Data Protection Statement (as of 24 May 2018)
I. Name and contact details of the data controller
1. The protection of your personal data is very important to us. In the following, we would like to inform you in detail about what personal data is processed when using our website and offers.
2. The responsible data controller according to Art. 4 (7) General Data Protection Regulation (“GDPR”) is the company
(hereafter: “MYFLYRIGHT”). Further information can be found in our imprint.
3. You can reach our data protection officer at [email protected] or alternatively by post at our address with the addition “data protection officer
II. Collection and storage of personal data
a) When visiting the website
1. When you visit our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information will be collected without your intervention, and stored until automated deletion:
- IP address,
- Date and time of the request,
- Duration of website visit,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific page),
- Access Status/ HTTP status code,
- Amount of data transmitted,
- Website from which the request comes,
- Websites you visit with us,
- Internet service provider,
- Browser type,
- Server log files,
- Operating system and its interface,
- Language and version of the browser software.
2. The data mentioned is processed by us for the following purposes:
- Ensuring smooth connection of the website,
- Ensuring comfortable use of our website,
- Evaluation of system security and stability as well as for further administrative purposes.
b) When contacting us
When you contact us by e-mail, telephone, postcard or via a contact form, the data provided by you (e.g. e-mail address, address, name, telephone number or content of the request) will be processed by us to answer your questions and/ or process your request. The legal basis for this is Art. 6 (1) (b) GDPR.
c) During contract fulfilment
1. If you entrust us with the implementation of your passenger compensation, we will collect and use the following personal data from you, for the fulfilment, processing and billing of the contractual services:
- Passenger title,
- Passenger first name,
- Passenger last name,
- Passenger address,
- Passenger e-mail address,
- Passenger phone number,
- Payment details (PayPal or bank account) for payment of compensation,
- Number of passengers.
Contract and flight data
- Flight data (e.g. flight number, date, time),
- Travel information needed to enforce your compensation,
- Travel documents (e.g. booking, boarding pass, etc.),
- Information on compensation already received and ongoing complaint procedures,
- Signed assignment statement.
2. The data processing is based on your request and is required pursuant to Art. 6 (1) (b) GDPR for the stated purposes for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the contractual relationship.
III. Transfer of data
1. No transfer of your personal data to third parties will occur for purposes other than those listed below. Transfer of your personal data to third parties will only take place if you have expressly consented to this pursuant to Art. 6 (1) (a) sent. 1 GDPR, the transfer is required pursuant to Art. 6 (1) (f) sent. 1 GDPR to assert, exercise or defend legal claims, and additionally there is no reason to assume that you have a prevailing legitimate interest in not transferring your data, in the event that there is a legal requirement to transfer the data pursuant to Art. 6 (1) (c) sent. 1 GDPR, and if this is permitted by law and in accordance with Art. 6 (1) (b) sent. 1 GDPR is required for the settlement of contractual relationships with you.
2. Insofar as this is required pursuant to Art. 6 (1) (b) sent. 1 GDPR for the settlement of contractual relationships with you, your personal data will be passed on to third parties. This includes, in particular, passing on to our lawyers, experts, opponents of the proceedings and their representatives (in particular their lawyers), as well as courts and other public authorities for the purpose of correspondence, as well as asserting and defending your rights.
3. Your data will be forwarded to supporting service providers for the above purpose, which will of course be carefully selected and bound by instructions. These include, in particular, technical service providers who support the provision of services. Transferred data may only be used by the third parties for the stated purposes. Our obligation to confidentiality remains unaffected.
3. The data processed by cookies is required for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 (1) (f) sent. 1 GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is stored. However, disableing cookies completely may mean that you cannot use all features of our website.
V. Analysis tools
The tracking measures listed below and used by us are employed on the basis of Art. 6 (1) (f) sent. 1 GDPR. With these tracking measures, we want to ensure the needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
VI. Your rights
1. You have the following rights with respect to us regarding your personal data
- Right to information (Art. 15 GDPR),
- Right to rectification and deletion (Art. 16 and 17 GDPR),
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing (Art. 21 GDPR),
- Right to data portability (Art. 20 GDPR).
2. Pursuant to Art. 77 GDPR, you also have the right to appeal to a data protection authority about our processing of your data.
3. We would like to point out that you can revoke any data protection consent that may have been granted to us at any time with effect for the future. The same applies to consent to advertising. You should contact us by e-mail to exercise this right: [email protected].
The respective revocation can lead to our offers being no longer or only partially available.
VII. Right to objection
If your personal data is processed based on legitimate interests in accordance with Art. 6 (1) (f) sent. 1 GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to objection, which must be implemented by us without you being required to specify any particular situation. If you would like to exercise your right of revocation or objection, notice can be sent to the following e-mail address: [email protected].
VIII. Data deletion
1. The data stored with us is deleted as soon as it is no longer necessary for its purpose and the deletion does not conflict with any statutory storage requirements. Unless the data is not deleted, because it is required for other and legitimate purposes, its processing will be restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be kept for commercial or tax reasons.
2. According to the legal requirements, the storage takes place for six (6) years according to § 257 (1) HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.) as well as for ten (10) years according to § 147 (1) AO (Books, records, management reports, accounting records, trade and business letters, tax documents, etc.).