- General Information About the Processing of Personal Data
- Data Processing Through Visits to Our Websites
- Data Processing Through Cookies (Tracking)
- Data Processed for Contact Purposes
- Data Processed for the Execution of the Contract
- Data Processed for Single Sign-On Services (Facebook Connect)
- Data Processing in Connection With Social Networks
- Advertising and Newsletter
Statistical Data Collection and Analysis
- Other Data Processing
9.1. Amazon Cloudfront
9.2. Web Fonts from Adobe Fonts
- Your Rights
- Disclosure of Data to Third Parties, Transfer to Third Countries
- Deletion of data
- Closing Provisions
- Cookie Declaration
1. General Information About the Processing of Personal Data
(1) The protection of your personal data is of utmost importance to us. The aim of the following information is to provide you with a comprehensive explanation of how your personal data is processed through the use of our websites and services.
(2) The controller according to Art. 4 No. 7 of the General Data Protection Regulation (“GDPR”) is:
Telephone: +49 (0) 331 9816 9040
(hereafter referred to as “Flightright”). Further information can be found in our Imprint.
(3) Our data protection officer can be reached via E-mail at email@example.com or by post at our address marked “For the attention of The Data Protection Officer”.
(4) We process personal data in strict compliance with the applicable data protection regulations. This means the data will only be processed with legal permission; in particular, if the processing of the data is necessary for the provision of our contractual and online services, e.g. when consent is legally required, as well as on grounds of our legitimate interest.
(5) The legal basis of consent is Art. 6 para. 1 lit. a. and Art. 7. GDPR. The legal basis for the processing of data in order to provide our service and execute contractual duties is Art. 6 para. 1 lit. b. GDPR. The legal basis for the processing of data in order to fulfill our legal obligations is Art. 6. Para. 1 lit. c. GDPR, and the legal basis for the processing of data for the safeguarding of our legitimate interests is Art. 6, para 1. lit. f. GDPR.
2. Data Processing Through Visits to Our Websites
When using our websites for purely informational purposes, i.e. if you do not make a request, do not log in or otherwise provide us with personal information, we process the data that your browser transmits to our server which is technically necessary to display our websites to you and to guarantee stability and security (“visitor data”):
- IP address
- Date and time of the request
- Duration of the website visit
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Volume of data transferred
- Webpage from which the request comes
- Webpages that you visit on our website
- Internet service provider
- Browser type
- Server Log Files
- Operating system and its interface
- Language and version of the browser software.
(2) The legal basis is Art. 6 para. 1 sentence 1. lit. f. GDPR and that is our legitimate interest in the presentation of the accessed websites.
(3) We create anonymous user profiles from individual visit data. This enables us to constantly improve our website.
3. Data Processing Through Cookies (Tracking)
3.1 Cookies and Cookie-Function groups
In addition to the data usage mentioned above, cookies will be stored on your device when you use our website. Cookies are small text files that are saved to your hard disk by your web browser and provide us with information. They serve to make our website more effective and user-friendly.
We distinguish between the following types of cookies:
3.1.1 Technical Cookies (Necessary Cookies)
These cookies are required to display our website and to provide essential, basic functions, e.g. page navigation, the chat function as well as to comply with data protection standards.
The following information is stored and transmitted in these cookies:
- Language settings
- Page settings
- Other status information
The legal basis for the use of technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.2 Cookies for User Preferences
These cookies are used to recognize you and your settings when you return to the website (e.g. preferred language).
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.3 Cookies for Performance and Statistics
These cookies are used to analyse website usage and user behaviour. Through this information we are able to understand how our website is used and where problems occur. This information can then be used to, for example, make the website more user-friendly or to better tailor information and services to our users.
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.1.4 Marketing Cookies
The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.
3.2.1 Cookie-Consent-Tool (Cookiebot)
The storage of cookies is technically necessary for the operation of Cookiebot.
3.2.2 Cookiebot Settings
A pop-up window is displayed when a user visits our website for the first time. From here, the user can peronalise their cookie settings by clicking on the desired cookie function group. Please note that the technical cookies are already saved when you access the website and the box for this is preset.
Your Cookie Settings
Should you wish to review or change your cookie settings then click on “Change your consent” in our Cookie Declaration at the bottom of the page and then adjust the settings according via cookiebot.
3.2.3 Withdrawal- /Opt-out Options
In addition to revoking your consent via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent browser plug-ins from processing your data. Where cookie providers offer such options, we have provided a link in the corresponding notes.
Further information on the cookies we use can be found in the Cookie Declaration.
4. Data Processed for Contact Purposes
When you contact us via e-mail, telephone or an online contact formula, the data you provide (e.g. e-mail address, name, telephone number, the content of your request) will be processed by us in order to answer your question and/or query. The legal basis for this is Art. 6 para. 1 lit. b. GDPR.
5. Data Processed for the Execution of the Contract
(1) When you commission us to enforce your compensation claim, we process your contact, communication, contract and flight data (e.g. flight number, date, time) so that we can provide our contractual services, which are described in full in our General Terms and Conditions (particularly to enforce the compensation claim). Your contact and flight data are required for the conclusion of the contract. Without this information, it is not possible to conclude the contract. Your data may be passed on to the service providers supporting us (hosters, service providers, operators of communication applications, etc.) These service providers have of course been carefully selected and are bound by our instructions. This applies particularly to technical service providers who support us in the provision of services.
Your payment data will not be required or processed until a payment is due to be made to you.
(2) As stated in our terms and conditions, we instruct so-called contract lawyers to enforce claims if our extrajudicial enforcement of the claim is not successful (“Assignment processs”). Alternatively, you commission the contact lawyers directly (“Power of Attorney process”). In both cases, we will transfer all case related data to our contract lawyer to enable them to enforce the claim. In future, we will exchange information with the contract lawyer so that we can keep you informed at all times and continue to process your case (e.g. in event of paying out compensation to you).
(3) The legal basis is the existing contractual relationship (Art. 6 para. 1 sentence 1 lit. b. GDPR). We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.
6. Data Processed for Single Sign-On Services (Facebook Connect)
You can register on our website using a Google-Account with Single-Sign-On (“SSO”). SSO accounts allow you to log on to different services and platforms with a single account after it has been created. Flightright enables you to use the Google SSO service.
The Google SSO service is provided by Google Inc. (“Google”), Amphitheatre Parkway, Mountain View, CA 94043, USA.
7. Data Processing in Connection With Social Networks
7.1 Name and Address of Responsible Parties
Besides Flightright GmbH, the parties also responsible for the company’s corporate identity within the scope of the EU data protection regulation are:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland)
- Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)
However, you use these platforms and their functions on your own responsibility. This applies in particular to interactive features (e.g., comment, share, rate). We would also like to point out that your data may be processed outside the European Union. The contract required under data protection law must be concluded.
7.2 Purpose and Legal Basis
We ourselves maintain the fan pages ourselves in order to communicate with visitors and to inform them about our services. In addition, we collect data for statistical purposes in order to develop and optimize our content and to make our services more attractive. The data required for this purpose (e.g. number of hits, page activities, data provided by visitors, interactions) is prepared and provided to us by the social networks. We have no influence on the generation and presentation.
Your personal data is not only processed by the social media providers, but also by Flightright GmbH (where applicable), for market research and advertising purposes. For example, advertisements tailored to your interests may be displayed both inside and outside these platforms. To this end, cookies are usually stored on your devices. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. Storage and analysis takes place across multiple devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
The processing of your personal data by Flightright GmbH is based on our legitimate interests in effective information and communication pursuant to Art. 6, para 1. lit. f. GDPR.
If you are asked to consent to the processing of your data, i.e. if you declare your consent by clicking a button or similar (opt-in), the legal basis for data processing is Art. 6, para 1. lit. f. GDPR.
7.3 Your Rights / “Opt-out” Option
If you are registered with a social network and do not wish them to collect your data via our website and link it to your stored membership data with the respective network, you must:
- log out of the respective network before visiting our fan page,
- delete the cookies stored on your device, and
- close and reopen your browser
After logging in again, however, the social network is once more able to identify your user profile.
For a detailed description of the respective kinds of data processing and opt-out options, please refer to the following:
Privacy statement: https://www.facebook.com/about/privacy/;
Privacy statement: https://help.instagram.com/519522125107875;
Privacy statement: https://www.linkedin.com/legal/privacy-policy;
Privacy statement: https://twitter.com/de/privacy;
Privacy statement: https://privacy.xing.com/de/datenschutzerklaerung;
In summary, you have the following rights regarding the processing of your personal data:
Right to disclosure, right to rectification, right to erasure, right to limitation of data processing, right to revocation; right to data portability, right to complain about unlawful processing of your data to the competent supervisory authority.
However, since Flightright GmbH does not have total access to your personal data, you should direct your requests to the providers of the respective social media directly. They have access to the personal data of their members and can take appropriate measures as well as provide information.
Should you need help, we will of course try to support you. Please contact firstname.lastname@example.org.
7.4 Notice Regarding Author’s Rights and Copyright
Should you wish to publish images, text, videos, music, etc. on our social media, please note that by doing so you may be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or copyright holder.
8. Advertising and Newsletter
If you have given your consent to receive our advertising (newsletter, e-mail, by post, etc.), we will inform you via the respective medium about our current offers using the data you have provided. You can revoke your consent at any time.
Mailjet may retrieve the recipient’s data in pseudonymous form, i.e. without any association to a user, in order to optimise or improve their own services, for example, for the technical optimisation of sending communication and the presentation of newsletters or for statistical purposes. The email service provider, however, does not use our newsletter recipients’ data in order to write to them personally or to share the data with third parties.
Our website uses the e-mail service of the provider Mailgun Technologies, Inc, San Francisco, for the sending and analysis of e-mails. For this purpose, the browser you use must connect to the servers of Mailgun Technologies, Inc. located in the USA. This enables Mailgun Technologies, Inc. to recognise that our website has been accessed via your IP address. The use of Mailgun is in the interest of uniform and secure communication with our customers – this constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. You can find more detailed information in the data protection declaration of Mailgun Technologies, Inc: https://www.mailgun.com/privacy-policy.
The newsletter is sent via „MailChimp“, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
The email addresses of our newsletter recipients as well as further data that will be described in these notes will be stored on MailChimp servers in the USA. MailChimp uses this information for distributing and evaluating the newsletter on our behalf. According to information published by MailChimp, the data will be used for optimising their own services, such as technical optimisation of the distribution process or the layout of the newsletter, as well as for commercial use by determining the recipients‘ countries of residence. However, MailChimp does not use the data of our newsletter subscribers to contact them directly and does not pass them on to third parties.
MailChimp’s data regulations can be viewed here: https://mailchimp.com/legal/privacy/
Statistical Data Collection and Analysis
Our newsletters contain what is known as a web beacon or open tracker, a tiny invisible graphic in the bottom of your HTML email. It is downloaded from Mailchimp’s server when the newsletter is opened. During the download, technical information about your browser and operating system as well as your IP address and the time of the download/opening of the newsletter are collected. These are used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times.
Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although this information technically allows the tracking of individual newsletter recipients, we are not interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users and adapt contents accordingly or send different content to individual users.
9. Other Data Processing
9.1 Amazon Cloudfront
This website uses the Content Delivery Network (CDN) Cloudfront. This is a service provided by Amazon WebServices Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN provides duplicates of data from a website on various Amazon Web Services (AWS) servers all over the world. This facilitates faster loading times on the website, higher reliability, and increased protection against dataloss.
Some of the images and videos embedded on this website are obtained from the Cloudfront CDN when the page is opened. This retrieval transfers information about your use of our website (such as your IP address) to Amazon servers in other EU countries and stores it there. This happens as soon as you visit our website. Amazon Web Services and Amazon CDN Cloudfront are used in the interest of greater reliability of the website, increased protection against data loss, and better loading speed of this website.
This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR. More information about the data protection practices of Amazon WebServices can be found at: https://aws.amazon.com/compliance/data-privacy-faq/.
The current data privacy statement of Amazon Web Services can be found at: https://aws.amazon.com/privacy/.
9.2 Web Fonts from Adobe Fonts
This site uses so-called web fonts, which are provided by Adobe Fonts, for uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
To do this, the browser you are using must connect to the Adobe Fonts servers. This will give Adobe Fonts knowledge that your website has been accessed through your IP address. The use of “Adobe Fonts” web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR.
If your browser does not support web fonts, a default font will be used by your computer.
We use Trustpilot, a user feedback and rating service provided by Trustpilot, Inc., 245 5th Avenue, 4th floor, New York, NY 10016, USA (“Trustpilot”). Trustpilot provides a form to enter your feedback about our website and to rate your user experience and product quality. If you use this option, all entries are completely voluntary and the results are published on https://www.trustpilot.com/ under a selectable pseudonym. Product reviews may be published on our website as well as in Google search results.
For more information about privacy policies of Trustpilot, please refer to the website https://legal.trustpilot.com/end-user-privacy-terms.
10. Your Rights
(1) You have the following rights with respect to your personal data:
- Right of access by the data subject (Art. 15 GDPR)
- Right to rectification and erasure (Art. 16 and 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to object against the processing of data (Art. 21 GDPR)
- Right to data portability (Art. 20 GDPR)
(2) You also have the right to complain to the data protection supervisory authority about our processing of your data.
(3) We would like to inform you that you can revoke any data protection consent provided at any time with future effect. The same applies to consent given to promotional activities. The best way to do this is to send an informal e-mail to: email@example.com. The respective revocation may cause our service to become unavailable to you or only available in a limited capacity.
(4) Insofar as the processing of your personal data is based on a balance of interests, you may object to the processing. When exercising an objection, we ask that you state why we should not process your personal data in the manner that we have. In case of a justified objection, we will review the situation and either stop or adjust the data processing or point out the compelling legitimate grounds on which we will continue to process the data.
11. Disclosure of Data to Third Parties, Transfer to Third Countries
(1) We only disclose your personal data to our service and partner companies in as far as this is absolutely necessary for order processing and the fulfilment of contractual requirements e.g. on the basis of Art. 6 para. 1 lit. b. GDPR or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR.
(2) If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.
(4) We attach considerable importance to processing your data within the EU/EEA. It may happen, however, that we transfer data outside the EU / EEA and to a country without the necessary data protection standards. If your data is transferred to the USA, there is a risk that the data may be processed by US authorities for control and monitoring purposes, possibly without any form of legal recourse being available to you.
12. Deletion of Data
(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.
(2) In accordance with statutory requirements in Germany, records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation etc.).
13. Closing Provisions
(1) We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.
Last updated: April 2021