Controllers under data protection law
The Travel ID operators are Air Dolomiti S.p.A Linee Aeree Regionali Europee (Dossobuono di Villafranca (VR), Via Paolo Bembo 70, Italy), Austrian Airlines AG (Office Park 2, Postbox 100, 1300 Wien-Flughafen, Austria), Brussels Airlines SA/NV (1050 Brüssel, Belgium, Jaargetijdenlaan 100-102/B30 Av. des Saisons), Deutsche Lufthansa AG (Venloer Straße 151-153, 50672 Köln, Germany), Edelweiss Air AG (The Circle 32, 8058 Flughafen Zürich, Switzerland), Eurowings GmbH (Waldstraße 249, 51147 Köln, Germany), EW Discover GmbH (Hugo-Eckener-Ring 1, FAC Building, 60549 Frankfurt a.M., Germany), Italia Trasporto Aereo S.p.A. (Via Venti Settembre 97, Rom, 00187, Italy), Lufthansa City Airlines GmbH (Flughafen München, FOC, Südallee 15, 85356 München, Germany) and Swiss International Air Lines AG (Obstgartenstrasse 25, 8302 Kloten, Switzerland) as “Lufthansa Group Airlines” or “LHG Airlines” as well as Miles & More GmbH (Unterschweinstiege 8, 60549 Frankfurt a.M., Germany).
Unless otherwise stated in this Privacy Notice, “we” or “us” or “Travel ID operators” refers to the Lufthansa Group airlines and Miles & More GmbH as the controllers with joint responsibility (“Joint Controllers”) for the processing of your personal data as defined in Article 26 GDPR.
Data protection Officer
You can contact the data protection officers at the following addresses:
Data protection officer of Air Dolomiti S.p.A., Deutsche Lufthansa AG, Lufthansa City Airlines GmbH, Miles & More GmbH, Eurowings GmbH, EW Discover GmbH and Brussels Airlines SA/NV:
Deutsche Lufthansa AG
Data Protection Officer
FRA CJ/D
Lufthansa Aviation Center
Airportring
60546 Frankfurt/Main
Germany
Data protection officer of Austrian Airlines AG:
Austrian Airlines AG
Legal Office – Data Protection
Office Park 2
Postbox 100
1300 Vienna Airport
Austria
Data protection officer of Swiss International Air Lines AG:
Swiss International Air Lines AG
ZRH S/CJ
Postfach
8058 Zurich Airport
Switzerland
Data protection officer of Italia Trasporto Aereo S.p.A.:
ITALIA TRASPORTO AEREO S.p.A.
Via Venti Settembre 97
00187 Rom
Italy
Data protection officer of Edelweiss Air AG:
Edelweiss Air AG
Betrieblicher Datenschutzverantwortlicher (Company Data Protection Officer)
The Circle 32
Postfach
8058 Zurich Airport
Switzerland
Creating and completing your Travel ID profile
When you register for Travel ID, we ask for your email address, your title, your first and last names, your date of birth and a password as mandatory information. Your country and preferred language settings will be automatically transferred, as far as technically possible, using the country and language settings you entered on the respective websites or other contact points of the Travel ID operators. This is the minimum information required to create a Travel ID profile. If you register for the Miles & More programme at the same time, providing your address and contact details will also be obligatory.
In order to take advantage of all the benefits of Travel ID, you have the option of adding more information to your Travel ID profile on a voluntary basis. This may include your mobile phone number or preferences (e.g. your preferred departure airport).
You also have the option of adding one or more travel partners to your profile. Please note that this is only permitted with the consent of the person in question.
In your Travel ID profile, you can also give and withdraw your consent to the processing of data for different purposes. This includes the “cookie settings”, which we automatically apply as per your selection when you visit our websites and mobile apps. This saves you the trouble of repeatedly choosing these settings when you access these touchpoints.
In addition, you can view and edit your settings regarding the personalisation of our offers and sending of customised promotional communications.
If you belong to the customer groups defined by us, you also have the option of consenting to the use of our proactive Top Customer Relation Services.
Based on the activities that you have linked in your Travel ID profile, you may be shown anonymous statistics (e.g. your position in the ranking of kilometres flown) and/or so-called badges (e.g. awards for achieving specific targets).
The consent of a parent or guardian is required if you wish to set up a Travel ID profile for your child or your child wishes to do so themselves, and the child is under 18 years of age. After submitting the completed registration form, the parent or guardian will receive an email in which they are asked to give their consent to the creation of a Travel ID profile by confirming the link in the email. All personal data entered is deleted if the parent or guardian does not give their consent within the specified deadline after registration.
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
You also have the option of saving additional personal data, such as your preferred payment method or travel documents, in your Travel ID profile on the basis of your consent. You can find details in the relevant sections of this Privacy Notice.
Notifications about your Travel ID profile
If necessary for fulfilling the contract, we may send you messages about your Travel ID profile. Such messages include the email for activating Travel ID, the email for editing your communication settings and other messages, such as information about adjustments to the Travel ID terms and conditions of use and status changes in your Travel ID profile.
Status changes may relate, for example, to the expiry of the validity of your travel documents uploaded via your Travel ID profile, your payment methods or your password.
If you have not logged into your Travel ID profile for three years, we will also inform you of this via email and ask you to log in again. If we do not see any activity in your Travel ID profile within another six months, we will delete it (see paragraph “Deletion of your Travel ID profile”).
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
Personalised use of websites and other contact points
When you visit our websites, use our mobile apps and other touchpoints on the ground and on board, our aim is to make it easier and quicker for you to find and use the information that is relevant to you. You therefore have the option of registering there with your Travel ID and being contacted personally, for example receiving information that matches your current flight booking or your Miles & More membership.
You can also make use of the option to save your privacy settings (“cookie settings”) in your Travel ID profile. As soon as you use one of our websites or mobile apps and we are able to identify you, we will apply the cookie settings you have saved in your profile. Detailed information about the purposes of processing and processing activities can be found in the privacy policy or cookie policy on the respective LHG airline websites and on the Miles & More website.
If you do not wish to use the login service, you are, of course, free to use the website/contact points without logging in. In this case, the respective content will be displayed to you in a non-personalised manner.
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
Pre-populated forms
We use the data you enter in your Travel ID profile to make visiting our websites easier for you through pre-populated forms. This can be data that you actively provided during registration or added at some later point or data that you provided, for example, as part of a previous booking in connection with your Travel ID and which we automatically take into account during a subsequent booking. We also use the data you provide during a booking to give you access to pre-populated forms, e.g. during online check-in or at a check-in machine. If you fill out other forms, such as during your participation in a lucky draw or when you send customer feedback using one of our electronic feedback forms on the website, the necessary contact details required are also pre-populated from your Travel ID profile.
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
Displaying and managing your flight bookings
Flight bookings are automatically saved and displayed in your Travel ID profile if you make the booking while logged in. If you add a flight booking to your Travel ID profile after this, we check whether the booking is complete and add information you have saved in your Travel ID profile as required. No data will be overwritten without your consent.
The summary of your flight bookings is limited to 10 years and also includes the creation and display of flight statistics, among other things.
If you change your previous customer profile for one of the Lufthansa Group airlines to a Travel ID profile, your past flight bookings from your previous customer profile will also be displayed in your Travel ID profile.
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
Personalised service when you contact our employees and contact points
We use the data stored in your Travel ID profile to provide you with personalised, targeted service at all our touchpoints on the ground and in the air, as well as to improve our complaint management. In doing so, we combine the data entered by you in your Travel ID profile during or after registration as well as all the data that we can link to you based on your Travel ID, e.g. completed purchases and use of services, as well as delays, flight cancellations and baggage irregularities. We also process data and information like your preferences, enquiries addressed to our Service Centre and data from other interactions with us, such as with the crew on board our aircraft or the staff in our lounges.
The legal basis for the processing of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
Proactive contact as part of contractually agreed services
If you have a Travel ID profile, we may use your data to contact you with regard to special personal occasions (e.g. your birthday, events related to your Miles & More membership) or your travel and service preferences, such as onboard our aircraft. In addition, if you make use of or have made use of products and services offered by Travel ID operators and we were repeatedly unable to provide you with the promised service, we may use this data (e.g. irregularities and customer concerns, number and severity of the incidents) and contact you regarding this.
The legal basis for the processing of your data is our justified interest in accordance with Art. 6(1)(1)(f) GDPR.
Verifying and storing entitlement to special conditions and reductions
If you belong to one or more customer groups (e.g. students), you can have your membership of such customer groups verified and confirmation stored in your Travel ID profile. If you book a trip later while logged in for example, we can use the customer group status stored in your Travel ID profile to check whether you are entitled to claim specific customer group benefits.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
You have the right to withdraw your consent to the confirmation of your customer group at any time, without affecting the lawfulness of any processing performed on the basis of this consent until it was withdrawn. You can delete the confirmation(s) in your Travel ID profile under “Customer groups” to do so.
Your entitlement to special conditions and reductions will be deleted automatically once they are no longer valid.
Checking and storing travel documents
You have option of storing travel documents such as your passport or visa in your Travel ID profile. We will keep this data for you in a separate secured database. If you are logged in and book a trip that requires you have certain travel documents, we will automatically populate your flight booking with the information stored in your Travel ID profile. This process is not carried out if your flight booking already contains your travel documents details.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
You have the right to withdraw your consent to the use of the data from the travel documents at any time, without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn. To do this, you can delete your travel documents in your Travel ID profile under “Personal Documents”.
Your travel documents will be deleted automatically once they are no longer valid.
Storing payment methods
We offer you the option of storing your preferred payment methods in your Travel ID profile. You can do this yourself at any time within your Travel ID profile. During the booking process, you also have the option to store the payment methods you entered for the booking in your Travel ID for future purchases.
If you have stored a payment method in your Travel ID profile and make a booking while logged in with your Travel ID profile, we will pre-fill your preferred payment methods or offer you a selection. You can edit or delete your payment methods at any time.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
You have the right to withdraw your consent to the storage of your payment method at any time, without affecting the lawfulness of any processing performed on the basis of this consent until it was withdrawn. You can delete your payment methods in your Travel ID profile under “Payment methods”.
Personalisation of our offers and the sending of customised promotional communication
If you have registered for a Travel ID, you can give Lufthansa Group airlines[IN1] and Miles & More GmbH your consent to receive offers and information about products and services tailored to your personal interests. In order to be able to respond to your needs and preferences in a more personalized manner, we offer you the option of choosing the content you would like to be contacted about, the Travel ID operators via which you would prefer to be informed and the electronic communication media via which we may approach you.
Content may relate to suggestions for destinations, products and services as well as flights you have already booked. Offers might therefore include products, services or benefits to make your travel experience even more enjoyable. This includes, for example, services provided by Lufthansa Group airlines, such as premium meals, upgrades or the use of lounges as well as products and services provided by our partners, such as rental cars or insurance.
You may also receive offers and information from Miles & More about the Miles & More programme or other products and services, including Miles & More partner companies.
For this purpose, we determine your main areas of interest based on the data stored in your Travel ID profile as well as data stored with LHG airlines and Miles & More (e.g. demographic data, flight data like travel routes, travel classes, services used, preferences, purchases). If you have given us permission to save your interactions with our mobile apps and websites (see the cookie policy of the respective website), we will also include this information in our investigations, e.g. so that we can make you the best offer when searching for specific destinations.
If you have given your consent on our mobile apps and websites for the purpose of specifically contacting you with product offers from LHG Airlines and/or Miles & More on third-party websites, we also use this information so that we can assign you to a relevant target group based on your main areas of interest.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
You can give this consent during the Travel ID registration process or later in your Travel ID profile. You can manage your consent and your preferences regarding promotional communication there at any time and withdraw your consent without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.
Proactive contact by our Top Customer Relation Management
Depending on their flight activities, members of the Miles & More programme can achieve various types of frequent flyer status and thus enjoy exclusive benefits. If a member achieves HON Circle Member status, these benefits include exclusive services, among them proactive personal contact. Detailed information about the scope and type of data processed about you can be found in the respective LHG airline’s privacy policy. In addition, Travel ID operators are free to define customer groups and offer this service to their members, regardless of the status achieved in the Miles & More programme.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
You can provide this consent in your Travel ID profile. There, you can manage and withdraw your consent to this processing purpose at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.
Data transfers between Travel ID operators
If you have a Travel ID profile and your Travel ID profile is not linked to a Miles & More member account, the Lufthansa Group airlines will exchange your data among each other in order to offer you the services specified in the Travel ID Terms and Conditions of Use. The data Miles & More GmbH receives from you is required for creating and managing your Travel ID profile (e.g. contact details, date of birth and your voluntarily stored profile data), and Miles & More GmbH does not process this data for its own purposes unless you have consented to the personalisation of our offers and sending of customised promotional communication (see above).
If you have linked your Travel ID profile to your Miles & More member account, the Travel ID operators will exchange your data among each other in order to offer you the services specified in the Travel ID Terms and Conditions of Use. You decide for yourself whether to make the connection. If you make such a connection, data synchronisation is performed between your Travel ID profile and your Miles & More account. Specifically, the data stored by you in both accounts is carried over as follows:
All master data (such as name, date of birth, postal address, telephone) and preferences (such as preferred departure airport) is automatically transferred from your Miles & More account. The email address will be taken from your Travel ID profile.
The legal basis for the transfer of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
If you have given Miles & More GmbH your consent to receive personalised advertising communication (see the section “Personalised advertising communication”, Miles & More GmbH will also process your flight data (such as your route, travel class, departure airport, destination airport) for this purpose.
Individualised advertising through customer data comparison (CRM Datamatch)
One way to provide you with personalised information and offers tailored to you is to identify you on websites of partners or advertisers.
For this purpose, we transmit your email address and/or telephone number stored in your Travel ID profile, which was previously encrypted with the SHA 256 hash algorithm, which is recommended by the Federal Office for Security as "cryptographically strong", to a so-called data clean room. A data clean room is a secure environment isolated from external technical influences for processing personal data. It aims to facilitate the exchange of data between advertising companies, in this case the Travel ID operators, and partners or providers of advertising spaces, while protecting the privacy of the respective customers as much as possible. For this purpose, the partners or advertising companies also supply data of their customers to the data clean room using the same encryption method. As part of a data comparison, hits (data matches) are sent to so-called audiences (person groups), which in turn can be analysed by the Travel ID operators and addressed for advertising purposes. Access to the data we provide to a data clean room is only granted by us to selected partners and advertising space providers, and after the conclusion of corresponding data processing contracts.
Depending on technological development and marketer support technology, we ensure that stronger and more secure encryptions and/or extensions are used.
CRM Datamatch with Google Customer Match
In the case of CRM Datamatch with Google Customer Match, we provide encrypted data to a data clean room operated by Google in accordance with a process described in the section “Personalised advertising through customer data matching (CRM Datamatch)”. In this data clean room, Google compares the data we provide with those of Google Account customers that is encrypted using the same SHA 256 hash algorithm. Matches are summarised by Google in a list of what are referred to as “audiences”. As soon as this process is completed (max. 48 hours), the encrypted data is deleted. If you belong to such an audience, Google can identify you when you are surfing using Google platforms and show you our personalised advertising.
The condition for the processing of your personal data in Google Customer Match is that you possess a Google account in which you have given Google permission to display personalised advertising. You can change this setting to suit your preferences in the privacy tab in your Google user account.
The controller for the processing of personal data as part of Google Ads/Google Customer Match and within the meaning of the GDPR is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Ltd is a subsidiary of Google LLC, which has its head office registered in California, USA, and is subject to the laws of that location, and may therefore may also have to grant access to data processed outside the USA.
You can find further information about the processing of your personal data by Google in the Google Privacy Notice.
Personalised advertising through customer data matching via Meta
So that we can display personalised advertising to potential new customers or prospects on Meta platforms such as Facebook and Instagram, and measure the performance of our advertising activities, we use Meta Pixel technology in conjunction with Meta Conversion API of the company Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (referred to below as “Facebook”). In so doing we record visits to our websites, your flight searches and bookings and send these to Facebook in encrypted form using the SHA 256 hash algorithm. Facebook uses this data to identify its own customer groups with similar interests and allows us to display advertising to these customer groups on Facebook and Instagram. We also have the option of presenting offers relating to flight searches to undecided customers.
Meta Platforms Ireland Limited is a subsidiary of Meta Platforms Inc., which has its registered head office in California, USA, and is subject to the laws of that location. It may therefore also be obliged to provide access to data processed outside the EU.
We are joint controllers with Meta for the collection and transfer of data in this process. We have a corresponding agreement with Meta governing our responsibility as joint controllers.
You will find further information regarding the processing of your personal data at Facebook in the Facebook Privacy Notice.
You can contact the Data Protection Officer of Facebook via the online contact form provided by Facebook.
The legal basis for all processing of your data listed in the section “Personalized advertising communication” is provided by the consent you have given for this in accordance with Art. 6(1)(a) GDPR.
You give this consent during the registration process or later in your Travel ID profile, and this can be managed by you at any time in your Travel ID profile.
You can decide for yourself the extent to which you wish to receive information and individual offers from us by adjusting your communication settings. You may withdraw your consent to marketing communications also for individual areas (such as for the email newsletter only) in your Travel ID profile.
Data transfers between Travel ID operators
If you have a Travel ID profile and your Travel ID profile is not linked to a Miles & More member account, the Lufthansa Group airlines will exchange your data among each other in order to offer you the services specified in the Travel ID Terms and Conditions of Use. Miles & More GmbH will only receive data from you that is required to manage your Travel ID profile (e.g. contact details, date of birth and your voluntarily stored profile data) and will not process this data for its own purposes.
If you have linked your Travel ID profile to your Miles & More member account, the Travel ID operators will exchange your data among each other in order to offer you the services specified in the Travel ID Terms and Conditions of Use. You decide for yourself whether to make the connection. If you make such a connection, data synchronisation is performed between your Travel ID profile and your Miles & More account. Specifically, the data stored by you in both accounts is carried over as follows:
All master data (such as name, date of birth, postal address, telephone) and preferences (such as preferred departure airport) is automatically transferred from your Miles & More account. The email address will be taken from your Travel ID profile.
The legal basis for the transfer of your data is fulfilment of the contract in accordance with Art. 6(1)(b) GDPR.
If you have given Miles & More GmbH your consent to receive personalised advertising communication (see the section “Personalised advertising communication”, Miles & More GmbH will also process your flight data (such as your route, travel class, departure airport, destination airport) for this purpose.
Transfers to a third country
Your customer group status is verified by our commissioned processor SheerID, Inc. with its registered office in the USA. Data transfers are carried out based on the EU-U.S. Data Privacy Framework under which SheerID, Inc. is certified with the U.S. Department of Commerce.
“Login” and “Stay logged-in” feature
When you log in to a website or other contact point of a Travel ID operator for the first time, you will be prompted to enter your access details. In order to recognise you during your session, we set a “log-in” cookie. This cookie allows you to be logged in automatically when visiting websites of other Travel ID operators without having to enter your login credentials again.
You also have the option of actively selecting a “stay logged-in” feature on Travel ID operator websites on which you have already logged in so that, after finishing your session, you will not be required to log in again when you revisit the website.
For this purpose, we also use a cookie that automatically recognises you when you visit the website/touch point again.
When the “stay logged-in” feature expires, you will be asked to log in again. In addition, you will always be prompted to log in again if you are in the process of carrying out activities which require an enhanced level of security.
The legal basis for the processing of your data is provided by the consent granted by you in accordance with Art. 6(1)(a) GDPR.
Duration of storage
We process your data to the extent and as long as necessary for the processing purposes described in this Privacy Notice.
If the purpose for which your data was processed no longer applies, this data will be deleted, unless its retention is required for the following purposes:
● Compliance with statutory retention periods that may derive from obligations under commercial or tax law. These periods may be up to ten years.
● Enforcement, exercise or defence of legal claims
In these cases, processing your data will be restricted (“blocked”) so that it can no longer be processed for other purposes.
Deleting your Travel ID profile
If you no longer wish to use the Travel ID services, you may delete your Travel ID profile at any time. The personal data collected in connection with your use of Travel ID will then be deleted immediately, subject to conflicting statutory retention requirements and obligations.
You can delete your Travel ID profile and any specific items of data you have provided in your Travel ID profile yourself by logging into your Travel ID profile and deleting it there.
We will also delete your provisional Travel ID profile if you do not confirm your registration within the period specified in the confirmation email or if you receive a confirmation email with the activation link more than three times without using said link.
We also delete your profile after a specified period of inactivity (see paragraph “Notifications to your Travel ID profile”).
Your rights as a data subject
As the data subject, you can exercise the following rights where the respective statutory conditions exist
● Right to information, Art. 15 GDPR
● Right to rectification, Art. 16 GDPR
● Right to deletion (“right to be forgotten”), Art. 17 GDPR (see also paragraph “Deletion of your Travel ID profile” of this Travel ID Privacy Notice)
● Right to restriction of processing, Art. 18 GDPR
● Right to data portability, Art. 20 GDPR
● Right to object, Art. 21 GDPR (see also the section “Right to object under Art. 21 GDPR” of this Travel ID Privacy Notice)
Insofar as we process your data on the basis of consent, you have the right to withdraw this consent at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.
To exercise your rights, you can contact the relevant Travel ID operators from the “Controllers under data protection law” section of this Privacy Notice. In order to process your application and identify you, we will process your personal data in accordance with Article 6(1)(c) GDPR.
In your Travel ID profile, you can also check the current status of most of your master data yourself at any time. Please update your personal data immediately after any changes occur (for example if you change your email address or telephone number). To delete your Travel ID profile, you can also proceed as described in the paragraph “Deletion of your Travel ID profile”.
You also have the right under Art. 77 GDPR to lodge a complaint with a supervisory authority.
Relevant supervisory authorities
You will find a list of all data protection authorities responsible for the Travel ID operators below.
The relevant supervisory authority for Deutsche Lufthansa AG, EW Discover GmbH and Miles & More GmbH is:
The Officer for Data Protection and Freedom of Information of the State of Hesse
Postfach 3163
65021 Wiesbaden
Germany
Telephone: +49 - 611 - 14 08 - 0
Fax: +49 - 611 - 14 08 - 900 or - 901
Email: [email protected]
The competent supervisory authority for Eurowings GmbH is:
Regional Officer for Data Protection and Freedom of Information
State of North Rhine-Westphalia
Postfach 20 04 44
40102 Dusseldorf
Germany
Tel.: +49 - 211 - 38 424 - 0
Fax: +49 - 211 - 38 424 - 999
Email: [email protected]
The competent supervisory authority for Lufthansa City Airlines GmbH is:
Der Bayerische Landesbeauftragte für den Datenschutz (BayLfD)
Postfach 22 12 19
80502 München
Germany
Email: [email protected]
The competent supervisory authority for Austrian Airlines AG is:
Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Telephone: +43 - 52 -152 - 0
Email: [email protected]
The competent supervisory authority for Swiss International Air Lines AG and Edelweiss Air AG is:
Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
Switzerland
Telephone: +41 - 58 - 46 24 395
Fax: +41 - 58 - 46 59 996
For data processing that is subject to the GDPR:
The Officer for Data Protection and Freedom of Information of the State of Hesse
Postfach 3163
65021 Wiesbaden
Germany
Telephone: +49 - 611 - 14 08 - 0
Fax: +49 - 611 - 14 08 - 900 or - 901
Email: [email protected]
The competent supervisory authority for Brussels Airlines SA/NV is:
Autorité de protection des données
Gegevensbeschermingsautoriteit
Data Protection Authority
Rue de la presse 35, 1000 Brussels
Belgium
Telephone: +32 - 2 - 27 44 800
Email: [email protected]
The competent supervisory authority for Air Dolomiti S.p.A. and Italia Trasporto Aereo S.p.A. is:
Garante per la Protezione dei Dati Personali
Piazza Venezia n. 11
00187 Rom
Italy
Telephone: + 39 06 69 6771
Email: [email protected]
Right to object under Art. 21 GDPR
You have the right to object to the processing of your personal data based on Article 6(1)(f) GDPR at any time on grounds relating to your particular situation.
In the event of an objection, we will no longer process the personal data concerning you, unless we can prove that there are compelling legitimate reasons for the processing that outweigh your interests, rights and freedoms, or if the processing is used to enforce, exercise or defend legal claims.
If the personal data concerning you is processed by us for the purpose of direct marketing and you object to this processing, the personal data concerning you will no longer be processed for these purposes.
You can object to the processing of your personal data at any time, for example using the contacts named in the “Who can you contact” section.
Data security
We use technical and organisational security measures to protect your data against accidental or deliberate manipulation, loss, deletion or access by unauthorised persons. Our security measures are continuously improved as new technology develops.
Recipients of your data
In connection with the processing operations described in this Travel ID Privacy Notice, we may disclose your data to the following categories of recipients:
● Service providers with which we cooperate on the basis of a commissioned processing contract under Art. 28(3) GDPR;
● Government agencies and authorities, e.g. due to police and investigative activities.
Personal data may be transferred worldwide to third countries or international organisations in this context. Appropriate security measures will be taken for such data transfers to protect you and your personal data in accordance with and in compliance with the statutory regulations.
We use EU standard contractual clauses if these transfers are made to a third country for which the EU Commission or the relevant authorities have not issued an adequacy decision. You can find information about EU standard contractual clauses on the European Union website.
In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings or if the transfer is necessary for the execution of a contract.
Updating this Travel ID Privacy Notice
We review this Travel ID Privacy Notice regularly and will update it as required. We will inform you if there are significant changes to this Travel ID Privacy Notice (for example on our website).
