Data priva‌cy infor‌mation

General matters

1   Information about gathering personal data

(1) We provide information about how we gather personal data when people use our website in the following text. Personal data involves any data that specifically refers to you as a person – e.g. your name, address, e-mail addresses or user behaviour.

(2) The Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Mitteldeutsche Flughafen AG, Terminalring 11, 04435 Flughafen Leipzig/Halle, info(at)mdf-ag(dot)com. You can reach our data protection officer at datenschutz(at)mdf-ag(dot)com or via our postal address; please address your letter to the “Data Protection Officer”.

(3) In addition to purely providing information on our website, we offer various services, which you can use if you are interested in them. You will normally have to specify more personal data for this and we will use this to provide the service in question; the principles governing data processing, which are cited in the relevant sections, then apply to this work.

2. Passing on data to third parties

(1) We only pass on your personal data to third parties if:

  • you have specifically provided your consent for this according to Article 6 Para. 1 Sentence 1 (a) of the GDPR,
  • passing on the data is necessary to assert, exercise or defend legal claims according to Article 6 Para. 1 Sentence 1 (f) of the GDPR and no reason exists to assume that you have an overriding interest, which needs to be protected, in not having your data passed on,
  • a statutory obligation exists for passing on data according to Article 6 Para. 1 Sentence 1 (c) of the GDPR, and
  • this is legally permissible and is necessary to handle contractual relations with you according to Article 6 Para. 1 Sentence 1 (b) of the GDPR.

(2) We sometimes make use of outside third parties to process your data. We have carefully selected and commissioned them; they are bound by our instructions and we regularly check them. We inform you in the relevant sections of the appropriate services about whether we involve any service partners or not.

(3)  We may also pass on your personal data to third parties if agreements are concluded or similar services are provided by us together with partners. You can obtain more detailed information about this in the relevant sections.

(4)  If our service providers or partners have their headquarters in a country outside the European Economic Area, we will inform you about the consequences of this in our description of the service in the relevant section.

3   Your rights

(1)   You have the following rights as far as we are concerned with regard to any personal data involving you:

  • the right to information,
  • the right to have data corrected or deleted,
  • the right to have the processing work restricted,
  • the right to object to any processing work,
  • the right to data portability.

(2)  You also have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data.

Visitor tours at Dresden

This service is included on our website by means of an iframe.

The visitor’s IP address, date/time, resource requested (page/photo), user agent, session cookie in the car park booking, data that is entered on the forms are all stored.

Flughafen Dresden GmbH, Flughafenstrasse, 01109 Dresden, info(at)dresden-airport(dot)de, is the Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR). You can contact our data protection officer at datenschutz(at)dresden-airport(dot)de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

Tour bookings

In order to book tours at Dresden Airport, you have the opportunity of contacting us on the phone or by e-mail. If you are contacting us by e-mail, please note the section entitled “MAKING CONTACT BY E-MAIL OR THE CONTACT FORM”.

If you contact us on the phone, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Visitor tours at Leipzig/Halle

This service is included on our website by means of an iframe.

The visitor’s IP address, date/time, resource requested (page/photo), user agent, session cookie in the car park booking, data that is entered on the forms are all stored.

Flughafen Leipzig/Halle GmbH, Terminalring 11, 04435 Flughafen Leipzig/Halle, info(at)leipzig-halle-airport(dot)de, is the Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR). You can contact our data protection officer at datenschutz(at)leipzig-halle-airport(dot)de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

Tour bookings

You have the opportunity of contacting us on the phone or by e-mail in order to book tours at Dresden Airport. If you are contacting us by e-mail, please note the section entitled “MAKING CONTACT BY E-MAIL OR THE CONTACT FORM”.

If you contact us on the phone, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Cookies

When you use our website, cookies are also stored on your computer in addition to the data that is stored, as mentioned in “VISITS TO THE WEBSITE”. Cookies are small text files that are stored on your hard drive and assigned to the browser that you are using; thanks to them, particular information flows to the place that sets the cookie. Cookies cannot execute any programmes or transfer viruses to your computer. They are there to help make the Internet services more user-friendly and more effective overall.

Our website uses the following kinds of cookies and we explain their scope and way of operating below:

–    transient cookies (cf. paragraph a)

–    persistent cookies (cf. paragraph b)

–    tracking cookies (cf. the section entitled GOOGLE ANALYTICS”)

  1. Transient cookies are automatically deleted when you close your browser. They particularly include session cookies. They store a so-called session ID, with which various enquiries by your browser can be assigned to the joint session. This makes it possible to recognise your computer again if you return to our website. The session cookies are deleted when you close your browser.
  2. Persistent cookies are automatically deleted after a pre-defined time and this may differ, depending on the type of cookie. You can delete the cookies in the security settings of your browser at any time. The system cookies, which we use, are stored for 24 hours.

c)    You can configure your browser setting in line with your wishes and, for example, reject the acceptance of third-party cookies or any cookies. However, we would point out that you may not be able to make use of all the functions of this website, if you do this.

Activating and using the cookies that are required for technical reasons takes place on the legal basis of a legitimate interest (Article 6 Para. 1 (f) of the GDPR). You have a right to object to this. You will find more detailed information about this in the relevant section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

We process any cookies, which are not necessary for the technical operations, on the basis of your consent (Article 6 Para. 1 (a) of the GDPR). You have the right to cancel your consent at any time. You can find more detailed information in the relevant section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Cookie 

Validity

Is set

Type

Description

fe_typo_user

24h

After logging in at the travel agency section

System function

This cookie enables TYPO3 to recognise that the user is registered in a protected area

PHPSESSIONID

Until the browser is closed

As soon as a session is started in the PHP

System function

This cookie enables PHP to recognise where the user’s current session data is stored

_ga

2 years

After opt-in via the cookie banner, then when each page is loaded

Tracking, not relevant for system function

Contains a random-generated user ID. Using this ID, Google Analytics can recognise repeat users of this website and bring together the data from earlier visits.

_gid

24 hours

After opt-in via the cookie banner, then when each page is loaded

Tracking, not relevant for system function

Contains a random-generated user ID. Using this ID, Google Analytics can recognise repeat users of this website and bring together the data from earlier visits.

_gat

1 minute

After opt-in via the cookie banner, then when each page is loaded

Tracking, not relevant for system function

Certain data is sent to Google Analytics no more than once a minute. The cookie has a service life of one minute. As long as it is set, certain data transfers are prevented.

_dc_gtm_UA-150837493-1

1 minute

After opt-in via the cookie banner, then when each page is loaded

Tracking, not relevant for system function

Certain data is sent to Google Analytics no more than once a minute. The cookie has a service life of one minute. As long as it is set, certain data transfers are prevented.

_gat_gtag_UA-150837493-1

1 minute

After opt-in via the cookie banner, then when each page is loaded

Tracking, not relevant for system function

Certain data is sent to Google Analytics no more than once a minute. The cookie has a service life of one minute. As long as it is set, certain data transfers are prevented.

 

Fire training at Leipzig/Halle

This service is included on our website by means of an iframe.

The visitor’s IP address, date/time, resource requested (page/photo), user agent, data that is entered on the forms are all stored.

Flughafen Leipzig/Halle GmbH, Terminalring 11, 04435 Flughafen Leipzig/Halle, info@leipzig- halle-airport.de, is the Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR). You can contact our data protection officer at datenschutz@leipzig-halle- airport.de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

Enquiries about dates and booking courses
We have to gather and process personal data about you from the contact form so that we can process your enquiries about dates or make bookings for courses.

Please take note of the section on this entitled: “MAKING CONTACT BY E-MAIL OR THE CONTACT FORM”.

If you contact us on the phone, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre- contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Photo and filming enquiries at Dresden airport

If you wish to shoot film, take photos or conduct a survey among passengers and guests at our airport, you can get in touch with us about this using our contact form.

If you make any enquiries at Dresden Airport, the Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Flughafen Dresden GmbH, Flughafenstrasse, 01109 Dresden, info@dresden-airport.de. You can contact our data protection officer at datenschutz@dresden-airport.de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

You will find more details about processing and storing your data in the section entitled “MAKING CONTACT BY E-MAIL OR THE CONTACT FORM”.

If you contact us on the phone, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre- contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Photo and filming enquiries at Leipzig/Halle airport

If you wish to shoot film, take photos or conduct a survey among passengers and guests at our airport, you can get in touch with us about this using our contact form. If you make any enquiries at Leipzig/Halle Airport, the Controller according to Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Flughafen Leipzig/Halle GmbH, Terminalring 11, 04435 Flughafen Leipzig/Halle, info@leipzig-halle-airport.de. You can contact our data protection officer at datenschutz@leipzig-halle-airport.de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

You will find more details about processing and storing your data in the section entitled “MAKING CONTACT BY E-MAIL OR THE CONTACT FORM”.

If you contact us on the phone, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre- contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Google Analytics

The Controller according to Article 4 Para. 7 of the General Data Protection Regulation (GDPR) is Google Ireland Limited, Google Building, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

If you have given us your consent, Google Analytics is used on this website; this is a website service provided by Google Ireland Limited. This usage involves the operating mode known as “Universal Analytics”. As a result, it is possible to assign data, sessions and any interaction across different devices to a pseudonymous user ID and therefore analyse the activities of any user across different devices.

Google Analytics makes use of so-called “cookies”; they are text files that are stored on your computer and enable an analysis of the way that you use the website. The information that is generated by the cookie about your use of this website is normally transferred to a Google server in the USA and stored there. If IP anonymisation has been activated on this website, Google will, however, first abbreviate your IP address within the member states of the European Union or in other countries that have signed the Agreement on the European Economic Area. We would point out that Google Analytics has been extended to include IP anonymisation on this website in order to guarantee that IP addresses are logged in an anonymous form (so-called IP masking). The IP address transferred by your browser as part of Google Analytics is not combined with any other Google data. You can find more information about usage conditions and data privacy at: https://www.google.com/analytics/terms/de.html or at: https://policies.google.com/.

Data collected

This list contains all the (personal) data that is collected when or through using the service.

  • IP address
  • Date and time of your visit
  • Usage data
  • Click path
  • App updates
  • Browser information
  • Devices information
  • JavaScript support
  • Pages visited
  • Referrer URL
  • Downloads
  • Flash version
  • Location information
  • Purchasing activity
  • Widget interaction

 

Technologies used

  • Cookies
  • Pixel tags

 

Purposes of processing

Google will use this information on behalf of the operator of this website to assess your usage of the website, compile reports about the website activities and perform other services associated with the use of the website and the Internet for the website’s operator. 

Legal basis

The legal basis for using Google Analytics is your consent according to Article 6 Para. 1 (a) of the GDPR. You can find more details here: https://dsgvo-gesetz.de/art-6-dsgvo/.

Recipients/categories of recipients

  • Alphabet Inc.
  • Google LLC
  • Google Ireland Limited

Forwarding data to third countries

Some services forward the data that has been collected to a different country. Please find below a list of the countries to which the data is forwarded. This may be the case for various purposes, e.g. for storage or processing.

Worldwide

The storage time for data

The data that we send, which is linked to cookies, user names (e.g. user ID) or advertising IDs, is automatically deleted after 14 months. Once the storage period has been completed, the data is automatically deleted once a month.

Data subject rights

You can cancel your consent with regard to the future at any time by objecting to any storage of the cookies using the cookie banner that is displayed on one occasion during your first visit to the website or in the data protection section on the right edge of your screen; we would, however, point out that you may not be able to make full use of all the functions on this website, if you do this. You can also prevent Google from collecting the data generated by the cookie and related to your usage of the website (including your IP address) or from processing this data by downloading and installing this browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de

Cancelling your declaration of consent for Google Analytics Tracking prevents your data from being collected in future when you visit this website. In order to prevent Google Analytics from collecting any data across different devices, you must activate the opt-out on all the systems that you use. This takes place by deleting the Google Analytics opt-in cookie. You can manage your consent for the use of this service via the “Data protection” section on the right edge of your screen and delete the cookie yourself.

Data protection officer at the processing company

You will find the e-mail address of the data privacy officer of the processing company here.

https://support.google.com/policies/contact/general_privacy_form

Click here to read the data privacy regulations of the data processorhttps://policies.google.com/privacy?hl=en

Click here to cancel on all the domains of the processing companyhttps://tools.google.com/dlpage/gaoptout?hl=de

Click here to read the cookie guidelines of the data processorhttps://policies.google.com/technologies/cookies?hl=en

Google tag manager

This website uses the Google Tag Manager. The Google Tag Manager is a solution provided by Google Inc. so that companies can manage website tags via one user interface. The Google Tool Manager simply handles tags. The Google Tag Manager is a domain that is free of cookies and it does not collect any personal data. The Google Tool Manager triggers other tags and they in turn collect data. We would particularly draw your attention to this. However, the Google Tag Manager does not access this data. If any deactivation was completed at the domain or cookie level, it remains in force for all the tracking tags, if they have been handled by the Google Tag Manager.

Usercentrics consent managment platform

This site uses website tracking technologies provided by third parties to offer their services, make constant improvements and display advertising in line with users’ interests. We use this consent management platform so that we are able to manage and document any consent in line with the statutory provisions. 

 

Processing company

Usercentrics GmbH

Sendlinger Str. 7, 80331 Munich, Germany

 

Purposes of data processing

This list contains the purposes for collecting and processing data. The data that is collected cannot be used or stored for any other purposes than those listed below.

  • To comply with statutory obligations
  • To store your consent

Technologies used

  • Local storage
  • Cookies

Data collected

This list contains all the (personal) data that is collected when or through using the service.

  • Device information
  • Browser information
  • Anonymised IP address
  • Opt-in and opt-out data
  • Date and time of your visit
  • Request for URLs on the website
  • Page path on the website
  • Geographical location

 

Legal basis

The legal basis required by Article 6 Para. 1 (c) of the GDPR for processing any personal data is mentioned below. The collection and storage of the data is necessary to meet our legal obligations.

 

Place of processing

European Union (the consent database is located in Belgium)

Storage period

The storage period is the time during which the data that has been gathered is stored for the processing work. The data must be deleted as soon as it is no longer required for the specified processing purposes.  

The consent data (consent granted and any cancellation of your consent) is kept for three years.  

Data recipient

  • Usercentrics GmbH

Data protection officer of the processing company  

Please find below the e-mail address of the data protection officer of the processing company.

datenschutz(at)usercentrics(dot)com

 

Click here to read the data protection regulations for the data processor:https://usercentrics.com/privacy-policy/

Google Maps and my google maps

We include the maps provided by Google by means of the “Google Maps” service. We also use Google’s “My Maps” service to draw up individual maps.   

The Controller according to Article 4 Para. 7 of the General Data Protection Regulation (GDPR) is Google Ireland Limited, Google Building, Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland.

Data processing purposes

This list contains the purposes for collecting and processing data. Consent only applies to the specified purposes. The data that is collected cannot be used or stored for other purposes than those listed below.

  • Displaying maps

Technologies used

  • Cookies

Data collected  

This list includes all the (personal) data that is collected when or through using the service.

  • IP address
  • Location information
  • Usage data
  • Date and time of your visit
  • URLs

Legal basis

The legal basis required by Article 6 Para. 1 of the GDPR for processing personal data is mentioned below.

  • Article 6 Para. 1 Sentence 1 (a) of the GDPR

Place of processing

  • European Union

    Rights of data subjects

You can cancel your consent with effect for the future at any time by objecting to any storage of the cookies using the cookie banner that is displayed on one occasion during your first visit to the website or in the data protection section on the right edge of your screen; however, we would point out that you may not be able to make full use of all the functions of this website if you do this. You can also prevent Google from collecting the data generated by the cookie and related to your usage of the website (including your IP address) or from processing this data by downloading and installing this browser add-on: https://tools.google.com/dlpage/gaoptout?hl=de

Cancelling your declaration of consent for Google Maps prevents your data from being collected in future when you visit this website. In order to prevent any collection of data across different devices, you must activate the opt-out on all the systems that you use. This takes place by deleting the Google Maps opt-in cookie. You can manage your consent for the use of this service via the “Data protection” section on the right edge of your screen and delete the cookie yourself.

Storage periods

The storage period is the time in which the data that has been gathered is stored for processing. The data must be deleted as soon as it is no longer required for the specified processing purposes.

The data is deleted as soon as it is no longer required for the processing purposes.

Data recipients

  • Google Ireland Limited
  • Google LLC
  • Alphabet Inc

Data privacy officer at the processing company

You will find the e-mail address of the data privacy officer at the processing company here.

https://support.google.com/policies/troubleshooter/7575787?hl=en

Forwarding data to third countries

Some services forward the data that has been collected to a different country. Please find below a list of the countries to which the data is forwarded. This may be the case for various purposes, e.g. for storage or processing.

Worldwide

Click here to read the data privacy regulations of the data processorhttp://www.google.com/intl/de/policies/privacy/

Click here to cancel on all the domains of the processing companyhttps://safety.google/privacy/privacy-controls/

Click here to read the cookie guidelines of the data processorhttps://policies.google.com/technologies/cookies?hl=en

.

Handling request for Dresden airport

The Controller in the sense of Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Flughafen Dresden GmbH, Flughafenstrasse, 01109 Dresden, info@dresden-airport.de. You can contact our data protection officer at datenschutz(at)dresden-airport(dot)de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

If you contact us as part of a handling request, we store the data of the specified contact partner (surname, first name, address data – normally a business address – and e-mail) so that we can answer the enquiry and process it. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available on the basis of your consent in line with Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

 

Handling request for Leipzig/Halle airport

The Controller in the sense of Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Flughafen Leipzig/Halle GmbH, Terminalring 11, 04435 Flughafen Leipzig/Halle, info(at)leipzig-halle-airport(dot)de. You can contact our data protection officer at datenschutz(at)leipzig-halle-airport(dot)de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

If you contact us as part of a handling request, we store the data of the specified contact partner (surname, first name, address data – normally a business address – and e-mail) so that we can answer the enquiry and process it. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available on the basis of your consent in line with Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Making contact by e-mail or the contact form

If you contact us by e-mail or using the contact form, we store the data that you give us (your surname, your first name, possibly your phone number and address for booking enquiries, your e-mail address) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Booking a car park space at Dresden

This service is included on our website by means of an iframe.

The visitor’s IP address, date/time, resource requested (page/photo), user agent, session cookie in the car park booking, data that is entered on the forms are all stored.

The Controller in the sense of Article 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is Flughafen Dresden GmbH, Flughafenstrasse, 01109 Dresden, info@dresden- airport.de. You can contact our data protection officer at datenschutz@dresden-airport.de or use the postal address just mentioned; please address your letter to the “Data Protection Officer”.

You must create a user account in advance in order to use the online tool to book a car park space. The following data is required for this:

Your surname, first name, address, country, e-mail address and a password for the user ID./p>

In order to be able to complete your booking, we require your payment data, such as data about your credit card or EC card or details to be passed on to PayPal.

Once the booking has been completed, we will send you a QR code. This is either located on the invoice, which is sent in digital form, or on your mobile phone. Your data related to the booking is stored in this QR code. This then enables you to obtain an appropriate ticket at the entry point to the car park. All the data that we gather is required in order to conclude and perform the agreement (Article 6 Para. 1 (b) of the GDPR).

According to the statutory retention periods in the German Fiscal Code and Commercial Code, this data must be kept for up to 10 years.

In order to offer you this service, we forward your data to the company that processes the order. The latter is contractually obliged to protect your data at least to the same degree as we ourselves do.

Booking a car park space at Leipzig/Halle

You can book a car park space at Leipzig/Halle Airport on our website. You are forwarded to an outside site at Leipzig/Halle Airport for this. The booking procedure takes place completely at the following website: https://parken.leipzig-halle-airport.de/ You will find the data protection information for using the website and for making the booking directly on the external site under “Data Protection Guidelines”.

Dresden airport in the social media networks

Dresden Airport maintains online accounts within social media networks in order to communicate with active users there or offer information about itself there.

We would point out at this juncture that user data may be processed outside the European Union if you visit these networks. This may expose users to risks, because it may be difficult for users to assert their rights, for example. As for US providers that are certified under the Privacy Shield or offer comparable guarantees of safe data protection levels, we would point out that they therefore promise to comply with the data privacy standards that apply within the EU.

User data within social media networks is normally processed for market research and advertising purposes too. It is therefore possible that usage profiles are drawn up on the basis of usage behaviour and the user’s resulting interests, for example. The usage profiles can then be used to display advertisements that probably reflect the user’s interests, both inside and outside the networks, for example. To achieve this, cookies are normally stored on the user’s computer and the usage behaviour and the user’s interests are stored in them. Data may also be stored in the usage profiles, regardless of the devices that the user employs (particularly, if the users are members of the relevant platforms and have logged into them).

We would refer you to the data privacy statements and specifications published by the operators of the relevant networks if you wish to obtain a detailed description of the types of processing in each case and the opt-out opportunities.

Even if you are making enquiries about information or asserting data subject rights, we would also point out that they can be most effectively asserted with the providers themselves. Only these providers have access to the user’s data and can directly adopt appropriate measures and provide information. If you still require some assistance, you can contact the following address:

Flughafen Dresden GmbH
Data Protection Officer           
Flughafenstrasse                                                   
01109 Dresden                                
datenschutz@dresden-airport.de

The types of data that are processed involve the following: user-related data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data (e.g. text input, photos, videos), usage data (e.g. websites visited, interest in content, access times), meta/communications data (e.g. information on devices, IP addresses).

The persons concerned are: users (e.g. website visitors, users of online services).

The purposes of the processing work: contact enquiries and communications, tracking (e.g. profiling based on interests/behaviour, usage of cookies), remarketing, measuring coverage (e.g. access statistics, recognising repeat visitors).

Legal basis: legitimate interests (Article 6 Para. 1 Sentence 1 (f) of the GDPR).

Services and service providers that are used:

Services and service providers that are used:

Instagram: social media network; service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com; data privacy statement: http://instagram.com/about/legal/privacy.

Facebook: social media network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; data privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing the data privacy level when data is processed in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out opportunities: settings for advertisements: https://www.facebook.com/settings?tab=ads; additional information on data privacy: Agreement on Joint Processing of Personal Data on Facebook Sites: https://www.facebook.com/legal/terms/page_controller_addendum; data privacy information for Facebook sites: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Twitter: The airport makes use of the technical platform and the services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service that it provides. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is responsible for processing any data related to people who live outside the United States.

We would point out that you alone are responsible for making use of the Twitter short message service that is offered here and its functions. This particularly applies to using the interactive functions (e.g. share, like/don’t like). 

You will find the details about the data that Twitter processes and for what purposes the company uses it in Twitter’s data privacy statement: https://twitter.com/de/privacy

Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find more details about it here:  https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

The airport does not have any influence on the type or amount of data that Twitter processes, the type of processing and usage or any forwarding of this data to third parties. In this sense, it does not have any effective control opportunities either. If you use Twitter, Twitter Inc. will collect, transfer, store, disclose and use your personal data and, regardless of where you live, transfer it to the United States, Ireland or any other country where Twitter Inc. has business operations, store it and use it there.

Firstly, Twitter processes the data that you have voluntarily entered, such as your name and user name, your e-mail address, your phone number or the contacts in your address book, if you upload or synchronise this information.

Secondly, Twitter also assesses the content that you have shared with a view to discovering which topics are interesting for you; it stores and processes confidential messages that you send directly to other users and it can determine where you are by using your GPS data, information about wireless networks or your IP address in order to send you advertisements or other content. 

For evaluation purposes, Twitter Inc. may use analysis tools like Twitter or Google Analytics. The airport does not have any influence on the use of these kinds of tools by Twitter Inc. and has not been informed about any such potential use either. If Twitter Inc. makes use of these kinds of tools for the airport account, the airport has not commissioned this work or given it its blessing or supported it in any other way. The data that is obtained through the analysis process is not made available to the airport either. The airport can only see certain, non-personal information about Tweet activity, e.g. the number of profile or link clicks generated by a particular Tweet, via its account. The airport does not have any opportunity of preventing or stopping the use of these kinds of tools on its Twitter account either. 

Finally, Twitter also receives information if you view content, for example, even if you have not created an account. This so-called “log data” may involve the IP address, the type of browser, the operating system, information on the website that was accessed prior to this and the sites that you have accessed, your location, your mobile phone provider, the terminal device that you are using (including the device ID and application ID), the search terms that you use and cookie information.

Twitter is able to log your visits to these websites and assign them to your Twitter profile via the Twitter buttons or widgets that are embedded in websites and by using cookies. Content or advertisements can then be tailored to you by means of this data.

You have opportunities to restrict the processing of your data in the general settings in your Twitter account and under the “Data privacy and security” menu item. You can also restrict Twitter’s access to contact and calendar data, photos, location data etc. on mobile devices (smartphones, tablet computers) in the settings available there. However, this depends on the operating system that you are using.

You can obtain further information about these issues from the following Twitter support sites:

https://support.twitter.com/articles/105576# 

https://help.twitter.com/de/search?q=datenschutz

You can find out about the opportunity to view your own data at Twitter here:

https://support.twitter.com/articles/20172711#

You will find information about the conclusions that Twitter draws about you here:
https://twitter.com/your_twitter_data

You will find information about the current personalisation and data privacy setting options here (with further information):

https://twitter.com/personalization

You also have the opportunity of requesting information via the Twitter data privacy form or the archive requirements: 

https://support.twitter.com/forms/privacy

https://support.twitter.com/articles/20170320#

LinkedIn: Social media network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data privacy statement: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (guaranteeing the data privacy level when data is processed in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; opt-out opportunity: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

 

Leipzig/Halle airport in the social media networks

Leipzig/Halle Airport maintains online accounts within social media networks in order to communicate with active users there or offer information about itself there.

We would point out at this juncture that user data may be processed outside the European Union if you visit these networks. This may expose users to risks, because it may be difficult for users to assert their rights, for example. As for US providers that are certified under the Privacy Shield or offer comparable guarantees of safe data protection levels, we would point out that they therefore promise to comply with the data privacy standards that apply within the EU.

User data within social media networks is normally processed for market research and advertising purposes too. It is therefore possible that usage profiles are drawn up on the basis of usage behaviour and the users’ resulting interests, for example. The usage profiles can then be used to display advertisements that probably reflect the user’s interests, both inside and outside the networks, for example. To achieve this, cookies are normally stored on the user’s computer and the usage behaviour and the user’s interests are stored in them. Data may also be stored in the usage profiles, regardless of the devices that the user employs (particularly, if the users are members of the relevant platforms and have logged into them).

We would refer you to the data privacy statements and specifications published by the operators of the relevant networks if you wish to obtain a detailed description of the types of processing in each case and the opt-out opportunities.

Even if you are making enquiries about information or asserting data subject rights, we would also point out that they can be most effectively asserted with the providers themselves. Only these providers have access to the user’s data and can directly adopt appropriate measures and provide information. If you still require some assistance, you can contact the following address:

Flughafen Leipzig/Halle GmbH            

Data Protection Officer                                 

Terminalring 11                                                       04435 Flughafen Leipzig/Halle             datenschutz@leipzig-halle-airport.de

 

The types of data that are processed involve the following: user-related data (e.g. names, addresses), contact data (e.g. e-mail, phone numbers), content data (e.g. text input, photos, videos), usage data (e.g. websites visited, interest in content, access times), meta/communications data (e.g. information on devices, IP addresses).

The persons concerned are: users (e.g. website visitors, users of online services).

The purposes of the processing work: contact enquiries and communications, tracking (e.g. profiling based on interests/behaviour, usage of cookies), remarketing, measuring coverage (e.g. access statistics, recognising repeat visitors).

Legal basis: legitimate interests (Article 6 Para. 1 Sentence 1 (f) of the GDPR).

 

Services and service providers that are used:

Services and service providers that are used:

Instagram: social media network; service provider: Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; website: https://www.instagram.com; data privacy statement: http://instagram.com/about/legal/privacy.

Facebook: social media network; service provider: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com; data privacy statement: https://www.facebook.com/about/privacy; Privacy Shield (guaranteeing the data privacy level when data is processed in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active; opt-out opportunities: settings for advertisements: https://www.facebook.com/settings?tab=ads; additional information on data privacy: Agreement on Joint Processing of Personal Data at Facebook Sites: https://www.facebook.com/legal/terms/page_controller_addendum; data privacy information for Facebook sites: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Twitter: The airport makes use of the technical platform and the services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A. for the short message service that it provides. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland is responsible for processing any data related to people who live outside the United States.

Twitter: We would point out that you alone are responsible for making use of the Twitter short message service that is offered here and its functions. This particularly applies to using the interactive functions (e.g. share, like/don’t like). You will find the details about the data that Twitter processes and for what purposes the company uses it in Twitter’s data privacy statement: https://twitter.com/de/privacy Twitter Inc. is committed to the principles of the EU-US Privacy Shield. You can find more details about it here:  https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

The airport does not have any influence on the type or amount of data that Twitter processes, the type of processing and usage or any forwarding of this data to third parties. In this sense, it does not have any effective control opportunities either.

If you use Twitter, Twitter Inc. will collect, transfer, store, disclose and use your personal data and, regardless of where you live, transfer it to the United States, Ireland or any other country where Twitter Inc. has business operations, store it and use it there.

 

Firstly, Twitter processes the data that you have voluntarily entered, such as your name and user name, your e-mail address, your phone number or the contacts in your address book, if you upload or synchronise this information. Secondly, Twitter also assesses the content that you have shared with a view to discovering which topics are interesting for you; it stores and processes confidential messages that you send directly to other users and it can determine where you are by using your GPS data, information about wireless networks or your IP address in order to send you advertisements or other content.

 

For evaluation purposes, Twitter Inc. may use analysis tools like Twitter or Google Analytics. The airport does not have any influence on the use of these kinds of tools by Twitter Inc. and has not been informed about any such potential use either. If Twitter Inc. makes use of these kinds of tools for the airport account, the airport has not commissioned this work or given it its blessing or supported it in any other way. The data that is obtained through the analysis process is not made available to the airport either. The airport can only see certain, non-personal information about Tweet activity, e.g. the number of profile or link clicks generated by a particular Tweet, via its account. The airport does not have any opportunity of preventing or stopping the use of these kinds of tools on its Twitter account either.

 

Finally, Twitter also receives information if you view content, for example, even if you have not created an account. This so-called “log data” may involve the IP address, the type of browser, the operating system, information on the website that was accessed prior to this and the sites that you have accessed, your location, your mobile phone provider, the terminal device that you are using (including the device ID and application ID), the search terms that you use and cookie information.

 

Twitter is able to log your visits to these websites and assign them to your Twitter profile via the Twitter buttons or widgets that are embedded in websites and by using cookies. Content or advertisements can then be tailored to you by means of this data.

 

You have opportunities to restrict the processing of your data in the general settings in your Twitter account and under the “Data privacy and security” menu item. You can also restrict Twitter’s access to contact and calendar data, photos, location data etc. on mobile devices (smartphones, tablet computers) in the settings available there. However, this depends on the operating system that you are using. You can obtain further information about these issues from the following Twitter support sites:

https://support.twitter.com/articles/105576# or 

https://help.twitter.com/de/search?q=datenschutz

 

You can find out about the opportunity to view your own data at Twitter here:

https://support.twitter.com/articles/20172711#

You will find information about the conclusions that Twitter draws about you here:
https://twitter.com/your_twitter_data

You will find information about the current personalisation and data privacy setting options here (with further information):

https://twitter.com/personalization

You also have the opportunity of requesting information via the Twitter data privacy form or the archive requirements: 

https://support.twitter.com/forms/privacy

https://support.twitter.com/articles/20170320#

LinkedIn: Social media network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; data privacy statement: https://www.linkedin.com/legal/privacy-policy; Privacy Shield (guaranteeing the data privacy level when data is processed in the USA): https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active; opt-out opportunity: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Travel agency platform

(1) If you would like to use our travel agency platform, you must register by specifying your surname, first name as well as your form of address, your e-mail address, the name and address of your travel agency a password that you choose yourself and a user name that you can freely select and to upload your travel agency pass.  It is not necessary to provide your real name. We use the so-called double opt-in procedure for registration, i.e. your registration has only been completed if you first confirm your registration through a confirmation e-mail, which is sent to you for this purpose, and you click on the link that it contains. If you do not provide this confirmation within 24 hours, your registration is automatically deleted from our database. You must specify the data mentioned above – but you are free to provide any other information on a voluntary basis.

If you have confirmed your registration, we will check the legitimacy of your registration and activate your access if our check is positive. We will send you another confirmation e-mail for this purpose. If the check is negative, we will immediately delete your data.

(2) If you use our platform, we store the necessary data about you in order to complete the agreement until we finally delete your access. The legal basis for this is Article 6 Para. 1 (b) of the GDPR. We also continue to store any voluntary data that you have specified during the time that you use the portal, if you do not object to this use. The legal basis for this is Article 6 Para. 1 (a) of the GDPR. If you wish to cancel your consent, please read the section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

(3) The link is encrypted using TLS technology in order to prevent any unauthorised access by third parties to your personal data, particularly your financial data.

(4) We involve outside providers in order to make this service available to you. We have carefully selected and commissioned them, they are bound by our instructions and we regularly check them. They have also been bound by a contract to adopt the same protective precautions as we do to protect your personal data.

Wi-Fi for guests

The Controller according to Article 4 Para. 7 of the EU’s General Data Protection Regulation (GDPR) is Mitteldeutsche Flughafen AG, Terminalring 11, 04435 Flughafen Leipzig/Halle, info(at)mdf-ag(dot)com. You can reach our data protection officer at datenschutz(at)mdf-ag(dot)com or use our postal address; please address your letter to the “Data Protection Officer”.  

In order to make Wi-Fi for guests available to you, it is necessary to process some of your personal data.

By providing Wi-Fi for guests, we enable you to make use of an Internet hotspot free of charge during the time of your visit as a guest of Mitteldeutsche Flughafen AG, Flughafen Leipzig/Halle GmbH, PortGround GmbH, Flughafenservicegesellschaft mbH or Flughafen Dresden GmbH. Each guest receives an individual access code to enable you and other guests to gain secure access.

Which data is processed?

 

a.) Generating the access code

Personal data is required in order to generate the access code. The processing work covers your surname, your first name and an e-mail address, to which your individual access code is sent.

 

b.) Usage data

 

When people use our Wi-Fi services for guests, information is automatically logged and stored in our router. This involves the following data:

  • the MAC address of the device that you are using to access our guest Wi-Fi system
  • the time when you logged in or logged out of the guest Wi-Fi system

 

The MAC address (Media Access Control Address) is the name of a hardware address that is assigned on one occasion and by means of which each device can be clearly designated. It is stored in the hardware, particularly in network cards in computers, phones, laptops or even access points.

 

We make use of the data mentioned here for the following purposes:

  • to guarantee that our guest Wi-Fi services run smoothly in line with what is technically necessary,
  • to uncover, identify and follow up any infringements against the conditions of use of our guest Wi-Fi system.

We process your data on the basis of the usage agreement that exists between you and us according to Article 6 Para. 1 Sentence 1 b) of the GDPR.

Data may also be processed on the legal basis of Article 6 Para. 1 Sentence 1 f) of the GDPR. We have a legitimate interest in processing your data, for example, if the processing work is necessary to defend our rights and claims and this does not oppose your interests. Please also take note of the section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”. 

 

The employees in the IT Department, who are responsible for the guests’ Wi-Fi system, have access to your data within our corporate group. Your data is only forwarded to outside bodies:

  • to safeguard our legitimate interests, particularly if it is necessary to forward the data to assert any legal claims;
  • to which we are obliged to provide information, notification or forward data or if forwarding the data is in the public interest;

Apart from this, we will not forward your data to any third parties. 

The data for your personal access is deleted 30 days after your user account expires.

The usage data is deleted from our router after 30 days. 

No data is forwarded to agencies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries).

Rights of data subjects

(1) You have the following rights with us with regard to the personal data that concerns you:

  • the right to information,
  • the right to correction or deletion,
  • the right to have the processing work restricted,
  • the right to object to the processing work,
  • the right to data portability.

(2) You also have the right to complain to a data protection supervisory body about the way that we are processing your personal data.

Parking for travel agency clerks

The Controller in the sense of data protection law is Mitteldeutsche Flughafen AG, Terminalring 11, 04435 Flughafen Leipzig/Halle, e-mail: info(at)mdf-ag(dot)com; you can contact our data protection officer at datenschutz(at)mdf-ag(dot)com or please address your letter to the “Data Protection Officer”.

We need some personal data from you to be able to offer you car parking discounts as a travel agency clerk. We collect the following information about you on the application form:

  • personal data (name, first name, signature)
  • contact data (e-mail address, phone number and similar data)
  • address data (name of the travel agency, address of the travel agency and similar data)
  • travel data (flight, destination and parking time)

Your personal data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract that exists between us or perform pre-contractual measures. It is not possible for you to make use of any car parking discounts if we cannot process your data. Your data is particularly collected and processed for contract-related communications with you, to identify you as a person and to prove that you meet the conditions to make use of the discount.

We may also process your data, if necessary, to maintain our legitimate interests (Article 6 Para. 1 (f) of the GDPR), for example, for purposes like:

  • advertising or market or opinion research, if you have not objected to your data being used;
  • statistical assessments or market analysis;
  • the restricted storage of data, if deletion is not possible or only possible with a disproportionate amount of effort because of the special type of storage.

You have the right to file an objection to any processing of your data on the basis of the rights that you have. You can find more information in the relevant section entitled CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

We process and store your data for the duration of our business relationship. This also includes preparing for a contract (pre-contractual legal relationship) and processing a contract.

We are also subject to various storage and documentation obligations, which arise from the German Commercial Code and the Fiscal Code, among other things. The periods prescribed there for storage or documentation continue for up to 10 years beyond the end of the business relationship or the pre-contractual legal relationship.

Making contact by e-mail or the contact form

If you contact us by e-mail or via a contact form, we store the data that you give us (your e-mail address, your surname, your first name, possibly your phone number and address for booking enquiries) so that we can answer your questions and/or process your enquiry. This data is processed on the basis of Article 6 Para. 1 (b) of the GDPR in order to complete a contract or perform pre-contractual measures. We process the data that you voluntarily make available to us on the basis of your consent according to Article 6 Para. 1 (a) of the GDPR. You can cancel the consent that you have given us at any time. You will find more detailed information in the appropriate section entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

Any data that accumulates in this connection is deleted once it is no longer necessary to store it or you have cancelled your consent – if the processing work has taken place on the basis of your consent. If it is not possible to delete it because of statutory retention periods or other circumstances, we will restrict the processing work.

Dresden conference center

The Controller in the sense of Article 4 Para. 7 of the EU’s General Data Protection Regulation (GDPR) is Flughafen Dresden GmbH, Flughafenstrasse, 01109 Dresden, info(at)dresden-airport(dot)de. You can contact our data protection officer at datenschutz(at)dresden-airport(dot)de or send a letter to the “Data Protection Officer” at the aforementioned address. 

 

We collect and process your data in order to initiate and complete a business relationship or for a pre-contractual relationship or for other enquiries. You only need to make available the data that is necessary for this or the data that we must collect for statutory reasons. Without this data, we will not normally be able to conclude or perform the agreement or answer your enquiries. This may also refer to data that is necessary at a later date as part of the business relationship. If we request any data beyond this, you will be informed that its disclosure is voluntary.

a) Purposes to conclude an agreement or for pre-contractual measures (Article 6 Para. 1 b of the GDPR)

The processing of personal data takes place to perform our agreements with you and complete your orders or to perform measures and activities as part of pre-contractual relationships, e.g. with interested parties. The processing work therefore particularly serves to provide the services in line with your orders and wishes and covers the services, measures and activities that are necessary for this. They largely include the communications with you related to the agreement, the verifiability of transactions, orders and other arrangements or for quality control purposes through appropriate documentation, measures to control and optimise business processes, compliance with the general obligations to exercise care or for management and control by associated companies (e.g. the parent company), if this is necessary as part of the pre-contractual relationship or to satisfy the contractual arrangements.

b) Purposes as part of a legitimate interest for us or for third parties (Article 6 Para. 1 f of the GDPR)

We may process your data beyond actually performing the agreement or preliminary contract too if it is necessary to maintain our legitimate interests or those of third parties. These purposes may involve, for example:

- advertising or market or opinion research, provided that you have not objected to the use of your data for this; you can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”;

- statistical assessments or market analysis;

- the restricted storage of the data, if deletion is not possible because of the special type of storage or only with a disproportionate degree of effort and expense;

- building and equipment safety (e.g. through access checks and video monitoring), if this goes beyond the general obligations to exercise care.

You have a right to object to any processing on the basis of a legitimate interest. You can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

 

c) Purposes to fulfil statutory provisions (Article 6 Para. 1 c of the GDPR) or if they are in the public interest (Article 6 Para. 1 e of the GDPR)

Any processing of your personal data can also take place for the purpose of fulfilling statutory provisions (Article 6 Para. 1 c of the GDPR) or if it is in the public interest (Article 6 Para. 1 e of the GDPR). This may involve statutory requirements (e.g. commercial and tax laws), but also supervisory provisions or those imposed by other public authorities.

You have a right to object to any processing on the basis of Article 6 Para. 1 e of the GDPR. . You can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

 

Types of data:

The data about you, which we process, may particularly involve the following:  

- personal data (e.g. your name, profession/sector and comparable data);

- contact data (e.g. your address, e-mail address, phone number and comparable data);

- address data (e.g. your registration data and comparable data);

- payment data.

The data is sent to the internal offices or organisational units within our company, which require the data to meet our contractual or statutory obligations or as part of processing and implementing our legitimate interest. Data is only passed on to outside organisations:

- in conjunction with handling the agreement;

- for the purposes of fulfilling statutory provisions;

- if we are obliged to disclose, register or pass on data or forwarding the data is in the public interest (cf. section c));

- if outside service companies are processing data as a contract processor on our behalf (e.g. external data centres, support/maintenance of computer/IT applications, archiving, processing receipts, data destruction, purchasing/procurement, data disposal companies, courier services, logistics);

- because of our legitimate interest or the legitimate interest of the third party for the purposes mentioned in section b) (e.g. companies within the corporate group, committees and supervisory bodies).

 

How long your data is stored

We process and store your data throughout the duration of our business relationship. This also includes preparing the way for an agreement (pre-contractual legal relationship) and handling an agreement.

We are also subject to various retention and documentation obligations, some of which arise from the Commercial Code and the Tax Code. The retention or documentation periods prescribed in these documents continue for up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Special statutory provisions may require a longer retention period, e.g. when maintaining evidence as part of the statutory period of limitation provisions. The normal statutory period of limitations is three years according to Sections 195ff in the German Civil Code, but statute of limitation periods of up to 30 years may also apply.

If the data is no longer necessary to meet contractual or statutory obligations and rights, it is regularly deleted, unless its – restricted – further processing is necessary to meet the purposes listed under b) arising from an overriding legitimate interest. This kind of overriding legitimate interest exists, if, for example, deletion is not possible because of the special type of storage or only with a disproportionate degree of effort and expense and any processing for other purposes is excluded because of suitable technical and organisational measures.

 

Your data processed in a third country or by an international organisation

Data is only passed on to offices in countries outside the European Union (EU) or the European Economic Area (EAA), so-called third countries, if this is prescribed in law to perform an order/agreement by or with you (e.g. tax law notification requirements), if it affects our legitimate interest or that of a third party or if you have provided your consent for this.

The processing of your data in a third country may also take place in conjunction with making use of service companies in the form of contract processing. If the EU Commission has not decided that an appropriate level of data security exists in the country involved, we will guarantee through relevant agreements that your rights and liberties are protected and guaranteed appropriately. We can make the relevant detailed information available to you on request.

You may ask for information about the suitable or appropriate guarantees and the possibility of obtaining a copy of them by sending a request to the company’s data protection officer.

 

Rights of data subjects

(1) You have the following rights with us with regard to the personal data that concerns you:

  • the right to information,
  • the right to correction or deletion,
  • the right to have the processing work restricted,
  • the right to object to the processing work,
  • the right to data portability.

(2) You also have the right to complain to a data protection supervisory body about the way that we are processing your personal data.

Leipzig/Halle Airport conference center

The Controller in the sense of Article 4 Para. 7 of the EU’s General Data Protection Regulation (GDPR) is Flughafen Leipzig/Halle GmbH, Terminalring 11, 04435 Flughafen Leipzig/Halle, info(at)leipzig-halle-airport(dot)de. You can contact our data protection officer at datenschutz(at)leipzig-halle-airport(dot)de or send a letter to the “Data Protection Officer” at the aforementioned address. 

 

We collect and process your data in order to initiate and complete a business relationship or for a pre-contractual relationship or for other enquiries. You only need to make available the data that is necessary for this or the data that we must collect for statutory reasons. Without this data, we will not normally be able to conclude or perform the agreement or answer your enquiries. This may also refer to data that is necessary at a later date as part of the business relationship. If we request any data beyond this, you will be informed that its disclosure is voluntary.

a) Purposes to conclude an agreement or for pre-contractual measures (Article 6 Para. 1 b of the GDPR)

The processing of personal data takes place to perform our agreements with you and complete your orders or to perform measures and activities as part of pre-contractual relationships, e.g. with interested parties. The processing work therefore particularly serves to provide the services in line with your orders and wishes and covers the services, measures and activities that are necessary for this. They largely include the communications with you related to the agreement, the verifiability of transactions, orders and other arrangements or for quality control purposes through appropriate documentation, measures to control and optimise business processes, compliance with the general obligations to exercise care or for management and control by associated companies (e.g. the parent company), if this is necessary as part of the pre-contractual relationship or to satisfy the contractual arrangements.

b) Purposes as part of a legitimate interest for us or for third parties (Article 6 Para. 1 f of the GDPR)

We may process your data beyond actually performing the agreement or preliminary contract too if it is necessary to maintain our legitimate interests or those of third parties. These purposes may involve, for example:

- advertising or market or opinion research, provided that you have not objected to the use of your data for this; you can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”;

- statistical assessments or market analysis;

- the restricted storage of the data, if deletion is not possible because of the special type of storage or only with a disproportionate degree of effort and expense;

- building and equipment safety (e.g. through access checks and video monitoring), if this goes beyond the general obligations to exercise care.

You have a right to object to any processing on the basis of a legitimate interest. You can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

 

c) Purposes to fulfil statutory provisions (Article 6 Para. 1 c of the GDPR) or if they are in the public interest (Article 6 Para. 1 e of the GDPR)

Any processing of your personal data can also take place for the purpose of fulfilling statutory provisions (Article 6 Para. 1 c of the GDPR) or if it is in the public interest (Article 6 Para. 1 e of the GDPR). This may involve statutory requirements (e.g. commercial and tax laws), but also supervisory provisions or those imposed by other public authorities.

You have a right to object to any processing on the basis of Article 6 Para. 1 e of the GDPR. . You can find more information about this in the relevant tab entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”.

 

Types of data:

The data about you, which we process, may particularly involve the following:  

- personal data (e.g. your name, profession/sector and comparable data);

- contact data (e.g. your address, e-mail address, phone number and comparable data);

- address data (e.g. your registration data and comparable data);

- payment data.

The data is sent to the internal offices or organisational units within our company, which require the data to meet our contractual or statutory obligations or as part of processing and implementing our legitimate interest. Data is only passed on to outside organisations:

- in conjunction with handling the agreement;

- for the purposes of fulfilling statutory provisions;

- if we are obliged to disclose, register or pass on data or forwarding the data is in the public interest (cf. section c));

- if outside service companies are processing data as a contract processor on our behalf (e.g. external data centres, support/maintenance of computer/IT applications, archiving, processing receipts, data destruction, purchasing/procurement, data disposal companies, courier services, logistics);

- because of our legitimate interest or the legitimate interest of the third party for the purposes mentioned in section b) (e.g. companies within the corporate group, committees and supervisory bodies).

 

How long your data is stored

We process and store your data throughout the duration of our business relationship. This also includes preparing the way for an agreement (pre-contractual legal relationship) and handling an agreement.

We are also subject to various retention and documentation obligations, some of which arise from the Commercial Code and the Tax Code. The retention or documentation periods prescribed in these documents continue for up to ten years beyond the end of the business relationship or the pre-contractual legal relationship.

Special statutory provisions may require a longer retention period, e.g. when maintaining evidence as part of the statutory period of limitation provisions. The normal statutory period of limitations is three years according to Sections 195ff in the German Civil Code, but statute of limitation periods of up to 30 years may also apply.

If the data is no longer necessary to meet contractual or statutory obligations and rights, it is regularly deleted, unless its – restricted – further processing is necessary to meet the purposes listed under b) arising from an overriding legitimate interest. This kind of overriding legitimate interest exists, if, for example, deletion is not possible because of the special type of storage or only with a disproportionate degree of effort and expense and any processing for other purposes is excluded because of suitable technical and organisational measures.

 

Your data processed in a third country or by an international organisation

Data is only passed on to offices in countries outside the European Union (EU) or the European Economic Area (EAA), so-called third countries, if this is prescribed in law to perform an order/agreement by or with you (e.g. tax law notification requirements), if it affects our legitimate interest or that of a third party or if you have provided your consent for this.

The processing of your data in a third country may also take place in conjunction with making use of service companies in the form of contract processing. If the EU Commission has not decided that an appropriate level of data security exists in the country involved, we will guarantee through relevant agreements that your rights and liberties are protected and guaranteed appropriately. We can make the relevant detailed information available to you on request.

You may ask for information about the suitable or appropriate guarantees and the possibility of obtaining a copy of them by sending a request to the company’s data protection officer.

 

Rights of data subjects

(1) You have the following rights with us with regard to the personal data that concerns you:

  • the right to information,
  • the right to correction or deletion,
  • the right to have the processing work restricted,
  • the right to object to the processing work,
  • the right to data portability.

(2) You also have the right to complain to a data protection supervisory body about the way that we are processing your personal data.

 

Visits to the website

Gathering personal data when you visit our website

If you only use our website for information purposes, i.e. if you do not register or send us any other information, we only gather the personal data that your browser sends to our server. If you wish to view our website, we gather the following data, which is technically essential for us so that we can display our website for you and guarantee its stability and reliability (the legal basis is Article 6 Para. 1 Sentence 1 (f) of the GDPR – please bear in mind the section on this topic entitled “CANCELLING OR OBJECTING TO THE PROCESSING OF YOUR DATA”

  • The IP address
  • The date and time of the enquiry
  • The time zone difference in terms of Greenwich Mean Time (GMT)
  • The content of the request (specific page)
  • The access status/HTTP status code/li>
  • The amount of data transferred in each case
  • The website, from which the request comes
  • The browser
  • The operating system and its user interface
  • The language and version of the browser software
  • Cookies – you can find more information about them in the relevant section entitled “COOKIES”

Cancelling or objecting to the processing of your data

1. Cancellation

If you have granted your consent to have your data processed, you can cancel it at any time. This kind of cancellation, however, does not affect the legitimacy of the processing work on your personal data until you have sent us your cancellation. The legitimacy of any processing work that has taken place up to this time is not affected by your cancellation.

2. Objection

(1) If we base the processing of your personal data on a balancing of interests, you can lodge an objection to the processing work. If you make use of this kind of objection, we would ask you to outline the reasons why we should not continue to process your personal data as we have done in the past. If your objection is justified, we will check the circumstances and will either halt the processing of your data or adapt it or indicate to you our mandatory reasons that need to be protected, on the basis of which we will continue to process the information.

(2) You can naturally object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can inform us of your objection to advertising by using the following contact data:

Contact:
Mitteldeutsche Flughafen AG
Data Protection Officer
Terminalring 11
04435 Flughafen Leipzig/Halle
Mail: datenschutz(at)mdf-ag.com

Legally binding version

The German version of the data protection stipulations is legally binding.