Privacy Policy & Cookie Declaration

Contents

  1. General Information About the Processing of Personal Data
  2. Data Processing Through Visits to Our Websites
  3. Data Processing Through Cookies (Tracking)
  4. Data Processed for Contact Purposes
  5. Data Processed for the Execution of the Contract
  6. Data Processed for Single Sign-On Services (Facebook Connect)
  7. Data Processing in Connection With Social Networks
  8. Advertising and Newsletter
    8.1. MailJet
    8.2. Mailgun
    8.3. Mailchimp
    Statistical Data Collection and Analysis
  9. Other Data Processing
    9.1. Amazon Cloudfront
    9.2. Web Fonts from Adobe Fonts
    9.3. Trustpilot
  10. Your Rights
  11. Disclosure of Data to Third Parties, Transfer to Third Countries
  12. Deletion of data
  13. Closing Provisions
  14. Cookie Declaration

1. General Information About the Processing of Personal Data

(1) The protection of your personal data is of utmost importance to us. The aim of the following information is to provide you with a comprehensive explanation of how your personal data is processed through the use of our websites and services.

(2) The controller according to Art. 4 No. 7 of the General Data Protection Regulation (“GDPR”) is:
Flightright GmbH
Rudolf-Breitscheid-Str. 162
14482 Potsdam
Telephone: +49 (0) 331 9816 9040
E-Mail: service@flightright.fr
(hereafter referred to as “Flightright”). Further information can be found in our Imprint.

(3) Our data protection officer can be reached via E-mail at datenschutz@flightright.de or by post at our address marked « For the attention of The Data Protection Officer”.

(4) We process personal data in strict compliance with the applicable data protection regulations. This means the data will only be processed with legal permission; in particular, if the processing of the data is necessary for the provision of our contractual and online services, e.g. when consent is legally required, as well as on grounds of our legitimate interest.

(5) The legal basis of consent is Art. 6 para. 1 lit. a. and Art. 7. GDPR. The legal basis for the processing of data in order to provide our service and execute contractual duties is Art. 6 para. 1 lit. b. GDPR. The legal basis for the processing of data in order to fulfill our legal obligations is Art. 6. Para. 1 lit. c. GDPR, and the legal basis for the processing of data for the safeguarding of our legitimate interests is Art. 6, para 1. lit. f. GDPR.

2. Data Processing Through Visits to Our Websites

When using our websites for purely informational purposes, i.e. if you do not make a request, do not log in or otherwise provide us with personal information, we process the data that your browser transmits to our server which is technically necessary to display our websites to you and to guarantee stability and security (« visitor data »):

  • IP address
  • Date and time of the request
  • Duration of the website visit
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transferred
  • Webpage from which the request comes
  • Webpages that you visit on our website
  • Internet service provider
  • Browser type
  • Server Log Files
  • Operating system and its interface
  • Language and version of the browser software.

(2) The legal basis is Art. 6 para. 1 sentence 1. lit. f. GDPR and that is our legitimate interest in the presentation of the accessed websites.

(3) We create anonymous user profiles from individual visit data. This enables us to constantly improve our website.

3. Data Processing Through Cookies (Tracking)

In addition to the data usage mentioned above, cookies will be stored on your device when you use our website. Cookies are small text files that are saved to your hard disk by your web browser and provide us with information. They serve to make our website more effective and user-friendly.
We distinguish between the following types of cookies:

3.1.1 Technical Cookies (Necessary Cookies)

These cookies are required to display our website and to provide essential, basic functions, e.g. page navigation, the chat function as well as to comply with data protection standards.

The following information is stored and transmitted in these cookies:

  • Language settings
  • Page settings
  •  Other status information

The purpose of using technically necessary cookies is to make our website easier to use. To this end, we also use cookies to recognise the user in future visits. Some elements of our website also technically require the identification of the visiting browser after a change of page.

The legal basis for the use of technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.

3.1.2 Cookies for User Preferences

These cookies are used to recognize you and your settings when you return to the website (e.g. preferred language).

The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.

3.1.3 Cookies for Performance and Statistics

These cookies are used to analyse website usage and user behaviour. Through this information we are able to understand how our website is used and where problems occur. This information can then be used to, for example, make the website more user-friendly or to better tailor information and services to our users.

The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.

3.1.4 Marketing Cookies

The legal basis for the use of these cookies is Art. 6 para. 1 sentence 1 lit. f. GDPR.

A cookie consent tool has been implemented on our website (hereinafter referred to as “Cookiebot”) so that users have full control over the use of cookies. Cookiebot is provided by Cybot A/S, 1058 Copenhagen, Denmark. It displays a list of cookies divided according to their function, explains the purpose of each function group as well as the individual cookies and how long the cookies are stored.

The storage of cookies is technically necessary for the operation of Cookiebot.

3.2.2 Cookiebot Settings

A pop-up window is displayed when a user visits our website for the first time. From here, the user can peronalise their cookie settings by clicking on the desired cookie function group. Please note that the technical cookies are already saved when you access the website and the box for this is preset.

Your Cookie Settings

Should you wish to review or change your cookie settings then click on « Change your consent » in our Cookie Declaration at the bottom of the page and then adjust the settings according via cookiebot.

3.2.3 Withdrawal- /Opt-out Options

If you have consented to the use of cookies during a visit to this website, you can revoke your consent by going to Cookiebot (see above: “Your Cookie Settings”) and deselecting the respective cookie category.

In addition to revoking your consent via Cookiebot, you can deactivate cookies directly with a cookie provider or prevent browser plug-ins from processing your data. Where cookie providers offer such options, we have provided a link in the corresponding notes.

Another option for controlling or making adjustments to the use of cookies can be found in the relevant section of your browser settings.

Further information on the cookies we use can be found in the Cookie Declaration.

4. Data Processed for Contact Purposes

When you contact us via e-mail, telephone or an online contact formula, the data you provide (e.g. e-mail address, name, telephone number, the content of your request) will be processed by us in order to answer your question and/or query. The legal basis for this is Art. 6 para. 1 lit. b. GDPR.

5. Data Processed for the Execution of the Contract

(1) When you commission us to enforce your compensation claim, we process your contact, communication, contract and flight data (e.g. flight number, date, time) so that we can provide our contractual services, which are described in full in our General Terms and Conditions (particularly to enforce the compensation claim). Your contact and flight data are required for the conclusion of the contract. Without this information, it is not possible to conclude the contract. Your data may be passed on to the service providers supporting us (hosters, service providers, operators of communication applications, etc.) These service providers have of course been carefully selected and are bound by our instructions. This applies particularly to technical service providers who support us in the provision of services.

Your payment data will not be required or processed until a payment is due to be made to you.

(2) As stated in our terms and conditions, we instruct so-called contract lawyers to enforce claims if our extrajudicial enforcement of the claim is not successful (“Assignment processs”). Alternatively, you commission the contact lawyers directly (“Power of Attorney process”). In both cases, we will transfer all case related data to our contract lawyer to enable them to enforce the claim. In future, we will exchange information with the contract lawyer so that we can keep you informed at all times and continue to process your case (e.g. in event of paying out compensation to you).

(3) The legal basis is the existing contractual relationship (Art. 6 para. 1 sentence 1 lit. b. GDPR). We delete the data arising in this context after the storage is no longer necessary, or limit the processing if statutory retention obligations exist.

6. Data Processed for Single Sign-On Services (Facebook Connect)

You can register on our website using a Google-Account with Single-Sign-On (“SSO”). SSO accounts allow you to log on to different services and platforms with a single account after it has been created. Flightright enables you to use the Google SSO service.

The Google SSO service is provided by Google Inc. (« Google »), Amphitheatre Parkway, Mountain View, CA 94043, USA. 

For the purpose and scope of data collection and the further processing and use of the data by Google as well as your rights and the settings options available to protect your privacy, please refer to Google’s privacy policy.

The registration and use of Google’s services are subject to Google’s Privacy Policy and Terms of Use, which you can view at https://policies.google.com/terms.

7. Data Processing in Connection With Social Networks

You can also find us on social networks owned by foreign companies, such as Facebook or Twitter. In addition, we have integrated individual features of these networks into our online services. You can only use these features if you are registered and logged in to the respective social network. Please note that the use of the respective social network is generally subject to the terms of use and data protection conditions of that company, over which we have no influence. Nevertheless, we would like to explain to you how such networks process your personal information in this context:

7.1 Name and Address of Responsible Parties

Besides Flightright GmbH, the parties also responsible for the company’s corporate identity within the scope of the EU data protection regulation are:

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  • Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland)
  • Xing (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany)

However, you use these platforms and their functions on your own responsibility. This applies in particular to interactive features (e.g., comment, share, rate). We would also like to point out that your data may be processed outside the European Union. The contract required under data protection law must be concluded.

7.2 Purpose and Legal Basis

We ourselves maintain the fan pages ourselves in order to communicate with visitors and to inform them about our services. In addition, we collect data for statistical purposes in order to develop and optimize our content and to make our services more attractive. The data required for this purpose (e.g. number of hits, page activities, data provided by visitors, interactions) is prepared and provided to us by the social networks. We have no influence on the generation and presentation.

Your personal data is not only processed by the social media providers, but also by Flightright GmbH (where applicable), for market research and advertising purposes. For example, advertisements tailored to your interests may be displayed both inside and outside these platforms. To this end, cookies are usually stored on your devices. Independently of this, data that is not directly collected on your end devices may also be stored in your usage profiles. Storage and analysis takes place across multiple devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

The processing of your personal data by Flightright GmbH is based on our legitimate interests in effective information and communication pursuant to Art. 6, para 1. lit. f. GDPR.

If you are asked to consent to the processing of your data, i.e. if you declare your consent by clicking a button or similar (opt-in), the legal basis for data processing is Art. 6, para 1. lit. f. GDPR.

7.3 Your Rights / “Opt-out” Option

If you are registered with a social network and do not wish them to collect your data via our website and link it to your stored membership data with the respective network, you must:

  • log out of the respective network before visiting our fan page,
  • delete the cookies stored on your device, and
  • close and reopen your browser

After logging in again, however, the social network is once more able to identify your user profile.

For a detailed description of the respective kinds of data processing and opt-out options, please refer to the following:

  • Facebook
    Privacy statement: https://www.facebook.com/about/privacy/;
    Opt-Out: http://www.youronlinechoices.com;
  • Instagram
    Privacy statement: https://help.instagram.com/519522125107875;
    Opt-Out: http://www.youronlinechoices.com;
  • LinkedIn
    Privacy statement: https://www.linkedin.com/legal/privacy-policy;
    Opt-Out: http://www.youronlinechoices.com;
  • Twitter
    Privacy statement: https://twitter.com/de/privacy;
    Opt-Out: http://www.youronlinechoices.com;
  • Xing
    Privacy statement: https://privacy.xing.com/de/datenschutzerklaerung;
    Opt-Out: http://www.youronlinechoices.com;

In summary, you have the following rights regarding the processing of your personal data:

Right to disclosure, right to rectification, right to erasure, right to limitation of data processing, right to revocation; right to data portability, right to complain about unlawful processing of your data to the competent supervisory authority.

However, since Flightright GmbH does not have total access to your personal data, you should direct your requests to the providers of the respective social media directly. They have access to the personal data of their members and can take appropriate measures as well as provide information.

Should you need help, we will of course try to support you. Please contact datenschutz@flightright.de.

7.4 Notice Regarding Author’s Rights and Copyright

Should you wish to publish images, text, videos, music, etc. on our social media, please note that by doing so you may be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or copyright holder.

8. Advertising and Newsletter

If you have given your consent to receive our advertising (newsletter, e-mail, by post, etc.), we will inform you via the respective medium about our current offers using the data you have provided. You can revoke your consent at any time.

8.1 MailJet

One of the platform’s main features is the dispatch of emails to various user groups in order to ensure that content is personally communicated in a timely manner. For the purpose of sending emails, we use the email service provider Mailjet, 37 Bis Rue du Sentier 75002 Paris, France. Only email addresses required for sending communication are shared and temporarily stored. Email addresses shall be completely deleted at least 30 days after the last dispatch. Email addresses are used exclusively by SPITCH and are not shared with third parties. Mailjet’s privacy policy is available at: https://www.mailjet.com/privacy-policy/. The legal basis for using an email service provider is based on our legitimate interest as per Art. 6 para. 1 lit. f. GDPR. We have concluded a contract for order-data processing with Mailjet in accordance with Art. 28 para. 3 S. 1 GDPR.

Mailjet may retrieve the recipient’s data in pseudonymous form, i.e. without any association to a user, in order to optimise or improve their own services, for example, for the technical optimisation of sending communication and the presentation of newsletters or for statistical purposes. The email service provider, however, does not use our newsletter recipients’ data in order to write to them personally or to share the data with third parties.

8.2 Mailgun

Our website uses the e-mail service of the provider Mailgun Technologies, Inc, San Francisco, for the sending and analysis of e-mails. For this purpose, the browser you use must connect to the servers of Mailgun Technologies, Inc. located in the USA. This enables Mailgun Technologies, Inc. to recognise that our website has been accessed via your IP address. The use of Mailgun is in the interest of uniform and secure communication with our customers – this constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR. You can find more detailed information in the data protection declaration of Mailgun Technologies, Inc: https://www.mailgun.com/privacy-policy.

8.3 Mailchimp

The newsletter is sent via „MailChimp“, a newsletter distribution platform by US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

The email addresses of our newsletter recipients as well as further data that will be described in these notes will be stored on MailChimp servers in the USA. MailChimp uses this information for distributing and evaluating the newsletter on our behalf. According to information published by MailChimp, the data will be used for optimising their own services, such as technical optimisation of the distribution process or the layout of the newsletter, as well as for commercial use by determining the recipients‘ countries of residence. However, MailChimp does not use the data of our newsletter subscribers to contact them directly and does not pass them on to third parties. 

MailChimp’s data regulations can be viewed here: https://mailchimp.com/legal/privacy/

Statistical Data Collection and Analysis

Our newsletters contain what is known as a web beacon or open tracker, a tiny invisible graphic in the bottom of your HTML email. It is downloaded from Mailchimp’s server when the newsletter is opened. During the download, technical information about your browser and operating system as well as your IP address and the time of the download/opening of the newsletter are collected. These are used for technical improvement of the service, as technical data or target group data can be analysed according to their reading behaviour, their download locations (identifiable through IP addresses) or download times.
Statistical data collection also includes an analysis of when the newsletters are opened and which links are clicked upon. Although this information technically allows the tracking of individual newsletter recipients, we are not interested in watching the behaviour of individual users. Data analysis is used to recognise patterns in the reading behaviour of users and adapt contents accordingly or send different content to individual users. 

9. Other Data Processing

9.1 Amazon Cloudfront

This website uses the Content Delivery Network (CDN) Cloudfront.  This is a service provided by Amazon WebServices Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. The Cloudfront CDN provides duplicates of data from a website on various Amazon Web Services (AWS) servers all over the world.  This facilitates faster loading times on the website, higher reliability, and increased protection against dataloss.

Some of the images and videos embedded on this website are obtained from the Cloudfront CDN when the page is opened. This retrieval transfers information about your use of our website (such as your IP address) to Amazon servers in other EU countries and stores it there. This happens as soon as you visit our website.  Amazon Web Services and Amazon CDN Cloudfront are used in the interest of greater reliability of the website, increased protection against data loss, and better loading speed of this website.

This constitutes a legitimate interest in accordance with Art. 6 para. 1 lit. f. GDPR. More information about the data protection practices of Amazon WebServices can be found at: https://aws.amazon.com/compliance/data-privacy-faq/.

The current data privacy statement of Amazon Web Services can be found at: https://aws.amazon.com/privacy/.

9.2 Web Fonts from Adobe Fonts

This site uses so-called web fonts, which are provided by Adobe Fonts, for uniform representation of fonts. When you call up a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, the browser you are using must connect to the Adobe Fonts servers. This will give Adobe Fonts knowledge that your website has been accessed through your IP address. The use of « Adobe Fonts » web fonts is in the interest of a uniform and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f. GDPR.

If your browser does not support web fonts, a default font will be used by your computer.

For more information about Adobe Fonts web fonts, see https://fonts.adobe.com/ and in the privacy policy of « Adobe Fonts »: https://www.adobe.com/privacy/policies/adobe-fonts.html 

9.3 Trustpilot

We use Trustpilot, a user feedback and rating service provided by Trustpilot, Inc., 245 5th Avenue, 4th floor, New York, NY 10016, USA (“Trustpilot”). Trustpilot provides a form to enter your feedback about our website and to rate your user experience and product quality. If you use this option, all entries are completely voluntary and the results are published on https://www.trustpilot.com/ under a selectable pseudonym. Product reviews may be published on our website as well as in Google search results.

For more information about privacy policies of Trustpilot, please refer to the website https://legal.trustpilot.com/end-user-privacy-terms.

10. Your Rights

(1) You have the following rights with respect to your personal data:

  • Right of access by the data subject (Art. 15 GDPR)
  • Right to rectification and erasure (Art. 16 and 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object against the processing of data (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)

(2) You also have the right to complain to the data protection supervisory authority about our processing of your data.

(3) We would like to inform you that you can revoke any data protection consent provided at any time with future effect. The same applies to consent given to promotional activities. The best way to do this is to send an informal e-mail to: datenschutz@flightright.de. The respective revocation may cause our service to become unavailable to you or only available in a limited capacity.

(4) Insofar as the processing of your personal data is based on a balance of interests, you may object to the processing. When exercising an objection, we ask that you state why we should not process your personal data in the manner that we have. In case of a justified objection, we will review the situation and either stop or adjust the data processing or point out the compelling legitimate grounds on which we will continue to process the data.

11. Disclosure of Data to Third Parties, Transfer to Third Countries

(1) We only disclose your personal data to our service and partner companies in as far as this is absolutely necessary for order processing and the fulfilment of contractual requirements e.g. on the basis of Art. 6 para. 1 lit. b. GDPR or on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR.

(2) If we use subcontractors to provide our services, we take appropriate legal, technical and organisational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

(3) If, within the context of this Privacy Policy, content, tools or other means are used by third parties and their registered office is located in a third country, it is to be assumed that data will be transferred to the countries of residence of the third party providers. We only disclose your personal data in a third country if it is necessary to fulfil our (pre)contractual obligations (Art. 6 para. 1 lit. b. GDPR), on the basis of your consent (Art. 6 para. 1 lit. a. GDPR), on the basis of a legal obligation (Art. 6 para. 1 lit. c. GDPR) or on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR). The same applies to third party processing of data on our behalf and to the disclosure or transfer of data to third parties.

(4) We attach considerable importance to processing your data within the EU/EEA. It may happen, however, that we transfer data outside the EU / EEA and to a country without the necessary data protection standards. If your data is transferred to the USA, there is a risk that the data may be processed by US authorities for control and monitoring purposes, possibly without any form of legal recourse being available to you.

12. Deletion of Data

(1) The data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

(2) In accordance with statutory requirements in Germany, records are kept for 6 years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents etc.) and for 10 years in accordance with § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation etc.).

13. Closing Provisions

(1) We employ technical and organisational security measures to protect your data against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

 (2) We will amend the privacy policy from time to time in line with the technical advancement of our services. If the amendmentto the privacy policy does not affect the use of existing data, the new privacy policy is valid from the date of its update on our website. Any changes to the privacy policy with regard to the processing of data that has already been collected will only take place if it is acceptable to you. In such cases, we will notify you in due time via e-mail, on our websites, via our application or in another form. You have the right to object to the applicability of the revised privacy policy within four weeks of receipt of the notification. In the event of an objection, we reserve the right to terminate the contractual relationship. If no objection is raised within the specified period, the amended privacy policy shall be deemed to be accepted by you. We will inform you about your right to object and of the relevance of the objection deadline in said notification.

Last updated: April 2021