Data protection

Data Protection Statement

The protection of your privacy is an important concern for the Hamburg Airport Group. We, Flughafen Hamburg GmbH (in the text that follows, “Hamburg Airport” or “we”), as a company within the Hamburg Airport Group, want you to know what data we save, when we save that data, and how we use that data. In this document, we inform you about how we collect, process and use your personal data when you visit our website haminfo-terminal.com (in the text that follows, “Website”).

I.             

Responsibility / Contact

The responsible office for the gathering, processing and usage of personal data in the sense of the General Data Protection Regulation (GDPR), also service provider in the sense of the German Telemedia Act (TMG), is:

Flughafen Hamburg GmbH, Flughafenstrasse 1 – 3, 22335 Hamburg,

With this Data Protection Statement, we therefore fulfil our information obligations arising from GDPR Articles 12 - 14 and Art. 13 Para. 1 of TMG, relating to the nature, scope and purpose of the processing of personal data. 

If you wish to view or update your personal data, or if you have questions on data protection on our website, please contact us via the email address datenschutz@ham.airport.de or by post (address below) at any time. Our Data Protection Officers may also be reached via datenschutz@ham.airport.de.

II.           

Specifics of information requirements

All information relating to an identified or identifiable natural person is considered personal data. A natural person is considered identifiable when this person can be directly or indirectly identified by means of the assignment of name, number, location data, online identity or one or more specific features that express the person’s physical, physiological, genetic, psychological, commercial, cultural or social identity. This includes such information as name, postal address, email address, telephone number and also, according to current legal opinion, usage data such as IP addresses.

Processing refers to any action or sequence of actions relating to personal data, whether performed with or without the assistance of automated processing, such as the gathering, recording, organisation, categorisation, storage, adaption or alteration, selection, retrieval, usage, publication or transmission, distribution or deployment, comparison, linking, limitation, deletion or destruction of data.

III.          

Data processing functions at haminfo-terminal.com

The scope and nature of the collection, processing and use of your personal data depends on whether you use our Website to contact us, use the tools and features provided on the Website, or use the Website purely for informational purposes.

1.    Data collection via contact interface

You have the possibility to contact us via contact forms on our website and also to subscribe to a newsletter. You can also register in the special “My HAMinfo Terminal” area. Hamburg Airport collects and saves personal data related to the use of these services only when you provide such data on your own initiative. We use such personal data exclusively to fulfil your request or process your enquiry. You are free to decide whether you provide your data to us for these purposes. Wherever the nature of your request or enquiry allows, you may deal with us anonymously or under a pseudonym. As a fundamental principle, we will only store your data as long as is needed to process your request or enquiry, except where we are entitled or required by law to store the data for a longer period.

The storage of data collected via the various contact interfaces takes place using our Customer Relationship Management (CRM) system. The efficient structuring of our internal data handling procedures gives us a legitimate interest (Lawfulness of Processing, GDPR Art. 6, No. 1f). If you do not wish for your data to be stored, you may object to this form of data storage at any time. You may do so, for example, simply by sending an email to datenschutz@ham.airport.de. Please be aware, however, that we may then be unable to provide the service you have requested.

In the following paragraphs we inform you about data processing within the context of the contact interfaces provided do you on our website. You may enforce your rights as an affected person in this regard (see Point 6) at any time.

1.1  Enquiries via the contact form or email

If you contact us via our contact form or email, by sending the message you consent to our processing your data to process the enquiry or request in the form or email. Depending on the individual situation, this may include the following personal data:

-       Airline

-       Land

-       Given and family name(s)

-       Title

-       Email address

-       Telephone number (optional)

-       Message in free text

The personal data shall only be stored for the purpose of processing your enquiry or request and any follow-up questions that may arise. For this purpose, your data may be passed on to other companies with the Hamburg Airport Group in accordance with areas of responsibility. You may revoke your consent at any time. In order to revoke your consent you may, for example, send an appropriate email to datenschutz@ham.airport.de. Without delay, we will then suspend the processing of your data for the purpose of responding to your enquiry and delete your data, except where we are legally entitled or required to continue storing your data.

1.2  Newsletter

The newsletter contains news, advertising, and other information relating to the products and services available at Hamburg Airport. When you register for the newsletter by marking the checkbox, confirming the consent declaration that follows, we collect your email address (mandatory), title, given and family names and date of birth (voluntary):

Declaration of consent

I agree and consent to Flughafen Hamburg GmbH using my email address and any data I have voluntarily provided here to send the email newsletter for the purpose of advertising products and services available at Hamburg Airport (further information is available here). I have read and understood the Data Protection Statement. I may revoke this consent at any time.

The collection of your email address is in our legitimate interest as it is needed in order to send you a confirmation email to this email address, in order to carry out of the legally binding double opt-in process in which we ask for you to confirm that you have requested the newsletter (Lawfulness of Processing, GDPR Art. 6, No. 1f). If you confirm registration, on the basis of this legally valid consent  (Lawfulness of Processing, GDPR Art. 6, No. 1a) the newsletter shall then be regularly sent to your email address, and we shall use the voluntary information provided to personalise and structure the newsletter. If, however, you do not confirm the registration, your registration will automatically be deleted when our experience tells us that we should no longer expect the successful conclusion of the double opt-in process. You may also object to the storage of your data in the intervening period, for example by sending an email to datenschutz@ham.airport.de. We shall then delete your data. In order to document your declaration of consent, we store your IP address and the time and date for both the registration and its confirmation via the double opt-in process.

The processing of newsletter registrations and distribution is carried out on our behalf by “Direkt Gruppe, marketing Solutions direkt GmbH” as order processor. This is in line with our legitimate interest in offering our newsletter professionally and economically (Lawfulness of Processing, GDPR Art. 6, No. 1f). Marketing Solutions direkt GmbH processes your data, collected for the purpose of newsletter distribution, exclusively on our behalf and in line with our instructions, and in full compliance with applicable data protection legislation. To ensure that this is the case, we have concluded an order processing agreement with Marketing Solutions direkt GmbH, in accordance with GDPR Art. 28 No. 2.

1.3 Registration for the “My HAMinfo Terminal” area

We require you to register in order to use the special “My HAMinfo Terminal” area. For the registration process, Hamburg Airport collects the following data:

- Email address

- Given and family name

- Airline

- Country

This personal data is used in the operation of the special “My HAMinfo Terminal” area.

As part of the registration process, we also issue you with a password and store your IP address along with the time/date of registration.

2.    Collection via technical tools and features

2.1  Functional purposes

When you use our Website for purely informational purposes, we collect and use the access data that your web browser automatically sends. The data is saved in a so-called log file on the web server. The data relates to the file request by the client, the date and time of the page request, the success or otherwise of the page request, the quantity of data transferred, the web browser type and version you are using, your operating system, the IP address assigned to you by your internet service provider, and the website from which you visited our Website. We require this data for the technical operation of our Website on the web server. The short-term storage of log files is also expedient to investigate attempted attacks on the web server or any potential misuse. We therefore have a legitimate interest in this data processing, namely providing our service to you on the basis of these technical and organisational requirements  (Lawfulness of Processing, GDPR Art. 6, No. 1f). We delete the data once it is no longer needed for this purpose.

2.2  Cookies

The following advertising cookies are used on our Website: Cookies are text files saved in your browser when you visit our Website, gathering information on your use of our Website. This information helps us better understand user needs and the technical behaviour of our Website, as a basis for improving the content, usability and functionality of our Website. Cookies do not damage your computer and do not contain viruses. The cookies used on our Website are primarily so-called session cookies, which are automatically deleted when you close your browser. They establish a so-called Session ID for your browser, enabling us to assign different requests from your browser to a visit to the Website, so that we can see when you return to our Website with your browser. The session cookies are deleted when you log out or close your browser. You have the option of configuring your browser so that these cookies are not saved or are deleted at the end of your visit. Please note you, however, that this may mean that you are unable to make full use of some of the functions of this website.

3.2.1 Web analysis cookies

2.2.1.1 Google Analytics

Our webiste uses Google Analytics, a web analysis service provided by G Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics makes use of cookies. This makes it possible to categorise user behaviour on the basis of a pseudonymous client ID. The information on your usage of our website, gathered by means of cookies, is normally transferred to a Google server in the USA, where it is saved. As IP anonymising has been activated ("IP-") for our website, your IP address, is first truncated by Google within a state of the European Union or another state signatory to the European Economic Area Agreement. In exceptional cases, the full IP address may be sent to a Google server in the USA and truncated there. Google has subjected itself to the EU-US-Privacy-Shield for such cases. The IP address transferred as part of the Google Analytics service is not combined with other data stored by Google. Google uses the information obtained from cookies on our behalf to analyse your usage of the website, to generate reports on website activity, and to provide us with further services associated with the usage of the website and the internet. We have a legitimate interest in the processing of the data by Google as order processor (legal basis: GDPR Art. 6 No. 1f). We have concluded an agreement to this effect with Google, pursuant to GDPR Art. 28, guaranteeing that Google processes your personal data exclusively on our behalf, strictly in line with our instructions, and in accordance with applicable data protection law. You may prevent the storage of cookies by means of a setting in your browser. We wish to advise you, however, that this may mean that you are unable to make full use of some of the functions of this website. Furthermore, you may prohibit the collection and processing by Google of the data described above by downloading and installing a browser plug-in here . You may also obtain an opt-out cookie here hier; by installing this cookie, you prevent Google from collecting your data. This method is particularly helpful if the deactivation plug-in does not work, for example on mobile devices. If you use our website with various browsers and/or devices, you must undertake these steps on all browsers and devices in order to prevent data collection. Further information on the protection of your data when Google services are used is available at the following links:

www.google.com/analytics/terms/gb.html

www.google.de/intl/en/policies/

2.2.1.2 Siteimprove

Our website makes use of Siteimprove Analytics, a web analysis service from Siteimprove GmbH, Kurfuerstendamm 56, 10707 Berlin (“Stieimprove”). Siteimprove Analytics uses so cookies, which are saved on your computer and make it possible to analyse your usage of the website. The information on your usage of this website, gathered by means of cookies (including the visitor’s encrypted IP address) is transferred to a Siteimprove server within Europe, where it is saved. Siteimprove uses the information collected exclusively in line with our instrauctions and on our behalf, in order to evalue the usage of our website and compile reports on website activity for us. On this basis, we are able to continually improve our services for you, which constitutes our legitimate interest in the data processing (legal basis: GDPR Art. 6 No. 1f). The integration of Siteimprove as order processor is governed by an order processing agreement pursuant to GDPR Art. 28. Siteimprove will not pass the information collected on to any third party. If you do not wish Siteimprove to evaluate your user behaviour, you may block Siteimprove cookies with an appropriate setting in your browser. We wish to advise you,, that this may mean that you are unable to make full use of some of the functions of this website.

For further information on data protection, please visit https://siteimprove.com/privacy-policy/.

3.    Passing on of data

In addition to the passing on of data for technical reasons, we also have to pass on some data to third parties in association with the usage of tools on our Website; this is done in strict compliance with applicable data protection legislation.

The maintenance and design of our online presence, in both technical and content terms, may make it necessary for external service providers to gain access to personal data (especially IT service providers). In such cases, personal data is treated exclusively in line with our express instructions and on the basis of an agreement on order processing, in accordance with GDPR Art. 28. In this agreement, the service provider guarantees to provide service to us in accordance with applicable data protection legislation. Should this result in the passing on of data to a service provider outside of Europe, we guarantee compliance with an appropriate data protection level in accordance with the provisions of GDPR Art. 45ff. The legislative framework expressly identifies the use of professional service providers as necessary for our legitimate interest in providing our services to you professionally and economically (Lawfulness of Processing, GDPR Art. 6, No. 1f). In such cases, we remain responsible for the protection of your data.

Furthermore, we reserve the right to reveal your personal data when we are demonstrably legally obliged to do so or when regulatory authorities and/or law enforcement agencies make a legally correct demand that we do so.

4.    Data security

We have taken technical and organisation measures, in the sense of GDPR Art. 32, to protect your data from loss and unauthorised third-party access. We continually evaluate and improve these security measures in line with technological development.

5.    Rights of affected persons (information on stored data, correction of data, revocation, blocking, deletion, limitation, transferability) and contact persons

You may obtain information on the scope, origin and recipients of stored data and the purpose of data storage at any time (GDPR Art. 15). You may require the correction of inaccurate data at any time (GDPR Art. 16). You are also entitled to receive a copy of all personal data related to you in a common structured machine-readable format (GDPR Art. 20). You may disallow or revoke the use of your personal data for the future (GDPR Art. 21) and require the partial or complete deletion (GDPR At. 17), processing limitation or blockage (GDPR Art. 18) of your data. We will examine such a request and comply, insofar as no other legal basis for ongoing data processing exists. You shall be informed of the outcome. Furthermore, you are entitled to lodge a complaint with a supervisory authority, e.g. with the Hamburg Data Protection and Information Freedom Compliance Officers, Klosterwall 6, 20095 Hamburg, if you are of the opinion that the processing of personal data affecting you violates the provisions of the GDPR. As a rule, you are not required to observe a specific format in the exercise of your rights as an affected person. You may, for example, send us an email via datenschutz@ham.airport.de.

6.    Updates and changes

We may change or update this Data Protection Statement without notifying you in advance. Please always view the current version before making use of our services to make sure that you are aware of the current provisions in the event of any changes or updates. Date of issue of Data Protection Statement: May 2018.