Fraport AG Frankfurt Airport Services Worldwide Data Protection Statement

The General Data Protection Regulation (GDPR) is a regulation of the European Union, which standardises the rules on the processing of personal data by private companies and public authorities across the EU. The aim is not only to safeguard the protection of personal data within the European Union, but also to ensure the free movement of data within the European single market.

The Regulation replaces the 1995 Directive 95/46 / EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the national data protection acts which transferred the 1995 Directive into national law.

Protection and security of personal data is of great importance to us. Below you will find the information required under the General Data Protection Regulation ("GDPR") regarding the processing of personal data in connection tailored to different categories of data subjects.

It is our goal to provide you with exactly the right amount of information regarding the processing of personal data relating to you. Please choose therefore, which information we may provide to you.

The Controller within the meaning of the GDPR is:

Fraport AG Frankfurt Airport Services Worldwide
60547 Frankfurt am Main
Management Board: Dr. Stefan Schulte (Chairman), Anke Giesen, Julia Kranenberg, Dr.  Pierre Dominique Prümm, Dr.  Matthias Zieschang
Local Court Frankfurt am Main, HRB 7042
Tel.: +49 69 690-0
E-Mail:  info@fraport.de

For further questions or suggestions concerning data protection and for making use of your individual rights as data subject please contact the data protection officer of Fraport (datenschutz@fraport.de).

Your rights as data subjects vis-à-vis the Controller are outlined in the GDPR. Below we explain the essential content of the most important regulations. For a more complete overview of your rights, read in particular Articles 7, 15 to 22 and 77 to 80 of the GDPR. The GDPR is available in all official languages ​​of the European Union on the following website:

http://eur-lex.europa.eu/eli/reg/2016/679/oj

1.1 Right to object at any time, Art. 21 GDPR

For reasons that arise from your particular situation, you have the right at any time to object the processing of personal data relating to you, which is legitimized on the basis of Art. 6 para. 1 sentence 1 lit. (e) or (f) GDPR; this also applies to profiling based on these provisions. Personal data will then no longer be processed by the Controller unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. If the processing serves the assertion, exercise or defence of legal claims, the Controller may continue to process personal data concerning you as well.

If personal data is processed in order to run direct mailing campaigns, you have the right to object at any time to the processing of personal data related to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

In addition, Art. 21 GDPR provides for other reasons which may give you the right to file an objection.

1.2 Right to information, Art. 15 GDPR

You have the right to request from the Controller to confirm whether personal data relating to you is being processed. You can also request information about the processed personal data. Upon your request, the Controller must also provide you with further information about the processing of data, as specified in Art. 15 GDPR.

1.3 Right to correction of incorrect personal data, Art. 16 GDPR

You have the right to demand from the Controller without delay the rectification of incorrect personal data concerning you and / or the completion of incomplete personal data.

1.4 Right to delete personal data, Art. 17 GDPR

You have the right to demand immediate deletion of your personal data from the Controller if they are no longer needed for the purposes pursued. Art. 17 GDPR also provides for other reasons which entitle you to request deletion.

1.5 Right to restriction of data processing, Art. 18 GDPR

Art. 18 GDPR outlines certain reasons entitling you to restriction of data processing upon your request. This applies in particular in the event that you object to the processing of personal data relating to you. During our assessment of your request for data deletion (cf. sec. 1.4 hereof), you may exercise your right to restrict data processing in accordance with Art. 18 GDPR.

1.6 Right to Data Transferability, Art. 20 GDPR

Under the conditions of Art. 20 GDPR, you have the right to data portability. This includes the right to receive personal data that you might have provided to us, in a structured, commonly used and machine-readable format and the right to submit that data to other persons without hindrance. If technically feasible, you may also request that the data be transmitted directly to another Controller.

1.7 Right to withdraw consent, Art. 7 GDPR

If the data processing is based on your consent (Article 6 (1) sentence 1 (a) or Article 9 (2) (a) GDPR), you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

1.8 Right to complain to a supervisory authority, Art. 77 GDPR

If you believe that the processing of the personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may lodge your complaint with the supervisory authority below or any other supervisory authority.

Regarding Fraport the supervisory authority is:

Der Hessische Datenschutzbeauftragte
Postfach 31 63
65021 Wiesbaden
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Tel.: 0611/1408-0
Fax:   0611/1408-900 or -901
E-Mail:  poststelle@datenschutz.hessen.de

1. Validity of this Privacy Statement

This privacy statement applies to the following websites:

Furthermore, we link to or integrate offers from other providers. Separate privacy statements and regulations may apply to these offers. These are offers from third parties. Please take the corresponding data protection information from the information on the respective websites or within the corresponding offers.

2. General information on data collection and use when using our services
2.1 General information

Personal data is all information that can be assigned to a specific person (e.g., name, address, telephone number, e-mail address). When you visit our web pages and use our services, the provision of services and security automatically collects user information, such as the IP address assigned to you by your ISP, the website from which you visit us, the web pages that you visit with us, your browser type (including version and language), your device type and related information (e.g., monitor resolution), device IDs (e.g., your MAC address or similar device IDs ) as well as details of your operating system, date and duration of your visit as well as further information on the successful use of our services (e.g., search queries, viewed pages, click behavior).

All these data will be used with regard to the purposes stated above, processed and used as well as stored for a limited period of time and, subject to the further descriptions in this Privacy Statement, do not allow us to infer any natural person. Your IP address will only be saved after the deletion of the last four digits. The MAC address is only processed in anonymous form. Without this data, we can not or do not fully provide you with our services.

The collection and processing of the corresponding personal data is based on Art. 6 para. 1 sentence 1 lit. b GDPR (contract purpose), insofar as this is necessary to enable you to use our services.

In addition, the processing in individual cases is necessary for the protection of legitimate interests pursued by us or a third party (Art. 6 (1) (1) (f) GDPR). Our interest in processing such data as e.g. the browser type or other log files are designed to ensure the functionality and security of our information technology systems and to optimize the website.

In addition, cookies and analysis services are used when visiting our websites. Further details can be found under no. 2.2 and 2.3 of this Privacy Statement.

You can visit or use our services without having to register or identify yourself.

Your data will only be transmitted to a third country or an international organization if we are legally obliged to do so. In any case, we will inform you in accordance with the legal requirements on such a transfer and make a corresponding transfer taking into account the legal requirements, in particular with regard to the presence or absence of an adequacy decision of the European Commission or by using appropriate or appropriate guarantees.

2.2 Cookies and Internet technologies

Cookies are small text files stored locally in the cache of the site visitor's Internet browser. To improve usability, we use temporary cookies that are stored on your device for a specific period of time. These cookies enable, among other things, the recognition of the internet browser, so that data already entered will not be lost during the interruption of a usage process (e.g., interruption of the internet connection) or the change to another service within our offer.Additionally, we use cookies to statistically record the use of our website and to optimize our offerings. These cookies are automatically deleted after a defined time.

You have the option to prevent the storage of cookies on your computer by appropriate browser setting.

The data collected using the aforementioned technologies will not be used to personally identify the visitor of the website without the specific consent of the person concerned, and will not be combined with personal data about the holder of the pseudonym, unless you have related this to us in another context expressly permitted or permitted by law. The corresponding data collection and processing can be objected vis-à-vis Fraport at any time with effect for the future.

The use of appropriate technologies takes place either on the basis of a corresponding statutory permission standard or for the protection of our legitimate interests (Art. 6 (1) sentence 1 GDPR), in particular to safeguard the functionality and security our information technology systems and to tailor advertising tailored to your interests.

2.3 Use of analysis and tracking tools

Our websites use the analysis and tracking tools listed in the following subsections (including the integration of advertising networks). The processing of the data by such analysis and tracking tools is necessary to safeguard our legitimate interests (Art. 6 (1) sentence 1 (f) GDPR).Our interest in processing the data is i.a. the optimization of the website and the services. In addition, the data is used to increase the usability of our services and thus the satisfaction of users and customers.

2.3.1 eTracker

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) lit. GDPR) we utilize the analysis service "etracker" of etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg.

The data collected is analyzed exclusively pseudonymically, stored solely on servers in Germany, not combined with other data or passed on to third parties.

When storing the user data, in particular, the IP addresses, device and domain data of the users are only shortened stored or encrypted, so that identification of individual users is not possible. The shortening of the IP address takes place at the earliest possible moment and automatically by default. From the data processed by etracker, pseudonymous user profiles are created using cookies. However, identifiers for recognizing a user, performing session and cross-device tracking, and providing behavioral data for remarketing are securely pseudonymized or encrypted. Furthermore etracker secures the protection of the processed data of the users contractually through a data processing agreement acc. Art. 28 (3) sentence 1 GDPR.You can object to the data collection and storage at any time with effect for the future. In order to counter data collection and storage of your visitor data for the future, you can obtain an opt-out cookie from etracker under the following links, which ensure that no visitor data from your browser will be collected and stored by etracker in the future.

The opt-out sets an opt-out cookie with the name "cntcookie" by etracker. Please do not delete this cookie as long as you want to maintain your opposition.

For more information, see the etracker Privacy Policy:  https://www.etracker.com/en/data-privacy/.

2.3.2 CI360 by SAS

Our services include CI360, a web analysis solution from SAS Institute Inc. (“SAS”). CI360 uses cookies that are stored on your computer and allow us to analyse your use of our services. The information generated by the cookie about your use of our services are transferred to SAS’s servers within Europe (more precisely: Ireland) and stored there after shortening of the IP address. The data is used for displaying interest-based content and analysing the usage of the website (web tracking). SAS processes the data exclusively on our behalf, in accordance with our instructions and not for their own purposes. You can prevent the installation of the cookies by activating the relevant setting of your browser software; however, please note that if you do this you may not be able to fully use all of our services.

2.4 Integration of social media services

2.4.1 Google+

Within the site, features and content of the Google+ platform may be incorporated (Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google")). These include e.g. Buttons that allow you to share website content within Google. If you are a user of the Google+ platform, Google may request the o.g. Assign contents and functions to the profiles of the users there.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation
(https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

For more information about Google's data usage, hiring and disparaging options, please read Google's Privacy Policy (https://policies.google.com/technologies/ads) and Google's Ads Ads Settings (https://adssettings.google.com/authenticated).

2.4.2 Facebook Social Plugins

Based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. GDPR) we use social plugins ("plugins") of the social network facebook.com, which operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

This includes e.g. buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here:  https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation

(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore inform users according to our knowledge.

By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address. According to Facebook, only an anonymous IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Facebook, as well as the related rights and setting options for protecting the privacy of users, can be found in Facebook's privacy policy:  https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not want Facebook to collect data about him/her via this online offer and link it to his/her member data stored on Facebook, he/she must log out of Facebook and delete his cookies before using our online offer. Other settings and inconsistencies regarding the use of data for advertising purposes are possible within the Facebook profile settings:
https://www.facebook.com/settings?tab=ads  or via the US-American site  http://www.aboutads.info/choices/  or the EU page  http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

2.4.3 Twitter

Within our online offering, features and content of the Twitter service offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, may be incorporated. For this includes e.g. buttons that allow users to share content from this online offering within Twitter.

If the users are members of the platform Twitter, Twitter is able to link visited content and used functions to the profiles of the users there. Twitter is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation
(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Privacy Policy:  https://twitter.com/privacy, Opt-Out:  https://twitter.com/personalization.

2.5 Contact and contact form

When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its processing in accordance with. Art. 6 para. 1 lit. b. (in the context of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) GDPR processed. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request organization.We delete the requests, if they are no longer required. We check the necessity every two years; furthermore, the statutory archiving obligations apply.

2.6 Data security

Our websites use the widely used SSL (Secure Socket Layer) method in combination with the highest encryption level supported by your browser (usually 256 bit encryption). If your browser does not support this encryption, 128-bit v3 technology is used. Whether contents of our website offer are encrypted is indicated by the fact that a key or lock symbol is displayed in the bottom status bar
of your browser, which is displayed as encrypted (marked with a key symbol).

We also use appropriate technical and organizational security measures to prevent accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties as far as possible. We adapt these measures according to the technological development continuously.