Privacy policy

The following table of contents should enable you to get started in our privacy policy as quickly and easily as possible.

The protection of your personal data is a great and very important concern for us. In the following, we would like to inform you in detail of the data collected during your visit to our website, the use of our offers there and how the data is processed or used by us. Furthermore, we will also inform you of which accompanying protective measures we have taken in terms of technology and organisation.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always in accordance with the applicable data protection regulations. By means of this Privacy Policy we would like to inform you of the nature, extent and purpose of the personal data collected, used and processed by us and whether you are affected by data processing.

Although we, as the controller responsible for processing personal data, have implemented numerous technical and organisational measures, internet-based data transmission can in principle have security gaps. Therefore, absolute protection cannot be guaranteed. We kindly ask you to take this into account when using our website.

This Privacy Policy uses terms that have been specified by the legislator in the General Data Protection Regulation (GDPR). You can retrieve the GDPR under the following link:

https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN (PDF)

The purpose of our Privacy Policy is to inform you in a simple and understandable way of the processing of your personal data on our website.

Dortmunder Stadtwerke AG (DSW21)
Data Protection Officer
Deggingstraße 40
44141 Dortmund
Germany
E-mail: datenschutz@dortmund-airport.de

Unless otherwise stipulated for the respective processing of personal data in chapter B of this Privacy Policy, the data which we store shall be erased as soon as they are no longer necessary for the purpose for which they were collected, and erasure does not contradict any statutory retention requirements. If the data of the data subject are not erased because they are required for other and legally permissible purposes, the processing of such is restricted. This means that the data are blocked and not processed for other purposes. This applies, for example, to data of the data subject which must be kept for commercial or tax reasons.

According to the legal requirements, data are retained for six years in accordance with Art. 257(1) HGB [German Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, trade letters, accounting documents, etc.) and for ten years pursuant to Art. 147(1) AO [German Fiscal Code] (accounts, records, management reports, accounting documents, commercial and business letters, etc.).

6.1 Right to confirmation

Each data subject has the right, as granted by the European regulators, to require the controller to confirm whether personal data relating to the data subject are being processed. If a data subject wishes to make use of this right of confirmation, they can contact our data protection officer or another employee of the controller at any time.

6.2 Right to information

Any data subject affected by the processing of personal data has the right at any time to obtain from the controller any information free of charge concerning the personal data stored about them and to receive a copy of that information. Furthermore, the data subject shall have access to the following information:

• The purposes of processing;
• The categories of personal data being processed;
• The recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed, in particular to recipients in third countries or to international organisations;
• Where possible, the planned duration of storage of the personal data;
  Or, where this is not possible, the criteria for determining this duration;
• The existence of a right to rectification or erasure of the personal data concerning the data subject or of a restriction of processing by the controller and of a right to object to such processing;
• The existence of a right of appeal to a supervisory authority;
• If the personal data are not collected from the data subject:
• All available information concerning the origin of the data;
• The existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and - at least in such cases - meaningful information on the logic involved and the scope and intended impact of such processing regarding the data subject.

In addition, the data subject has a right to know whether personal data have been transferred to a third country or to an international organisation. If this is the case, the data subject is furthermore entitled to receive information on the appropriate guarantees in connection with the transfer.

If a data subject wishes to make use of this right to information, they can contact our data protection officer or another employee of the controller at any time.

6.3 Right to rectification

Any data subject affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data concerning them. Furthermore, the data subject has the right, under consideration of the purposes of the processing, to request the completion of incomplete personal data by means of a supplementary declaration.

If a data subject wishes to make use of this right to rectification, they can contact our data protection officer or another employee of the controller at any time.

6.4 Right to erasure

Any data subject affected by the processing of personal data has the right to require the controller to immediately erase personal data concerning them, provided that one of the following reasons is satisfied and that processing is not required:

• The personal data have been collected or otherwise processed for purposes for which they are no longer necessary;
• The data subject withdraws their consent which was the basis for processing pursuant to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR, and no other legal basis for processing exists;
• The data subject lodges a complaint against the processing pursuant to Art. 21(1) GDPR, and no superior legitimate reasons for the processing exist, or the data subject lodges a complaint against the processing pursuant to Art. 21(2) GDPR;
• The personal data were processed unlawfully;
• The erasure of personal data is necessary to fulfil a legal obligation under EU law or the law of the Member States to which the data subject is subject;
• The personal data were collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

Insofar as one of the above reasons applies and a data subject wishes to arrange for the erasure of personal data stored with Flughafen Dortmund GmbH, they may contact our data protection officer or another employee of the controller at any time. The data protection officer for Flughafen Dortmund GmbH or another employee will ensure that the request for erasure is fulfilled without delay.

If the personal data have been made public by Flughafen Dortmund GmbH, and if our company is responsible for erasing personal data as the controller pursuant to Art. 17 (1) GDPR, Flughafen Dortmund GmbH shall take appropriate measures, taking into account the available technology and the implementation costs, including those of a technical nature, to inform other data controllers processing the published personal data that the data subject has requested erasure by all other data controllers of any links to such personal data or copies or replications of such personal data insofar processing is not necessary. The data protection officer of Flughafen Dortmund GmbH or another employee will arrange the necessary measures in individual cases.

6.5 Right to restriction of processing

Any data subject affected by the processing of personal data has the right to require the controller to restrict the processing if any of the following conditions apply:

• The accuracy of the personal data is denied by the data subject, for a period of time that allows the controller to verify the accuracy of the personal data;
• The processing is unlawful, the data subject rejects erasure of the personal data and instead requests restriction of the use of the personal data;
• The controller no longer requires the personal data for processing purposes, but the data subject requires it to assert, exercise or defend legal claims;
• The data subject has lodged a complaint against the processing according to Art. 21(1) GDPR and it is not yet clear whether the legitimate interests of the controller outweigh those of the data subject.

Insofar as one of the above reasons applies and a data subject wishes to demand the restriction of personal data stored with Flughafen Dortmund GmbH, they may contact our data protection officer or another employee of the controller at any time. The data protection officer of Flughafen Dortmund GmbH or another employee will then initiate the restriction of processing.

6.6 Right to data portability

Any data subject affected by the processing of personal data has the right to receive personal data relating to them, which was provided to a controller by the data subject, in a structured, common and machine-readable format. The data subject also has the right to transfer these data to another controller without being hindered by the controller, to whom the personal data were provided, insofar as processing is based on consent pursuant to Art. 6(1) lit. a GDPR or Art. 9(2) lit. a GDPR or a contract pursuant to Art. 6(1) li. b GDPR, and the processing is performed using automated processing, unless the processing is necessary to fulfil a task which is in the public interest or which is performed in exercise of a public authority which has been assigned to the controller.

Furthermore, in exercising their right to data portability pursuant to Art. 20(1) GDPR, the data subject has the right to effect that the personal data be transmitted directly from one controller to another, insofar as this is technically feasible and provided the rights and freedoms of others are not affected by such.

In order to assert the right to data portability, the data subject may contact the data protection officer appointed by Flughafen Dortmund GmbH or another employee of the controller at any time.

6.7 Right to object

Any data subject affected by the processing of personal data has the right, at any time, to object to the processing of personal data concerning them pursuant to Art. 6 (1) lit. e or f GDPR for reasons arising from their particular situation. This also applies to profiling based on these provisions.

Flughafen Dortmund GmbH will no longer process your personal data in the event of objection, unless we can prove compelling reasons for processing that are worthy of protection and which outweigh the interests, rights and freedoms of the data subject, or processing serves the purpose of enforcing, exercising or defending legal claims.

If Flughafen Dortmund GmbH processes personal data in order to undertake direct advertising, the data subject has the right to object to the processing of personal data for the purpose of such advertising at any time . This also applies to profiling, insofar as such is associated with such direct advertising. If the data subject objects to processing by Flughafen Dortmund GmbH for the purposes of direct advertising, then Flughafen Dortmund GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing at Flughafen Dortmund GmbH of personal data relating to them for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless such processing is necessary for fulfilment of a task in the public interest.

In order to exercise the right to object, the data subject can contact the data protection officer of Flughafen Dortmund GmbH or another employee directly. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58/EC, to exercise their right to object by means of automated procedures using technical specifications.

6.8 Automated individual decision-making, including profiling

Any data subject affected by the processing of personal data has the right, granted by the European regulators and authorities. not to be subject to a decision based solely on automated processing, including profiling, which has a legal effect on the data subject or similarly affects the data subject insofar as the decision:

• Is not necessary for the conclusion or performance of a contract between the data subject and the controller, or;
• Is permitted by Union or Member State legislation to which the controller is subject, and where such legislation contains appropriate measures to safeguard the rights and freedoms and legitimate interests of the data subject; or
• Involves the express consent of the data subject.

If the decision to conclude or execute a contract between the data subject and the controller is necessary or if such a decision is made with the explicit consent of the data subject, Flughafen Dortmund GmbH shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to effect the intervention of a person on the part of the controller, the right to present their own position, and the right to challenge the decision.

If the data subject wishes to exercise their rights regarding automated decision-making, they may contact our data protection officer or another employee of the data controller at any time.

6.9 Right to withdraw consent under data protection law

Any data subject affected by the processing of personal data has the right to withdraw consent to the processing of personal data at any time.

If the data subject wishes to assert their right to withdraw consent, they may contact our data protection officer or another employee of the data controller at any time.

Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.

6.10 Right to complain to a data protection supervisory authority

Any data subject affected by the processing of personal data has the right to lodge a complaint with a data protection supervisory authority regarding our processing of their personal data. The data protection supervisory authority responsible for our location is:

Landesbeauftragte für Datenschutz und Informationsfreiheit NRW [State Data Protection and Freedom of Information Officer for NRW]
Postfach 20 04 44
40102 Düsseldorf
Phone: +49.211.38424-0
Fax: +49.211.38424-10
E-mail: poststelle@ldi.nrw.de

Unless otherwise specified in the description of the respective data processing procedure in the following Chapter B of this Privacy Policy, the following provisions apply.

Art. 6 (1) lit. a GDPR acts as the legal basis for Flughafen Dortmund GmbH’s processing operations where consent must be obtained for a specific processing purpose.

If the processing of personal data is required to execute a contract to which the data subject is a party, the processing is based on Art. 6 (1) lit. b GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example in the case of enquiries about our services and products.

If Flughafen Dortmund GmbH is subject to a legal obligation which requires the processing of personal data, the processing is based on Art. 6(1) lit. c GDPR.

In rare cases, the processing of personal data may be required in order to protect the vital interests of the data subject or another natural person. In this case, the processing is based on Art. 6 (1) lit. d GDPR.

Finally, processing operations may be based on Art. 6 (1) lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of Flughafen Dortmund GmbH or a third party, provided that the interests, basic rights and fundamental freedoms of the data subject do not take precedence. Such processing operations are permitted for us in particular since they have been specifically mentioned by the European legislator (see Recital 47 clause 2 GDPR).

Unless otherwise governed in the description of the respective data processing procedure in Chapter B of this Privacy Policy and the processing of personal data is based on Art. 6 (1) lit. f GDPR, we have a legitimate interest in undertaking our business activity and in the financial interest associated therewith.

If you use the contact information provided on our website (such as our e-mail address or fax number) to contact us, the personal data you provide will only be processed for the purpose of making contact.

If the reason for contacting us an interest in our services or products or in the execution of a contract existing with us, the legal basis is Art. 6 (1) lit. b GDPR. In all other cases of making contact with us, we have a legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR since you initiated the communication.

We store the data required for execution of contract until the expiry of the statutory warranty and, if applicable, contractual guarantee periods. We retain the data required under commercial and tax law for the periods specified by law, usually for ten years (see Art. 257 HGB, Art. 147 AO). The data processed for the implementation of pre-contractual measures will be erased as soon as the measures have been carried out and evidently no contract has been concluded.

The personal data stored by us on the basis of a legitimate interest will be stored until the purpose aim by the contact has been achieved. You have the right to object to data processing performed on the basis of Art. 6 (1) lit. f GDPR which does not serve direct marketing purposes for reasons that arise from your particular situation at any time. In the case of direct advertising, however, you can object to the processing at any time without stating your reasons.

Recipients of personal data processed according to this stipulation are IT service providers (in particular hosters), with whom we have concluded a corresponding data processing agreement pursuant to Art. 28 GDPR.

We collect and process personal data from applicants for the purposes of carrying out the application process and therefore on the grounds of a pre-contractual measure in the sense of Art. 6 (1) lit. b GDPR or our legitimate interest in hiring employees pursuant to Art. 6 (1) lit. f GDPR.

The processing can also be carried out electronically, for example, if an applicant submits corresponding application documents by electronic means, for example by e-mail or via our contact form. If we conclude a contract of employment with an applicant, the data transmitted will be stored for the purpose of executing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant by the controller, the application documents will be automatically erased two months after the announcement of the rejection decision, unless other legitimate interests of the controller contradict erasure. Other legitimate interest in this sense includes a burden of proof in a proceeding under the German General Equal Treatment Act (AGG; Allgemeines Gleichbehandlungsgesetz), for example.

Due to the digitised recording of the applications received, the recipients of the personal data processed are our IT service providers (in particular hosters) with whom we have concluded corresponding data processing contracts in the sense of Art. 28 GDPR.

Data transfers to countries where there is not an adequate level of data privacy ("third countries", i.e. States outside the European Union/European Economic Area) arise in the context of the administra-tion, development and operation of IT systems and only insofar as the transfer is permissible in prin-ciple and the special conditions for a transfer to a third country exist, in particular that the data im-porter guarantees an adequate level of data privacy in accordance with the EU standard contractual clauses for the transfer of personal data to data processors in third countries.

Flughafen Dortmund GmbH reserves the right to amend this Privacy Policy at any time with effect for the future. The latest version is available on the website. Please visit our website regularly to inform yourself of the applicable Privacy Policy.

The extent and nature of the collection and use of your data depends on whether you visit our website for the retrieval of information or to use services offered by us, such as ordering a newsletter or booking a parking space, or registering as applicable.

The extent and nature of the collection and use of your data depends on whether you visit our website for the retrieval of information or to use services offered by us, such as ordering a newsletter or booking a parking space, or registering as applicable.

(1) In the event of purely informative use of the website, e.g. if you do not make a booking via our website or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically required in order for us to display our website to you and to ensure its stability and security (legal basis Art. 6 (1) (1) lit. f GDPR):

• IP address;
• Date and time of request;
• Time zone difference to Greenwich Mean Time (GMT);
• Content of the request (specific page);
• Access status/HTTP status code;
• Volume of data transmitted;
• Website which the request comes from;
• Browser;
• Operating system and its GUI;
• Language and version of the browser software.

(2) The data processed in accordance with para. 1 of this provision will be used for the stated purposes for a period of max. 30 days and then erased.

In addition to the aforementioned data, cookies and similar technologies (e.g. pixel tags, web beacons) are stored on your computer when you use our website. These cookies and similar technologies are referred to below as “cookies”. Cookies are small files which normally consist of letters and numbers. These files are placed on your computer, tablet, mobile phone or similar device when you use the device to visit a website.

Cookies cannot run programs or transmit viruses to your computer. They serve to make the website more user-friendly and effective overall. The cookies used on our website can be divided into four categories: technologically necessary cookies (para. 3.1); functional cookies (para. 3.2); and cookies for marketing and analysis purposes (para. 3.3) and advertising cookies (para. 3.4). You are subsequently able to decide for yourself whether you wish to allow the use of cookies for the purposes stated. You can change your settings at any time. Please note that blocking certain types of cookies may cause your use of our websites to be impaired.

(1) This website uses technologically necessary cookies. The use of technologically necessary cookies is required in order to guarantee the secure and orderly running of our website and its functionalities. These cookies are used to enable basic website functions, to save your privacy preference settings, to provide a secure authentication procedure for logging in to your user account which meets the technical requirements of your end device, and to allow forms to be filled in, for example.

(2) Data processing using technologically necessary cookies is performed either on the grounds of our legitimate interest in the functionality of our website pursuant to Art. 6 (1) lit. f GDPR; or It is performed on the grounds of Art. 6(1) lit. c in order to collect and manage those consents legally stipulated for the use of cookies, as is the case when setting user cookies.

The user data collected by technologically necessary cookies is not used to generate user profiles.

(3) The technologically necessary cookies are erased when the browser is closed.

(4) If you do not want these cookies to be saved, please deactivate ‘Allow Cookies’ in your web browser. However, please note this may lead to a restriction in the functioning of our website. You can also erase permanently stored cookies at any time through your browser.

(5) Recipients of the data processed according to the above paragraphs are IT service providers (in particular hosters), with whom we have concluded corresponding data processing agreements pursuant to Art. 28 GDPR.

(1) This website uses so-called functional cookies. These allow us to provide you with certain information (such as map sections for your journey to the airport, or videos about our services) where we use third-party services for this purpose.

(2) Data processing using functional cookies is performed solely on the basis of your consent pursuant to Art. 6 (1) lit. a GDPR. You can give your consent to the use of these functional cookies individually or in general, and you can withdraw your consent for the future at any time using our website’s cookie settings. If you do not want us to use certain cookies or cookies in general, you can instead prevent these from being saved on your end device by changing the settings of your end device and/or internet browser accordingly. You can choose “Do not allow cookies” in your browser settings. Please refer to the relevant Help function of your internet browser for details of the process for managing and erasing cookies in your internet browser’s settings. You can also deactivate all cookies using free internet browser add-ons.

(3) You can erase saved cookies at any time under the system settings of your end device and/or internet browser. You can also activate the “Do not track” function on your end device. If this function is activated, your end device will inform the respective service that you no longer wish to be recorded by the service.

(4) Recipients of the data processed according to the above paragraphs are IT service providers (in particular hosters) and the respective service providers, with whom we have concluded corresponding data processing agreements pursuant to Art. 28 GDPR.

(5) Please note that the functionality and functional scope of our website may be restricted depending on your cookie settings. Information on the services we use which employ functional cookies, as well as further options for deactivating these, can be found below.

(1) Cookies for marketing purposes (also called “marketing cookies”) are used so that we can provide you with interest-based content and commercial advertising regarding our offers, and obtain more accurate reports on the performance of campaigns. Some of these cookies are provided by third-party providers, i.e. from our chosen marketing and social media partners. These providers accordingly receive information on your use of our website and may collate this information with other data which they might have obtained from you somewhere else.

Cookies for analysing reach and performance (also called “analysis cookies”) are intended to allow us to analyse the use of our website. Some of these cookies are provided by third-party providers. By using such cookies, we can count visits to our websites, and track which websites visitors to our pages come from, for example. This way, we can find out which parts of our website are accessed particularly frequently, and how you move about our website, for example. We can thus calculate the overall performance of our website and improve it, and optimise content.

(2) Data processing using marketing and analysis cookies is performed solely on the basis of your consent pursuant to Art. 6(1) lit. a GDPR. You can give your consent to the use of these functional cookies individually or in general, and you can withdraw your consent for the future at any time using our website’s cookie settings. If you do not want us to use certain cookies or cookies in general, you can instead prevent these from being saved on your end device by changing the settings of your end device and/or internet browser accordingly. You can choose “Do not allow cookies” in your browser settings. Please refer to the relevant Help function of your internet browser for details of the process for managing and erasing cookies in your internet browser’s settings. You can also deactivate all cookies using free internet browser add-ons.

(3) You can erase saved cookies at any time under the system settings of your end device and/or internet browser. You can also activate the “Do not track” function on your end device. If this function is activated, your end device will inform the respective service that you no longer wish to be recorded by the service.

(4) Recipients of the data processed according to the above paragraphs are the operators of the respective services, our IT service providers (in particular hosters) and the respective service providers, with whom we have concluded corresponding data processing agreements pursuant to Art. 28 GDPR.

(5) Please note that the functionality and functional scope of our website may be restricted depending on your cookie settings. Information on the services we use which employ functional cookies, as well as further options for deactivating these, can be found below.

(1) Cookies for displaying advertising (also called “advertising cookies”) are used in order to be able to integrate interest-based content for advertising purposes and commercial advertising from third parties into our website. These cookies are generally placed by third-party providers, i.e. partners selected by us, such as is the case for participation in our affiliate programme, for example. These providers accordingly receive information on your use of our website and may collate this information with other data which they might have obtained from you somewhere else.

(2) Data processing using advertising cookies is performed solely on the basis of your consent pursuant to Art. 6(1) lit. a GDPR. You can give your consent to the use of these functional cookies individually or in general, and you can withdraw your consent for the future at any time using our website’s cookie settings. If you do not want us to use certain cookies or cookies in general, you can instead prevent these from being saved on your end device by changing the settings of your end device and/or internet browser accordingly. You can choose “Do not allow cookies” in your browser settings. Please refer to the relevant Help function of your internet browser for details of the process for managing and erasing cookies in your internet browser’s settings. You can also deactivate all cookies using free internet browser add-ons.

(3) You can erase saved cookies at any time under the system settings of your end device and/or internet browser. You can also activate the “Do not track” function on your end device. If this function is activated, your end device will inform the respective service that you no longer wish to be recorded by the service.

(4) Recipients of the data processed according to the above paragraphs are the operators of the respective services, our IT service providers (in particular hosters) and the respective service providers, with whom we have concluded corresponding data processing agreements pursuant to Art. 28 GDPR.

(5) Please note that the functionality and functional scope of our website may be restricted depending on your cookie settings. Information on the services we use which employ functional cookies, as well as further options for deactivating these, can be found below.

Based on your explicit consent pursuant to Art. 6 (1) lit. a GDPR, we use components provided by AWIN on our website. AWIN is a German affiliate network and acts as an interface between merchants and affiliates.

Affiliate marketing is an internet-based form of sales that allows commercial operators of websites, the so-called merchants or advertisers, to show advertising, which is usually remunerated via click or sale commissions, on third-party websites, which are also called sales partners, affiliates or publishers. The merchant makes available through the affiliate network an advertising medium, i.e. an advertising banner or other suitable means of internet advertising, which is subsequently incorporated for advertising by an affiliate on its own website or advertised via other channels, such as keyword advertising.

AWIN is operated by AWIN AG, Eichhornstraße 3, 10785 Berlin, Germany.

AWIN places a cookie on the information technology system of the person concerned. Cookies are explained above. AWIN’s tracking cookie does not store any personal data. Only the identification number of the affiliate, i.e. the partner mediating the potential customer, as well as the ordinal number of the visitor of a website and of the clicked advertising medium are stored. The purpose of the storage of this data is the processing of commission payments between a merchant and the affiliate, which are processed via the affiliate network, i.e. AWIN.

The data subject can prevent the setting of cookies through our website, as described above, at any time by means of a corresponding setting on the internet browser used and thereby permanently object to the setting of cookies. Applying this setting to the internet browser used would also prevent AWIN from placing a cookie on the information technology system of the data subject. In addition, cookies already placed by AWIN can be erased at any time via the internet browser or other software programs.

You can access AWIN’s latest data protection guidelines at https://www.awin.com/de/rechtliches/privacy-policy.

Insofar as you wish to make use of the services offered on our website, such as paid bookings in our online shop or the ordering of a newsletter, you will need to provide additional personal data. Details can be found in the following regulations.

(1) Your personal data, which you provide to us during the booking process, is required for the con-clusion of a contract with us (e.g. details of the contractual partner) or is required by law (e.g. tax regulations). Failure to provide the personal data would mean that the contract with you would be unable to be concluded. For some payment methods, we require the necessary payment data to be passed on to a payment service provider commissioned by us.

These data shall include, where appropriate, the following information:

• Form of address
• Name
• Surname
• Address
• Phone number
• E-mail address
• Booking number for the assignment of online payments
• Total amount of the order
• Credit card information
• Reference on the PayPal account

(2) If you send us an enquiry by e-mail, via a contact form or make a reservation via our website before concluding a contract, we process the data received in this way to carry out pre-contractual measures and, for example, to answer your questions about our services or products.

(3) You can voluntarily create a customer account through which we can store your data for future purchases. When you create an account under "Registration", the data you provide will be stored revocably. You can always delete all other data, including your user account, in the customer area.

(4) The processing of your entered data is therefore carried out for the purpose of fulfilling the con-tract or for carrying out pre-contractual measures in accordance with Art. 6 (1)(b) GDPR and for the fulfilment of legal obligations pursuant to Art. 6 (1)(c) GDPR.

(5) Recipients of the personal data processed in accordance with this provision are payment service providers, shipping service providers, IT service providers (esp. hosting) with whom we have con-cluded corresponding order processing agreements pursuant to Art. 28 GDPR.

(6) We store the data required to process the contract until the expiry of the statutory warranty peri-od and, if applicable, contractual guarantee period. We store the data required by commercial and tax law for the periods specified by law, regularly ten years (cf. Section 257 HGB [German commercial code[, Section 147 AO [German Fiscal Code]). The data processed to carry out pre-contractual measures will be deleted as soon as the measures have been carried out and the conclusion of a con-tract is not foreseeable.

(7) If you choose the payment method "credit card", we shall pass on your personal payment data and any changes to Concardis GmbH, Helfmann-Park 7, 65760 Eschborn for the purpose of the sale and the transfer of our claims against you which arise in connection with your booking via our online shop.

The basis for processing your data is Art. 6 (1)(f)GDPR. Our legitimate interest is the outsourcing of payment processing and receivables management. The legitimate interest on the part of Concardis GmbH consists in the collection of data for the purpose of processing payments, for receivables management, the evaluation of the admissibility of payment methods and the avoidance of payment defaults.

The processing of personal data is carried out by Concardis GmbH as the data controller. You can object to the transfer of this data to Concardis GmbH at any time, however, as a result, it will no longer be possible to place orders via the Dortmund Airport online shop.

You can access the Concardis GmbH data privacy information at https://www.concardis.com/fileadmin/editor/Documents/Privacy/ENG_ENG_Privacy
_Information_GDPR_for_card_holders.pdf and https://www.concardis.com/Privacy/data_subject_query-GDPR-card_holders.

(8) When choosing the payment method "PayPal", you will be redirected to the website of PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. The personal data you enter and other information required for order processing are transmitted to PayPal in encrypted form. The processing of personal data is carried out by PayPal as the data processor.

Insofar as this is necessary for the fulfilment of the order, data may also be passed on to third parties by PayPal. For the purpose of checking identity and creditworthiness, PayPal also transmits personal data to credit agencies such as SCHUFA. The legal basis is Art. 6 (1)(f)GDPR. The legitimate inter-est is to ensure the customers' ability to pay.

You can access PayPal's data privacy information at https://www.paypal.com/de/webapps/mpp/ua/privacy-full.

(1) If you voluntarily use our contact forms, you will be asked to provide your first name, last name, e-mail address, telephone number, if any, and the reason for your request/contact (message). Only your e-mail address is a mandatory field for your request. The information will be collected and stored solely in order to answer your request.

(2) The legal basis for processing your personal data is the consent you explicitly give pursuant to Art. 6(1) lit. a GDPR, and our legitimate interest in responding to your query regarding our services or offers, and in verifying potential misuse of the e-mail addressed used for this purpose pursuant to Art. 6(1) lit. f GDPR.

(3) We store the information provided by you via the contact form until fulfilment of the purpose of your request. In addition, we store the personal data saved pursuant to para. 1 for a maximum of one month after receipt of the confirmation.

(4) Recipients of the data processed according to this stipulation are IT service providers (in particular hosters), with whom we have concluded corresponding data processing agreements pursuant to Art. 28 GDPR.

(1) With your consent and by stating your e-mail address, you can subscribe to our newsletter which will inform you of our latest interesting offers. The goods or services advertised are named in the declaration of consent. The only requirement for receiving the newsletter is that you provide your e-mail address.

(2) To register for our newsletter, we use the so-called double opt-in procedure. This means that after you have registered, we will send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically erased after one month. In addition, we store your IP addresses and times of registration and confirmation. The purpose of the procedure is to prove your registration and, if necessary, to be able to investigate possible misuse of your personal data. After you confirm your order of the newsletter, we will store the information you provide in accordance with para. 2 for the purpose of sending the newsletter and to verify possible misuse of your e-mail address in accordance with para. 2.

(3) Furthermore, we make a performance measurement by attaching a so-called “web beacon” to each newsletter, i.e. a pixel-sized file which is retrieved from our server when the newsletter is opened. As part of this, information will be collected about the browser you are using, the ID of the click, your e-mail address and specific e-mailing information, your IP address or DNS name, and the time of retrieval. This information is used to improve the technical performance of services based on the technical data, or audiences and their reading habits based on their locations (which can be determined using the IP address) or access times. Statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our goal to observe individual users. Rather, the evaluations allow us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

(4) The legal basis for processing your personal data is the consent you explicitly give pursuant to Art. 6 (1) lit. a GDPR and, with respect to data processed according to para. 2, our legitimate interest in verifying potential misuse of the e-mail address used for this purposes pursuant to Art. 6 (1) lit. f GDPR.

(5) You can withdrawal your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can declare withdrawal of consent by clicking on the link provided in each e-mail newsletter or by e-mail to newsletter@dortmund-airport.de or by sending a message to the contact details stated in the imprint.

(6) Your e-mail address will only be saved for newsletter delivery for the duration of the requested registration. The other data stored in accordance with para. 1 will be erased by us after a maximum of one month after your cancellation.

(7) Recipients of the data processed pursuant to this provision are IT service providers (esp. hosts) with whom we have concluded corresponding order processing agreements pursuant to Art. 28 GDPR.

To send our newsletters, we use the technical infrastructure of Amazon Simple Email Service (SES) from the provider Amazon Web Services (AWS), Inc. (410 Terry Avenue North, Seattle WA 98109, United States).

The personal data you enter (e.g. email address) are stored on AWS servers in Germany (Frankfurt) and thus passed on to Amazon SES. In individual cases, data may be transferred to third countries (e.g. the USA). Data storage and processing takes place on the AWS servers exclusively on the basis of your consent (Art. 6 (1)(a) GDPR and Art. 49 (1)(a) GDPR).

For more information about Amazon Simple Email Service (SES) and privacy, please visit:

https://docs.aws.amazon.com/de_de/ses/latest/dg/data-protection.html
https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_English_2020-08-15.pdf

We maintain online presences within social networks and process user data in this context in order to communicate with the users active there or to offer information about us.

We would like to point out that user data may be processed outside the European Union. This may entail risks for users, e.g. by making it more difficult to enforce users' rights.

In addition, user data is usually processed within social networks for market research and advertising purposes. For example, user profiles can be created on the basis of user behaviour and the associated interests of users. The user profiles can then be used, for example, to place advertisements within and outside the networks which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective networks or will become members later on).

For a detailed description of the respective processing operations and the opt-out options, please refer to the respective data protection declarations and information provided by the providers of the respective networks.

Also in the case of requests for information and the exercise of rights of data subjects, we point out that these can be most effectively pursued with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, please do not hesitate to contact us.

Facebook-Pages: We are jointly responsible (so called "joint controller") with Facebook Ireland Ltd. for the collection (but not the further processing) of data of visitors to our Facebook page. This data includes information about the types of content users view or interact with, or the actions they take (see "Things that you and others do and provide" in the Facebook Data Policy: https://www.facebook.com/policy), and information about the devices used by users (e.g., IP addresses, operating system, browser type, language settings, cookie information; see "Device Information" in the Facebook Data Policy: https://www.facebook.com/policy). As explained in the Facebook Data Policy under "How we use this information?" Facebook also collects and uses information to provide analytics services, known as "page insights," to site operators to help them understand how people interact with their pages and with content associated with them. We have concluded a special agreement with Facebook ("Information about Page-Insights", https://www.facebook.com/legal/terms/page_controller_addendum), which regulates in particular the security measures that Facebook must observe and in which Facebook has agreed to fulfill the rights of the persons concerned (i.e. users can send information access or deletion requests directly to Facebook). The rights of users (in particular to access to information, erasure, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook. Further information can be found in the "Information about Page Insights" (https://www.facebook.com/legal/terms/information_about_page_insights_data).

• Processed data types: Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), Meta/communication data (e.g. device information, IP addresses).
• Data subjects: Users (e.g. website visitors, users of online services).
• Purposes of Processing: Contact requests and communication, Feedback (e.g. collecting feedback via online form), Marketing.
• Legal Basis: Legitimate Interests (Article 6 (1) (f) GDPR).

Services and service providers being used:

• Instagram: Social network; Service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; Privacy Policy: https://instagram.com/about/legal/privacy.
• Facebook-Seiten: Profiles within the social network Facebook; Service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; Website: https://www.facebook.com; Privacy Policy: https://www.facebook.com/about/privacy; Standard Contractual Clauses (Safeguarding the level of data protection when processing data in third countries): https://www.facebook.com/legal/EU_data_transfer_addendum; Joint Controllership Agreement: https://www.facebook.com/legal/terms/information_about_page_insights_data.
• Twitter: Social network; Service provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; Privacy Policy: https://twitter.com/privacy, (Settings: https://twitter.com/personalization).
• YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.
• Xing: Social network; Service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Website: https://www.xing.com; Privacy Policy: https://privacy.xing.com/en.

Our website does not use any “social plug-ins”. We only have links to the following social media services:

Facebook
Service provider: Facebook Inc., 1601 S. California Avenue, Palo Alto, CA 94304, USA
Please see the privacy policy of Facebook at www.facebook.com/help for information on how these data are collected and how they are used. You can find ways to protect your privacy within Facebook at: https://www.facebook.com/policy.

YouTube
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Please see the privacy policy of Google for details of what data is collected and how it is used: https://www.google.com/privacy
Privacy preference settings can be found at: https://www.google.com/dashboard.

Twitter
Service provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, United States
Please see the privacy policy of Twitter for details on how this data is collected and how it is used: https://www.twitter.com/privacy
You can find ways to protect your privacy at: https://www.twitter.com/settings.

Xing
Service provider: XING AG, Dammtorstrasse 30, 20354 Hamburg, Germany.
Please see the privacy policy of Xing for details on how these data are collected and how they are used: https://www.xing.com/privacy
This provides information on the collection, processing and use of personal data by Xing. In addition, Xing has posted privacy notices for the XING share button at: https://www.xing.com/app/share?op=data_protection.

Instagram
Service provider: Instagram LLC, 1601 Willow Rd, Menlo Park CA 9402, United States
Regarding what data are collected here and how they are used, please refer to the privacy policy of Instagram: https://instagram.com/about/legal/privacy/

We take organisational, contractual and technical security measures according to the state of the art to ensure that the data protection regulations are adhered to and in order to protect the data processed by us against accidental or intentional manipulation, loss, destruction, or access by unauthorised persons.

One of the security measures is the encrypted transfer of data between your browser and our server.

The above general privacy notices are supplemented and explained below in relation to video usage in our facilities.

Video devices are used by Flughafen Dortmund GmbH and the authorities operating in the airport facilities. Flughafen Dortmund GmbH is solely responsible for its own use of the video data.

1.1 Collection and use

• Purposes for which the personal data is processed:
  
• To protect against violence against customers, passengers and workers,
  
• To protect against violence against our facilities and systems,
  
• To improve law enforcement by preserving evidence in the event of vandalism, property damage, theft and other criminal acts,
  
• To ensure technical flight-(guest) safety,
  
• To enforce claims for damages.
  

1.2 Legal basis for processing 
The processing and use is necessary for the enforcement of the stated purposes and is based on Art. 6 (1) (f) GDPR and § 4 BDSG 2018.

1.3 Consideration of legitimate interests
The legitimate interests of the controller within the meaning of Article 6 (1) (f) GDPR are:

• Observance of facility regulations
  
• Prevention
  
• Law enforcement
  

1.4 Recipients of personal data
The data is only released on request of the law enforcement authorities (police, prosecutors and courts).

1.5 Storage duration 
The duration of storage is up to 14 days. 

The image data of our video equipment contains personally identifiable information which we ourselves cannot assign to a particular person. Please note that any access to this data constitutes an interference with the personal rights of the persons depicted. In order to avail yourself of your rights of access, restriction of processing or data portability, a legal arrangement is required to allow us to access the data for these purposes. The right to data deletion is implemented within the scope of the storage limitation. Correction of video data is not possible.