third Parties |
| Identifiers, such as name, postal address, email address, online identifiers, or other similar identifiers. | Our corporate affiliates | Third-party service providers that provide marketing and advertising services to us |
| Third-party service providers that provide services to us, such as marketing and advertising | ||
| Enforcement authorities or other parties pursuant to law | ||
|
Characteristics of protected classifications under California or federal law, such as age or gender. |
Our corporate affiliates | Third-party service providers that provide marketing and advertising services to us |
| Third-party service providers that provide services to us, such as marketing and advertising | ||
| Enforcement authorities or other parties pursuant to law | ||
| Commercial information, such as history of products or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies. | Our corporate affiliates | Third-party service providers that provide marketing and advertising services to us |
| Third-party service providers that provide services to us, such as [IT support, marketing and advertising, and payment processing | ||
| Enforcement authorities or other parties pursuant to law | ||
| Internet or other similar network activity, such as browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. | Our corporate affiliates | Third-party service providers that provide marketing and advertising services to us |
| Third-party service providers that provide services to us, such as marketing and advertising | ||
| Enforcement authorities or other parties pursuant to law | ||
| Inferences drawn from other Personal Information to create a consumer’s profile reflecting, such as personal preferences or characteristics, behavior and attitudes. | Our corporate affiliates | Third-party service providers that provide marketing and advertising services to us |
| Third-party service providers that provide services to us, such as marketing and advertising | ||
| Government authorities or other parties pursuant to law |
Data Subject’s Rights
California residents have the following additional rights:
- Requests to Opt-Out of Sale and Sharing
You may opt out of our “sale” of Personal Information or “sharing” of Personal Information.
To opt-out of Sale or Sharing, please visit our “Your Privacy Choices” page or by contacting privacy@avolta.net. We also recognize opt-out preference signals as required by the CCPA.
- Nondiscrimination
You have the right to be free from unlawful discriminatory treatment for exercising any of your CCPA rights.
- Financial Incentives
From time to time, we may offer a program, benefit, or other offering in exchange for the collection, retention, sale, or sharing of Personal Information to us (collectively, “Financial Incentive”), such as your contact information. Any discount we provide will be based upon our reasonable but sole determination of the estimated value of your Personal Information, taking into consideration, without limitation, estimates regarding anticipated revenue generated from such information, the anticipated expenses which might be incurred in the collection, storage, and use of such information in the operation of our business, and other relevant factors related to the estimated value of such information to our business, as permitted under applicable law. We may provide additional notice of the details of the particular Financial Incentive as required, and participation in any Financial Incentive programs is on an opt-in basis. If you later wish to opt-out of a Financial Incentive program on a going-forward basis, you may submit a request to us via the contact e-mail address or the postal address in Section 9.
ARGENTINA
To the extent the processing of your personal data falls within the scope of the data protection laws of Argentina, the Personal Data Protection Law No. 25,326 (“DPL”) will be applicable to the data processing activities described in this Privacy Policy.
Sensitive Personal Data
Some of the personal data we collect for the purposes described in this Privacy Policy may be classified as Sensitive Personal Data under the DPL. Where this is the case, by consenting to this Privacy Policy you provide your express, prior and informed consent to the processing of your Sensitive Personal Data by us.
International Data Transfers
As mentioned in Section 7 above (“Do we transfer your personal data outside your country/region?”), as a global company operating in the food & beverage and travel retail sectors worldwide, we may need to transfer your personal data to countries outside Argentina. This may occur, for example, when the entities of the Avolta Group or its service providers are located in other countries that may have different data protection laws than your country of residence.
Where necessary for the purposes described in this Privacy Policy, we may transfer your personal data outside of Argentina, including to jurisdictions that may not provide the same level of protection of that existing in Argentina. By consenting to this Privacy Policy, you expressly acknowledge and agree to such international transfers. In such cases, we will implement the necessary safeguards to ensure that your personal data is transferred in compliance with applicable international data transfer requirements.
Data Subject Rights
Following what is set out in Section 8 ("What are your rights"), under the DPL you are entitled to the following rights: (i) access, (ii) rectification, (iii) erasure, and (iv) withdrawal of consent. Please note that the DPL does not recognize the rights to restriction, data portability, or objection.
In accordance with the DPL, we will respond to your request for access to your personal data within ten calendar days of receiving the request. Requests for rectification or suppression of your personal data will be responded to within five business days of receipt.
You may access the information you provided to us, free of charge, at intervals of no less than six months, unless you can prove a legitimate interest to that effect, as provided for in the DPL.
Please be informed that the Agency of Access to Public Information, in its capacity as the Control Agency of Law No. 25.326, is responsible for dealing with complaints and claims filed by data subjects whose rights are affected by non-compliance with the regulations in force regarding the protection of personal data.
Legal basis
Since legitimate interest is not recognized under the DPL as a lawful basis for the processing of personal data, the processing activities described in this Privacy Policy require your express consent. Therefore, by consenting to this Privacy Policy, you authorize the processing of your personal data as outlined herein.
In this regard, by consenting to this Privacy Policy, you confirm that you have read and understood this Privacy Policy and, where applicable, you expressly, voluntarily, informedly, and unequivocally consent to the processing of your personal data by us, including the transfer of your personal data and the processing of your Sensitive Personal Data, in accordance with the terms of this Privacy Policy.
Cookie Policy – Avolta
This Cookie Policy explains how Avolta Group and its affiliated companies (collectively, "Avolta Group" or "Avolta," "we," "us") use cookies and similar tracking technologies on our websites and online services related to recruitment.
This Cookie Policy aims to provide you with clear and comprehensive information about the cookies we use and your choices regarding them, in accordance with applicable data protection law.
This Cookie Policy should be read in conjunction with our Privacy Policy. For additional information about the entity responsible for processing your personal data (the data controller) and the rights you can exercise, please consult the Privacy Policy. If you have any additional questions, please contact us at: privacy@avolta.net or to the following postal address: Dufry International AG Brunngässlein 12 Basel, 4052 Switzerland Attention: Global Data Protection Officer.
1. What are cookies and similar tracking technologies?
When you visit our website, we use “cookie” technology to make your experience simple, personalised and meaningful. These cookies are not edible, but small pieces of information which are issued to your computer or any similar device you use to access the internet (e.g., smart phone, tablet or other mobile device). They are generally used to make our website work, to let us know how you’re using the website, to remember your login details, your preferences, and interests. Cookies may also be used to allow tracking of your browsing activities within a website, for statistical or advertising purposes.
We may also use other similar tracking technologies, such as:
- Pixel tags (web beacons): Small graphic images (or code) embedded in web pages and emails that track your interaction with our content.
- Browser and device identifiers: Unique strings that can be used to identify your browser or device.
- Local storage: Technology that allows websites to store data locally on your device.
- Software Development Kits (SDKs): These are sets of tools and code that are embedded in our mobile applications. SDKs allow us and our partners to collect information about how you use our apps, similar to how cookies and other technologies are used on websites. They can be used for analytics, functionality, and advertising purposes within the app environment. For additional information see section “Tracking Technologies in Our Mobile Applications”.
For the purposes of this Cookie Policy, the cookies or other tracking technologies used in our website will collectively be referred to as “cookies”.
There are different types of cookies, and they can be differentiated by their origin, function and lifespan.
Some cookies are set by us and some are set by third parties who we work with. “First-party cookies” are cookies that are placed by us, while “third-party cookies” are placed by a website other than the one you are visiting. It’s important to know that we do not control the collection or further use of data by third parties.
Depending on their lifespan, cookies may also be distinguished between “browsing / session cookies” and “persistent cookies”. Session cookies are temporary cookies that are erased once you close your browser while persistent or permanent cookies stay on your device until you manually delete them or until your browser deletes them based on the duration period specified in the persistent cookie file.
Depending on their functions, cookies can be further divided in different categories. Please find below the list of cookies used by Avolta:
- Essential Cookies: These cookies are required for the operation of this website and cannot be turned off. They are essential for you to navigate the site and use its basic features.
- Analytical Cookies: (first party and third party): These cookies allow us and our third-party analytics providers to collect information about how you use our website. This data helps us understand and improve your browsing experience, measure website effectiveness, and optimize performance. You can choose to enable or disable these cookies in the Cookie Consent manager.
- Functional Cookies (first party): These cookies enable our website to remember choices you make, enhancing your experience with personalized features and convenience. You can choose to enable or disable these cookies in the Cookie Consent manager.
- Advertising Cookies (first party and third party): These cookies, including social media cookies, are used by us and our third-party advertising partners to track your browsing activity to show you relevant advertisements on our website and other sites. They also help us measure the effectiveness of our advertising campaigns. You can choose to enable or disable these cookies in the Cookie Consent manager.
2. Specific cookies we use
For a detailed list of the specific cookies we use within each category, please refer to the Cookie Consent manager accessible in the footer page or Settings section of the app. The Cookie Consent manager provides up-to-date information on the names, providers, purposes, and duration of each cookie.
3. Tracking technologies in our mobile applications
When you use our mobile applications, we and our partners may collect information through the use of Software Development Kits (SDKs) and other similar technologies. These technologies function similarly to cookies on websites, allowing us to understand how you interact with our apps, personalize your experience, and provide relevant content and advertising.
We may use SDKs and similar technologies in our apps for the following purposes, which align with the cookie categories described above:
- Essential Functionality: Some SDKs are essential for the basic operation of our apps, enabling core features and security. These may be necessary for the app to function correctly.
- Analytics: We use analytics SDKs (both our own and third-party) to collect data about your app usage, such as how often you use the app, which features you interact with, and any errors you encounter. This helps us to understand user behavior, improve the app's performance, and enhance the user experience.
- Functionality: SDKs may enable us to remember your preferences within the app, such as language settings or personalized display options, providing a more tailored experience.
- Advertising: We and our advertising partners may use SDKs to track your activity within our apps and potentially across other apps to show you relevant advertisements for Avolta job openings or related content that may be of interest to you. These SDKs may also help us measure the effectiveness of our advertising campaigns.
Managing Your Tracking Technology Preferences in Our Apps
Our mobile applications may provide specific controls within their settings menus to manage your preferences regarding the use of certain tracking technologies, particularly those used for analytics and advertising. We encourage you to review the privacy settings within each of our apps for information on how to control your preferences. In some cases, your device operating system may also provide settings that limit certain types of tracking.
For more detailed information about the specific SDKs and other tracking technologies used in our mobile applications, please refer to the specific privacy notices or consent mechanisms provided within those apps.
4. Managing your cookie preferences
Upon your first visit to the website, by interacting with the cookie banner displayed on your first visit, you can (i) accept all cookies by clicking the “Accept All Cookies” button, (ii) proceed without giving consent and continue with the default settings, which only use essential cookies as necessary for the functioning of the website, by clicking ""Reject Non-Essential Cookies”/”X” button, or (iii) selectively choose specific categories of cookies by clicking “Manage Cookie Preferences”.
On any subsequent visit to the website, you can select which cookies to authorize through the “Cookie Consent” manager section available in the footer of the website.
Please note that you may also be able to authorize, block, or delete (in whole or in part) cookies through the specific functions of your browser. For more information on how to customize your browser settings to enable or disable cookies, you may consult the following link: How to Manage Cookies.
Note: Please note that disabling essential or certain functional cookies may impact your browsing experience on our website.
5. Changes to our Cookie Policy and additional information
We may update this Cookie Policy from time to time to reflect changes in our global practices or legal requirements. Any changes will be effective when posted on our website. We encourage you to review this Cookie Notice periodically. In the event of substantial changes, we will notify you of such changes or request that you update your cookie preferences in light of such changes, as required by applicable law. If you do not agree with any changes, you should refrain from continuing to use our services or access our websites.
Last updated: 15 October 2025