(Last updated: December 2025)
Purpose
This Cookies Policy explains how Athens International Airport S.A. (AIA, we, us, or our) uses cookies and similar technologies on our websites and digital platforms, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national legislation.
Data Controller
The controller responsible for the use of cookies and processing of personal data through our Website is Athens International Airport S.A. (AIA), Attiki Odos, Spata, Attica, 19019, Greece.
For any questions related to the processing of your personal data or the exercise of your rights, you may contact our Data Protection Officer (DPO) at privacy@aia.gr.
What Are Cookies?
Cookies are small text files stored on your device (computer, smartphone or tablet) when you visit a website. They enable the website to recognize your device and remember your actions and preferences.
We also use pixels, also known as tags or web beacons, which are small invisible images embedded in web pages or emails that help us understand how users interact with our content and campaigns.
You can at any time change or withdraw your consent by visiting the Cookies Settings section on our website.
Where We Use Cookies
Cookies and similar technologies are used across AIA’s digital platforms (Websites):
Why We Use Cookies
We use cookies to:
Types of Cookies
Cookies differ by duration and purpose.
By Duration
By Purpose
If a cookie is used for Marketing or Preference purposes, it is categorized as Marketing/Preferences. This allows us to apply the highest level of consent required for multi-purpose cookies.
Ownership of Cookies
Third parties placing cookies on our Website act as independent data controllers for their processing activities.
Local Storage
We also use the browser’s Local Storage to enable certain functionalities (such as AI chatbot sessions). Non-personal session information is stored temporarily and may be retained for up to two months. Certain persistent identifiers or consent preferences may be stored for longer periods to maintain user settings, improve functionality, or demonstrate compliance with GDPR requirements. These persistent data items are not used for advertising or tracking purposes beyond what is necessary for service functionality.
Legal Basis for Processing
Non-essential cookies are not activated until you have provided your explicit consent through our Cookies Settings panel. You may modify your choices at any time.
Managing Your Cookies Preferences
When visiting our website, you can select or reject non-essential cookies through our Cookies Banner. Your preferences are stored for 180 days, after which you will be asked to reconfirm them. Our Cookies consent management platform records your consent status and preferences (date, time and type of consent) to demonstrate compliance with GDPR requirements.
You can also manage cookies via your browser settings. Please note that disabling essential cookies may affect the proper functioning of the website.
Third-Party Recipients
Some cookies involve processing by third parties (e.g. Google, Meta, Microsoft). These parties may process data outside the EEA under appropriate safeguards, such as the European Commission’s Standard Contractual Clauses (SCCs). You can learn more about how these providers process your data by reviewing their respective privacy or cookies policies.
Data Retention
Personal data collected through cookies is retained only for as long as necessary for the purposes stated and in accordance with the cookies’ expiry period shown in the table. Once the period expires, data is either deleted or anonymized.
Your Rights
You have the right to request access to your personal data, rectification, erasure (“right to be forgotten”), restriction of processing, data portability and to object to processing, in accordance with Articles 15–22 of the GDPR.
You also have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may exercise these rights by contacting our DPO at privacy@aia.gr
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA): www.dpa.gr
Updates to This Policy
We may amend this Policy from time to time. Any updates will be published on this page with a revised “Last updated” date.
| Cookie Name | Description | Type | Expiry | First/Third Party |
|---|---|---|---|---|
| cptmpc3 | Transient cookie that holds data required for an event or interaction across a page transition. Expires immediately after use. | HTTP | Session | First-party |
| ASP.NET_SessionId | Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit. | HTTP | Session | First-party |
| AIA.Authentication* | Used for managing user authentication, allowing the site to recognize logged-in users and maintain their authenticated session.
|
HTTP | Session | First-party |
| TS01* | Security cookie generated by the website’s application firewall/load balancer. It helps maintain session integrity, validate requests, and protect the site against malicious traffic or tampering. | HTTPS | Session | First-party |
| concessionaires* | Used by the Concessionaires App to manage login sessions for authenticated users only. | HTTP | Session | First-party |
| ai_session | Used by Microsoft Application Insights to collect statistical usage and telemetry information. | HTTP | 30 minutes | First-party |
| __utmz | Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics. | HTTP | 6 months | Google (Third-party) |
| .AspNetCore.Antiforgery.* | This cookie is used by ASP.NET Core to validate that form submissions originate from the authenticated user and the legitimate site. | HTTP | Session | First-party |
| __RequestVerificationToken | Set by web applications built with ASP.NET MVC. This cookie is used to prevent Cross-Site Request Forgery (CSRF) attacks by verifying that requests made to the server are legitimate and originate from the current user. | HTTP | Session | First-party |
| ai_user | Used by Microsoft Application Insights to collect statistical usage and telemetry information. | HTTPS | 12 months | First-party |
| _track_flight_* | Used to remember the flights that a user tracks or follows on the website. | HTTP | 24 hours | First-party |
| incap_ses_* | This is an Incapsula DDoS Protection and Web Application Firewall cookie that is used to relate HTTP requests to a certain session. | HTTP | Session | First-party |
| visid_incap_* | Set by Imperva Incapsula, this cookie assigns a unique visitor ID and is used to recognize returning visitors and improve site security. It helps detect and mitigate malicious traffic while ensuring legitimate users can access the site. | HTTPS | 1 year | Imperva Incapsula (Third-party) |
| cptmpc2 | Works in conjunction with related temporary cookies to carry data across a single page reload. Removed after the event is triggered. | HTTP | Session | First-party |
| cptmpc1 | Temporary cookie used to store data for an internal event that is triggered after a page reload. Automatically removed on the next page refresh. | HTTP | Session | First-party |
| TS42ca1e71027 | Security-related cookie set by the website’s infrastructure provider (e.g., Imperva or Wix). Used to maintain session integrity and protect against malicious activity. | HTTP | Session | First-party |
| AIA.BCE | Temporary cookie used during the parking reservation process. Stores selection data such as location or timeslot to ensure completion of the booking flow. | HTTPS | 10 minutes | First-party |
| __utma | This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behavior and measure site performance. This cookie lasts for 2 years by default and distinguishes between users and sessions. It used to calculate new and returning visitor statistics. The cookie is updated every time data is sent to Google Analytics. The lifespan of the cookie can be customized by website owners. | HTTP | 2 years | Google (Third-party) |
| ApplicationGatewayAffinityCORS | Used for maintaining user sessions. This cookie is set by this website as it runs on the Windows Azure cloud platform. It enables web browser traffic to be kept assigned to single server during certain sections of website. | HTTP | Session | First-party |
| cpab | Stores a unique session identifier, used for analytics tracking or user session continuity within integrated platforms (e.g., Facebook Pixel). | HTTP | 1 year | Facebook (Third-party) |
| Identity.External* | Used for user authentication. | HTTPS | Session | First-party |
| __utmc | Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit. | HTTP | Session | Google (Third-party) |
| igate* | Session-based cookie for managing user authentication within the IGATE application. Ensures users stay logged in during session. | HTTP | Session | First-party |
| __Secure-ROLLOUT_TOKEN | This cookie is used by the Windows Azure Application Gateway in addition to ApplicationGatewayAffinity to maintain sticky session even on cross-origin requests (information received from a resource with a different domain name). | HTTP | Session | First-party |
| _vfp | Used to remember that user has voted in Vote for Parthenon page. | HTTP | 400 days | First-party |
| x-ms-cpim-cache | Microsoft Identity cookie used to store session cache data. | HTTP | Session | First-party |
| aia_session_cookie | This cookie is set by Microsoft Application Insights, which is a service for monitoring and tracking application performance. The aia_session_cookie is used to track user sessions and collect telemetry data about interactions with the website or application. | HTTPS | session | First-party |
| bi | Used to support server load balancing by assigning a unique session identifier. Helps distribute user traffic evenly across infrastructure. | HTTP | 1 year | First-party |
| .AspNetCore.OpenIdConnect.Nonce.* | This cookie is set by ASP.NET Core applications when using OpenID Connect for user authentication. | HTTPS | 15 minutes | First-party |
| x-ms-cpim-trans | Microsoft Identity cookie used for transaction management and state. | HTTP | Session | First-party |
| pcms_cookie_bot_2fee | This cookie is used to store user cookie preferences. | HTTP | 6 months | First-party |
| ApplicationGatewayAffinity | Set by Azure Application Gateway to ensure a user's session stays routed to the same server during their visit (session stickiness). | HTTP | Persistent cookie | First-party |
| .AspNetCore.Correlation.* | This cookie is set by ASP.NET Core when OpenID Connect or OAuth authentication is used. It helps to manage and correlate authentication requests, ensuring that the response from the authentication provider matches the request initiated by the user. | HTTPS | 15 minutes | First-party |
| x-ms-gateway-slice | Microsoft cookie used for load balancing across server gateways. | HTTP | Session | First-party |
| cp_laternotif | Used as a session kill switch for the native push subscription dialog box. When the allow notifications browser native prompt is shown the user can choose to click the 'x' or 'Ask later' for the dialog box to close without taking an action. This closes the prompt but on the next refresh it will reappear in order for the user to give an answer. Because this is an annoying behavior ContactPigeon chose to set the 'cp_laternotif' cookie as 'yes' for the integration agent to know that the user should not be bothered until later (expires and resets on each session). | HTTP | Session | First-party |
| _GRECAPTCHA | This cookie is set by Google reCAPTCHA v3 and is used to validate that the website user is human and not a bot. | HTTP | 6 months | Google (Third-party) |
| cp_trigger_add2cart | Used as a session add2cart flag. It indicates the addition of the sessions's first item to cart. (expires and resets on each session) | HTTP | Session | First-party |
| __utmb | This is one of the four main cookies set by the Google Analytics service which enables website owners to track visitor behavior and measure site performance. This cookie determines new sessions and visits and expires after 30 minutes. The cookie is updated every time data is sent to Google Analytics. Any activity by a user within the 30-minute life span will count as a single visit, even if the user leaves and then returns to the site. A return after 30 minutes will count as a new visit, but a returning visitor. | HTTP | 1 day | Google (Third-party) |
| x-ms-cpim-csrf | Anti-CSRF token cookie used in Microsoft authentication flows. | HTTP | Session | First-party |
| Cookie Name | Description | Type | Expiry | First/Third Party |
|---|---|---|---|---|
| fbp | Facebook Pixel cookie used to deliver advertising and measure ad performance. | HTTPS | 90 days | Facebook (Third-party) |
| _gcl_au | Used by Google AdSense to store and track conversions across websites, measuring ad performance and user interactions with ads. | HTTP | 60 days | Google (Third-party) |
| YSC | YouTube cookie used to track video playback sessions. | HTTP | Session | YouTube (Third-party) |
| yt-remote-connected-devices | Tracks connected remote devices associated with a user’s YouTube session. | HTTP | Persistent cookie | YouTube (Third-party) |
| yt-remote-device-id | Identifies the user's remote device for YouTube remote playback functionality. | HTTP | Persistent cookie | YouTube (Third-party) |
| yt-remote-fast-check-period | Facilitates fast connectivity checks for YouTube remote sessions. | HTTP | Session | YouTube (Third-party) |
| yt-remote-cast-installed | Indicates whether the YouTube Cast feature is installed on the device. | HTTP | Persistent cookie | YouTube (Third-party) |
| _fpb | Set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. | HTTP | 90 days | Facebook (Third-party) |
| _gclxxxx | Google Ads conversion tracking cookie used for measuring advertising performance. | HTTP | 90 days | Google (Third-party) |
| _gcl_gs | This cookie is set by Google Ads and is part of the Google Conversion Linker functionality. It helps track ad clicks and conversions across domains. | HTTP | 50 days | Google (Third-party) |
| _gac_UA-* | This cookie is set by Google Ads in combination with Google Analytics and stores campaign information in order to provide better attribution of ad clicks and conversion tracking when Google Ads and Google Analytics are linked. | HTTP | 90 days | Google (Third-party) |
| VISITOR_INFO1_LIVE | Attempts to estimate a user's bandwidth to optimize video streaming quality. | HTTP | 179 days | YouTube (Third-party) |
| __Secure-YEC | YouTube cookie used for personalized tracking and ad delivery. | HTTPS | Persistent cookie | YouTube (Third-party) |
| ytidb::LAST_RESULT_ENTRY_KEY | Stores the last action or request made by the user in YouTube’s database. | HTTP | Persistent cookie | YouTube (Third-party) |
| VISITOR_PRIVACY_METADATA | Stores user privacy preferences for YouTube functionality. | HTTP | Persistent cookie | YouTube (Third-party) |
| yt-remote-session-app | Stores the state of the YouTube remote session application. | HTTP | Session | YouTube (Third-party) |
| yt-remote-session-name | Maintains the name of the current YouTube remote session. | HTTP | Session | YouTube (Third-party) |
| _gcl_aw | Used by Google Ads to provide ad delivery or retargeting. | HTTP | 50 days | Google (Third-party) |
| yt.innertube::nextId | Stores the next request ID in YouTube’s internal request queue. | HTTP | Session | YouTube (Third-party) |
| yt.innertube::requests | Internal cookie used by YouTube for managing API requests. | HTTP | Session | YouTube (Third-party) |
| Cookie Name | Description | Type | Expiry | First/Third Party | ||
|---|---|---|---|---|---|---|
| rc::a | Used by Google reCAPTCHA to differentiate legitimate human traffic from bots and malicious automated activity. Helps protect the website from fraud and abuse. | HTML | Session | Google (Third-party) | ||
| rc::c |
|
HTTP | Session | Google (Third-party) | ||
| _ga* | Google Analytics cookie used to track unique users and measure site engagement across sessions. Helps improve website performance and understand user behavior patterns. | HTTP | 24 hours | Google (Third-party) | ||
| _gid |
|
HTTP | 24 hours | Google (Third-party) | ||
| _ga |
|
HTTP | 2 years | Google (Third-party) |