Data Protection Declaration

1) Introduction and Contact Details of the Controller

1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we inform you about how we handle your personal data when using our website. Personal data includes all data that can personally identify you.

1.2 The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is AIR LLOYD Flight Services GmbH, Flugplatz Bonn-Hangelar, Richthofenstraße 124, 53757 St. Augustin, Germany, Tel.: +49 (0)22 41 / 23 07-0, Fax: +49 (0)22 41 / 23 07-30, E-Mail: info@airlloyd.de. The controller for the processing of personal data is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.

1.3 The controller has appointed a data protection officer who can be reached as follows: "Mirko Jeckstadt, mjeckstadt@airlloyd.de; Clara-Zetkin-Straße 21; 16548 Glienicke/Nordbahn; +49 (0) 2241 2307 81"

2) Data Collection When Visiting Our Website

2.1 When using our website for informational purposes only, i.e., if you do not register or otherwise provide us with information, we only collect data that your browser transmits to the site server (so-called „server log files“). When you visit our website, we collect the following data that is technically necessary for us to display the website to you:

Our visited website
Date and time at the moment of access
Amount of data sent in bytes
Source/reference from which you came to the page
Browser used
Operating system used
IP address used (if applicable: in anonymized form)

The processing is carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. The data will not be transferred or used in any other way. However, we reserve the right to check the server log files retrospectively should concrete evidence indicate unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (such as orders or inquiries to the controller). You can recognize an encrypted connection by the character string „https://“ and the lock symbol in your browser line.

3) Cookies

To make visiting our website attractive and to enable the use of certain functions, we use cookies, which are small text files that are stored on your device. Some of these cookies are automatically deleted after closing the browser (so-called „session cookies“), others remain stored on your device for a longer time and enable the saving of page settings (so-called „persistent cookies“). In the latter case, you can find the storage duration in the cookie settings overview of your web browser.

If personal data is also processed by individual cookies set by us, the processing is carried out pursuant to Art. 6(1)(b) GDPR either for the performance of the contract, pursuant to Art. 6(1)(a) GDPR in the case of consent given, or pursuant to Art. 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the site visit.

You can set your browser to inform you about the setting of cookies and to decide individually about their acceptance or exclude the acceptance of cookies for certain cases or generally.

Please note that if cookies are not accepted, the functionality of our website may be limited.

4) Contact

When contacting us (e.g., via contact form or email), personal data is processed – exclusively for the purpose of handling and responding to your request and only to the extent necessary for this purpose.

The legal basis for processing this data is our legitimate interest in responding to your request pursuant to Art. 6(1)(f) GDPR. If your contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted once your request has been conclusively addressed and if there are no statutory retention obligations to the contrary.

5) Use of Customer Data for Direct Marketing

Registration for our Email Newsletter

When you register for our email newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your email address. The provision of additional data is voluntary and will be used to address you personally. For sending the newsletter, we use the so-called double opt-in procedure, which ensures that you will only receive newsletters after explicitly confirming your consent to receive newsletters by activating a verification link sent to the provided email address.

By activating the confirmation link, you give us your consent for the use of your personal data pursuant to Art. 6(1)(a) GDPR. In doing so, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration to be able to trace any possible misuse of your email address at a later time. The data collected by us during newsletter registration is used strictly for the intended purpose.

You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a corresponding message to the controller mentioned at the beginning. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have explicitly consented to further use of your data or we reserve the right to use data in a way that is legally permitted and about which we inform you in this declaration.

6) Data Processing for Contract Execution

6.1 To execute the contract, we work with the following service provider(s) who support us wholly or partially in the execution of concluded contracts. Certain personal data is transferred to these service providers in accordance with the following information.

6.2 Use of Payment Service Providers

- Stripe

On this website, one or more online payment methods of the following provider are available: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland

If you select a payment method from the provider where you make advance payment (e.g., credit card payment), your payment data provided during the ordering process (including name, address, bank and payment card information, currency, and transaction number) as well as information about the content of your order will be transferred to the provider pursuant to Art. 6(1)(b) GDPR. In this case, your data will be transferred exclusively for the purpose of payment processing with the provider and only to the extent necessary for this purpose.

If you select a payment method where the provider makes advance payment (such as invoice or installment purchase or direct debit), you will also be asked during the ordering process to provide certain personal data (first and last name, street, house number, postal code, city, date of birth, email address, telephone number, and if applicable, data for an alternative payment method).

To protect our legitimate interest in determining our customers' ability to pay, this data is forwarded by us to the provider pursuant to Art. 6(1)(f) GDPR for the purpose of a credit check. The provider checks based on your provided personal data as well as other data (such as shopping cart, invoice amount, order history, payment experiences) whether the selected payment option can be granted with regard to payment and/or default risks.

The credit report may contain probability values (so-called score values). If score values are included in the credit report result, they are based on a scientifically recognized mathematical-statistical procedure. Address data, among other factors but not exclusively, is included in the calculation of score values.

You can object to this processing of your data at any time by sending a message to us or to the provider. However, the provider may still be entitled to process your personal data if this is necessary for contractual payment processing.

7) Web Analysis Services

7.1 Google Analytics 4

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), which enables the analysis of your use of our website.

By default, when visiting the website, Google Analytics 4 sets cookies that are stored as small text files on your device and collect certain information. Your IP address is also collected but is truncated by Google by removing the last digits to exclude direct personal identifiability.

The information is transferred to Google's servers and processed there. Transfers to Google LLC in the USA are also possible.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activities for us, and to provide other services related to website and internet usage. The truncated IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. The data collected within the scope of using Google Analytics 4 is stored for two months and then deleted.

All processing operations described above, particularly the setting of cookies on the device used, are only carried out if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR.
Without your consent, Google Analytics 4 will not be used during your site visit. You can revoke your given consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service via the „Cookie-Consent-Tool“ provided on the website.

We have concluded a data processing agreement with Google that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Analytics 4 can be found at https://business.safety.google/intl/en/privacy/, https://policies.google.com/privacy?hl=en&gl=en and at https://policies.google.com/technologies/partner-sites

Demographic Features
Google Analytics 4 uses the special feature „demographic characteristics“ and can create statistics that make statements about the age, gender, and interests of site visitors. This is done by analyzing advertisements and information from third-party providers. This allows target groups for marketing activities to be identified. However, the collected data cannot be attributed to a specific person and will be deleted after storage for two months.

Google Signals
As an extension to Google Analytics 4, Google Signals may be used on this website to create cross-device reports. If you have activated personalized ads and linked your devices to your Google account, Google can, subject to your consent to use Google Analytics pursuant to Art. 6(1)(a) GDPR, analyze your usage behavior across devices and create database models, including for cross-device conversions. We do not receive any personal data from Google, only statistics. If you want to stop cross-device analysis, you can deactivate the "Personalized Advertising" function in your Google account settings. Follow the instructions on this page: https://support.google.com/ads/answer/2662922?hl=en Further information about Google Signals can be found at the following link: https://support.google.com/analytics/answer/7532985?hl=en

UserIDs
As an extension to Google Analytics 4, the "UserIDs" feature may be used on this website. If you have consented to the use of Google Analytics 4 pursuant to Art. 6(1)(a) GDPR, have set up an account on this website, and log in on different devices with this account, your activities, including conversions, can be analyzed across devices.

For data transfers to the USA, the provider has joined the EU-US Data Privacy Framework, which ensures compliance with European data protection standards based on an adequacy decision by the European Commission.

7.2 Google Tag Manager

This website uses the „Google Tag Manager“, a service provided by the following provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland („Google“).

The Google Tag Manager provides a technical foundation for bundling various web applications, including tracking and analysis services, and calibrating, controlling, and linking them to conditions through a unified user interface. The Google Tag Manager itself does not store any information on user devices or read them out. The service also does not perform any independent data analysis. However, when the page is accessed, the Google Tag Manager transmits your IP address to Google where it may be stored. Transfers to Google LLC's servers in the USA are also possible.

This processing is only carried out if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. Without this consent, the use of Google Tag Manager will not occur during your site visit. You can revoke your given consent at any time with effect for the future. To exercise your revocation, please deactivate this service via the „Cookie-Consent-Tool“ provided on the website.

We have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further legal information about Google Tag Manager can be found at https://business.safety.google/intl/en/privacy/ and https://policies.google.com/privacy?hl=en&gl=en

8) Site Functionalities

8.1 Youtube

This website uses plugins for displaying and playing videos from the following provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data may also be transferred to: Google LLC., USA

When you access a page of our website that contains such a plugin, your browser establishes a direct connection to the provider's servers to load the plugin. Certain information, including your IP address, is transmitted to the provider.

If embedded video playback is started via the plugin, the provider also uses cookies to collect information about user behavior, create playback statistics, and prevent abusive behavior.

If you are logged into a user account with the provider during your site visit, your data will be directly associated with your account when you click on a video. If you do not want the association with your account, you must log out before activating the playback button.

All aforementioned processing operations, particularly the setting of cookies for reading information on the device used, only occur if you have given us your explicit consent pursuant to Art. 6(1)(a) GDPR. You can revoke your given consent at any time with effect for the future by deactivating this service via the „Cookie-Consent-Tool“ provided on the website.

8.2 ShopVote Graphics

On our website, graphic elements from the following provider are integrated to display external customer reviews and/or an externally awarded quality seal: Blickreif GmbH, Schulstraße 46, 80634 Munich, Germany

When you access a page of our website that contains such graphic elements, your browser establishes a direct connection to the provider's servers to properly load the elements. Certain browser information, including your IP address, is transmitted to the provider.

If personal data is processed in this context, this is done pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in optimal marketing of our offerings and attractive design of our website.

8.3 Google Maps

This website uses an online map service from the following provider: Google Maps (API) from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google”).

Google Maps is a web service for displaying interactive (land) maps to visually present geographical information. Through the use of this service, our location is displayed to you and any potential journey is made easier.

When you access subpages where the Google Maps map is integrated, information about your use of our website (such as your IP address) is transmitted to and stored on Google's servers; this may also involve transmission to Google LLC's servers in the USA. This occurs regardless of whether Google provides a user account through which you are logged in or whether a user account exists. If you are logged into Google, your data will be directly associated with your account. If you do not wish the association with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and evaluates them.

The collection, storage, and evaluation are carried out pursuant to Art. 6(1)(f) GDPR based on Google's legitimate interest in displaying personalized advertising, conducting market research, and/or designing Google websites according to needs. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right. If you do not agree with the future transmission of your data to Google as part of using Google Maps, there is also the possibility to completely deactivate the Google Maps web service by turning off the JavaScript application in your browser. Google Maps and thus the map display on this website cannot then be used.

Where legally required, we have obtained your consent pursuant to Art. 6(1)(a) GDPR for the processing of your data as described above. You can revoke your consent at any time with effect for the future. To exercise your revocation, please follow the possibility for objection described above.

Further information about Google's privacy policy can be found here: https://business.safety.google/intl/en/privacy/

9) Tools and Other

Cookie Consent Tool

This website uses a so-called „Cookie Consent Tool“ to obtain effective user consent for cookies and cookie-based applications that require consent. The „Cookie Consent Tool“ is displayed to users when they visit the page in the form of an interactive user interface, where permissions for certain cookies and/or cookie-based applications can be given by ticking boxes. Through the use of the tool, all consent-required cookies/services are only loaded when the respective user grants appropriate permissions by ticking boxes. This ensures that such cookies are only set on the respective user's device if consent has been given.

The tool sets technically necessary cookies to store your cookie preferences. Personal user data is generally not processed.

If, in individual cases, personal data (such as the IP address) is processed for the purpose of storing, assigning, or logging cookie settings, this is done pursuant to Art. 6(1)(f) GDPR based on our legitimate interest in providing a legally compliant, user-specific, and user-friendly consent management for cookies and thus a legally compliant design of our website.

Further legal basis for processing is also Art. 6(1)(c) GDPR. As the controller, we are subject to the legal obligation to make the use of technically non-necessary cookies dependent on the respective user consent.

Where necessary, we have concluded a data processing agreement with the provider that ensures the protection of our site visitors' data and prohibits unauthorized disclosure to third parties.

Further information about the operator and the setting options of the Cookie Consent Tool can be found directly in the corresponding user interface on our website.

10) Rights of the Data Subject

10.1 The applicable data protection law grants you the following data subject rights (rights to information and intervention) vis-à-vis the controller with regard to the processing of your personal data, with reference to the legal basis cited for the respective exercise requirements:

Right of access pursuant to Art. 15 GDPR;
Right to rectification pursuant to Art. 16 GDPR;
Right to erasure pursuant to Art. 17 GDPR;
Right to restriction of processing pursuant to Art. 18 GDPR;
Right to information pursuant to Art. 19 GDPR;
Right to data portability pursuant to Art. 20 GDPR;
Right to withdraw consent pursuant to Art. 7(3) GDPR;
Right to lodge a complaint pursuant to Art. 77 GDPR.

10.2 RIGHT TO OBJECT

IF WE PROCESS YOUR PERSONAL DATA BASED ON OUR LEGITIMATE INTERESTS FOLLOWING A BALANCING OF INTERESTS, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, WITH EFFECT FOR THE FUTURE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ESTABLISH, EXERCISE OR DEFEND LEGAL CLAIMS.

IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

11) Duration of Storage of Personal Data

The duration of storage of personal data is determined by the respective legal basis, the purpose of processing, and – if applicable – additionally by the respective statutory retention period (e.g., commercial and tax retention periods).

When processing personal data on the basis of explicit consent pursuant to Art. 6(1)(a) GDPR, this data is stored until you revoke your consent.

If there are statutory retention periods for data that is processed within the framework of legal or similar obligations based on Art. 6(1)(b) GDPR, this data will be routinely deleted after expiry of the retention periods if it is no longer necessary for contract fulfillment or contract initiation and/or if we no longer have a legitimate interest in continued storage.

When processing personal data based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

When processing personal data for direct marketing purposes based on Art. 6(1)(f) GDPR, this data is stored until you exercise your right to object pursuant to Art. 21(2) GDPR.

Unless otherwise stated in the other information in this declaration about specific processing situations, stored personal data will be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.