Privacy statement

Thank you for visiting our website tour.stuttgart-airport.com.

We process your personal data exclusively within the scope of the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

In this regard, the following is intended to inform you about the processing (e.g. collection, storage, transfer) of personal data when using our website

Our privacy policy for using this website has a modular structure consisting of a general section and a special section. The general section applies to all processing of personal data and to all processing situations on our website (A. General Information (General Section)). The special section only applies to the respective processing situation indicated therein (B. Individual Processing Situations on our Website (Specific Section)).

For persons who book and/or participate in a tour of Stuttgart airport, a separate data protection declaration also applies. This data protection declaration is available at the following link: Data Protection Declaration for Airport Tours (Booking and Participation).

Table of Contents

TABLE OF CONTENTS

A. GENERAL INFORMATION (GENERAL SECTION)

I Name and address of the controllers.

II. Contact details of the Data Protection Officer

III. General information on personal data processing.

1. Definitions.
2. Legal basis for the processing of personal data.
3. Scope of processing of personal data.
4. Recipients or categories of recipients to whom the data may be transferred.
5. Transfer of data to third countries.
6. Period of storage, erasure.
7. Data security.
8. No automated decision-making (including profiling)
9. No obligation to provide personal data.
10. Legal obligation to transfer certain data.
11. Further information on data protection.

IV. Your rights (rights of the data subjects)

B. INDIVIDUAL PROCESSING SITUATIONS ON OUR WEBSITE (SPECIAL SECTION)

I. Visiting the website tour.stuttgart-airport.com.

1. Log files / server log files.
2. Hosting of this website.
3. Programming and maintenance of this website.

II. Use of external services.

Social media plugins.

III. Contact form and email contact

V. Booking and participation in airport tours.

A. GENERAL INFORMATION (GENERAL SECTION)

This section of our privacy policy applies to all processing of personal data and to all processing situations on our website.

I Name and address of the controllers

Flughafen Stuttgart GmbH
Flughafenstrasse 32
70629 Stuttgart, Germany

P.O. Box 23 04 61
70624 Stuttgart, Germany

Telephone: +49 711 948-0
Telefax: +49 711 948-2241
Email: info@stuttgart-airport.com

Legal representatives:

Management:
Ulrich Heppe (CEO)
Carsten Poralla (Managing Director)

 

II. Contact details of the Data Protection Officer

You can contact Flughafen Stuttgart GmbH's Data Protection Officer either by post or via email.

By post:
Flughafen Stuttgart GmbH
Data Protection Officer
Flughafenstrasse 32 70629 Stuttgart, Germany

By email:

DSB@stuttgart-airport.com

III. General information on personal data processing

1. Definitions

In our privacy policy, we use terms which are to be understood as follows in accordance with the General Data Protection Regulation:

  •  “personal data” mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Article 4 (1) GDPR).
  •  To “process” or “processing” means any operation in which personal data are used, whether or not by automated (i.e. technology-based) means. This particularly includes collection (i.e. procurement), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of purpose or aim on which a data processing was originally based (cf. Article 4 (2) GDPR).
  • data subject” means any natural person (i.e any individual) who is identified or identifiable by the personal data being processed.
  • consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Article 4 (11) GDPR).

2. Legal basis for the processing of personal data

According to the law, any processing of personal data is initially prohibited and will only be permitted if the law provides for such a permission. This permission is also referred to as the legal basis. The following legal bases are generally taken into account for the processing of data when visiting this website:

  • Article 6 (1a) GDPR serves as the legal basis insofar as we obtain the data subject’s consent for the processing of personal data.
  • Article 6 (1b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for performing pre-contractual measures.
  • Article 6 (1c) GDPR serves as the legal basis insofar as the processing of personal data is required to fulfil a legal obligation to which Flughafen Stuttgart GmbH is subject.
  • Article 6 (1f) GDPR serves as the legal basis for processing if this is necessary to protect a legitimate interest of Flughafen Stuttgart GmbH or a third party.

We specify the applicable legal basis for each of the processing operations which we carry out in the special section of this privacy policy (cf. B. Individual Processing Situations on our Website (Special Section)). A processing operation may also have several legal bases.

3. Scope of processing of personal data

In principle, personal data (“data”) of the users of our website are only processed

  • insofar as this is necessary for the provision of a functional website and for the presentation of the relevant content,
  • and/or insofar as we, as the controllers, have obtained the user's consent, pursuant to Article 6 (1a) GDPR,
  • and/or insofar as the processing of personal data is permitted by law (Article 6 (1b-f) GDPR).

4. Recipients or categories of recipients to whom the data may be transferred

In principle, we will only pass on data to third party recipients if you have consented to the transfer, if the transfer is prescribed by law, if the transfer is necessary for establishing or maintaining contractual relationships or for initiating business deals, if there is a legal or official obligation to pass on these data or if the transfer is justified by another legal basis (e.g. external contractors or service providers within the scope of Article 28 GDPR).

The following third party recipients may be contacted:

    • Courts, authorities or other state bodies, insofar as a legal obligation exists
    • External bodies, insofar as this is necessary to fulfil the purposes stated in each case
    • External contractors within the framework of the provisions of Article 28 GDPR
    • Other cooperation partners whose participation is necessary to provide the service 

5. Transfer of data to third countries

Insofar as there is a transfer to countries which neither belong to the European Union (EU) nor the European Economic Area (EEA) (so-called “third countries”), this is carried out exclusively in accordance with the GDPR. We have ensured that an adequate level of data protection is in place for this situation. An adequate level of data protection is ensured, for example, by using the standard contractual clauses of the EU Commission within the meaning of Article 46 (2c) GDPR. The EU standard contractual clauses can be found at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

6. Period of storage, erasure

Data are processed and stored by us as long as it is necessary for the fulfilment of the respective contractual or legal purposes and obligations, for example. If this is not necessary, the data will be deleted, unless the deletion is contrary to statutory storage obligations.

More detailed information on the respective retention and deletion periods for the individual processing operations which we carry out can be found in the special section of this privacy policy (cf. B. Individual Processing Situations on our Website (Special Section)).

7. Data security

We use SSL (Secure Socket Layer) encryption on our website. You can recognise the encryption of our website and its individual areas by the lock or key symbol in the lower status bar of your browser.

Within the meaning of Article 32 GDPR, we principally use suitable technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are constantly developed and improved in accordance with technical progress and technical development.

Despite all our efforts, however, it must be stated that data transmission on the Internet can present security gaps. In particular, it is not always possible to guarantee complete and uninterrupted protection of your data from access by third parties.

8. No automated decision-making (including profiling)

Automated decision-making in individual cases pursuant to Article 22 GDPR does not take place.

9. No obligation to provide personal data

There is no statutory obligation to provide your data. However, you may need to provide your personal data in order to use our website or to use it to its full extent. If you choose not to provide your data, you will be unable to use our website or certain features of the website.

10. Legal obligation to transfer certain data

Flughafen Stuttgart GmbH may, under certain circumstances, be subject to a specific legal or statutory obligation to make lawfully processed personal data available to third parties, in particular to public bodies (cf. Article 6 (1c) GDPR).

11. Further information on data protection

Further information on data protection at Flughafen Stuttgart GmbH can be found at: www.flughafen-stuttgart.de/Datenschutz.

 

IV. Your rights (rights of the data subjects)

If we process your personal data, this makes you a data subject within the meaning of the GDPR. To that effect, you have rights vis-à-vis Flughafen Stuttgart GmbH as the controller. If you wish to exercise such a right, please contact:

Flughafen Stuttgart GmbH
Flughafenstrasse 32
70629 Stuttgart, Germany

Email: Betroffenenrechte@stuttgart-airport.com

You have the following rights:

1. Right of access, pursuant to Article 15 GDPR

Pursuant to Article 15 GDPR, you have the right to obtain information about your personal data processed by us. In particular, you may obtain information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data, provided these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on these details. You also are entitled to the right to obtain information as to whether your personal data are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification, pursuant to Article 16 GDPR

Vis-à-vis us as the data controller and in accordance with Article 16 of the GDPR, you are entitled to the right to rectify and/or complete your personal data if the personal data relating to you and being processed are incorrect or incomplete. We, as controllers, must make this rectification without delay.

3. Right to erasure (“right to be forgotten”), pursuant to Article 17 GDPR

Pursuant to Article 17 (1) GDPR, you are entitled to the right to obtain the erasure of your personal data stored with us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (cf. Article 17 (3) GDPR). If we as the controller have made the personal data relating to you public and we are obliged to erase this personal data pursuant to Article 17 (1) GDPR, we will take reasonable steps, including technical measures (taking account of available technology and the cost of implementation) to inform controllers which are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, such personal data.

4. Right to restriction of processing, pursuant to Article 18 GDPR

Pursuant to Article 18 GDPR, you are entitled to the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its erasure and we no longer need the data, but you need it to establish, exercise, or defend any legal claims, or you have filed an objection against the processing pursuant to Article 21 GDPR.

5. Right to data portability, pursuant to Article 20 GDPR

Pursuant to Article 20 GDPR, you have the right to receive the personal data you have provided us with in a structured, commonly used and machine-readable format or to request the transfer to another controller.

6. Right to object, pursuant to Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 (1e) or (1f) GDPR. As controllers, we will then no longer process the personal data relating to you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object to the processing at any time. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

7. Right to withdraw your consent for the data protection declaration, pursuant to Article 7 (3) GDPR

Insofar as the respective data processing is based on a consent in line with Article 6 (1a) GDPR, you have the right to revoke your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Automated individual decision-making, including profiling, pursuant to Article 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

9. Right to lodge a complaint with a supervisory authority, pursuant to Article 77 GDPR

Pursuant to Article 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, place of work or our company headquarters. The supervisory authority responsible for Flughafen Stuttgart GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit

P.O. Box 10 29 32
70025 Stuttgart, Germany
Telephone: +49 711 615541-0
Fax: +49 711/615541-15
Email: Poststelle@lfdi.bwl.de

B. INDIVIDUAL PROCESSING SITUATIONS ON OUR WEBSITE (SPECIAL SECTION)

This section of our privacy policy only refers to the processing situation on the tour.stuttgart-airport.com website, which is specified in the individual section.

I. Visiting the website tour.stuttgart-airport.com

1. Log files / server log files

If you merely use our website for information purposes (only viewing and reading), i.e. if you do not contact us (for example via a contact form) and do not submit any other information to us, we only collect the personal data that are transferred automatically or that your browser – depending on the terminal device and configuration of the client – transfers to our server.

This information is temporarily stored in a so-called log file. In this case, only data collected by our system are recorded. The following data are collected:

  • IP address,
  • date and time of access,
  • name and URL of the requested page,
  • website from which access is made (so-called referrer URL),
  • information about the browser type and version used,
  • operating system and its interface,
  • language and version of the browser software,
  • Internet service provider of the user.

Article 6 (1f) GDPR constitutes the legal basis for the temporary storage of these data and the log files.

The data are stored in log files to ensure the website’s functionality and, in the event of any errors or problems in the network, to carry out an adequate analysis and thus ensure the security of our information technology systems. These data are not evaluated for other purposes. Pursuant to Article 13 (1d) GDPR, we are herewith informing you as a user that this is in our legitimate interests.

The log files and thus also the data stored in them are erased after 14 days. The log files are not saved beyond this period. 

2. Hosting of this website

Our website is hosted on a web server at Mittwald CM Service GmbH & Co. KG, Königsberger Strasse 4 - 6, 32339 Espelkamp, Germany. Personal data collected on our website are thus stored on the web servers of this service provider.

We have concluded an agreement with the service provider within the meaning of Article 28 GDPR. This provider will only process the data insofar as this is necessary for the fulfilment of its service obligations and it will follow our instructions with regard to these data.

3. Programming and maintenance of this website

We have commissioned a service provider for programming and maintenance of our website. The provider is b13 GmbH, Breitscheidstrasse 65, 70176 Stuttgart, Germany. In the course of programming and maintaining our website, the service provider is able to access data which is collected on the website and stored on the web server.

We have concluded an agreement with the service provider within the meaning of Article 28 GDPR. As an example, the service provider assists us in operating and maintaining this website. This provider will only process the data insofar as this is necessary for the fulfilment of its service obligations and they will follow our instructions with regard to these data.

 

II. Use of external services

Currently, our website does not use any external services which process your data.

Social media plugins

If our website contains symbols from social media providers such as Facebook, Twitter, Instagram, YouTube, LinkedIn and Xing, we only use these symbols to passively link to the pages of the respective providers.

 

III. Contact form and email contact

You can contact us via our website at https://tour.stuttgart-airport.com/kontakt or by email at visit@stuttgart-airport.com. In this case, the personal data you send us (e.g. name, email, individual text in the contact form) will be processed.

We will store the data sent to us so that we can respond to your request appropriately. The data from the contact form are transferred to our web server in encrypted form. Depending on the topic you contact us about, your data and your request may be transferred to internal third parties (e.g. specialist departments at Stuttgart Airport) or to external third parties (e.g. service providers based at Stuttgart Airport). You can find out more about this at www.stuttgart-airport.com/Datenschutz.

If you contact us, the legal basis for data processing is Article 6 (1f) GDPR. We use your personal data exclusively for processing and answering your enquiry appropriately. This is also our legitimate interest within the meaning of Article 13 (1d) GDPR. This also applies to any transfer of your data to third parties.

Insofar as your enquiry is related to a tour that you wish to book or have already booked, Article 6 (1b) GDPR constitutes an additional legal basis for data processing.

Personal data are stored only for as long as necessary for fulfilling the above-mentioned purpose (final clarification of your specific enquiry or specific request) or pursuant to the legally stipulated retention periods.

 

V. Booking and participation in airport tours

If you book an airport tour on our website, in order to conclude the contract, you will need to provide certain personal data which we require for processing the booking. Article 6 (1b) and (1f) GDPR constitute the legal basis for processing these data. When an airport tour is booked, we have a legitimate interest in duly fulfilling all contractual obligations.

For further information, please refer to a separate privacy policy which applies to persons booking and/or participating in an airport tour at Stuttgart Airport. This data protection declaration is available at the following link:

Data Protection Declaration for Airport Tours (Booking and Participation).

 

Last updated: 02/2023