Data Protection Statement
The protection of your privacy is an important concern for the Hamburg Airport Group. As one of the companies in the Hamburg Airport Group, Flughafen Hamburg GmbH (in the text that follows, “Hamburg Airport” or “we”), wants you to know when we save your data and how we use your data. In this document, we inform you about how we collect, process and use your personal data when you visit our website http://www.hamburg-airport.de (in the text that follows, “Website”).
Responsibility / Contact
The responsible office for the gathering, processing and usage of personal data in the sense of the General Data Protection Regulation (GDPR), also service provider in the sense of the German Telemedia Act (TMG), is:
Flughafen Hamburg GmbH, Flughafenstrasse 1 – 3, 22335 Hamburg,
With this Data Protection Statement, we therefore fulfil our information obligations arising from GDPR Articles 12 - 14 and Art. 13 Para. 1 of TMG, relating to the nature, scope and purpose of the processing of personal data.
If you wish to view or update your personal data, or if you have questions on data protection on our website, please contact us via the email address email@example.com or by post (address below) at any time. Our Data Protection Officers may also be reached via firstname.lastname@example.org.
Specifics of information requirements
All information relating to an identified or identifiable natural person is considered personal data. A natural person is considered identifiable when this person can be directly or indirectly identified by means of the assignment of name, number, location data, online identity or one or more specific features that express the person’s physical, physiological, genetic, psychological, commercial, cultural or social identity. This includes such information as name, postal address, email address, telephone number and also, according to current legal opinion, usage data such as IP addresses.
Processing refers to any action or sequence of actions relating to personal data, whether performed with or without the assistance of automated processing, such as the gathering, recording, organisation, categorisation, storage, adaption or alteration, selection, retrieval, usage, publication or transmission, distribution or deployment, comparison, linking, limitation, deletion or destruction of data.
Data processing functions at hamburg-airport.de
The scope and nature of the collection, processing and use of your personal data depends on whether you use our Website to contact us, use the tools and features provided on the Website, or use the Website purely for informational purposes.
1. Data collection via contact interface
You have the possibility to contact us via contact forms on our website and also to subscribe to a newsletter. The website also offers the chance to participate in prize draws. Hamburg Airport collects and saves personal data related to the use of these services only when you provide such data on your own initiative. We use such personal data exclusively to fulfil your request or process your enquiry. You are free to decide whether you provide your data to us for these purposes. Wherever the nature of your request or enquiry allows, you may deal with us anonymously or under a pseudonym. As a fundamental principle, we will only store your data as long as is needed to process your request or enquiry, except where we are entitled or required by law to store the data for a longer period.
The storage of data collected via the various contact interfaces takes place using our Customer Relationship Management (CRM) system. The efficient structuring of our internal data handling procedures gives us a legitimate interest (Lawfulness of Processing, GDPR Art. 6, No. 1f). If you do not wish for your data to be stored, you may object to this form of data storage at any time. You may do so, for example, simply by sending an email to email@example.com. Please be aware, however, that we may then be unable to provide the service you have requested.
In the following paragraphs we inform you about data processing within the context of the contact interfaces provided do you on our website. You may enforce your rights as an affected person in this regard (see Point 6) at any time.
1.1 Enquiries via the contact form or email
If you contact us via our contact form or email, by sending the message you consent to our processing your data to process the enquiry or request in the form or email. Depending on the individual situation, this may include the following personal data:
- Given and family name(s)
- Email address
- Telephone number:
- Message in free text
The personal data shall only be stored for the purpose of processing your enquiry or request and any follow-up questions that may arise. For this purpose, your data may be passed on to other companies with the Hamburg Airport Group in accordance with areas of responsibility. You may revoke your consent at any time. In order to revoke your consent you may, for example, send an appropriate email to firstname.lastname@example.org. Without delay, we will then suspend the processing of your data for the purpose of responding to your enquiry and delete your data, except where we are legally entitled or required to continue storing your data.
The newsletter contains news, advertising, and other information relating to the products and services available at Hamburg Airport. When you register for the newsletter by marking the checkbox, confirming the consent declaration that follows, we collect your email address (mandatory), title, given and family names and date of birth (voluntary):
Declaration of consent
The collection of your email address is in our legitimate interest as it is needed in order to send you a confirmation email to this email address, in order to carry out of the legally binding double opt-in process in which we ask for you to confirm that you have requested the newsletter (Lawfulness of Processing, GDPR Art. 6, No. 1f). If you confirm registration, on the basis of this legally valid consent (Lawfulness of Processing, GDPR Art. 6, No. 1a) the newsletter shall then be regularly sent to your email address, and we shall use the voluntary information provided to personalise and structure the newsletter. If, however, you do not confirm the registration, your registration will automatically be deleted when our experience tells us that we should no longer expect the successful conclusion of the double opt-in process. You may also object to the storage of your data in the intervening period, for example by sending an email to email@example.com. We shall then delete your data. In order to document your declaration of consent, we store your IP address and the time and date for both the registration and its confirmation via the double opt-in process.
The processing of newsletter registrations and distribution is carried out on our behalf by “Straub & Straub GmbH” as order processor. This is in line with our legitimate interest in offering our newsletter professionally and economically (Lawfulness of Processing, GDPR Art. 6, No. 1f). Straub & Straub GmbH processes your data, collected for the purpose of newsletter distribution, exclusively on our behalf and in line with our instructions, and in full compliance with applicable data protection legislation. To ensure that this is the case, we have concluded an order processing agreement with Straub & Straub GmbH, in accordance with GDPR Art. 28 No. 2.
1.3 Prize draws (quizzes, raffles, etc.)
In order to conduct prize draws, Hamburg Airport.gathers personal data from participants. Depending on the individual situation, this may include the following data:
- Email address
- Date of birth
- Postal address:
- Title (optional)
- Telephone number (optional)
Personal data are stored, processed and used in order to conduct and conclude the respective prize draw. The legal basis for this is GDPR Art. 6 No. 1f. It is in our legitimate interest to offer prize draws that increase your awareness of our product portfolio. We can also use your personal data to contact you by post, advertising products and services available at Hamburg Airport, thereby keeping you abreast of our offerings (legal basis: GDPR Art. 6 No. 1f). You may object to this form of data processing at any time. You may, for example, send an appropriate email to firstname.lastname@example.org. We advise you, however, that without the appropriate usage of data it is not possible to provide you with the respective services.
To the extent that we are contractually obliged to issue a prize to you for a prize draw, we shall fulfil this obligation on the basis of GDPR Art. 6 No1b. For this purpose, we shall pass on your data, where necessary, to the sponsor of the prize draw in question (as a rule, a company connected with the aviation industry).
Should you have registered for our newsletter by clicking the checkbox, data processing takes place as described under point 1.2.
2. Integration of third party offers
You may access third party offers via frames on our website. The nature and scope of personal data collected by third parties via frames is outside of our control. Information about the purpose and scope of data collection and the further processing and usage of the data by third parties, along with your rights and configuration options to protect your privacy in this regard, may be obtained from the data protection statements of the respective third parties.
At present, the following third party offers are available from our website using frames:
· An integratef flight timetable from “Innovata Flight Global” (https://www.flightglobal.com/), data protection statement: https://www.reedbusiness.com/privacy-policy/A flight search machine from “Dohop” (https://www.dohop.de/), cookie statement: https://www.dohop.com/about/cookie-policy
3. Collection via technical tools and features
3.1 Functional purposes
When you use our Website for purely informational purposes, we collect and use the access data that your web browser automatically sends. The data is saved in a so-called log file on the web server. The data relates to the file request by the client, the date and time of the page request, the success or otherwise of the page request, the quantity of data transferred, the web browser type and version you are using, your operating system, the IP address assigned to you by your internet service provider, and the website from which you visited our Website. We require this data for the technical operation of our Website on the web server. The short-term storage of log files is also expedient to investigate attempted attacks on the web server or any potential misuse. We therefore have a legitimate interest in this data processing, namely providing our service to you on the basis of these technical and organisational requirements (Lawfulness of Processing, GDPR Art. 6, No. 1f). We delete the data once it is no longer needed for this purpose.
The following advertising cookies are used on our Website: Cookies are text files saved in your browser when you visit our Website, gathering information on your use of our Website. This information helps us better understand user needs and the technical behaviour of our Website, as a basis for improving the content, usability and functionality of our Website. Cookies do not damage your computer and do not contain viruses. The cookies used on our Website are primarily so-called session cookies, which are automatically deleted when you close your browser. They establish a so-called Session ID for your browser, enabling us to assign different requests from your browser to a visit to the Website, so that we can see when you return to our Website with your browser. The session cookies are deleted when you log out or close your browser. You have the option of configuring your browser so that these cookies are not saved or are deleted at the end of your visit. Please note you, however, that this may mean that you are unable to make full use of some of the functions of this website.
3.2.1 Web analysis cookies
188.8.131.52 Google Analytics
Our website makes use of Siteimprove Analytics, a web analysis service from Siteimprove GmbH, Kurfuerstendamm 56, 10707 Berlin (“Stieimprove”). Siteimprove Analytics uses so cookies, which are saved on your computer and make it possible to analyse your usage of the website. The information on your usage of this website, gathered by means of cookies (including the visitor’s encrypted IP address) is transferred to a Siteimprove server within Europe, where it is saved. Siteimprove uses the information collected exclusively in line with our instrauctions and on our behalf, in order to evalue the usage of our website and compile reports on website activity for us. On this basis, we are able to continually improve our services for you, which constitutes our legitimate interest in the data processing (legal basis: GDPR Art. 6 No. 1f). The integration of Siteimprove as order processor is governed by an order processing agreement pursuant to GDPR Art. 28. Siteimprove will not pass the information collected on to any third party. If you do not wish Siteimprove to evaluate your user behaviour, you may block Siteimprove cookies with an appropriate setting in your browser. We wish to advise you,, that this may mean that you are unable to make full use of some of the functions of this website.
For further information on data protection, please visit https://siteimprove.com/privacy-policy/.
3.2.2 SZMnG from INFOnline
Our website uses the “SZMnG” measuring process from INFOnline GmbH (https://www.INFOnline.de), based in Magdeburg, Germany, to determine statistical indicators on the usage of our website.
The following personal data are collected as part of the usage of SZMnG:
· IP address: IP addresses are shortened by 1 byte before any processing and are only used in an anonymised form.
· Randomly generated client identifier: Reach Measurement recognises computer systems using either a cookie identified as “ioam.de”, a “local storage object”, or a signature automatically generated by various data transmitted by your browser. This identifier uniquely identifies your browser as long as the cookie or local storage object is not deleted. Measurement of the data and subsequent allocation to the respective client identifier is therefore also possible even when you visit other websites that also use SZMnG. The validity of the cookie is limited to a maximum of 1 year.
The use of SZMnG is based on our legitimate interest in determining usage of our offering from the statistics produced, in particular the number of visits to our website, the number of website visitors, and their surfing behaviour, as measured by a common standard procedure, thereby obtaining comparable market-wide values. For all digital offerings which are members of the German Audit Bureau of Circulation (IVW – http://www.ivw.eu) or participate in studies conducted by the Working Group for Online Media Research (AGOF – http://www.agof.de), usage statistics are regularly turned into reach figures by AGOF and agma (http://www.agma-mmc.de) and published as “Unique User” performance indicators, and as “Page Impressions” and “Visits” performance indicators by IVW. These reach figures and statistics can be seen on the respective websites. The user categories form the basis for interest-based advertising focus and advertising measures and for a comparison of the commercial relevance and effectiveness of our website and the advertising media deployed; this can also be compared with third-party websites. Further, we have a legitimate interest in making pseudonymous data available to INFOnline, AGOF and IVW for the purposes of market research (AGOF, agma) and for statistical purposes (INFOnline, IVW). We also have a legitimate interest in making pseudonymous data available to INFOnline for the enhancement and provision of interest-based advertising.
The IP address and shortened IP address are not passed on. Data with client identifiers are passed on to the following AGOF service providers for AGOF studies:
· Kantar Deutschland GmbH (https://www.tns-infratest.com/)
· Ankordata GmbH & Co. KG (http://www.ankordata.de/homepage/)
· Interrogare GmbH (https://www.interrogare.de/)
The INFOnline GmbH measurement process used on this website determines usage data. This is done in order to record Page Impressions, Visits, Clients and other key indicators (e.g. qualified clients). The data so measured are used as follows:
· A so-called geolocalisation, i.e. the assignment of a website visit to a location, is carried out exclusively on the basis of the anonymised IP address and only to the geographical level of state or region. The geographical information so acquired can not, under any circumstances, be used to infer the exact location of a user.
· The usage data for a technical client (e.g. a browser on a device) are collated across multiple websites and stored in a database. This information is only used for technical evaluation of social information (age and gender) and transferred to AGOF’s service providers for further reach processing. Within the framework of AGOF studies, social characteristics are technically estimated based on a random sample, for allocation to the following categories: age, gender, nationality, work activity, family status, general information on household.
The complete IP address is not stored as part of the use of SZMnG. The shortened IP address is stored for a maximum of 60 days. Usage data in association with the unique identifer are stored for a maximum of 6 months.
The legal basis for the data processing as described is GDPR Art. 6 No. 1f. You may object to this data processing at any time. You may do so, for example, by visiting the website https://optout.ioam.de. You need to set a cookie in order to guarantee exclusion from the measurement. If you delete this cookie from your browser, you will need to repeat the opt-out process by visiting the linked web page again. Further information on data protection in the measurement process is available on the website of INFOnline GmbH (https://www.infonline.de), provider of the service, the data protection website of AGOF (http://www.agof.de/datenschutz-allgemein/?lang=en) and the data protection website of IVW (http://www.ivw.eu).
INFOnline GmbH processes data from our website as part of the usage of SZMnG exclusively on our behalf, in line with our instructions, and in compliance with applicable data protection law. To ensure that this is the case, we have concluded an order processing agreement with INFOnline GmbH, in accordance with GDPR Art. 28 No. 2.
3.2.3 Social media plug-ins
Social media netowrk plug-ins may be used on our website, enabling you to recommend the content of our website to friends and acquaintances. The plug-ins also enable you to interact with your contacts on the relevant social networks, evaluating our contents so that we can improve our web presence and make it more interesting for you as user. This constitutes or legitimate interest. The legal basis for the usage of the plug-ins is GDPR Art. 6 No. 1f.
Where plug-ins are used, they are, as a rule, identified with the logo of the respective service provider. When you load the page, in order to provide you with as much control of your data as possible, we display greyed-out images of the various functions rather than the actual social plug-ins. The exchange of data is only activated when you click the checkbox next to a symbol, thereby loading the respective plug-in. YouTube videos are also integrated in “Privacy-Enhanced Mode”, which means that your data, as a YouTube user, are not transferred until you actually play such a video. Only when you play the videos does the data exchange described take place. By clicking a plug-in or playing a video, you cause your web browser to establish a connection to the servers of the social network in question and send usage data to the provider of this social media network. In this case, data obtained when you retrieve a web page (cf. point 3.1) are transferred to the social media operator, in addition to the information that you have retrieved the page.
We have no influence on the data gathered and data processing carried out, and we are not aware of the complete scope of data collection, the scope of data processing, nor the periods for which data are stored. Further, we do not have any information on the deletion of data collected by the plug-in providers. The plug-in providers store data collected that relate to you as user profiles and use these for the purpose of advertising, market research and/or needs-driven website presentation and design. This analysis is used, in particular, to present needs-driven advertising and to inform other users of the social networks of your activities on our website. You have the right to object to the generation of these user profiles; to make use of this right, you must contact the respective plug-in providers. Data collection takes place regardless of whether or not you have an account with the plug-in providers and regardless of whether or not you are logged in to such an account. If you are logged in to a plug-in provider, your data as collected by the plug-in will be directly linked to your existing user account at the respective plug-in provider. If you activate the button and, for example, link the page, the plug-in provider stores this information in your user account and shares it with your contacts and, where appropriate, with the general public. We advise you to regularly log out of social networks once you have used them, but especially before activating a button, as this enables you to avoid the linkage of your visit to your profile with the plug-in provider.
Further information on the purpose and scope of data collection and processing by the plug-in provider, on your rights as the affected person, and on settings available to protect your privacy is available in data protection policies of the following social plug-in providers:
Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA. You can find further information about data collection at: http://www.facebook.com/policy.php, http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA. You may change your data privacy settings at http://twitter.com/account/settings. Further information may be found in the Twitter privacy statement: https://twitter.com/de/privacy. Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Further information on this plug-in may be found in the Instagram privacy statement: http://instagram.com/about/legal/privacy/.
184.108.40.206 YouTube videos
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information on this plug-in may be found in the Google privacy statement: https://www.google.com/intl/en/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
We use the services of various map providers on our website to enable us display relevant locations and routes directly in interactive maps.
220.127.116.11 Google Maps
Google Maps is a map service from Google. The use of Google Maps may mean that information on the usage of our website, including your IP address and any addresses entered for route planning functions, is transferred to Google in the USA.
Further information on the purpose and scope of data collection and processing by the plug-in provider, on your rights as the affected person, and on settings available to protect your privacy is available in the Google data protection policy at https://www.google.com/intl/en/policies/privacy/.
Mapbox is a map service from Mapbox Inc. in the USA. The use of Mapbox may mean that information on the usage of our website, including your IP address and any addresses entered for route planning functions, is transferred to Google in the USA.
Further information on the purpose and scope of data collection and processing by the plug-in provider, on your rights as the affected person, and on settings available to protect your privacy is available in the Mapbox data protection policy at https://www.mapbox.com/privacy/.
4. Passing on of data
In addition to the passing on of data for technical reasons, we also have to pass on some data to third parties in association with the usage of tools on our Website; this is done in strict compliance with applicable data protection legislation.
The maintenance and design of our online presence, in both technical and content terms, may make it necessary for external service providers to gain access to personal data (especially IT service providers). In such cases, personal data is treated exclusively in line with our express instructions and on the basis of an agreement on order processing, in accordance with GDPR Art. 28. In this agreement, the service provider guarantees to provide service to us in accordance with applicable data protection legislation. Should this result in the passing on of data to a service provider outside of Europe, we guarantee compliance with an appropriate data protection level in accordance with the provisions of GDPR Art. 45ff. The legislative framework expressly identifies the use of professional service providers as necessary for our legitimate interest in providing our services to you professionally and economically (Lawfulness of Processing, GDPR Art. 6, No. 1f). In such cases, we remain responsible for the protection of your data.
Furthermore, we reserve the right to reveal your personal data when we are demonstrably legally obliged to do so or when regulatory authorities and/or law enforcement agencies make a legally correct demand that we do so.
5. Data security
We have taken technical and organisation measures, in the sense of GDPR Art. 32, to protect your data from loss and unauthorised third-party access. We continually evaluate and improve these security measures in line with technological development.
6. Rights of affected persons (information on stored data, correction of data, revocation, blocking, deletion, limitation, transferability) and contact persons
You may obtain information on the scope, origin and recipients of stored data and the purpose of data storage at any time (GDPR Art. 15). You may require the correction of inaccurate data at any time (GDPR Art. 16). You are also entitled to receive a copy of all personal data related to you in a common structured machine-readable format (GDPR Art. 20). You may disallow or revoke the use of your personal data for the future (GDPR Art. 21) and require the partial or complete deletion (GDPR At. 17), processing limitation or blockage (GDPR Art. 18) of your data. We will examine such a request and comply, insofar as no other legal basis for ongoing data processing exists. You shall be informed of the outcome. Furthermore, you are entitled to lodge a complaint with a supervisory authority, e.g. with the Hamburg Data Protection and Information Freedom Compliance Officers, Klosterwall 6, 20095 Hamburg, if you are of the opinion that the processing of personal data affecting you violates the provisions of the GDPR. As a rule, you are not required to observe a specific format in the exercise of your rights as an affected person. You may, for example, send us an email via email@example.com.
7. Updates and changes
We may change or update this Data Protection Statement without notifying you in advance. Please always view the current version before making use of our services to make sure that you are aware of the current provisions in the event of any changes or updates. Date of issue of Data Protection Statement: May, 2018.
Annexes: Overview of products and services for invidiual companies advertised via newsletter
Advertised products and services
Flughafen Hamburg GmbH
For Flughafen Hamburg GmbH: lounge bookings, events, merchandise, food & beverage
For Flughafen Hamburg Konsortial & Service GmbH OHG: parking products
For AHS Aviation Handling Services GmbH: Information on flights booked, information on airlines, aircraft and routes, information on check-in and security checkpoint processing times, information on baggage checking and import restrictions, destination weather, other travel information
For companies offering products and services at Hamburg Airport: restaurants and cafés, flowers and souvenirs, books and press, baggage and travel accessories, groceries, travel, mobility, hotels and accommodation, exhibitions, concerts, events and cultural services, fashion and accessories, cosmetics, health products and perfumes, technology, duty free, retail, transport products and services, services, banking and insurance, logistics