- General Information About the Processing of Personal Data
- Data Processing Through Visits to Our Websites
- Data Processing Through Cookies (Tracking)
- Data Processed for Contact Purposes
- Data Processed for the Execution of the Contract
- Data Processed for Single Sign-On Services (Facebook Connect)
- Data Processing in Connection With Social Networks
- Advertising and Newsletter
Statistical Data Collection and Analysis
- Other Data Processing
9.1. Amazon Cloudfront
9.2. Web Fonts from Adobe Fonts
- Your Rights
- Disclosure of Data to Third Parties, Transfer to Third Countries
- Deletion of data
- Closing Provisions
- Cookie Declaration
1. General Information About the Processing of Personal Data
(1) The protection of your personal data is of utmost importance to us. The aim of the following information is to provide you with a comprehensive explanation of how your personal data is processed through the use of our websites and services.
(2) The controller according to Art. 4 No. 7 of the General Data Protection Regulation (“GDPR”) is:
Telephone: +49 (0) 331 9816 9040
(hereafter referred to as “Flightright”). Further information can be found in our Imprint.
(3) Our data protection officer can be reached via E-mail at email@example.com or by post at our address marked ”For the attention of The Data Protection Officer”.
(4) We process personal data in strict compliance with the applicable data protection regulations. This means the data will only be processed with legal permission; in particular, if the processing of the data is necessary for the provision of our contractual and online services, e.g. when consent is legally required, as well as on grounds of our legitimate interest.
(5) The legal basis of consent is Art. 6 para. 1 lit. a. and Art. 7. GDPR. The legal basis for the processing of data in order to provide our service and execute contractual duties is Art. 6 para. 1 lit. b. GDPR. The legal basis for the processing of data in order to fulfill our legal obligations is Art. 6. Para. 1 lit. c. GDPR, and the legal basis for the processing of data for the safeguarding of our legitimate interests is Art. 6, para 1. lit. f. GDPR.
2. Data Processing Through Visits to Our Websites
When using our websites for purely informational purposes, i.e. if you do not make a request, do not log in or otherwise provide us with personal information, we process the data that your browser transmits to our server which is technically necessary to display our websites to you and to guarantee stability and security (”visitor data”):
- IP address
- Date and time of the request
- Duration of the website visit
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Webpage from which the request comes
- Webpages that you visit on our website
- Internet service provider
- Browser type
- Server Log Files
- Operating system and its interface
- Language and version of the browser software.
(2) The legal basis is Art. 6 para. 1 sentence 1. lit. f. GDPR and that is our legitimate interest in the presentation of the accessed websites.
(3) We create anonymous user profiles from individual visit data. This enables us to constantly improve our website.
3. Data Processing Through Cookies (Tracking)
3.1 Cookies and Cookie-Function groups
In addition to the data usage mentioned above, cookies will be stored on your device when you use our website. Cookies are small text files that are saved to your hard disk by your web browser and provide us with information. They serve to make our website more effective and user-friendly.
We distinguish between the following types of cookies:
3.1.1 Technical Cookies (Necessary Cookies)
These cookies are required to display our website and to provide essential, basic functions, e.g. page navigation, the chat function as well as to comply with data protection standards.
The following information is stored and transmitted in these cookies:
- Language settings
- Page settings
- Other status information
The legal basis for the use of technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.2 Cookies for User Preferences
These cookies are used to recognize you and your settings when you return to the website (e.g. preferred language).
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.3 Cookies for Performance and Statistics
These cookies are used to analyse website usage and user behaviour. Through this information we are able to understand how our website is used and where problems occur. This information can then be used to, for example, make the website more user-friendly or to better tailor information and services to our users.
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.4 Marketing Cookies
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.2.1 Cookie-Consent-Tool (Cookiebot)
The storage of cookies is technically necessary for the operation of Cookiebot.
3.2.2 Cookiebot Settings
A pop-up window is displayed when a user visits our website for the first time. From here, the user can peronalise their cookie settings by clicking on the desired cookie function group. Please note that the technical cookies are already saved when you access the website and the box for this is preset.
Your Cookie Settings
Should you wish to review or change your cookie settings then click on ”Change your consent” in our Cookie Declaration at the bottom of the page and then adjust the settings according via cookiebot.
3.2.3 Withdrawal- /Opt-out Options
In addition to revoking your consent via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent browser plug-ins from processing your data. Where cookie providers offer such options, we have provided a link in the corresponding notes.
Further information on the cookies we use can be found in the Cookie Declaration.
4. Data Processed for Contact Purposes
When you contact us via e-mail, telephone or an online contact formula, the data you provide (e.g. e-mail address, name, telephone number, the content of your request) will be processed by us in order to answer your question and/or query. The legal basis for this is Art. 6 para. 1 lit. b. GDPR.
5. Data Processed for the Execution of the Contract
(1) When you commission us to enforce your compensation claim, we process your contact, communication, contract and flight data (e.g. flight number, date, time) so that we can provide our contractual services, which are described in full in our General Terms and Conditions (particularly to enforce the compensation claim). Your contact and flight data are required for the conclusion of the contract. Without this information, it is not possible to conclude the contract. Your data may be passed on to the service providers supporting us (hosters, service providers, operators of communication applications, etc.) These service providers have of course been carefully selected and are bound by our instructions. This applies particularly to technical service providers who support us in the provision of services.
Your payment data will not be required or processed until a payment is due to be made to you.
(2) As stated in our terms and conditions, we instruct so-called contract lawyers to enforce claims if our extrajudicial enforcement of the claim is not successful (“Assignment processs”). Alternatively, you commission the contact lawyers directly (“Power of Attorney process”). In both cases, we will transfer all case related data to our contract lawyer to enable them to enforce the claim. In future, we will exchange information with the contract lawyer so that we can keep you informed at all times and continue to process your case (e.g. in event of paying out compensation to you).
(3) The legal basis is the existing contractual relationship (Art. 6 para. 1 sentence 1 lit. b. GDPR). We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
6. Data Processed for Single Sign-On Services (Facebook Connect)
You can register on our website using a Google-Account with Single-Sign-On (“SSO”). SSO accounts allow you to log on to different services and platforms with a single account after it has been created. Flightright enables you to use the Google SSO service.
The Google SSO service is provided by Google Inc. (”Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA.
7. Data Processing in Connection With Social Networks
You can also find us on social networks of foreign company, such as Facebook or Twitter. In addition, we have integrated individual functions of these networks into our online services. However, you can only use both if you are registered and logged in to the respective social network. Please note that the usage- and privacy conditions of this company apply to the use of the respective social network over which we have no influence. However, we would be happy to explain to you how such networks process your personal information in this context:
Facebook plugins are integrated on our website. Facebook is a social network. A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to create private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a data subject lives outside of the United States or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Each time you call up one of the individual pages of this website, which is operated by us and on which a Facebook component (Facebook plugins) has been integrated, your web browser will automatically be prompted to the download of a display of the corresponding Facebook component on your computer. An overview of all the Facebook plugins can be found under https://developers.facebook.com/docs/plugins/. In the course of this technical procedure, Facebook is informed of which specific sub-sites of our website you visited.
Every time you visit our website and are logged in at the same time on Facebook, Facebook detects your visits – for the entire duration of your stay on our website – and which specific sub-page of our Internet page you visited. This information is collected through the Facebook component and is associated with your respective Facebook account. If you click on one of the Facebook buttons integrated on our website, then Facebook matches this information with your personal Facebook user account and stores the personal data. If you activate one of the Facebook buttons integrated on our website, for example the “Like” button, or leave a comment, Facebook will allocate this information to your personal Facebook user account and save this personal data.
Facebook will receive information that you have visited our website through the Facebook plugins when you are simultaneously logged in to Facebook while visiting our website; this will occur regardless of whether you click on the Facebook plugins or not. If you do not wish your information to be transmitted to Facebook in this manner, you can prevent the transmission by logging out of Facebook before visiting our website.
The data protection guidelines published by Facebook, found under https://www.facebook.com/policy.php, provide information on the collection, processing and use of personal data by Facebook. The guidelines also explain which setting options are available to Facebook users for the protection of their privacy. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the person concerned to suppress data transfer to Facebook.
Twitter plugins are integrated on our website. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 140 characters. These short messages are available to everyone, including those who are not registered with Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.
Twitter is operated by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
Each time a user visits one of the individual pages of this website, which is operated by us on which a Twitter component (Twitter button) has been integrated, the Internet browser on your computer system is automatically prompted to the download of a display of the corresponding Twitter component of Twitter.
Further information about the Twitter buttons is available under https://help.twitter.com/en/using-twitter/twitter-buttons. During the course of this technical procedure, Twitter is informed of which specific sub-sites of our website you visited. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.
Every time you visit our website and are logged on to Twitter at the same time, Twitter will – for the entire duration of your stay on our website – detect which specific sub-page of our Internet page you visited. This information is collected through the Twitter component and is associated with your respective Twitter account. If you click on one of the Twitter buttons integrated on our website, then Twitter matches this information with your personal Twitter user account and stores the personal data.
Twitter receives information via the Twitter component that you have visited our website, provided that you are logged in at Twitter at the time you visit our website. This occurs regardless of whether you click on the Twitter button or not If you do not wish your information to be transmitted to Twitter in this manner, you can prevent the transmission by logging out of Twitter before visiting our website. The applicable data protection provisions of Twitter can be found here.
8. Advertising and Newsletter
If you have given your consent to receive our advertising (newsletter, e-mail, by post, etc.), we will inform you via the respective medium about our current offers using the data you have provided. You can revoke your consent at any time.
Mailjet may retrieve the recipient’s data in pseudonymous form, i.e. without any association to a user, in order to optimise or improve their own services, for example, for the technical optimisation of sending communication and the presentation of newsletters or for statistical purposes. The email service provider, however, does not use our newsletter recipients’ data in order to write to them personally or to share the data with third parties.
Our website uses the e-mail service of the provider Mailgun Technologies, Inc, San Francisco, for the sending and analysis of e-mails. For this purpose, the browser you use must connect to the servers of Mailgun Technologies, Inc. located in the USA. This enables Mailgun Technologies, Inc. to recognise that our website has been accessed via your IP address. The use of Mailgun is in the interest of uniform and secure communication with our customers – this constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. You can find more detailed information in the data protection declaration of Mailgun Technologies, Inc: https://www.mailgun.com/privacy-policy.
The newsletter is sent via „MailChimp“, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients as well as further data that will be described in these notes will be stored on MailChimp servers in the USA. MailChimp uses this information for distributing and evaluating the newsletter on our behalf. According to information published by MailChimp, the data will be used for optimising their own services, such as technical optimisation of the distribution process or the layout of the newsletter, as well as for commercial use by determining the recipients‘ countries of residence. However, MailChimp does not use the data of our newsletter subscribers to contact them directly and does not pass them on to third parties.
MailChimp’s data regulations can be viewed here: https://mailchimp.com/legal/privacy/
Statistical Data Collection and Analysis
Our newsletters contain what is known as a web beacon or open tracker, a tiny invisible graphic in the bottom of your HTML email. It is downloaded from Mailchimp’s server when the newsletter is opened. During the download, technical information about your browser and operating system as well as your IP address and the time of the download/opening of the newsletter are collected. These are used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times.
Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although this information technically allows the tracking of individual newsletter recipients, we are not interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users and adapt contents accordingly or send different content to individual users.
9. Other Data Processing
9.1 Amazon Cloudfront
This website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon WebServices Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN provides duplicates of data from a website on various Amazon Web Services (AWS) servers all over the world. This facilitates faster loading times on the website, higher reliability, and increased protection against dataloss.
Some of the images and videos embedded on this website are obtained from the Cloudfront CDN when the page is opened. This retrieval transfers information about your use of our website (such as your IP address) to Amazon servers in other EU countries and stores it there. This happens as soon as you visit our website. Amazon Web Services and Amazon CDN Cloudfront are used in the interest of greater reliability of the website, increased protection against data loss, and better loading speed of this website.
This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR. More information about the data protection practices of Amazon WebServices can be found at: https://aws.amazon.com/compliance/data-privacy-faq/.
The current data privacy statement of Amazon Web Services can be found at: https://aws.amazon.com/privacy/.
9.2 Web Fonts from Adobe Fonts
This site uses so-called web fonts, which are provided by Adobe Fonts, for uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to the Adobe Fonts servers. This will give Adobe Fonts knowledge that your website has been accessed through your IP address. The use of ”Adobe Fonts” web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
We use Trustpilot, a user feedback and rating service provided by Trustpilot, Inc., 245 5th Avenue, 4th floor, New York, NY 10016, USA (“Trustpilot”). Trustpilot provides a form to enter your feedback about our website and to rate your user experience and product quality. If you use this option, all entries are completely voluntary and the results are published on https://www.trustpilot.com/ under a selectable pseudonym. Product reviews may be published on our website as well as in Google search results.
For more information about privacy policies of Trustpilot, please refer to the website https://legal.trustpilot.com/end-user-privacy-terms.
10. Your Rights
(1) You have the following rights with respect to your personal data:
- Right of access by the data subject (Art. 15 GDPR)
- Right to rectification and erasure (Art. 16 and 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object against the processing of data (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
(2) You also have the right to complain to the data protection supervisory authority about our processing of your data.
(3) We would like to inform you that you can revoke any data protection consent provided at any time with future effect. The same applies to consent given to promotional activities. The best way to do this is to send an informal e-mail to: firstname.lastname@example.org. The respective revocation may cause our service to become unavailable to you or only available in a limited capacity.
(4) Insofar as the processing of your personal data is based on a balance of interests, you may object to the processing. When exercising an objection, we ask that you state why we should not process your personal data in the manner that we have. In case of a justified objection, we will review the situation and either stop or adjust the data processing or point out the compelling legitimate grounds on which we will continue to process the data.
11. Disclosure of Data to Third Parties, Transfer to Third Countries
(1) We only disclose your personal data to our service and partner companies in as far as this is absolutely necessary for order processing and the fulfilment of contractual requirements e.g. on the basis of Art. 6 para. 1 lit. b. GDPR or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR.
(2) If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
(4) We attach considerable importance to processing your data within the EU/EEA. It may happen, however, that we transfer data outside the EU / EEA and to a country without the necessary data protection standards. If your data is transferred to the USA, there is a risk that the data may be processed by US authorities for control and monitoring purposes, possibly without any form of legal recourse being available to you.
12. Deletion of Data
(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
(2) In accordance with statutory requirements in Germany, records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation etc.).
13. Closing Provisions
(1) We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
Last updated: March 2021