Top of page
Service area
Service menu
Main content area

Privacy policy

Instructions for handling personal data

We appreciate your interest in our website and our other digital channels. With the privacy policy shown here, we would like to inform you about the type, scope and purpose of the personal data collected, used and processed by us.

The following table of contents should enable you to get started in our privacy policy as quickly and easily as possible.

Contents

A. General provisions on data processing


1. Subject of this privacy policy

The protection of your personal data is a great and very important concern for us. In the following, we would like to inform you in detail about the data collected during your visit to our website, the use of our offers there and how the data is processed or used by us. Furthermore, we also inform you about which accompanying protective measures we have taken in technical and organisational terms.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the applicable data protection regulations. By means of this privacy policy we would like to inform you about the nature, extent and purpose of the personal data collected, used and processed by us and whether you are affected by the data processing.

Although we, as the person responsible for the processing of personal data, have implemented numerous technical and organisational measures, internet-based data transmission can in principle have security gaps so absolute protection cannot be guaranteed. We ask you to take this into account when using our website.

2. Definitions

This privacy policy uses terms that have been specified by the legislator in the General Data Protection Regulation (GDPR). You can retrieve the GDPR under the following link:

http://eur-lex.europa.eu/legal-content/DE/TXT/PDF/?uri=CELEX:32016R0679&from=DE (PDF)

The purpose of our privacy policy is to inform you in a simple and understandable way about the processing of your personal data on our website. 

3. Name and address of the controller

The controller under data protection law is: 

Flughafen Dortmund GmbH 

 Flugplatz 21 44319 Dortmund 

 Germany 


PO Box 13 02 61

44319 Dortmund


Phone: +49.231.9213-01

Telefax: +49.231.9213-125

E-mail: service@dortmund-airport.de

Internet: www.dortmund-airport.de

4. Contact details of the data protection officer

Flughafen Dortmund GmbH

Data Protection Officer

Flugplatz 21

44319 Dortmund

Germany

E-mail: datenschutz@dortmund-airport.de

5. Deletion and blocking of personal data/storage period

Unless otherwise stipulated for the respective processing of personal data in chapter B of this privacy policy, the data stored by us will be deleted as soon as it is no longer necessary for its purpose, and the deletion does not conflict with any statutory storage requirements. If the data of the data subject is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data of the data subject, which must be kept for commercial or tax reasons.


According to the legal requirements, storage takes place for six years in accordance with § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) and for ten years pursuant to § 147 (1) AO (books, records, management reports, accounting documents, commercial and business letters, etc.).

6. Rights of the data subject

6.1 Right to confirmation

Each data subject has the right, as granted by the European regulators, to require the controller to confirm whether personal data relating to the data subject is being processed. If a data subject wishes to make use of this confirmation right, they can contact our data protection officer or another employee of the controller at any time.

6.2 Right to information

Any data subject affected by the processing of personal data has the right at any time to obtain from the controller any information free of charge concerning the personal data stored about them and to receive a copy of that information. Furthermore, the data subject shall have access to the following information:

  • The processing purposes
  • The categories of personal data being processed
  • The recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular to recipients in third countries or to international organisations
  • If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining that duration
  • The existence of a right to rectification or deletion of the personal data concerning the data subject or of a restriction of the processing by the controller and of a right to object to such processing
  • The existence of a right of appeal to a supervisory authority
  • If the personal data is not collected from the data subject: All available information about the origin of the data
  • The existence of automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing regarding the data subject

In addition, the data subject has a right to know whether personal data has been transferred to a third country or to an international organisation. If that is the case, the data subject is otherwise entitled to receive information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to make use of this right to information, they can contact our data protection officer or another employee of the controller at any time.

6.3 Right to rectification

Any data subject affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, under consideration of the purposes of the processing, to request the completion of incomplete personal data by means of a supplementary declaration.

If a data subject wishes to make use of this right to rectification, they can contact our data protection officer or another employee of the controller at any time.

6.4 Right to deletion

Any data subject affected by the processing of personal data has the right to require the controller to immediately delete the personal data concerning them, provided that one of the following reasons is satisfied and the processing is not required:

  • The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.
  • The data subject withdraws the consent on which the processing was based, in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing.
  • The data subject submits an objection to the processing pursuant to Art. 21 (1) GDPR and there are no legitimate reasons for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR.
  • The personal data was processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the data subject is subject.
  • The personal data was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

Insofar as one of the above reasons applies and a data subject wishes to arrange for the deletion of personal data stored at Flughafen Dortmund GmbH, they may at any time contact our data protection officer or another employee of the controller. The data protection officer of Flughafen Dortmund GmbH or another employee will arrange that the request for deletion be fulfilled without delay.

If the personal data has been made public by Flughafen Dortmund GmbH and if our company is responsible for deleting personal data as the controller pursuant to Art. 17 (1) GDPR, Flughafen Dortmund GmbH shall take appropriate measures, taking into account the available technology and the implementation costs of a technical nature, to inform other data controllers processing the published personal data that the data subject has requested deletion by all other data controllers of any links to such personal data or copies or replications of such personal data as far as the processing is not required. The data protection officer of the airport Dortmund GmbH or another employee will arrange the necessary measures in individual cases.

6.5 Right to restriction of processing

Any data subject affected by the processing of personal data has the right to require the controller to restrict the processing if any of the following conditions apply:

  • The accuracy of the personal data is denied by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject declines to delete the personal data and instead requests the restriction of the use of the personal data.
  • The controller no longer needs the personal data for processing purposes, but the data subject requires it to assert, exercise or defend legal claims.
  • The data subject has objected to the processing under Art. 21 (1) GDPR and it is not yet clear whether the legitimate interests of the controller outweigh those of the data subject.

Insofar as one of the above reasons applies and a data subject wishes to demand the restriction of personal data stored at Flughafen Dortmund GmbH, they may at any time contact our data protection officer or another employee of the controller. The data protection officer of Flughafen Dortmund GmbH or another employee will then initiate the restriction of processing.

6.6 Data portability

Any data subject affected by the processing of personal data has the right to receive in a structured, common and machine-readable format personal data relating to them which was provided to a controller by the data subject. The data subject also has the right to transfer this data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 Abs 2 (a) GDPR or is based on a contract pursuant to Article 6 (1) (b) GDPR and processing occurs by means of automated procedures, unless the processing is necessary for the performance of a public-interest mission or occurs in the exercise of official authority which has been assigned to the controller.

Furthermore, in exercising their right to data portability under Art. 20 (1) GDPR, the data subject has the right to bring about that the personal data is transmitted directly from one controller to another, insofar as this is technically feasible and if the rights and freedoms of others are not affected thereby.

In order to assert the right to data portability, the data subject may at any time contact the data protection officer appointed by Flughafen Dortmund GmbH or another employee of the controller.

6.7 Right to objection

Any data subject affected by the processing of personal data has the right, at any time, to object to the processing of personal data concerning them pursuant to Art. 6 (1) (e) or (f) of the GDPR for reasons arising from their particular situation. This also applies to profiling based on these provisions.

Flughafen Dortmund GmbH will no longer process your personal data in the event of an objection, unless we can prove compelling reasons for processing that are worthy of protection that outweigh the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending legal claims.

If Flughafen Dortmund GmbH processes personal data in order to operate direct mail, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling, as far as it is associated with such direct mail. If the data subject objects to Flughafen Dortmund GmbH regarding direct marketing, then Flughafen Dortmund GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data relating to them at Flughafen Dortmund GmbH for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary to fulfil a public-interest task.

In order to exercise the right to objection, the data subject can directly contact the data protection officer of Flughafen Dortmund GmbH or another employee. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right of objection by means of automated procedures using technical specifications.

6.8 Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data has the right granted by the European regulators and authorities not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on the data subject or similarly affects the data subject insofar as the decision:

  • Is not necessary for the conclusion or performance of a contract between the data subject and the controller, or;
  • Is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
  • Involves the express consent of the data subject.

If the decision

  • Is required for the conclusion or performance of a contract between the data subject and the controller; or
  • If it takes place with the explicit consent of the data subject, Flughafen Dortmund GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain the intervention of a person on the part of the controller, to presentation of their own position, and to challenging of the decision.

If the data subject wishes to exercise their rights regarding automated decision-making, they may contact our data protection officer or another employee of the data controller at any time.

6.9 Right to revoke data-protection consent

Any data subject affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time.

If the data subject wishes to assert their right to revoke consent, they may at any time contact our data protection officer or another employee of the data controller.

Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.

6.10 Complaints to a data protection supervisory authority

Any data subject affected by the processing of personal data has the right to lodge a complaint with a data protection supervisory authority about the processing of their personal data by us.

7. Legal basis of processing

Unless otherwise specified in the description of the respective data processing procedure in the following Chapter B of this privacy policy, the following provisions apply.

Art. 6 (1) (a) GDPR serves Flughafen Dortmund GmbH as the legal basis for processing operations requiring consent for a specific processing purpose. If the processing of personal data is required to fulfil a contract of which the data subject is a party, the processing is based on Art. 6 (1) (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our services and products. If Flughafen Dortmund GmbH is subject to a legal obligation requiring the processing of personal data, the processing is based on Art. 6 (1) (c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6 (1) (d) GDPR. Finally, processing operations may be based on Art. 6 (1) (f) GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of Flughafen Dortmund GmbH or a third party, provided that the interests, basic rights and fundamental freedoms of the data subject do not take precedence. Such processing operations are particularly permitted for us because they have been specifically mentioned by the European legislator (see Recital 47 sent. 2 GDPR).

8. Consideration of legitimate interests

Unless otherwise provided for in the description of the relevant data processing operation in Chapter B of this privacy policy and the processing of personal data is based on Art. 6 (1) (f) GDPR, we have a legitimate interest in the conduct of our business and the related economic interest.

9. Data protection when using our contact information

If you use the contact information provided on our website (such as our e-mail address or fax number) to contact us, the personal data you provide will only be processed for the purpose of the contact.

If the reason for contacting us lies in the interest in our services or products or in the fulfilment of a contract existing with us, the legal basis is Art. 6 (1) (b) GDPR. In all other cases of contact, we have a legitimate interest in accordance with Art. 6 (1) (f) GDPR in data processing based on the communication you initiated.

We store the data required for the execution of the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods. We retain the data required under commercial and tax law for the periods specified by law, usually for ten years (see § 257 HGB, § 147 AO). The data processed for the implementation of pre-contractual measures will be deleted as soon as the measures have been carried out and no contract is obviously concluded.

The personal data stored by us on the basis of a legitimate interest will be stored until the purpose pursued by the contact has been attained. You have the right to object to the processing of data done on the basis of Art. 6 (1) (f) GDPR, and which does not serve direct mail, for reasons that arise from your particular situation at any time. In the case of direct mail, however, you can object to the processing at any time without stating reasons.

Recipients of the personal data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded a corresponding commissioned data processing agreement pursuant to Art. 28 GDPR.

10. Data protection in applications and in the application process

We collect and process the personal data of applicants for the purpose of carrying out the application procedure and thus on the basis of a pre-contractual measure within the meaning of Art. 6 (1) (b) GDPR or our legitimate interest in the employment of employees pursuant to Art. 6 (1) (f) GDPR.

The processing can also be carried out electronically, for example, if an applicant submits corresponding application documents by electronic means, for example by e-mail or via our contact form. If we conclude a contract of employment with an applicant, the data transmitted will be stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless other legitimate interests of the controller preclude deletion. Other legitimate interest in this sense, for example, include a burden of proof in a proceeding under the General Equal Treatment Act (AGG).

Due to the digitised recording of the applications received, the recipients of the processed personal data are our IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing contracts within the meaning of Art. 28 GDPR.

11. Changes to this privacy policy

Flughafen Dortmund GmbH reserves the right to change this privacy policy at any time with effect for the future. A current version is available on the website. Please visit the website regularly to inform yourself about the applicable privacy policy.

B. Special provisions regarding data processing on our website


1. Collection and use of your data

The extent and nature of the collection and use of your data differs depends on whether you visit our website for the retrieval of information or use services offered by us, such as ordering a newsletter or booking a parking space or registering if applicable.

2. Informative use/collected data/cookies

(1) In the event of merely informative use of the website, e.g. if you do not make a booking via our website or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to inform you about our website and to ensure its stability and security (legal basis is Art. 6 (1) (1) (f). GDPR):

  • IP address
  • Date and time of request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Transmitted amount of data
  • Website from which the request comes
  • Browser
  • Operating system and its GUI
  • Language and version of the browser software.

(2) The data processed in accordance with para. 1 of this provision will be used for the stated purposes for a period of max. 30 days and then deleted.

(3) In addition to the aforementioned data, cookies are stored on your computer when you use our website. This happens on the basis of our legitimate interest in accordance with Art. 6 (1) (f) GDPR in the optimisation and economical operation of our website. Cookies are small text files that are stored on your hard drive assigned to the browser you are using and by which the body that sets the cookie (here via us) receives certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall.

(4) Use of cookies:

a) Our website uses the following types of cookies, the scope and operation of which are explained below:

  • Transient cookies (see b)
  • Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include in particular session cookies. Such cookies store a so-called session ID, with which various requests from your browser can be assigned to the common session. This will allow your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which varies depending on the cookie and can take several years. You can delete the cookies in the security settings of your browser at any time.

d) You can configure your browser setting according to your wishes, for example, to decline the acceptance of third-party cookies or all cookies. Please be aware that you may not be able to use all features of this website in this case.

e) We use cookies to identify you for follow-up visits if you have an account with us. Otherwise, you would have to log in again for each visit.

(5) The recipients of the data processed in accordance with the preceding paragraphs are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

3. Google Analytics

Based on our legitimate interests (i.g. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA (“Google”). Google uses cookies. The information generated by the cookie about the use of the website by the users is usually transmitted to a Google server in the USA and stored there.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We use the addition “_gat._anonymizeIp” for web analytics via “Google Analytics”. By means of this addition, the IP address of the internet connection of the data subject will be shortened and anonymised by Google if the access to our website is from a Member State of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse visitor flows on our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile for us online reports showing the activities on our websites, and to provide other services related to the use of our website.

Google Analytics places a cookie on the user’s device. By using this cookie, Google is able to analyse the usage of our website. Each time you visit any of the pages on our website that incorporate a Google Analytics component, the internet browser on the data subject's device will be automatically prompted by the Google Analytics component to submit data to Google for online analysis. As part of this technical process, Google will be aware of personal data, such as the IP address of the data subject, which serves, among other things, Google to track the origin of the visitors and clicks, and subsequently make commission settlements possible.

The cookie stores personally identifiable information, such as access time, the location from which access was made and the frequency of site visits by the data subject. Each time you visit our website, your personal data, including the IP address of the internet connection used by the data subject, is transferred to Google Inc. in the United States. This personal data is likely to be stored permanently by Google Inc. in the United States. Google Inc. may share this personal data collected through the technical process with third parties.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the possibility of objecting to and preventing the collection of the data generated by Google Analytics for the use of our website and the processing of this data by Google. To do this, the affected person must download and install a browser add-on from the following link:

https://tools.google.com/dlpage/gaoptout

. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered by Google as an objection. If the data on the data subject’s device is later deleted, formatted, or reinstalled, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or disabled by the data subject or any other person within their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Additional information and Google's privacy policy can be found at:

https://www.google.de/intl/de/policies/privacy/ and at: http://www.google.com/analytics/terms/de.html

Google Analytics is explained in more detail at:

https://www.google.com/intl/de_de/analytics/

4. Google AdWords

On the basis of our legitimate interests (i.e. interest in the economic operation of our website as defined in Art. 6 (1) (f) GDPR), we use the Google AdWords service of Google Inc., 1600 Amphitheater Pkwy, Mountain on our website View, CA 94043-1351, USA.

Google AdWords is an internet advertising service that allows advertisers to run ads in the Google search engine results and the Google Network. Google AdWords allows an advertiser to pre-set certain keywords that display an ad on Google’s search engine results only when the user searches for a relevant search result through the Google search engine.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

The purpose of Google AdWords is to promote our site by displaying interest-based advertising on third-party websites and in Google search engine results, and to display advertisements on our website.

If a data subject reaches our website via a Google ad, a so-called conversion cookie will be placed on the data subject’s device by Google Inc., which will expire after thirty days and will not identify the data subject. If the conversion cookie has not expired yet, the conversion cookie will check whether certain subpages have been accessed on our website. The conversion cookie allows both us and Google to understand whether a data subject who came to our website via an AdWords ad generated revenue, i.e., completed or cancelled a purchase.

The data and information collected through the use of the conversion cookie are used by Google to create visit statistics for our website. These visit statistics are then used by us to determine the total number of users who have been sent to us through AdWords ads, in order to determine the success or failure of each AdWords ad and to optimise our AdWords ads for the future. Neither our company nor any other Google AdWords advertiser receives any information from Google that could identify the data subject.

The conversion cookie stores personal data, such as the websites visited by the data subject. Each time you visit our website, your personal data, including the IP address of the internet connection used by the data subject, is transferred to Google in the United States. This personal data is stored by Google in the United States. Google may share this personal data with third parties.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a conversion cookie on the data subject’s device. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software.

Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the person concerned must access the link www.google.com/settings/ads from each of the internet browsers they use and make the desired settings there.

Additional information and Google's privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/

5. DoubleClick by Google

On the basis of our legitimate interests (i.e. interest in the economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use the service “DoubleClick by Google” on our website, which is provided by Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA. It specifically markets special online marketing solutions to advertising agencies and publishers.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

DoubleClick by Google transmits data to the DoubleClick server with every impression, click, or other activity. Each of these data transfers triggers a cookie request to the data subject's browser. If the browser accepts this request, “DoubleClick by Google” sets a cookie on the user's device. The purpose of the cookie the optimisation and insertion of advertising as well as avoidance of multiple placing of the same advertising.

“DoubleClick by Google” uses a cookie ID required to complete the technical process. For example, the cookie ID is used to display an ad in a browser. “DoubleClick by Google” can also use the cookie ID to see which ads have already appeared in a browser to avoid duplication. It is also possible for “DoubleClick by Google” to track conversions through the cookie ID. Conversions are tracked, for example, when a user has previously been shown a DoubleClick ad and then makes a purchase on the advertiser’s website using the same internet browser.

A “DoubleClick by Google” cookie does not contain any personally identifiable data. It may contain additional campaign IDs that identify the campaigns the user was already in contact with.

Each time you visit any of the pages on our website that incorporate a “DoubleClick component”, the internet browser on the data subject’s device will automatically be prompted by the “DoubleClick component” to transfer data to Google for the purpose of online advertising and calculation of commissions. As part of this technical process, Google will also receive data that Google Inc. also uses to create commission statements. Among other things, Google Inc. sees that the data subject has accessed certain links on our website.

The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the respective Internet browser would also prevent Google from setting a cookie on the data subject’s device. In addition, cookies already set by Google Inc. can be deleted at any time via the internet browser or other software.

Additional information and the DoubleClick by Google privacy policy can be found at:

https://www.google.com/intl/en/policies/

6. Google Remarketing

On the basis of our legitimate interests (i.e. interest in the economic operation of our website as defined in Art. 6 (1) (f) GDPR), we use the “Google Remarketing” service of Google Inc., 1600 Amphitheater Pkwy, Mountain on our website View, CA 94043-1351, USA.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Google Remarketing is a feature of Google AdWords that allows a business to show advertisements to internet users that have previously been on the company’s website. The integration of Google Remarketing therefore allows a company to create user-friendly advertising and thus allow internet users to see interest-based ads.

Google Remarketing sets a cookie on the end user’s device. By setting the cookie, Google will be able to recognise the visitor to our website, if the visitor also subsequently visits websites that are also members of the Google ad network. With each visit to a website on which Google Remarketing's service has been integrated, the data subject is identified automatically with Google via the internet browser. As part of this technical process, Google receives knowledge about personal data, such as the IP address or the surfing behaviour of the user, which Google uses among other things to display interest-relevant advertising.

The cookie is used to store personal data, such as the websites visited by the data subject. Each time you visit our website, your personal data, including the IP address of the internet connection used by the data subject, is transferred to Google Inc. in the United States. This personal data is stored by Google Inc. in the United States. Google may share this personal data with third parties.

The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser would also prevent Google from setting a cookie on the data subject’s device. In addition, a cookie already set by “Google Analytics” can be deleted at any time via the internet browser or other software.

Furthermore, the data subject has the opportunity to object to Google's interest-based advertising. To do this, the person concerned must access the link www.google.com/settings/ads via the respective internet browser and make the desired settings there.

Additional information and Google's privacy policy can be found at: https://www.google.com/intl/en/policies/privacy/

7. Google Maps

Due to our legitimate interest in accordance with Art. 6 (1) (f) GDPR to design our website effectively, we use a plug-in of the internet service Google Maps on our website. Google Maps is operated by Google Inc., located in the US, CA 94043, 1600 Amphitheater Parkway, Mountain View.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

By using Google Maps on our website, information about the use of this website and your IP address will be transmitted to and stored on a Google server in the United States. We have no knowledge of the exact content of the submitted data or its use by Google. The company denies in this context the connection of the data with information from other Google services and the collection of personal data. However, Google may transmit the information to third parties. If you disable Javascript in your browser, you prevent the implementation of Google Maps. In this case, you cannot use the map display on our website. By using our website, you consent to the collection and processing of the information described by Google Inc. Learn more about the Google Maps privacy policy and terms of use here: https://www.google.com/intl/en_uk/help/terms_maps.html

8. etracker

On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR) our website uses components of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany.

“Etracker” is a web analysis service. Web analysis concerns the gathering, collection and analysis of data about the behaviour of visitors to websites. For example, a web analytics service collects information about the website from which an affected person visited another website, which subpages of the website were accessed, or how often and for what length of time a subpage was viewed.

etracker places a cookie on the user’s device. Each time you visit individual pages of our website on which an “etracker component” is integrated, the internet browser on the device of the data subject, via the respective “etracker component”, automatically causes data for marketing and optimisation purposes to be transferred to etracker GmbH. As part of this technical process, etracker GmbH obtains information about data, which is used to create pseudonymous usage profiles. The usage profiles obtained in this way are used to analyse the behaviour of the data subject who accessed our website. Our goal is to improve and optimise our website. The data collected via the “etracker component” will not be used to identify the data subject without first obtaining the specific and explicit consent of the data subject. This data is not combined with personal data or other data containing the same pseudonym.

The data subject can prevent the setting of cookies through our website at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the respective internet browser would also prevent etracker GmbH from setting a cookie on the device of the data subject. In addition, cookies already set by “etracker” can be deleted at any time via the internet browser or by means of other software.

Furthermore, the data subject has the possibility of objecting to and preventing the collection of the data generated by the “etracker cookie” for the use of our website and the processing of this data by etracker GmbH. To do this, the data subject must press the “set cookie” button under the link http://www.etracker.de/privacy?et=V23Jbb. This sets an opt-out cookie. The opt-out cookie set with the objection is stored on the device used by the data subject. If the cookies on the data subject’s device are deleted after an objection, the data subject must re-visit the link and set a new opt-out cookie.

By setting the opt-out cookie, however, there is the possibility that our websites will no longer be fully usable for the data subject.

The applicable data protection regulations of etracker can be found at: https://www.etracker.com/de/datenschutz.html

9. Web analysis by IntelliAd

On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1).(f) GDPR) we use the web analysis service with bid management provided by intelliAd Media GmbH, Sendlinger Str , 80331 Munich.

Anonymised usage data is recorded and aggregated in order to design and optimise this website, and usage profiles are created from this data using pseudonyms. When using intelliAd tracking, there is a local storage of cookies. As a website visitor, you have the right to object to the storage of your (anonymous) visitor data for the future. To do this, use the intelliAd opt-out function. 

10. New Relic

Based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our website within the meaning of Art. 6 (1) (f) GDPR), we use a plug-in from New Relic’s web analysis service. This service is provided by New Relic Inc., 188 Spear Street, Suite 1200 San Francisco, CA 94105, USA.

New Relic is certified under the Privacy Shield Agreement, which guarantees compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TNPiAAO&status=Active).

This service allows statistical evaluations to be made about the speed of the website. Through the plug-in, New Relic receives the information that a user has accessed the corresponding page of the website. For this purpose, New Relic collects system data on used add-ons, browsers as well as hardware and software and usage times, so-called application data, for which cookies are set in your browser. If you are logged in as a user at New Relic, New Relic can assign the visit to your local account. If you are not a member of New Relic, there is still the opportunity for New Relic to obtain and store your IP address. The purpose and scope of the data collection, as well as how New Relic processes and uses the data, as well as user privacy settings, can be found in New Relic’s privacy policy.

If you are a member of New Relic and you do not want New Relic to collect information about you on our sites in order to associate it with your member data stored on New Relic, you must log out of New Relic before visiting our website.

11. Facebook Custom Audiences and Facebook Marketing Services

Due to our legitimate interests in accordance with Art. 6 (1) (f) GDPR in the analysis, optimisation and economic operation of our website, our website uses so-called “Facebook Pixel” of the social network Facebook: Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If you are located in the EU, we use Facebook Ireland, 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (“Facebook”).

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participantid=a2zt0000000GnywAAC&status=Active).

With the help of Facebook Pixel, it is on the one hand possible for Facebook to determine the visitors to our website as a target group for the display of advertisements (so-called “Facebook ads”). Accordingly, we use Facebook Pixel to display the Facebook ads we have created only to those Facebook users who have shown an interest in our website or who have certain features (e.g. interests in certain topics or products, determined by their visits to websites), which we transmit to Facebook (so-called “custom audiences”). With the help of Facebook Pixel, we also want to ensure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook Pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion”).

The site also uses Facebook's Remarketing feature “custom audiences” (“Facebook”). This allows users of the website to be shown interest-based advertisements (“Facebook ads”) as part of their visit to the social network Facebook or other websites that also use the process. We are interested in showing you advertisements that are of interest to you in order to make our website more interesting to you.

To prevent the collection of your data by means of Facebook Pixel on our website, please click on the following link: Facebook opt-out notice: When you click the link, an “opt-out” cookie will be saved on your device. If you delete the cookies in this browser, then you have to visit the link again. Furthermore, the opt-out only applies within the browser you use and only within our web domain on which the link was clicked.

You can also object to the use of cookies for distance measurement and promotional purposes via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and in addition the US website (http://www.aboutads.info/ choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

12. Integration of YouTube videos

Due to a legitimate interest within the meaning of Art. 6 (1) (f) GDPR our website integrates YouTube components in the presentation of our services through audiovisual media, which are stored on http://www.YouTube.com and are directly playable from our website. These are all embedded in the “enhanced privacy mode”, which means that if you do not play the video, you will not transfer any data about you as a user to YouTube. The data specified in the following is transmitted only when you play the videos. We have no influence on this data transfer.

The operator of YouTube is Google Inc., based in the US, CA 94043, 1600 Amphitheater Parkway, Mountain View.

Google is certified under the Privacy Shield Agreement, which provides a guarantee of compliance with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data specified under B. no. 2 para. 1 of this privacy policy is transferred. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you are logged in to Google, your data will be assigned directly to your account. If you do not wish to associate the data with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or custom design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; to do this you must contact YouTube.

For more information on the purpose and scope of your data collection and processing through YouTube, please read the YouTube privacy policy. You can also get more information about your rights and privacy settings here: https://www.google.com/intl/en/policies/privacy 

13. Advertising by TripleDouble U

The advertising on this website is partly optimised for you by the anonymous collection and processing of your usage behaviour for predicted interest. For this purpose, cookies are stored on the computer of the user. These allow the recognition of the user, but do not allow personal identification of the user. In order to optimise advertising for you based on your interests, we have allowed the following companies to collect and use the above usage data:

TripleDoubleU GmbH 

Albert-Einstein-Ring 21 

22761 Hamburg


Netpoint Media GmbH

Rheinallee 60

55283 Nierstein


The processing of the data thus collected is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR on the presentation of user-friendly advertising on our website. Further information on this – as well as the options for deactivating usage-based online advertising – can be found in the privacy policy of the partner of our marketer TripleDoubleU: https://www.netpoint-media.de/technik/datenschutz

14. Affillinet GmbH

Due to its legitimate interest in the efficient use of its website in accordance with Art. 6 (1) (f) GDPR, the controller integrates components of the company Affilinet on this website. Affilinet is a German affiliate network that offers affiliate marketing.

Affiliate marketing is an internet-based form of sales that allows commercial operators of websites, the so-called merchants or advertisers, to show advertising, which is usually remunerated via click or sale commissions, on third-party websites, which are also called sales partners, affiliates or publishers. The merchant makes available through the affiliate network an advertising medium, i.e. an advertising banner or other suitable means of internet advertising, which is subsequently incorporated for advertising by an affiliate on its own website or advertised via other channels, such as keyword advertising.

The operating company of Affilinet is affilinet GmbH, Sapporobogen 6-8, 80637 Munich, Germany.

Affilinet sets a cookie on the information technology system of the person concerned. Cookies are explained above. Affilinet’s tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner mediating the potential customer, as well as the ordinal number of the visitor of a website and of the clicked advertising medium are stored. The purpose of the storage of this data is the processing of commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. Affilinet.

The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Affilinet from setting a cookie on the information technology system of the data subject. In addition, cookies already set by Affilinet can be deleted at any time via the internet browser or other software programs.

The applicable Affilinet privacy policy can be found at:

https://www.affili.net/en/footeritem/datenschutz

15. Use of offers on our website

Insofar as you wish to make use of the services offered on our website, such as paid bookings in our online shop or the ordering of a newsletter, you will need to provide additional personal data. Details can be found in the following regulations.

15.1 Data processing for the purpose of concluding a contract

(1) Your personal data that you provide to us during the booking process is required for a contract with us (e.g. information about the contracting party) or legally necessary (e.g. tax regulations). Failure to provide your personal data would mean that the contract could not be concluded with you. For some payment methods, we require the necessary payment data in order to pass it on to a payment service provider commissioned by us.

If you send us an inquiry by e-mail, via a contact form or make a reservation via our website, we process the data received in this way to carry out pre-contractual measures and answer, for example, your questions about our services or products.

You can voluntarily create a customer account, through which we can save your data for later purchases. If you create an account under “My Account”, the data you provide will be stored subject to your revocation of consent. You can always delete all other data, including your user account, in the customer area.

The processing of your entered data thus takes place for the purpose of fulfilling the contract or for carrying out pre-contractual measures pursuant to Art. 6 (1) (b) GDPR and for fulfilling legal obligations pursuant to Art. 6 (1) (c) GDPR.

(2) The recipients of the personal data processed in accordance with this provision are payment service providers, shipping service providers, IT service providers (in particular hosting) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR.

(3) We store the data required for the execution of the contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods. We retain the data required under commercial and tax law for the periods specified by law, usually for ten years (see § 257 HGB, § 147 AO). The data processed for the implementation of pre-contractual measures will be deleted as soon as the measures have been carried out and no contract is obviously concluded.

15.2 Contact forms

(1) If you voluntarily use our contact forms, you will be asked to provide your first name, last name, e-mail address, telephone number, if any, and the reason for your request/contact (message). Only your e-mail address is absolutely required for your request. The information will only be collected and stored to answer your request.

(2) The legal basis for the processing of your personal data is the consent expressly granted by you pursuant to Art. 6 (1) (a) GDPR and our legitimate interest pursuant to Art. 6 (1) (f) GDPR in answering your request for our services or offers and proof of possible misuse of the e-mail address used for this purpose.

(3) We store the information provided by you via the contact form until the fulfilment of the purpose of your request. In addition, we store the personal data stored pursuant to para. 1 for a maximum of one month after receipt of the confirmation.

(4) The recipients of the data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

15.3 Newsletter

(1) With your consent and stating your e-mail address you can subscribe to our newsletter, which will inform you about our current interesting offers. The advertised goods or services are named in the declaration of consent. The only requirement for sending the newsletter is provision of your e-mail address.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. After your confirmation of the order of the newsletter, we will store the information you provide in accordance with paragraph 2 for the purpose of sending the newsletter and proof of possible misuse of your e-mail address in accordance with paragraph 2.

(3) Furthermore, we make a performance measurement by attaching a so-called “web beacon” to each newsletter, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened. As part of this, information will be collected about the browser you are using, the ID of the click, your e-mail address and specific e-mailing information, your IP address or DNS name, and the time of the retrieval. This information is used to improve the technical performance of services based on the technical data or audiences and their reading habits, based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining if the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our goal to observe individual users. The evaluations serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

(4) The legal basis for the processing of your personal data is the consent expressly granted by you pursuant to Art. 6 (1) (a) GDPR and with regard to the data processed pursuant to para. 2 our legitimate interest pursuant to Art. 6 (1) (f) GDPR on proof of possible misuse of the e-mail address used for this purpose.

(5) You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in each e-mail newsletter or by e-mail to newsletter@dortmund-airport.de or by sending a message to the contact details stated in the imprint.

(6) Your e-mail address will only be saved for newsletter delivery for the duration of the requested registration. The other data stored in accordance with paragraph 1 will be deleted by us after a maximum of one month after your cancellation.

(7) The recipients of the data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded corresponding commissioned data processing agreements pursuant to Art. 28 GDPR. 

15.4 Registration and use of our portals DTMinside and DTMaviation Club

(1) The data subject has the opportunity to register on the website of Flughafen Dortmund GmbH by providing personal data and confirming the terms of use provided for certain portals, such as DTMinside or DTMaviation Club. What personal data is transmitted to Flughafen Dortmund GmbH results from the respective input mask, which is used for the registration.

(2) The registration of the data subject under voluntary provision of personal data serves Flughafen Dortmund GmbH to offer the company concerned content or services which, due to the nature of the case, can only be offered to registered users and thus serves to carry out pre-contractual measures in accordance with Art. 6 (1) (b) GDPR or our legitimate interest pursuant to Art. 6 (1) (f) GDPR. Registered persons are free to modify the personal data given at registration at any time or to delete it completely from the database of the controller.

(3) By registering on our website, the IP address assigned by the internet service provider (ISP) of the data subject, the date and time of registration are also stored. The storage of this data is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR, as this is the only way to prevent the misuse of our services and, if necessary, to use this data to investigate past crimes committed. In this respect, the storage of this data is required for us for security purposes. We store this data for a maximum of one month after registration.

(4) The recipients of the personal data processed in accordance with this provision are IT service providers (in particular Hoster) with whom we have concluded a corresponding commissioned data processing agreement pursuant to Art. 28 GDPR.

(5) Flughafen Dortmund GmbH must provide information to any data subject on request at any time as to which personal data has been stored on the data subject. Furthermore, Flughafen Dortmund GmbH must correct or delete personal data at the request or notice of the data subject, insofar as this does not conflict with any statutory storage requirements. A data protection officer named in this privacy policy and all employees of Flughafen Dortmund GmbH are available to the data subject in this context as contacts.

16. Social plugins

Our website does not use “social plugins”. We only have links to the following social media services:

Facebook
Service provider: Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA

Please see the privacy policy of Facebook at www.facebook.com/help for information on how this data is collected and how it is used. You can find ways to protect your privacy within Facebook at: www.facebook.com/policy.

YouTube
Service provider: Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA

Please see the privacy policy of Google for details of what data is collected and how it is used: https://www.google.com/privacy

Privacy preference settings can be found at: https://www.google.com/dashboard

Twitter
Service provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, United States

Please see the privacy policy of Twitter for details on how this data is collected and how it is used: https://www.twitter.com/privacy

You can find ways to protect your privacy at: https://www.twitter.com/settings

Xing
Service provider: XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany.

Please see the privacy policy of Xing for details on how this data is collected and how it is used: https://www.xing.com/privacy

This provides information on the collection, processing and use of personal data by Xing. In addition, Xing has posted privacy notices for the XING share button at:

https://www.xing.com/app/share?op=data_protection

Instagram
Service provider: Instagram LLC, 1601 Willow Rd, Menlo Park CA 9402, United States

Regarding what data is collected here and how it is used, please refer to the privacy policy of Instagram: https://instagram.com/about/legal/privacy/

17. Security measures

We take organisational, contractual and technical security measures according to the state of the art to ensure that the data protection regulations are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons.

One of the security measures is the encrypted transfer of data between your browser and our server.

C. Special explanation of the use of optical monitoring devices (video application) at Dortmund Airport

The above general privacy notices are supplemented and explained below in relation to video usage in our facilities.

Video devices are used by Flughafen Dortmund GmbH and the authorities operating in the airport facilities. Flughafen Dortmund GmbH is solely responsible for its own use of the video data.

1.1 Collection and use

  • Purposes for which the personal data is processed:
  • To protect against violence against customers, passengers and workers,
  • To protect against violence against our facilities and systems,
  • To improve law enforcement by preserving evidence in the event of vandalism, property damage, theft and other criminal acts,
  • To ensure technical flight-(guest) safety,
  • To enforce claims for damages.

1.2 Legal basis for processing 
The processing and use is necessary for the enforcement of the stated purposes and is based on Art. 6 (1) (f) GDPR and § 4 BDSG 2018.

1.3 Consideration of legitimate interests
The legitimate interests of the controller within the meaning of Article 6 (1) (f) GDPR are:

  • Observance of facility regulations
  • Prevention
  • Law enforcement

1.4 Recipients of personal data
The data is only released on request of the law enforcement authorities (police, prosecutors and courts).

1.5 Storage duration 
The duration of storage is up to 14 days. 

1.6 Exercise of the rights of the data subject 

The image data of our video equipment contains personally identifiable information which we ourselves cannot assign to a particular person. Please note that any access to this data constitutes an interference with the personal rights of the persons depicted. In order to avail yourself of your rights of access, restriction of processing or data portability, a legal arrangement is required to allow us to access the data for these purposes. The right to data deletion is implemented within the scope of the storage limitation. Correction of video data is not possible.