Top of page
Service area
Service menu
Main content area

Privacy policy

Instructions for handling personal data

We appreciate your interest in our website and our other digital channels. With the privacy policy shown here, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us.

The following table of contents should enable you to get started in our privacy policy as quickly and easily as possible.

Contents

A. General provisions on data processing


1. Subject of this privacy policy

The protection of your personal data is a great and very important concern for us. In the following, we would like to inform you in detail about the data collected during your visit to our website, the use of our offers there and how the data is processed or used by us. Furthermore, we also inform you about which accompanying protective measures we have taken in technical and organisational terms.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the applicable data protection regulations. By means of this privacy policy we would like to inform you about the nature, extent and purpose of the personal data collected, used and processed by us and whether you are affected by the data processing.

Although we, as the person responsible for the processing of personal data, have implemented numerous technical and organisational measures, internet-based data transmission can in principle have security gaps so absolute protection cannot be guaranteed. We ask you to take this into account when using our website.

2. Definitions

This privacy policy uses terms that have been specified by the legislator in the General Data Protection Regulation (GDPR). You can retrieve the GDPR under the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE (PDF)

The purpose of our privacy policy is to inform you in a simple and understandable way about the processing of your personal data on our website. 

3. Name and address of the controller

The controller under data protection law is: 

Flughafen Dortmund GmbH 

Flugplatz 21
44319 Dortmund 

Germany 


PO Box 13 02 61

44319 Dortmund


Phone: +49.231.9213-01

Telefax: +49.231.9213-125

E-mail: service@dortmund-airport.de

Internet: www.dortmund-airport.de

4. Contact details of the data protection officer

Flughafen Dortmund GmbH

Data Protection Officer

Flugplatz 21

44319 Dortmund

Germany

E-mail: datenschutz@dortmund-airport.de

5. Deletion and blocking of personal data/storage period

Unless otherwise stipulated for the respective processing of personal data in chapter B of this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its purpose, and the deletion does not conflict with any statutory storage requirements. If the data of the data subject is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of the data subject, which must be kept for commercial or tax reasons.


According to the legal requirements, storage takes place for six years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for ten years pursuant to § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, etc.).

6. Rights of the data subject

6.1 Right to confirmation

Each data subject has the right, as granted by the European regulators, to require the controller to confirm whether personal data relating to the data subject is being processed. If a data subject wishes to make use of this confirmation right, they can contact our data protection officer or another employee of the controller at any time.

6.2 Right to information

Any data subject affected by the processing of personal data has the right at any time to obtain from the controller any information free of charge concerning the personal data stored about them and to receive a copy of that information. Furthermore, the data subject shall have access to the following information:

  • The processing purposes
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular to recipients in third countries or to international organisations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
  • The existence of a right to rectification or deletion of the personal data concerning the data subject or of a restriction of the processing by the controller and of a right to object to such processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data is not collected from the data subject: All available information about the origin of the data
  • The existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing regarding the data subject

In addition, the data subject has a right to know whether personal data has been transferred to a third country or to an international organisation. If that is the case, the data subject is otherwise entitled to receive information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to make use of this right to information, they can contact our data protection officer or another employee of the controller at any time.

6.3 Right to rectification

Any data subject affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, under consideration of the purposes of the processing, to request the completion of incomplete personal data by means of a supplementary declaration.

If a data subject wishes to make use of this right to rectification, they can contact our data protection officer or another employee of the controller at any time.

6.4 Right to deletion

Any data subject affected by the processing of personal data has the right to require the controller to immediately delete the personal data concerning them, provided that one of the following reasons is satisfied and the processing is not required:

  • The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.
  • The data subject withdraws the consent on which the processing was based, in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  • The data subject submits an objection to the processing pursuant to Art. 21 (1) GDPR and there are no legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data subject is subject.
  • The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Insofar as one of the above reasons applies and a data subject wishes to arrange for the deletion of personal data stored at Flughafen Dortmund GmbH, they may at any time contact our data protection officer or another employee of the controller. The data protection officer of Flughafen Dortmund GmbH or another employee will arrange that the request for deletion be fulfilled without delay.

If the personal data has been made public by Flughafen Dortmund GmbH and if our company is responsible for deleting personal data as the controller pursuant to Art. 17 (1) GDPR, Flughafen Dortmund GmbH shall take appropriate measures, taking into account the available technology and the implementation costs of a technical nature, to inform other data controllers processing the published personal data that the data subject has requested deletion by all other data controllers of any links to such personal data or copies or replications of such personal data as far as the processing is not required. The data protection officer of the airport Dortmund GmbH or another employee will arrange the necessary measures in individual cases.

6.5 Right to restriction of processing

Any data subject affected by the processing of personal data has the right to require the controller to restrict the processing if any of the following conditions apply:

  • The accuracy of the personal data is denied by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject declines to delete the personal data and instead requests the restriction of the use of the personal data.
  • The controller no longer needs the personal data for processing purposes, but the data subject requires it to assert, exercise or defend legal claims.
  • The data subject has objected to the processing under Art. 21 (1) GDPR and it is not yet clear whether the legitimate interests of the controller outweigh those of the data subject.

Insofar as one of the above reasons applies and a data subject wishes to demand the restriction of personal data stored at Flughafen Dortmund GmbH, they may at any time contact our data protection officer or another employee of the controller. The data protection officer of Flughafen Dortmund GmbH or another employee will then initiate the restriction of processing.

6.6 Data portability

Any data subject affected by the processing of personal data has the right to receive in a structured, common and machine-readable format personal data relating to them which was provided to a controller by the data subject. The data subject also has the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 Abs 2 (a) GDPR or is based on a contract pursuant to Article 6 (1) (b) GDPR and processing occurs by means of automated procedures, unless the processing is necessary for the performance of a public-interest mission or occurs in the exercise of official authority which has been assigned to the controller.

Furthermore, in exercising their right to data portability under Art. 20 (1) GDPR, the data subject has the right to bring about that the personal data is transmitted directly from one controller to another, insofar as this is technically feasible and if the rights and freedoms of others are not affected thereby.

In order to assert the right to data portability, the data subject may at any time contact the data protection officer appointed by Flughafen Dortmund GmbH or another employee of the controller.

6.7 Right to objection

Any data subject affected by the processing of personal data has the right, at any time, to object to the processing of personal data concerning them pursuant to Art. 6 (1) (e) or (f) of the GDPR for reasons arising from their particular situation. This also applies to profiling based on these provisions.

Flughafen Dortmund GmbH will no longer process your personal data in the event of an objection, unless we can prove compelling reasons for processing that are worthy of protection that outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims.

If Flughafen Dortmund GmbH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, as far as it is associated with such direct mail. If the data subject objects to Flughafen Dortmund GmbH regarding direct marketing, then Flughafen Dortmund GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data relating to them at Flughafen Dortmund GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfil a public-interest task.

In order to exercise the right to objection, the data subject can directly contact the data protection officer of Flughafen Dortmund GmbH or another employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right of objection by means of automated procedures using technical specifications.

6.8 Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data has the right granted by the European regulators and authorities not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on the data subject or similarly affects the data subject insofar as the decision:

  • Is not necessary for the conclusion or performance of a contract between the data subject and the controller, or;
  • Is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
  • Involves the express consent of the data subject.

If the decision

  • Is required for the conclusion or performance of a contract between the data subject and the controller; or
  • If it takes place with the explicit consent of the data subject, Flughafen Dortmund GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the controller, to presentation of their own position, and to challenging of the decision.

If the data subject wishes to exercise their rights regarding automated decision-making, they may contact our data protection officer or another employee of the data controller at any time.

6.9 Right to revoke data-protection consent

Any data subject affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time.

If the data subject wishes to assert their right to revoke consent, they may at any time contact our data protection officer or another employee of the data controller.

Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.

6.10 Complaints to a data protection supervisory authority

Any data subject affected by the processing of personal data has the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data by us.

7. Legal basis of processing

Unless otherwise specified in the description of the respective data processing procedure in the following Chapter B of this privacy policy, the following provisions apply.

Art. 6 (1) (a) GDPR serves Flughafen Dortmund GmbH as the legal basis for processing operations requiring consent for a specific processing purpose. If the processing of personal data is required to fulfil a contract of which the data subject is a party, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our services and products. If Flughafen Dortmund GmbH is subject to a legal obligation requiring the processing of personal data, the processing is based on Art. 6 (1) (c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6 (1) (d) GDPR. Finally, processing operations may be based on Art. 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of Flughafen Dortmund GmbH or a third party, provided that the interests, basic rights and fundamental freedoms of the data subject do not take precedence. Such processing operations are particularly permitted for us because they have been specifically mentioned by the European legislator (see Recital 47 sent. 2 GDPR).

8. Consideration of legitimate interests

Unless otherwise provided for in the description of the relevant data processing operation in Chapter B of this privacy policy and the processing of personal data is based on Art. 6 (1) (f) GDPR, we have a legitimate interest in the conduct of our business and the related economic interest.

9. Data protection when using our contact information

If you use the contact information provided on our website (such as our e-mail address or fax number) to contact us, the personal data you provide will only be processed for the purpose of the contact.

If the reason for contacting us lies in the interest in our services or products or in the fulfilment of a contract existing with us, the legal basis is Art. 6 (1) (b) GDPR. In all other cases of contact, we have a legitimate interest in accordance with Art. 6 (1) (f) GDPR in data processing based on the communication you initiated.

We store the data required for the execution of the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods. We retain the data required under commercial and tax law for the periods specified by law, usually for ten years (see § 257 HGB, § 147 AO). The data processed for the implementation of pre-contractual measures will be deleted as soon as the measures have been carried out and no contract is obviously concluded.

The personal data stored by us on the basis of a legitimate interest will be stored until the purpose pursued by the contact has been attained. You have the right to object to the processing of data done on the basis of Art. 6 (1) (f) GDPR, and which does not serve direct mail, for reasons that arise from your particular situation at any time. In the case of direct mail, however, you can object to the processing at any time without stating reasons.

Recipients of the personal data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded a corresponding commissioned data processing agreement pursuant to Art. 28 GDPR.

10. Data protection in applications and in the application process

We collect and process the personal data of applicants for the purpose of carrying out the application procedure and thus on the basis of a pre-contractual measure within the meaning of Art. 6 (1) (b) GDPR or our legitimate interest in the employment of employees pursuant to Art. 6 (1) (f) GDPR.

The processing can also be carried out electronically, for example, if an applicant submits corresponding application documents by electronic means, for example by e-mail or via our contact form. If we conclude a contract of employment with an applicant, the data transmitted will be stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless other legitimate interests of the controller preclude deletion. Other legitimate interest in this sense, for example, include a burden of proof in a proceeding under the General Equal Treatment Act (AGG).

Due to the digitised recording of the applications received, the recipients of the processed personal data are our IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing contracts within the meaning of Art. 28 GDPR.

11. Changes to this privacy policy

Flughafen Dortmund GmbH reserves the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly to inform yourself about the applicable privacy policy.

B. Special provisions regarding data processing on our website


1. Collection and use of your data

The extent and nature of the collection and use of your data differs depends on whether you visit our website for the retrieval of information or use services offered by us, such as ordering a newsletter or booking a parking space or registering if applicable.

2. Informative use/collected data/cookies

(1) In the event of merely informative use of the website, e.g. if you do not make a booking via our website or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to inform you about our website and to ensure its stability and security (legal basis is Art. 6 (1) (1) (f). GDPR):

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Transmitted amount of data
  • Website from which the request comes
  • Browser
  • Operating system and its GUI
  • Language and version of the browser software.

(2) The data processed in accordance with para. 1 of this provision will be used for the stated purposes for a period of max. 30 days and then deleted.

(3) In addition to the aforementioned data, cookies are stored on your computer when you use our website. This happens on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR in the optimisation and economical operation of our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here via us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.

(4) Use of cookies:

a) Our website uses the following types of cookies, the scope and operation of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. Such cookies store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which varies depending on the cookie and can take several years. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser setting according to your wishes, for example, to decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this website in this case.

e) We use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you would have to log in again for each visit.

(5) The recipients of the data processed in accordance with the preceding paragraphs are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

3. Google Analytics

On the basis of our legitimate interests within the meaning of Art. 6 (1) (f) GDPR (i.e. interest in analysing, optimising and operating our online content) we use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses cookies. The information generated by the cookie about the use of the online offer by the users is usually transmitted to a Google server in the USA and stored there.

Google Ireland Limited is a company affiliated with Google LLC. Google LLC is located in the United States (1600 Amphitheater Parkway, Mountain View, CA 94043) and is certified by the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the extension “_gat._anonymizeIp” for the web analysis via Google Analytics. With this extension, Google will shorten and anonymise the IP address of the data subject's Internet access if accesses to our website occurs from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the user's device. By using this cookie Google is enabled to analyse the usage of our website. Each time you visit any of the pages on our website that incorporate a Google Analytics component, the Internet browser on the data subject's device will be automatically prompted by the Google Analytics component to submit data to Google for online analysis. As part of this technical process, Google receives information about personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently make commission settlements possible.

The cookie stores personally identifiable information, such as access time, the place from which access was made, and the frequency of site visits by the data subject. Each time you visit our webpages, personal data, including the IP address of the Internet connection used by the data subject, is transferred to Google and its affiliates. This personal data is stored by Google for 14 months. Google may share this personal data collected through the technical process with third parties.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to and preventing the collection of the data generated by Google Analytics for the use of our website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on available under the link

https://tools.google.com/dlpage/gaoptout

This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data on the subject's device is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or re-enable the browser add-on.

For more information, as well as Google's applicable privacy policy, see

https://www.google.de/intl/de/policies/privacy/ and

http://www.google.com/analytics/terms/de.html

Google Analytics is explained in more detail under this link

https://www.google.com/intl/de_de/analytics/

4. Google Ads

On the basis of our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), on our website we use the “Google Ads” service (formerly “Goolge AdWords”) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

Google Ads is an Internet advertising service that allows advertisers to place ads both in Google Search engine results and the Google Network. Google Ads allows an advertiser to pre-set certain keywords that will display an ad on Google's search engine results only when the user searches for a relevant search result through the Google search engine.

Google Ireland Limited is a company affiliated with Google LLC. Google LLC is located in the United States (1600 Amphitheater Parkway, Mountain View, CA 94043) and is certified by the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The purpose of Google Ads is to promote our website by displaying interest-based advertising on third-party websites and in Google search engine results, and by displaying advertisements on our website.

If a data subject reaches our website via a Google ad, a so-called conversion cookie is deposited on the data subject's device by Google Inc., which expires after thirty days and is not used to identify the data subject. If the conversion cookie has not expired yet, the conversion cookie will check whether certain subpages have been accessed on our website. Thanks to the conversion cookie, both we and Google can understand whether a data subject who came to our website via a Google Ads generated revenue, i.e., completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie is used by Google to create visitor statistics for our website. These visit statistics are then used by us to determine the total number of users who have been referred to us through Ads ads, in other words, to determine the success or failure of each Ads ad and to optimise our Ads ads for the future. Neither our company nor other advertisers of Google Ads receive any information from Google that could identify the data subject.

The conversion cookicertaine stores personal data, such as the websites visited by the data subject. Each time you visit our website, personal data, including the IP address of the Internet connection used by the data subject, will be transmitted to Google. This personal data is stored by Google. Google may share this personal data with third parties.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser would also prevent Google from setting a conversion cookie on the data subject's device. In addition, a cookie already set by Google Ads can be deleted at any time via the Internet browser or other software.

In addition, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the data subject must click on the link from each of the Internet browsers they use here www.google.de/settings/ads and make the desired settings there.

Additional information and Google's applicable privacy policy can be found at

https://www.google.de/intl/de/policies/privacy/.

5. Google-Re/Marketing-Services

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we use the marketing and remarketing services ("Google Marketing Services ") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Ireland Limited is a company affiliated with Google LLC. Google LLC is located in the United States (1600 Amphitheater Parkway, Mountain View, CA 94043) and is certified by the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Marketing Services allows us to better target advertisements for and on our website so that we only present ads to users that potentially match their interests. If, for example, a user sees ads for products that he is interested in on other websites, this is called "remarketing". For these purposes, when people visit or website or other websites where Google Marketing Services are active, Google immediately executes a code from Google and so-called (re) marketing tags (invisible graphics or code, also known as “Web Beacons”) are incorporated into the website. With their help, an individual cookie, i.e. a small file (instead of cookies, comparable technologies can also be used) is stored on the user’s device. Cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. In this file is noted which websites the user visited, in what content he is interested and what offers he has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer. The IP address of the users is also recorded, whereby in the context of Google Analytics we disclose that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases will be sent to a Google server in the United States and shortened there. The IP address will not be merged with data of the user within other offers from Google. The above information may also be linked by Google with such information from other sources. If the user subsequently visits other websites, he may be shown ads tailored to him according to his interests.

The data of the users are pseudonymously processed in the context of the Google marketing services. This means Google does not store and process e.g. the name or e-mail address of the users, but processes the relevant data cookie-related data within pseudonymous user profiles. That is, from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymisation. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in the United States.

In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.

For more information about Google's data usage for marketing purposes, see the overview page: https://www.google.com/policies/technologies/

and Google's Privacy Policy is available at https://www.google.com/policies/privacy

If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google's setting and opt-out options:

http://www.google.com/ads/preferences

6. Google Maps

Due to our legitimate interest in accordance with Art. 6 (1) (f) GDPR in designing our online offer effectively, we use a plug-in of the internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Ireland Limited is a company affiliated with Google LLC. Google LLC is located in the United States (1600 Amphitheater Parkway, Mountain View, CA 94043) and is certified by the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

When you use Google Maps on our website, information about the use of this website and your IP address will be transmitted to and stored on a Google server in the United States. We have no knowledge about the exact content of the submitted data, nor about its use by Google. The company denies in this context the connection of the data with information from other Google services and the collection of personal data. However, Google may transmit the information to third parties. If you disable Javascript in your browser, you prevent the execution of Google Maps. In this case you cannot use the map display on our website. By using our website you consent to the described collection and processing of the information by Google.

Learn more about the Privacy Policy and Terms of Use for Google Maps here: https://cloud.google.com/maps-platform/terms/

7. Google reCAPTCHA

We use the reCAPTCHA service on our website. Google reCaptcha is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).


Google Ireland Limited is connected to Google LLC. Google LLC is based in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043) and is in favour of the US-European ‘Privacy Shield’ agreement, which guarantees that the level of data protection applicable in the EU is upheld. (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).  

Requests made using Google reCAPTCHA serve to establish whether information has been entered by a person or automatically by a machine. The request includes the transfer of your IP address and, if applicable, further data required by Google for the reCAPTCHA service. To this end, your data is transferred to Google and further used there. Your IP address will be shortened by Google before leaving the European Union or European Economic Area. In exceptional cases, your full IP address will be transferred to a Google server in the USA and shortened there. On behalf of this website’s operator, Google will use this information to evaluate your use of this service. The IP address transferred from your browser by reCaptcha will not be merged with any other Google data. Your data will also be transferred to the USA if required. 


By submitting a request, you are consenting to your data being processed. The processing takes place with your consent based on article 6 (1) lit a of the GDPR. You can revoke your consent at any time, without affecting the validity of any processing already carried out based on the consent up to the point of revocation. You can find out more about Google reCAPTCHA and its privacy policy here: https://www.google.com/privacy/ads/

8. New Relic

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use a plug-in from New Relic’s web analysis service. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

New Relic is certified under the Privacy Shield Agreement, which guarantees compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

This service allows statistical evaluations to be made about the speed of the website. Through the plug-in, New Relic receives the information that a user has accessed the corresponding page of the website. For this purpose, New Relic collects system data on used add-ons, browsers as well as hardware and software and usage times, so-called application data, for which cookies are set in your browser. If you are logged in as a user at New Relic, New Relic can assign the visit to your local account. If you are not a member of New Relic, there is still the opportunity for New Relic to obtain and store your IP address. The purpose and scope of the data collection, as well as how New Relic processes and uses the data, as well as user privacy settings, can be found in New Relic’s privacy policy.

If you are a member of New Relic and you do not want New Relic to collect information about you on our sites in order to associate it with your member data stored on New Relic, you must log out of New Relic before visiting our website.

9. Facebook Custom Audiences and Facebook Marketing Services

Due to our legitimate interests in accordance with Art. 6 (1) (f) GDPR in the analysis, optimisation and economic operation of our website, our website uses so-called “Facebook Pixel” of the social network Facebook: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you are located in the EU, we use Facebook Ireland, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participantid=a2zt0000000GnywAAC&status=Active.

With the help of Facebook Pixel, it is on the one hand possible for Facebook to determine the visitors to our website as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use Facebook Pixel to display the Facebook ads we have created only to those Facebook users who have shown an interest in our website or who have certain features (e.g. interests in certain topics or products, determined by their visits to websites), which we transmit to Facebook (so-called “custom audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The site also uses Facebook's Remarketing feature “custom audiences” (“Facebook”). This allows users of the website to be shown interest-based advertisements (“Facebook ads”) as part of their visit to the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting to you.

To prevent the collection of your data by means of Facebook Pixel on our website, please click on the following link: Facebook opt-out notice: When you click the link, an “opt-out” cookie will be saved on your device. If you delete the cookies in this browser, then you have to visit the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.

You can also object to the use of cookies for distance measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and in addition the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

10. Integration of YouTube videos

Due to a legitimate interest within the meaning of Art. 6 (1) (f) GDPR our website integrates YouTube's content into the presentation of our services through audiovisual media, which are stored on http://www.YouTube.com and are directly playable from our website. These are all embedded in "enhanced privacy mode", which means that if you do not play the video, you will not transfer any data about you as a user to YouTube. The data named in the following is transmitted only when you play the videos. We have no influence on this data transfer.

Youtube is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google Ireland Limited is a company affiliated with Google LLC. Google LLC is located in the United States (1600 Amphitheater Parkway, Mountain View, CA 94043) and is certified by the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

When you visit the website, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data under B. no. 2 sent. 1 of this Privacy Policy is transferred. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish it to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses it for purposes of advertising, market research and/or customisation of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles. You must contact YouTube to exercise this right.

For more information on the purpose and scope of data collection and processing through YouTube, please read the privacy policy. You will also find more information about rights and settings options to protect your privacy there: www.google.de/intl/de/policies/privacy.

11. Advertising by TripleDouble U

De reclame op deze website wordt gedeeltelijk door het geanonimiseerde verzamelen en verwerken van uw gebruiksgedrag op voorspelde interesse voor u geoptimaliseerd. Hiervoor worden cookies op de computer van de gebruiker opgeslagen. Deze maken het mogelijk om de gebruiker te herkennen, maar laten niet toe om de gebruiker persoonlijk te identificeren. Om reclame voor u aan de hand van uw gebruiksinteresses te optimaliseren hebben we de volgende bedrijven de toestemming gegeven om de bovenstaande gebruiksgegevens te verzamelen en te gebruiken:

TripleDoubleU GmbH
Albert-Einstein-Ring 21
22761 Hamburg

Netpoint Media GmbH
Rheinallee 60
55283 Nierstein

One (AOL)/Oath wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder van ONE is Oath (EMEA) Limited, 5-7 Point Square, North Wall Quay, Dublin 1, Ireland. ONE gebruikt technologieën om u relevante advertenties te leveren.
Link privacyverklaring: https://policies.oath.com/ie/nl/oath/privacy/index.html 
Link voor opt-out: https://policies.oath.com/ie/nl/oath/privacy/controls/index.html
De rechtsgrond voor het gebruik van de technologieën van ONE (AOL)/Oath en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s.

AppNexus wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder van AppNexus is AppNexus Inc AppNexus Inc, 28 West 23rd Street, Floor 4, New York, NY 10010,USA. AppNexus gebruikt technologieën om u relevante advertenties te leveren.
Link privacyverklaring: https://www.appnexus.com/candidate-privacy-policy
Link voor opt-out: https://www.appnexus.com/platform-privacy-policy#choices
De rechtsgrond voor het gebruik van de technologieën van AppNexus en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s. 

Yieldlab wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder van Yieldlab is Yieldlab AG, Colonaden 41, 20354 Hamburg, Duitsland. Yieldlab gebruikt technologieën om u relevante advertenties te leveren.
Link privacyverklaring: http://www.yieldlab.de/meta-navigation/datenschutzerklaerung/
Link voor opt-out: http://www.yieldlab.de/elements/privacy/
De rechtsgrond voor het gebruik van de technologieën van Yieldlab en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s.

AdForm wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder van AdForm is AdForm GmbH, Gr. Burstah 50-52, 20457 Hamburg, Duitsland. AdForm gebruikt technologieën om u relevante advertenties te leveren.
Link privacyverklaring: https://site.adform.com/privacy-center/overview
Link voor opt-out: https://site.adform.com/privacy-policy-opt-out/
De rechtsgrond voor het gebruik van de technologieën van AdForm en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s.

SmartAdServer wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder van SmartAdServer is SmartAdSercer GmbH, Mehringdamm 33. 10961 Berlin, Duitsland. SmartAdServer gebruikt technologieën om u relevante advertenties te leveren.
Link privacyverklaring: http://smartadserver.de/unternehmen/unsere-datenschutzerklarung/
Link voor opt-out: http://www.smartadserver.com/diffx/optout/IABOptout.aspx
De rechtsgrond voor het gebruik van de technologieën van SmartAdServer en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s.

Criteo wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder is Criteo SA, 32 Rue Blanche, 75009 Paris, Frankrijk. Criteo gebruikt technologieën om u relevante advertenties te bieden.
Link privacyverklaring: https://www.criteo.com/de/privacy/
Link voor op-out: https://www.criteo.com/de/privacy/
De rechtsgrond voor het gebruik van de technologieën van Criteo en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s. 

OpenX wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder is OpenX Technologies Inc, 888 East Walnut Street, 2nd Floor, Pasadena, CA 91101, USA. OpenX gebruikt technologieën om u relevante advertenties te bieden.
Link privacyverklaring: https://www.openx.com/legal/privacy-policy/
Link voor opt-out: https://www.openx.com/legal/interest-based-advertising/
De rechtsgrond voor het gebruik van de technologieën van OpenX en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s. 

IndexExchange wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder is Index Exchange, 74 Wingold Ave, Toronto, Ontario, M6B1p5, Canada. IndexExchange gebruikt technologieën om u relevante advertenties te bieden.
Link privacyverklaring: http://www.indexexchange.com/privacy/
Link voor opt-out: http://optout.networkadvertising.org/?c=1#!/
De rechtsgrond voor het gebruik van de technologieën van OpenX en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s.

Rubicon wordt gebruikt door klanten van de digitale reclamemarketeer TripleDoubleU GmbH en Netpoint Media GmbH. De aanbieder is Rubicon Project Inc., 12181 Bluff Creek Drive, Playa Vista, CA 90094, USA. Rubicon gebruikt technologieën om u relevante advertenties te bieden.
Link privacyverklaring: https://rubiconproject.com/privacy//
Link voor opt-out: https://rubiconproject.com/privacy/consumer-online-profile-and-opt-out/
De rechtsgrond voor het gebruik van de technologieën van OpenX en de daarmee gepaard gaande verzameling van gegevens is artikel 6 lid 1 lit. f AVG. Ons legitiem belang is een gebruiksvriendelijk en aantrekkelijke alsook functionele weergave van de inhoud en aanbiedingen van onze internetpagina’s. 

Overige derden
Bovendien kan in het kader van reclame van reclameweergaven gebeuren dat andere technologieaanbieders informatie verzamelen die verband houdt met het weergeven van reclame. (leveringsfrequentie van reclamebanners, meting van de zichtbaarheid of acceptatie van het reclamevlak, klik op de reclamebanner of dergelijke). Deze informatie wordt door middel van cookies verzameld. Browsers kunnen zodanig worden ingesteld dat cookies in het algemeen worden geweigerd. Eveneens kunt u reeds opgeslagen cookies in uw browserinstellingen wissen. Als u geen cookies gebruikt, kan dit er echter toe leiden dat u de functies van onze website niet meer in volle omvang kunt gebruiken.

Meer informatie over cookies vindt u ook op het volgende consumentenportaal en kunnen daar globaal geregeld worden. Daar kunt u bovendien de status van de activering inzake tools van verschillende aanbieders bekijken en het verzamelen resp. analyseren van uw gegevens door deze tools weigeren:

www.meine-cookies.org
www.youronlinechoices.com/de/praferenzmanagement
optout.networkadvertising.org
https://adssettings.google.com/authenticated?hl=de

De verwerking van de hierdoor geregistreerde gegevens is gebaseerd op ons terechte belang volgens art. 6 lid 1 f. AVG in het weergeven van gebruikersrelevante reclame op onze internetpagina. Meer informatie hierover – alsook de mogelijkheden voor deactivering van op gebruik gebaseerde online reclame – vindt u in de privacyopmerkingen van de partner van onze promotor TripleDoubleU: https://www.netpoint-media.de/technik/datenschutz.

12. AWIN AG

Due to its legitimate interest in the efficient use of its website in accordance with Art. 6 (1) (f) GDPR, the controller integrates components of the company AWIN on this website. AWIN is a German affiliate network that offers affiliate marketing.

Affiliate marketing is an internet-based form of sales that allows commercial operators of websites, the so-called merchants or advertisers, to show advertising, which is usually remunerated via click or sale commissions, on third-party websites, which are also called sales partners, affiliates or publishers. The merchant makes available through the affiliate network an advertising medium, i.e. an advertising banner or other suitable means of internet advertising, which is subsequently incorporated for advertising by an affiliate on its own website or advertised via other channels, such as keyword advertising.

The operating company of AWIN is AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany.

AWIN sets a cookie on the information technology system of the person concerned. Cookies are explained above. AWIN’s tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner mediating the potential customer, as well as the ordinal number of the visitor of a website and of the clicked advertising medium are stored. The purpose of the storage of this data is the processing of commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. AWIN.

The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent AWIN from setting a cookie on the information technology system of the data subject. In addition, cookies already set by AWIN can be deleted at any time via the internet browser or other software programs.

The applicable AWIN privacy policy can be found at: https://www.awin.com/gb/legal 

13. Booking.com Affiliate Programme

Based on our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we are a participant in the booking.com affiliate programme designed to provide a medium for websites through which advertising cost reimbursements can be earned by placing advertisements and links to booking.com (so-called affiliate system). Booking.com uses cookies in order to understand the origin of the bookings. As a result, booking.com can recognise that you have clicked on the partner link on our website and subsequently made a booking on booking.com.

For more information on data usage and opt-out options, please refer to the booking.com privacy policy: https://www.booking.com/content/privacy.de.html.

14. GetYourGuide Affiliate Programme

Based on our legitimate interests (i.e. interest in the economic operation of our online offer within the meaning of Art. 6 (1) (f) GDPR), we are participants in the Get Your Guide affiliate programme. On our pages, Get Your Guide integrates ads and links to the Get Your Guide page, where we can earn money through advertising cost reimbursement (the so-called affiliate system). Get Your Guide uses cookies to understand the origin of the bookings. As a result, Get Your Guide can recognise that you have clicked on the partner link on our website and subsequently made a purchase on GetYourGuide.de.

For more information about Get Your Guide’s data usage and opt-out options, please read the Get Your Guide privacy policy: https://www.getyourguide.de/privacy_policy.

15. Use of offers on our website

Insofar as you wish to make use of the services offered on our website, such as paid bookings in our online shop or the ordering of a newsletter, you will need to provide additional personal data. Details can be found in the following regulations.

15.1 Data processing for the purpose of concluding a contract

(1) Your personal data that you provide to us during the booking process is required for a contract with us (e.g. information about the contracting party) or legally necessary (e.g. tax regulations). Failure to provide your personal data would mean that the contract could not be concluded with you. For some payment methods, we require the necessary payment data in order to pass it on to a payment service provider commissioned by us.

If you send us an inquiry by e-mail, via a contact form or make a reservation via our website, we process the data received in this way to carry out pre-contractual measures and answer, for example, your questions about our services or products.

You can voluntarily create a customer account, through which we can save your data for later purchases. If you create an account under “My Account”, the data you provide will be stored subject to your revocation of consent. You can always delete all other data, including your user account, in the customer area.

The processing of your entered data thus takes place for the purpose of fulfilling the contract or for carrying out pre-contractual measures pursuant to Art. 6 (1) (b) GDPR and for fulfilling legal obligations pursuant to Art. 6 (1) (c) GDPR.

(2) The recipients of the personal data processed in accordance with this provision are payment service providers, shipping service providers, IT service providers (in particular hosting) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR.

(3) We store the data required for the execution of the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods. We retain the data required under commercial and tax law for the periods specified by law, usually for ten years (see § 257 HGB, § 147 AO). The data processed for the implementation of pre-contractual measures will be deleted as soon as the measures have been carried out and no contract is obviously concluded.

15.2 Contact forms

(1) If you voluntarily use our contact forms, you will be asked to provide your first name, last name, e-mail address, telephone number, if any, and the reason for your request/contact (message). Only your e-mail address is absolutely required for your request. The information will only be collected and stored to answer your request.

(2) The legal basis for the processing of your personal data is the consent expressly granted by you pursuant to Art. 6 (1) (a) GDPR and our legitimate interest pursuant to Art. 6 (1) (f) GDPR in answering your request for our services or offers and proof of possible misuse of the e-mail address used for this purpose.

(3) We store the information provided by you via the contact form until the fulfilment of the purpose of your request. In addition, we store the personal data stored pursuant to para. 1 for a maximum of one month after receipt of the confirmation.

(4) The recipients of the data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

15.3 Newsletter

(1) With your consent and stating your e-mail address you can subscribe to our newsletter, which will inform you about our current interesting offers. The advertised goods or services are named in the declaration of consent. The only requirement for sending the newsletter is provision of your e-mail address.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. After your confirmation of the order of the newsletter, we will store the information you provide in accordance with paragraph 2 for the purpose of sending the newsletter and proof of possible misuse of your e-mail address in accordance with paragraph 2.

(3) Furthermore, we make a performance measurement by attaching a so-called “web beacon” to each newsletter, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened. As part of this, information will be collected about the browser you are using, the ID of the click, your e-mail address and specific e-mailing information, your IP address or DNS name, and the time of the retrieval. This information is used to improve the technical performance of services based on the technical data or audiences and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our goal to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

(4) The legal basis for the processing of your personal data is the consent expressly granted by you pursuant to Art. 6 (1) (a) GDPR and with regard to the data processed pursuant to para. 2 our legitimate interest pursuant to Art. 6 (1) (f) GDPR on proof of possible misuse of the e-mail address used for this purpose.

(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each e-mail newsletter or by e-mail to newsletter@dortmund-airport.de or by sending a message to the contact details stated in the imprint.

(6) Your e-mail address will only be saved for newsletter delivery for the duration of the requested registration. The other data stored in accordance with paragraph 1 will be deleted by us after a maximum of one month after your cancellation.

(7) The recipients of the data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

15.4 Registration and use of our portals DTMinside and DTMaviation Club

(1) The data subject has the opportunity to register on the website of Flughafen Dortmund GmbH by providing personal data and confirming the terms of use provided for certain portals, such as DTMinside or DTMaviation Club. What personal data is transmitted to Flughafen Dortmund GmbH results from the respective input mask, which is used for the registration.

(2) The registration of the data subject under voluntary provision of personal data serves Flughafen Dortmund GmbH to offer the company concerned content or services which, due to the nature of the case, can only be offered to registered users and thus serves to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR or our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the controller.

(3) By registering on our website, the IP address assigned by the internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes committed. In this respect, the storage of this data is required for us for security purposes. We store this data for a maximum of one month after registration.

(4) The recipients of the personal data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded a corresponding commissioned data processing agreement pursuant to Art. 28 GDPR.

(5) Flughafen Dortmund GmbH must provide information to any data subject on request at any time as to which personal data has been stored on the data subject. Furthermore, Flughafen Dortmund GmbH must correct or delete personal data at the request or notice of the data subject, insofar as this does not conflict with any statutory storage requirements. A data protection officer named in this privacy policy and all employees of Flughafen Dortmund GmbH are available to the data subject in this context as contacts.

16. Social plugins

Our website does not use "social plugins". We only have links to the following social media services:

Facebook
Service provider: Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA
Please see the privacy policy of Facebook at www.facebook.com/help for information on how this data is collected and how it is used. You can find ways to protect your privacy within Facebook at: www.facebook.com/policy.

YouTube
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Please see the privacy policy of Google for details of what data is collected and how it is used: https://www.google.com/privacy
Privacy preference settings can be found at: https://www.google.com/dashboard

Twitter
Service provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, United States
Please see the privacy policy of Twitter for details on how this data is collected and how it is used: https://www.twitter.com/privacy
You can find ways to protect your privacy at: https://www.twitter.com/settings

Xing
Service provider: XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany.
Please see the privacy policy of Xing for details on how this data is collected and how it is used: https://www.xing.com/privacy
This provides information on the collection, processing and use of personal data by Xing. In addition, Xing has posted privacy notices for the XING share button at: https://www.xing.com/app/share?op=data_protection

Instagram
Service provider: Instagram LLC, 1601 Willow Rd, Menlo Park CA 9402, United States
Regarding what data is collected here and how it is used, please refer to the privacy policy of Instagram: https://instagram.com/about/legal/privacy/

17. Security measures

We take organisational, contractual and technical security measures according to the state of the art to ensure that the data protection regulations are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

One of the security measures is the encrypted transfer of data between your browser and our server.

C. Special explanation of the use of optical monitoring devices (video application) at Dortmund Airport

The above general privacy notices are supplemented and explained below in relation to video usage in our facilities.

Video devices are used by Flughafen Dortmund GmbH and the authorities operating in the airport facilities. Flughafen Dortmund GmbH is solely responsible for its own use of the video data.

1.1 Collection and use

  • Purposes for which the personal data is processed:
  • To protect against violence against customers, passengers and workers,
  • To protect against violence against our facilities and systems,
  • To improve law enforcement by preserving evidence in the event of vandalism, property damage, theft and other criminal acts,
  • To ensure technical flight-(guest) safety,
  • To enforce claims for damages.

1.2 Legal basis for processing 
The processing and use is necessary for the enforcement of the stated purposes and is based on Art. 6 (1) (f) GDPR and § 4 BDSG 2018.

1.3 Consideration of legitimate interests
The legitimate interests of the controller within the meaning of Article 6 (1) (f) GDPR are:

  • Observance of facility regulations
  • Prevention
  • Law enforcement

1.4 Recipients of personal data
The data is only released on request of the law enforcement authorities (police, prosecutors and courts).

1.5 Storage duration 
The duration of storage is up to 14 days. 

1.6 Exercise of the rights of the data subject 

The image data of our video equipment contains personally identifiable information which we ourselves cannot assign to a particular person. Please note that any access to this data constitutes an interference with the personal rights of the persons depicted. In order to avail yourself of your rights of access, restriction of processing or data portability, a legal arrangement is required to allow us to access the data for these purposes. The right to data deletion is implemented within the scope of the storage limitation. Correction of video data is not possible.