Fraport AG Frankfurt Airport Services Worldwide Data Protection Statement

The General Data Protection Regulation (GDPR) is a regulation of the European Union, which standardises the rules on the processing of personal data by private companies and public authorities across the EU. The aim is not only to safeguard the protection of personal data within the European Union, but also to ensure the free movement of data within the European single market.

The Regulation replaces the 1995 Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the national data protection acts which transferred the 1995 Directive into national law.

Protection and security of personal data is of great importance to us. Below you will find the information required under the General Data Protection Regulation ("GDPR") regarding the processing of personal data in connection tailored to different categories of data subjects.

It is our goal to provide you with exactly the right amount of information regarding the processing of personal data relating to you. Please choose therefore, which information we may provide to you.

The Controller within the meaning of the GDPR is:

Fraport AG Frankfurt Airport Services Worldwide
60547 Frankfurt am Main
Management Board: Dr. Stefan Schulte (Chairman), Anke Giesen, Julia Kranenberg, Dr.  Pierre Dominique Prümm, Prof. Dr.  Matthias Zieschang
Local Court Frankfurt am Main, HRB 7042
Tel.: +49 69 690-0
E-Mail:  info@fraport.de

For further questions or suggestions concerning data protection and for making use of your individual rights as data subject please contact the data protection officer of Fraport (datenschutz@fraport.de).

Your rights as data subjects against the Controller are outlined in the GDPR. Below we explain the essential content of the most important regulations. For a more complete overview of your rights, read in particular Articles 7, 15 to 22 and 77 to 80 of the GDPR. The GDPR is available in all official languages ​​of the European Union on the following website:

http://eur-lex.europa.eu/eli/reg/2016/679/oj

1.1 Right to object at any time, Art. 21 GDPR

For reasons that arise from your particular situation, you have the right at any time to object the processing of personal data relating to you, which is legitimized on the basis of Art. 6 (1) sentence 1 (e) or (f) GDPR; this also applies to profiling based on these provisions. Personal data will then no longer be processed by the Controller unless he can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms. If the processing serves the assertion, exercise or defence of legal claims, the Controller may continue to process personal data concerning you as well.

If personal data is processed in order to run direct mailing campaigns, you have the right to object at any time to the processing of personal data related to you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct mail.

In addition, Art. 21 GDPR provides for other reasons which may give you the right to file an objection.

1.2 Right of access by the data subject, Art. 15 GDPR

You have the right to request from the Controller to confirm whether personal data relating to you is being processed. You can also request information about the processed personal data. Upon your request, the Controller must also provide you with further information about the processing of data, as specified in Art. 15 GDPR.

1.3 Right to rectification, Art. 16 GDPR

You have the right to demand from the Controller without delay the rectification of incorrect personal data concerning you and / or the completion of incomplete personal data.

1.4 Right to erasure (‘right to be forgotten’), Art. 17 GDPR

You have the right to demand immediate deletion of your personal data from the Controller if they are no longer needed for the purposes pursued. Art. 17 GDPR also provides for other reasons which entitle you to request deletion.

1.5 Right to restriction of data processing, Art. 18 GDPR

Art. 18 GDPR outlines certain reasons entitling you to restriction of data processing upon your request. This applies in particular in the event that you object to the processing of personal data relating to you. During our assessment of your request for data deletion (cf. sec. 1.4 hereof), you may exercise your right to restrict data processing in accordance with Art. 18 GDPR.

1.6 Right to data portability, Art. 20 GDPR

Under the conditions of Art. 20 GDPR, you have the right to data portability. This includes the right to receive personal data that you might have provided to us, in a structured, commonly used and machine-readable format and the right to submit that data to other persons without hindrance. If technically feasible, you may also request that the data be transmitted directly to another Controller.

1.7 Right to withdraw consent, Art. 7 GDPR

If the data processing is based on your consent (Article 6 (1) sentence 1 (a) or Article 9 (2) (a) GDPR), you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

1.8 Right to complain to a supervisory authority, Art. 77 GDPR

If you believe that the processing of the personal data relating to you infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may lodge your complaint with the supervisory authority below or any other supervisory authority.

Regarding Fraport the supervisory authority is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 31 63
65021 Wiesbaden
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Tel.: 0611/1408-0
Fax:   0611/1408-900 or -901
E-Mail:  poststelle@datenschutz.hessen.de

1. General information on data collection and use when using our services
1.1 General information

Personal data is all information that can be assigned to a specific person (e.g., name, address, telephone number, e-mail address). When you visit our web pages and use our services, the provision of services and security automatically collects user information, such as the IP address assigned to you by your ISP, the website from which you visit us, the web pages that you visit with us, your browser type (including version and language), your device type and related information (e.g., monitor resolution), device IDs (e.g., your MAC address or similar device IDs ) as well as details of your operating system, date and duration of your visit as well as further information on the successful use of our services (e.g., search queries, viewed pages, click behavior).

All these data will be used with regard to the purposes stated above, processed and used as well as stored for a limited period of time and, subject to the further descriptions in this Privacy Statement, do not allow us to infer any natural person. Your IP address will only be saved after the deletion of the last four digits. The MAC address is only processed in anonymous form. Without this data, we can not or do not fully provide you with our services.

The collection and processing of the corresponding personal data is based on Art. 6 (1) sentence 1 (b) GDPR (contract purpose), insofar as this is necessary to enable you to use our services.

In addition, the processing in individual cases is necessary for the protection of legitimate interests pursued by us or a third party (Art. 6 (1) sentence 1 (f) GDPR). Our interest in processing such data as e.g. the browser type or other log files are designed to ensure the functionality and security of our information technology systems and to optimize the website.

In addition, cookies and analysis services are used when visiting our websites. Further details can be found under no. 1.2 and 1.3 of this Privacy Statement.

You can visit or use our services without having to register or identify yourself.

Your data will only be transmitted to a third country or an international organization if we are legally obliged to do so. In any case, we will inform you in accordance with the legal requirements on such a transfer and make a corresponding transfer taking into account the legal requirements, in particular with regard to the presence or absence of an adequacy decision of the European Commission or by using appropriate or appropriate guarantees.

1.2 Cookies and Internet technologies

Cookies are small text files stored locally in the cache of the site visitor's Internet browser. To improve usability, we use temporary cookies that are stored on your device for a specific period of time. These cookies enable, among other things, the recognition of the internet browser, so that data already entered will not be lost during the interruption of a usage process (e.g., interruption of the internet connection) or the change to another service within our offer.Additionally, we use cookies to statistically record the use of our website and to optimize our offerings. These cookies are automatically deleted after a defined time.

You have the option to prevent the storage of cookies on your computer by appropriate browser setting.

The data collected using the aforementioned technologies will not be used to personally identify the visitor of the website without the specific consent of the person concerned, and will not be combined with personal data about the holder of the pseudonym, unless you have related this to us in another context expressly permitted or permitted by law. The corresponding data collection and processing can be objected vis-à-vis Fraport at any time with effect for the future.

The use of appropriate technologies takes place either either because this is absolutely necessary in order to provide this online offer (§ 25 (2) no. 2 TDDDG) or on the basis of your consent (§ 25 (1) TDDDG).

1.3 Use of analysis and tracking tools

Our websites use the analysis and tracking tools listed in the consent banner (e.g. by integrating advertising networks). The processing of personal data by such analysis and tracking tools takes place exclusively on the basis of your consent (Art. 6 (1) sentence 1 (a) GDPR).

1.4 Integration of social media services

1.4.1 Meta Social Plugins

Based on our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 (1) f. GDPR) we use social plugins ("plugins") of the social networks facebook.com and Instagram, which operated by Meta Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Meta").

This includes e.g. buttons that allow users to share content from this online offering within Facebook. The list and appearance of Facebook Social Plugins can be viewed here:  https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation

(https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

When a user invokes a feature of this online offering that includes such a plugin, their device establishes a direct connection to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the device of the user and incorporated by him into the online offer. In the process, user profiles can be created from the processed data. We therefore have no influence on the amount of data that Meta collects with the help of this plugin and therefore inform users according to our knowledge.

By integrating the plugins, Meta receives the information that a user has accessed the corresponding page of the online offer. If the user is logged in to his account, Meta can assign the visit to his Meta account. If users interact with the plugins, for example, press the Like button or leave a comment, the information is transmitted from your device directly to Meta and stored there. If a user is not a member of Meta, there is still the possibility that Meta will find out and save their IP address. According to Meta, only an anonymous IP address is stored in Germany.

The purpose and scope of the data collection and the further processing and use of the data by Meta, as well as the related rights and setting options for protecting the privacy of users, can be found in Metas privacy policy:  https://www.facebook.com/about/privacy/.

If a user is a Meta member and does not want Meta to collect data about him via this online offer and link it to his member data, he must log out of his account and delete his cookies before using our online offer. Other settings and inconsistencies regarding the use of data for advertising purposes are possible within the Meta profile settings:
https://www.facebook.com/settings?tab=ads  or via the US-American site  http://www.aboutads.info/choices/  or the EU page  http://www.youronlinechoices.com/. The settings are platform independent, i.e. they are adopted for all devices, such as desktop computers or mobile devices.

1.4.2 Twitter Plugin

Within our online offering, features and content of the "X"-service (former "Twitter") offered by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter"), may be incorporated. For this includes e.g. buttons that allow users to share content from this online offering within X.

If the users are members of the platform, Twitter is able to link visited content and used functions to the profiles of the users there.  The purpose and scope of the data collection and the further processing and use of the data by Twitter, as well as the related rights and setting options for protecting the privacy of users, can be found in Twitters privacy policy:  https://x.com/de/privacy

1.5 Contact and contact form

When contacting us (for example, by contact form, e-mail, telephone or via social media) the information of the user to process the contact request and its processing in accordance with. Art. 6 para. 1 lit. b. (in the context of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) GDPR processed. User information can be stored in a Customer Relationship Management System ("CRM System") or comparable request organization.We delete the requests, if they are no longer required. We check the necessity every two years; furthermore, the statutory archiving obligations apply.

1.6 Data security

Our websites use the widely used SSL (Secure Socket Layer) method in combination with the highest encryption level supported by your browser (usually 256 bit encryption). If your browser does not support this encryption, 128-bit v3 technology is used. Whether contents of our website offer are encrypted is indicated by the fact that a key or lock symbol is displayed in the bottom status bar
of your browser, which is displayed as encrypted (marked with a key symbol).

We also use appropriate technical and organizational security measures to prevent accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties as far as possible. We adapt these measures according to the technological development continuously.