Privacy statement

Change data protection settings: You can edit your data protection settings at any time via the  Consent Manager.

Thank you for visiting our website tour.stuttgart-airport.com.

We process your personal data exclusively within the scope of the statutory data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).

In this regard, the following is intended to inform you about the processing (e.g. collection, storage, transfer) of personal data when using our website

Our privacy policy for using this website has a modular structure consisting of a general section and a special section. The general section applies to all processing of personal data and to all processing situations on our website (A. General Information (General Section)). The special section only applies to the respective processing situation indicated therein (B. Individual Processing Situations on our Website (Specific Section)).

For persons who book and/or participate in a tour of Stuttgart airport, a separate data protection declaration also applies. This data protection declaration is available at the following link: Data Protection Declaration for Airport Tours (Booking and Participation).

Table of Contents

TABLE OF CONTENTS

A. GENERAL INFORMATION (GENERAL SECTION)
I Name and address of the controllers
II. Contact details of the Data Protection Officer
III. General information on personal data processing
1. Definitions
2. Legal basis for the processing of personal data    
3. Scope of processing of personal data
4. Recipients or categories of recipients to whom the data may be transferred
5. Transfer of data to third countries
6. Period of storage, erasure
7. Data security
8. No automated decision-making (including profiling)
9. No obligation to provide personal data
10. Legal obligation to transfer certain data
11. Further information on data protection

IV. Your rights (rights of the data subjects)


B. INDIVIDUAL PROCESSING SITUATIONS ON OUR WEBSITE (SPECIAL SECTION)
I. Visiting the website tour.stuttgart-airport.com
1. Log files / server log files
2. Hosting of this website
3. Programming and maintenance of this website

II. Use of external services
1. General information on cookies and similar technologies
2. Technical information on cookies and similar technologies
3. Privacy settings (Consent Manager)
3.1 Granting or refusing consent
3.2 Changing or withdrawing consent
4. Detailed information on the individual services on our website
5. Social media plugins
6. Social media profiles

III. Contact form and email contact
IV. Booking and participation in airport tours
V. Payment via PAYONE's online solutions

VI. Feedback
1. Invitation via e-mail
2. Submitting feedback

VII. Queries
VIII. Validity of this Privacy Policy

A. GENERAL INFORMATION (GENERAL SECTION)

This section of our privacy policy applies to all processing of personal data and to all processing situations on our website.

I Name and address of the controllers

Flughafen Stuttgart GmbH
Flughafenstrasse 32
70629 Stuttgart, Germany

P.O. Box 23 04 61
70624 Stuttgart, Germany

Telephone: +49 711 948-0
Telefax: +49 711 948-2241
Email: info@stuttgart-airport.com

Legal representatives:

Management:
Ulrich Heppe (CEO)
Carsten Poralla (Managing Director)

 

II. Contact details of the Data Protection Officer

You can contact Flughafen Stuttgart GmbH's Data Protection Officer either by post or via email.

By post:
Flughafen Stuttgart GmbH
Data Protection Officer
Flughafenstrasse 32 70629 Stuttgart, Germany

By email:

DSB@stuttgart-airport.com

III. General information on personal data processing

1. Definitions

In our privacy policy, we use terms which are to be understood as follows in accordance with the General Data Protection Regulation:

  •  “personal data” mean any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (cf. Article 4 (1) GDPR).
  •  To “process” or “processing” means any operation in which personal data are used, whether or not by automated (i.e. technology-based) means. This particularly includes collection (i.e. procurement), recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or another form of making available, alignment, combination, restriction, erasure or destruction of personal data, as well as the change of purpose or aim on which a data processing was originally based (cf. Article 4 (2) GDPR).
  • data subject” means any natural person (i.e any individual) who is identified or identifiable by the personal data being processed.
  • consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her (Article 4 (11) GDPR).

2. Legal basis for the processing of personal data

According to the law, any processing of personal data is initially prohibited and will only be permitted if the law provides for such a permission. This permission is also referred to as the legal basis. The following legal bases are generally taken into account for the processing of data when visiting this website:

  • Article 6 (1a) GDPR serves as the legal basis insofar as we obtain the data subject’s consent for the processing of personal data.
  • Article 6 (1b) GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for performing pre-contractual measures.
  • Article 6 (1c) GDPR serves as the legal basis insofar as the processing of personal data is required to fulfil a legal obligation to which Flughafen Stuttgart GmbH is subject.
  • Article 6 (1f) GDPR serves as the legal basis for processing if this is necessary to protect a legitimate interest of Flughafen Stuttgart GmbH or a third party.

We specify the applicable legal basis for each of the processing operations which we carry out in the special section of this privacy policy (cf. B. Individual Processing Situations on our Website (Special Section)). A processing operation may also have several legal bases.

3. Scope of processing of personal data

In principle, personal data (“data”) of the users of our website are only processed

  • insofar as this is necessary for the provision of a functional website and for the presentation of the relevant content,
  • and/or insofar as we, as the controllers, have obtained the user's consent, pursuant to Article 6 (1a) GDPR,
  • and/or insofar as the processing of personal data is permitted by law (Article 6 (1b-f) GDPR).

4. Recipients or categories of recipients to whom the data may be transferred

In principle, we will only pass on data to third party recipients if you have consented to the transfer, if the transfer is prescribed by law, if the transfer is necessary for establishing or maintaining contractual relationships or for initiating business deals, if there is a legal or official obligation to pass on these data or if the transfer is justified by another legal basis (e.g. external contractors or service providers within the scope of Article 28 GDPR).

The following third party recipients may be contacted:

    • Courts, authorities or other state bodies, insofar as a legal obligation exists
    • External bodies, insofar as this is necessary to fulfil the purposes stated in each case
    • External contractors within the framework of the provisions of Article 28 GDPR
    • Other cooperation partners whose participation is necessary to provide the service 

5. Transfer of data to third countries

Insofar as there is a transfer to countries which neither belong to the European Union (EU) nor the European Economic Area (EEA) (so-called “third countries”), this is carried out exclusively in accordance with the GDPR. We have ensured that an adequate level of data protection is in place for this situation. An adequate level of data protection is ensured, for example, by using the standard contractual clauses of the EU Commission within the meaning of Article 46 (2c) GDPR. The EU standard contractual clauses can be found at the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=EN

6. Period of storage, erasure

Data are processed and stored by us as long as it is necessary for the fulfilment of the respective contractual or legal purposes and obligations, for example. If this is not necessary, the data will be deleted, unless the deletion is contrary to statutory storage obligations.

More detailed information on the respective retention and deletion periods for the individual processing operations which we carry out can be found in the special section of this privacy policy (cf. B. Individual Processing Situations on our Website (Special Section)).

7. Data security

We use SSL (Secure Socket Layer) encryption on our website. You can recognise the encryption of our website and its individual areas by the lock or key symbol in the lower status bar of your browser.

Within the meaning of Article 32 GDPR, we principally use suitable technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are constantly developed and improved in accordance with technical progress and technical development.

Despite all our efforts, however, it must be stated that data transmission on the Internet can present security gaps. In particular, it is not always possible to guarantee complete and uninterrupted protection of your data from access by third parties.

8. No automated decision-making (including profiling)

Automated decision-making in individual cases pursuant to Article 22 GDPR does not take place.

9. No obligation to provide personal data

There is no statutory obligation to provide your data. However, you may need to provide your personal data in order to use our website or to use it to its full extent. If you choose not to provide your data, you will be unable to use our website or certain features of the website.

10. Legal obligation to transfer certain data

Flughafen Stuttgart GmbH may, under certain circumstances, be subject to a specific legal or statutory obligation to make lawfully processed personal data available to third parties, in particular to public bodies (cf. Article 6 (1c) GDPR).

11. Further information on data protection

Further information on data protection at Flughafen Stuttgart GmbH can be found at: www.flughafen-stuttgart.de/Datenschutz.

 

IV. Your rights (rights of the data subjects)

If we process your personal data, this makes you a data subject within the meaning of the GDPR. To that effect, you have rights vis-à-vis Flughafen Stuttgart GmbH as the controller. If you wish to exercise such a right, please contact:

Flughafen Stuttgart GmbH
Flughafenstrasse 32
70629 Stuttgart, Germany

Email: Betroffenenrechte@stuttgart-airport.com

You have the following rights:

1. Right of access, pursuant to Article 15 GDPR

Pursuant to Article 15 GDPR, you have the right to obtain information about your personal data processed by us. In particular, you may obtain information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to request from the controller rectification, erasure, restriction of processing or objection, the right to lodge a complaint, the origin of your data, provided these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on these details. You also are entitled to the right to obtain information as to whether your personal data are being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

2. Right to rectification, pursuant to Article 16 GDPR

Vis-à-vis us as the data controller and in accordance with Article 16 of the GDPR, you are entitled to the right to rectify and/or complete your personal data if the personal data relating to you and being processed are incorrect or incomplete. We, as controllers, must make this rectification without delay.

3. Right to erasure (“right to be forgotten”), pursuant to Article 17 GDPR

Pursuant to Article 17 (1) GDPR, you are entitled to the right to obtain the erasure of your personal data stored with us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims (cf. Article 17 (3) GDPR). If we as the controller have made the personal data relating to you public and we are obliged to erase this personal data pursuant to Article 17 (1) GDPR, we will take reasonable steps, including technical measures (taking account of available technology and the cost of implementation) to inform controllers which are processing the personal data that you, as data subject, have requested the erasure by such controllers of any links to, or copy or replication of, such personal data.

4. Right to restriction of processing, pursuant to Article 18 GDPR

Pursuant to Article 18 GDPR, you are entitled to the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its erasure and we no longer need the data, but you need it to establish, exercise, or defend any legal claims, or you have filed an objection against the processing pursuant to Article 21 GDPR.

5. Right to data portability, pursuant to Article 20 GDPR

Pursuant to Article 20 GDPR, you have the right to receive the personal data you have provided us with in a structured, commonly used and machine-readable format or to request the transfer to another controller.

6. Right to object, pursuant to Article 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6 (1e) or (1f) GDPR. As controllers, we will then no longer process the personal data relating to you unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object to the processing at any time. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

 

7. Right to withdraw your consent for the data protection declaration, pursuant to Article 7 (3) GDPR

Insofar as the respective data processing is based on a consent in line with Article 6 (1a) GDPR, you have the right to revoke your data protection consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

8. Automated individual decision-making, including profiling, pursuant to Article 22 GDPR

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

9. Right to lodge a complaint with a supervisory authority, pursuant to Article 77 GDPR

Pursuant to Article 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your habitual residence, place of work or our company headquarters. The supervisory authority responsible for Flughafen Stuttgart GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit

P.O. Box 10 29 32
70025 Stuttgart, Germany
Telephone: +49 711 615541-0
Fax: +49 711/615541-15
Email: Poststelle@lfdi.bwl.de

B. INDIVIDUAL PROCESSING SITUATIONS ON OUR WEBSITE (SPECIAL SECTION)

In addition to the general section of our Privacy Policy (A. General information (general section)), which applies to all processing situations on our website, this special section refers only to the processing situation specified in the separate section on the tour.stuttgart-airport.com website.

I. Visiting the website tour.stuttgart-airport.com

1. Log files / server log files

If you merely use our website for information purposes (only viewing and reading), i.e. if you do not contact us (for example via a contact form) and do not submit any other information to us, we only collect the personal data that are transferred automatically or that your browser – depending on the terminal device and configuration of the client – transfers to our server.

This information is temporarily stored in a so-called log file. In this case, only data collected by our system are recorded. The following data are collected:

  • IP address,
  • date and time of access,
  • name and URL of the requested page,
  • website from which access is made (so-called referrer URL),
  • information about the browser type and version used,
  • operating system and its interface,
  • language and version of the browser software,
  • Internet service provider of the user.

Article 6 (1f) GDPR constitutes the legal basis for the temporary storage of these data and the log files.

The data are stored in log files to ensure the website’s functionality and, in the event of any errors or problems in the network, to carry out an adequate analysis and thus ensure the security of our information technology systems. These data are not evaluated for other purposes. Pursuant to Article 13 (1d) GDPR, we are herewith informing you as a user that this is in our legitimate interests.

The log files and thus also the data stored in them are erased after 14 days. The log files are not saved beyond this period. 

2. Hosting of this website

Our website is hosted on a web server at Mittwald CM Service GmbH & Co. KG, Königsberger Strasse 4 - 6, 32339 Espelkamp, Germany. Personal data collected on our website are thus stored on the web servers of this service provider.

We have concluded an agreement with the service provider within the meaning of Article 28 GDPR. This provider will only process the data insofar as this is necessary for the fulfilment of its service obligations and it will follow our instructions with regard to these data.

3. Programming and maintenance of this website

We have commissioned a service provider for programming and maintenance of our website. The provider is b13 GmbH, Breitscheidstrasse 65, 70176 Stuttgart, Germany. In the course of programming and maintaining our website, the service provider is able to access data which is collected on the website and stored on the web server.

We have concluded an agreement with the service provider within the meaning of Article 28 GDPR. As an example, the service provider assists us in operating and maintaining this website. This provider will only process the data insofar as this is necessary for the fulfilment of its service obligations and they will follow our instructions with regard to these data.

II. Use of external services

In addition to information (see B. I. Visiting the tour.stuttgart-airport.com website), our website offers various functions and features("services"). This generally requires the processing of different types of personal data. We use external companies for some services and the associated data processing operations. Detailed information on this is provided in our  Consent Manager.

1. General information on cookies and similar technologies

The various services on our website collect and process data using a range of technologies. These technologies are used to store information on your device or to access information that is already stored on your device.

The technologies used on our website include, in particular, cookies and similar technical aids, such as scripts and data storage in a browser's local or session storage. 
The following technology categories are used on our website:

  • Necessary technologies
    Necessary technologies are required to activate our website’s core functionality. The technical layout of our website necessitates the use of these technologies. Without them, it would not be possible to navigate our website or use its basic functions.For example, some services on our website require technically necessary cookies so that the visitor’s browser can be identified even after a page change. Furthermore, without the use of cookies, it would not be possible to provide you with our website's language settings.In addition, some technically necessary technologies collect information on how you use our website in order to prevent the occurrence of errors during use of the website, or to ensure website security.The use of the necessary technologies is absolutely necessary within the meaning of Section 25 (2)(2) of the German Telecommunications and Telemedia Data Protection Act (TDDDG). Depending on the service, the legal basis for the associated personal data processing arises from Art. 6 (1)(b to f) of the General Data Protection Regulation (GDPR). 
    The main purpose of the necessary technology and the associated personal data processing is to simplify the use of our website for the user and to ensure its security. Pursuant to Art. 13 (1)(d) GDPR, we hereby inform you as a user that the aforementioned purpose is also part of our legitimate interest. 
  • Non-essential technologies (functional and marketing)
    Some optional services on our website use technologies that are non-essential.These include functional technologies. The purpose of these technologies is to enhance your user experience. In particular, they can be employed to make it easier for you to use different browsers or devices to access our website, or to recognise you when you visit our website. However, functional technologies also facilitate the analysis of your browsing behaviour, such as determining the frequency of page views or the use of website functions. This enables us to improve the functionality and content of our website on a continuous basis. Sharing cookies are used to enable interaction between our website and other services (e.g. social networks). Non-essential technologies also include marketing technologies. These are used to provide the website user with customised advertising on the website or ads from third-parties, to show interest-based advertising and to measure the effectiveness of these ads.In accordance with Section 25 (1)(1) TDDDG, we require your consent for the use of non-essential technologies. You may grant us this consent together with your consent to the associated data processing. Art. 6 (1)(1)(a) GDPR constitutes the legal basis for the processing of your personal data.Services that use non-essential technologies will only be activated with your consent. You may grant your consent via our  Consent Manager  – either by activating the respective category of non-essential technologies (functional or marketing) on which the service is based, or by specifically activating the respective service. Further details on how to grant, manage and/or withdraw your consent are provided below under B II. 3. Privacy settings (Consent Manager).Detailed information on the individual services, the technologies used in each case and the associated data processing is provided in our  Consent Manager.

2. Technical information on cookies and similar technologies

  • Cookies
    Cookies are text files that are stored in the Internet browser or by the Internet browser on your computer system / device as soon as you visit our website. The stored cookies contain a characteristic string that enables a unique identification of the browser when the website is visited again. However, as well as enabling the utilised device to be recognised, cookies can also contain information on certain settings.We also use cookies from external service providers on our website. Therefore, the providers who set a cookie via our website may receive a wide variety of information and data. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored in your browser can also be deleted there at any time. If you refuse the storage of (technically) necessary cookies, you may not be able to use all the functions on our website to their full extent. Some functions on our website cannot be offered without the use of cookies. These include, for example, functions that require the browser to be recognised even after a page change. Maintenance of the selected language setting is one example of this. 
  • Scripts
    In web development, scripts are small programmes or snippets of code that are used to automate recurring tasks. For example, scripts enable the validation of form entries or the display of dynamic content and ensure an improved user experience. They can be executed either in the user's browser or on a server. 
     
  • Storing data in local or session storage
    Local storage and session storage are mechanisms for storing data in the user's browser. Local storage saves data permanently, whereas session storage only saves it for the current browser session. This is necessary, for example, in order to save user settings or intermediate input statuses.

3. Privacy settings (Consent Manager) 

We use the Usercentrics consent management platform ("Consent Manager") on our website. This  Consent Manager  helps you choose privacy settings for the various technologies used for the individual services on our website and the associated data processing.

3.1 Granting or refusing consent
Initially, only the use of necessary technologies (see B. II. 1. General information on cookies and similar technologies) is intended and pre-set for our website. 
When you visit our website, your consent or refusal is obtained and stored via a pop-up window referred to as the cookie banner. 

By clicking on the "Accept all" button, you can consent to the use of all technologies (see B. II. 1. General information on cookies and similar technologies), the associated processing of information on your device and the processing of your personal data. All services on our website will then be activated.

By clicking on the "Reject" button, you can reject the use of all non-essential technologies (functional and marketing). This will prevent the processing of information on your device and the processing of your personal data. Services that use non-essential technologies will then remain deactivated. 

If you click on the "More" button, you will be shown detailed information on the categories of technologies used and the individual services offered on our website. Among other things, you can find out which technologies we currently use on our website, which services process which type of data for which specific purposes on which legal basis, and which external services / data recipients we use. You also have the option of defining the scope of your consent in detail by making a selection and confirming it by clicking the "Save settings" button. You can either select the respective category of non-essential technologies (functional or marketing) or specifically activate or deactivate the respective service. This allows you to specifically prevent certain technologies from using information from your device and certain services from processing your personal data via our website.
If we embed content from a third-party provider (e.g. videos or Twitter posts) in our website and we have not as yet received your consent to show you this content, you will, instead of the content, see a notice stating that we require your consent. At the same time, you will be given the opportunity to grant the necessary consent and/or view more information on the respective third-party service.

3.2 Changing or withdrawing consent
You can view your privacy settings via the  Consent Manager and change or withdraw your consent to the use of non-essential technologies and the associated processing of your data at any time.

A link to the  Consent Manager is also provided in the footer of our website. The linked text is titled "Privacy settings".
Clicking on the linked text will cause the aforementioned cookie banner to appear. You can then grant or refuse your consent here. See B. II. for details. 3.1 Granting or refusing consent.

4. Detailed information on the individual services on our website
Our  Consent Manager contains detailed information on the individual services on our website, the technologies used in each case and the associated data processing. Please click "Services” to view this information.

You will then be provided with the following information, insofar as it might be relevant to the individual service:

Service description

  • Processing company (provider of the external service, if applicable)
  • Data protection officer of the processing company
  • Purpose of data collection/processing
  • Technology used
  • Type of data collected/processed
  • Legal basis for the personal data processing (see "Legal basis")
  • Processing location
  • Duration of storage; deletion (see "Retention period")
  • Transfer of data to third countries (see "Transfer to third countries")
  • Recipients or recipient categories (see "Data recipients")
  • Further information on the privacy policies of the companies involved in data processing 

5. Social media plugins
If our website contains symbols from social media providers (e.g. Facebook, Twitter, Instagram, YouTube, Linkedin, Xing), we only use these to passively link to the pages of the respective providers.

6. Social media profiles  
Flughafen Stuttgart GmbH maintains profiles on various social networks. 

All references to our social media profiles on our website are integrated by means of a link. Personal data is therefore not transferred to these external services without your active involvement. A transfer only takes place if you initiate it yourself by clicking on the link.

For further information, please refer to a separate privacy policy that applies to people who visit one of our pages on social media platforms. This privacy policy is available at the following link:  Privacy Policy for Flughafen Stuttgart GmbH pages on social networks

III. Contact form and email contact

You can contact us via our website at https://tour.stuttgart-airport.com/kontakt or by email at visit@stuttgart-airport.com. In this case, the personal data you send us (e.g. name, email, individual text in the contact form) will be processed.

We will store the data sent to us so that we can respond to your request appropriately. The data from the contact form are transferred to our web server in encrypted form. Depending on the topic you contact us about, your data and your request may be transferred to internal third parties (e.g. specialist departments at Stuttgart Airport) or to external third parties (e.g. service providers based at Stuttgart Airport). You can find out more about this at www.stuttgart-airport.com/Datenschutz.

If you contact us, the legal basis for data processing is Article 6 (1f) GDPR. We use your personal data exclusively for processing and answering your enquiry appropriately. This is also our legitimate interest within the meaning of Article 13 (1d) GDPR. This also applies to any transfer of your data to third parties.

Insofar as your enquiry is related to a tour that you wish to book or have already booked, Article 6 (1b) GDPR constitutes an additional legal basis for data processing.

Personal data are stored only for as long as necessary for fulfilling the above-mentioned purpose (final clarification of your specific enquiry or specific request) or pursuant to the legally stipulated retention periods.

IV. Booking and participation in airport tours

If you book an airport tour on our website, in order to conclude the contract, you will need to provide certain personal data which we require for processing the booking. Article 6 (1b) and (1f) GDPR constitute the legal basis for processing these data. When an airport tour is booked, we have a legitimate interest in duly fulfilling all contractual obligations.

For further information, please refer to a separate privacy policy which applies to persons booking and/or participating in an airport tour at Stuttgart Airport. Open this data protection declaration here

V. Payment via PAYONE's online solutions

Our payment service provider, PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt am Main, Germany, is solely responsible for the processing of electronic payments and the associated data processing within the meaning of data protection law. 

The data protection provisions of PAYONE GmbH can be viewed via the following link: 

www.payone.com/dsgvo

For further information on the processing of your data within the scope of electronic payments, please contact PAYONE GmbH. 

The contact details are as follows: 
PAYONE GmbH 
Lyoner Strasse 9
60528 Frankfurt am Main, Germany 
www.payone.com

The Data Protection Officer at PAYONE GmbH can be contacted via e-mail at: privacy@payone.com.

VI. Feedback

If you have booked and/or taken part in an airport tour, you are able to give us feedback. Your feedback allows us to gauge your satisfaction with our service and your willingness to recommend it to others. This in turn provides us with valuable information that makes it possible for us to continuously improve our airport tours.

1. Invitation via e-mail
You will receive the invitation to submit feedback to us via e-mail. In order to send this invitation, we process your e-mail address, as well as your name (in order to create a personalised salutation). You provided us with this data when you booked the airport tour. Art. 6 (1)(f) GDPR constitutes the legal basis for processing here. The purpose of this data processing is to ensure, as far as possible, that only people who have booked and/or taken part in an airport tour provide feedback (this is with a view to ensuring the validity of the feedback provided). Pursuant to Art. 13 (1)(d) GDPR, we hereby inform you as a user that the aforementioned purpose is also part of our legitimate interest.

2. Submitting feedback
We use the Online Survey service provided by enuvo GmbH, Huoberstrasse 10, 8808 Pfäffikon SZ, Switzerland to receive and analyse your feedback. We have concluded an agreement within the meaning of Art. 28 GDPR for the use of this service.

If you wish to submit feedback, the following personal data will be processed by enuvo GmbH in order to technically enable the use of the Online Survey service:

  • IP address
  • Date and time (including difference from Greenwich Mean Time (GMT))
  • Access status / http status code
  • The website from which access originated (referrer URL) and the last website visited
  • Content of the requested page or feedback form
  • The respective amount of data transferred
  • Operating system used
  • Browser type and settings as well as the language and version of the browser software

If you provide personal data in your feedback, this will also be processed by enuvo GmbH and subsequently by us or employees of our Corporate Communications &/ Public Affairs department. However, we do not request any personal data in our feedback form and ask that you refrain from providing any information that would allow conclusions to be drawn about you or other individuals.

You can submit your feedback without registering or stating your name. We will not carry out any further processing of data that is collected by enuvo GmbH when you use the service (in order to make the service technically possible) and which might enable the identification of the person who submitted the feedback. We have no interest in determining who submitted the feedback and the responses collected. The processing of your IP address only serves to prevent multiple feedback entries by the same individual.

The form of technology used by the Online Survey service to collect your data is known as a "script". This technology is used on the basis of your consent in accordance with Section 25 (1)(1) TDDDG. Your consent in accordance with Art. 6 (1)(1)(a) GDPR constitutes the legal basis for the processing of your personal data. You may grant us your consent via our  Consent Manager (see B. II. 3.1 Granting or refusing consent).

You may withdraw your consent at any time without affecting the lawfulness of the processing of your data before your withdrawal of consent. The easiest way to withdraw your consent is via the Consent Management Platform (see B. II. 3. Privacy settings (Consent Manager)). Further information on this is provided above under A. 7. Right to withdraw your consent under data protection law in accordance with Art. 7 (3) GDPR.

If data is transferred to Switzerland, pursuant to the European Commission's adequacy decision of 26 July 2000 (ref. 2000/518/EC), enuvo GmbH, as the recipient in the third country, is confirmed as having an adequate level of data protection.

Your data and feedback will be processed for up to one month. Before this storage period expires, we will check and ensure that the answers given or free text fields completed do not contain any personal data. Any personal data contained therein will be removed. Feedback submitted will be stored in anonymised form for an indefinite period of time. 

The data protection provisions of enuvo GmbH can be viewed via the following link: https://www.umfrageonline.com/datenschutz 

VII. Queries

If you have any questions regarding the processing of your personal data by us, or about your rights as a data subject, you can contact our Data Protection Officer at any time. You can also contact our Data Protection Officer at any time if you have any suggestions, concerns or ideas regarding data protection. The contact details are provided above under A. I. 2. Contact details of the Data Protection Officer.

VIII. Validity of this Privacy Policy

This Privacy Policy is currently valid in the version dated 12 December 2023.

Data Protection Declaration for Airport Tours (Booking and Participation).