Data Protection information

Who is the controller?

Deutsche Lufthansa AG (Venloer Straße 151-153, 50672 Cologne, Germany), Swiss International Air Lines AG (Malzgasse 15, 4052 Basel, Switzerland), Austrian Airlines AG (Office Park 2, Postbox 100, 1300 Vienna Airport, Austria), wishes to inform you below of how your personal data are processed within the context of our offerings. These offers can be directly accessed via www.pre-flight-shopping.com (“website”).

The airlines mentioned jointly operate the website. The airline through which the flight ticket was purchased is responsible for processing the data.

When we refer to Lufthansa Group airlines below, this means the airlines Lufthansa, SWISS, Austrian Airlines. The Lufthansa Group includes Lufthansa Group Airlines as well as the other companies of the Lufthansa corporation.

Whom can I contact?

If you have any further queries regarding data protection in connection with our website or the services offered there, please contact our data protection officer:

Group Data Protection Officer for the Lufthansa Group
Deutsche Lufthansa AG
E-Mail: 027021059029047057025035061059071000027043035001027029

Deutsche Lufthansa AG
Data Disclosure
FRA CJ/D
60546 Frankfurt
Germany
E-Mail: 027021059029047021061057041061047031059000027043035001027029

Swiss International Air Lines Ltd.
Company Data Protection Officer
ZRHS/CJ
P.O. Box
8058 Zürich Airport
Switzerland
E-Mail: 027021059021051055049059029025059037049047000057065037057057001025049045

Austrian Airlines AG
Legal Office – Privacy Policy
Office Park 2
P.O. Box 100
1300 Vienna Airport
Austria
Contact formular

If you contact us via email, the communication is unencrypted.

Why do we process your data (purpose of the processing) and on what legal foundation?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG).

We process personal data to fulfil our contractual obligations as per Article 6 Paragraph 1 Subparagraph 1(b) GDPR. This includes in particular:

  • Reservation of meals from the Onboard Delights, SWISS Saveurs and Austrian Melangerie buy-on-board offer,
  • Business class meal reservations.

Based on your consent, we process your data in accordance with Article 6 Paragraph 1 Subparagraph 1(a) GDPR for specific purposes, in particular:

  • to show targeted information and offers,
  • for analytical purposes so that we can optimise our offer for you.

Any consent given can be withdrawn at any time. This also applies to the withdrawal of declarations of consent given to us before the GDPR came into force, in other words, prior to 25/05/2018. Withdrawal of consent has effect for the future only and does not affect the lawfulness of data processed until the withdrawal.

In addition, we process your data to protect our legitimate interests in accordance with Art. 6(1), subparagraph 1(f) GDPR

  • so that we can ensure the security and functionality of this website.

What data do we process when you visit our website?

You can use our website without directly providing any personal data (such as your name or email address), but in this case it is not possible to make a reservation.

1 Required personal information

In order to make a reservation, the following data is collected:

  • First and last name (to identify the passenger),
  • Booking code or ticket number (to identify the flight booking),
  • E-mail address (to send the reservation confirmation).

2 Analytical methods

We use certain analytical methods on our website. The methods are explained below.

2.1 Logfiles

When you visit our website, our internet server automatically records the domain name or IP address of the requesting computer, as well as the date and time of access, client file request (file name and URL), HTTP response code, browser type, the website from which you are visiting and the number of bytes transferred in the course of the connection. These data are deleted as soon as you end your visit to our website. For legal purposes - particularly detecting misuse and identifying and resolving technical malfunctions - we save the logfiles from your web server and application server, including your IP address, for 90 days.

2.2 Cookies / Web Beacons

Like many well-known companies, we use so-called cookies and web beacons to design our offering in the most user friendly way possible.

„Cookies“ are small files that a web server (e.g. the web server on www.pre-flight-shopping.com sends to your browser when you visit a website. So-called „session cookies“ expire at the end of the browser session and can record your activities during this session. In contrast, „permanent cookies“ are also stored on your end device between different browser sessions and can record your settings or activities on several websites.

Depending on your browser settings, the cookie file will either be saved or rejected. If the file is saved, our web server can recognise your end device. Cookies can also help us to offer you an individualised and relevant surfing experience if you grant your consent to this.

Your browser may already be configured in such a way that a warning message is displayed each time it receives a cookie. This notification can be very disruptive, as the identification cookie must be resent every time you access each individual page of our website. We therefore recommend that you configure your browser so that cookies from www.pre-flight-shopping.com are always accepted. You can specify this setting for individual websites.

2.3 Cookie Categories

2.3.1 Necessary cookies

Necessary cookies are used to manage the platform. They enable a smooth operation, e.g. delivering the correct answers to your requests and ensuring security features, such as avoiding any malicious use of the website. Necessary cookies cannot be disabled but you can delete them. The legal basis for the processing of these cookies is our legitimate interests pursuant to Art. 6(1), Subparagraph 1(f) GDPR.

We employ the following necessary cookies:

  • Cookie name:
    JSESSIONID

    Purpose:
    Identification of browser session

    Business Address
    Privacy Policy:

    Miles & More GmbH
    MAC Main Airport Center
    Unterschweinstiege 8
    60549 Frankfurt

    privacy policy:
    https://www.worldshop.eu/en/page/privacy

    Type:
    First party

    Retention period:
    session

  • Cookie name:
    CHECK4COOKIES

    Purpose:
    Check if browser supports cookies

    Business Address
    Privacy Policy:

    Miles & More GmbH
    MAC Main Airport Center
    Unterschweinstiege 8
    60549 Frankfurt

    privacy policy::
    https://www.worldshop.eu/en/page/privacy

    Type:
    First party

    Retention period:
    24 hours

  • Cookie name:
    COOKIES

    Purpose:
    Store cookie permission as selected by customer

    Business Address
    Privacy Policy:

    Miles & More GmbH
    MAC Main Airport Center
    Unterschweinstiege 8
    60549 Frankfurt

    privacy policy:
    https://www.worldshop.eu/en/page/privacy

    Type:
    First party

    Retention period:
    1 year

  • Cookie name:
    Vr1c5TDwm3iPGgFQ4V3s

    Purpose:
    technical cookie that the load balancer uses to control session persistency

    Business Address
    Privacy Policy:

    noris network AG
    Thomas-Mann-Straße 16 - 20
    90471 Nürnberg

    privacy policy
    https://www.noris.de/en/service/data-protection/

    Type:
    third-party cookie

    Retention period:
    Session

2.3.2 Analytics cookies

In this category we process your data based on your consent pursuant to Art. 6(1), Subparagraph. 1(a) GDPR, which you have given us by making your selection in the Consent Manager. Any consent given can be withdrawn at any time in the Consent Manager.

We use these cookies to:

  • Monitor website traffic and optimize your user experience
  • Analyse aggregated data about usage of the website to understand our customers.

Please find the detail below:

  • Cookie name:
    _et_coid

    Purpose:
    Cookie recognition

    Business Address
    Privacy Policy:

    etracker GmbH
    Erste Brunnenstraße 1
    20459 Hamburg

    privacy policy:
    Data Privacy Statement - etracker

    Type:
    third-party cookie

    Retention period:
    2 years

  • Cookie name:
    isSdEnabled

    Purpose:
    Detection of whether the scroll depth is measured for the visitor.

    Business Address
    Privacy Policy:

    etracker GmbH
    Erste Brunnenstraße 1
    20459 Hamburg

    privacy policy:
    Data Privacy Statement - etracker

    Type:
    third-party cookie

    Retention period:
    24 hours

  • Cookie name:
    BT_sdc

    Purpose:
    Contains Base64-encoded data of the current visitor session (referrer, number of pages, number of seconds since the start of the session, smart messages displayed in the session), which is used for personalization purposes.

    Business Address
    Privacy Policy:

    etracker GmbH
    Erste Brunnenstraße 1
    20459 Hamburg

    privacy policy:
    Data Privacy Statement - etracker

    Type:
    third-party cookie

    Retention period:
    Duration of the session

  • Cookie name:
    BT_pdc

    Purpose:
    Contains Base64 encoded visitor history data (is customer, newsletter recipient, visitor ID, smart messages displayed) for personalization.

    Business Address
    Privacy Policy:

    Miles & More GmbH
    MAC Main Airport Center
    Unterschweinstiege 8
    60549 Frankfurt

    privacy policy:
    https://www.worldshop.eu/en/page/privacy

    Type:
    third-party cookie

    Retention period:
    1 year

Further information on the use of cookies and how you can deactivate them can be found at https://www.ddow.de/ (in german) or youronlinechoices.com.

Web beacons are small graphic files (also described as „pixel tags“ or „clear GIFs“), which may be contained in our websites, applications and newsletters. They are generally set in conjunction with cookies to identify users and user behaviour. The preceding statements about cookies apply likewise to web beacons. In particular, web beacons will not be used if you have deactivated the corresponding cookie.

2.4 Web analysis with etracker

We use services provided by etracker GmbH (Hamburg, Germany) on our website to analyse usage data (www.etracker.com). Cookies make it possible to undertake a statistical analysis of the use of this website by visitors and to display usage-orientated content or advertising. Please note that etracker cookies do not contain any information that could be used to identify a user.

etracker only processes and stores the data it collects on behalf of the provider of this website in Germany and is therefore subject to the stringent German and European data privacy laws and standards. In this regard, etracker has been independently audited, certified and awarded the ePrivacyseal, a data privacy seal of approval.

As the private sphere of our visitors is particularly important to us, their IP addresses are anonymised by etracker at the earliest point in time possible, and login or device identifiers are converted to a code that is unique but cannot be assigned to an individual. etracker does not use this data in any other way, combine it with other data or pass it on to third parties.

2.5 Links and data collection on third party websites

You may be directed via links on our website to third-party websites that are not operated by us. For example, they may be websites operated by partner companies where you can find information about products and services. We have no influence over the collection, processing and use of your personal data on such third party websites. This is performed by the providers of the relevant website. Please therefore read the terms of use and privacy policies for these websites for more specific information on how they collect, process and use (personal) information.

What personal data do you have to provide?

For statutory or contractual requirements, we have indicated in the input masks on our website the fields that you must complete so that we can execute the desired contract or service.

For how long will your data be stored?

Your personal data is erased after 90 days, as soon as it is no longer required for the purposes stated. However, if necessary, we must continue to store your data until the retention periods and deadlines expire, set by the legislator or supervisory authorities, which may arise from the German Commercial Code (Handelsgesetzbuch), Tax Code (Abgabenordnung) or Money Laundering Act (Geldwäschegesetz). These generally amount to six to ten years. We may also retain your data until the statutory limitation periods have expired (usually three years, but up to 30 years in some cases), provided that this is necessary for the establishment, exercise or defence of legal claims. After that, the relevant data are routinely erased.

Who receives your data?

In the context of the data processing above and the respective legal bases given (contract performance, legitimate interests, consent or processing obligations under law), your data may be passed on to the following categories of recipients:

  • Lufthansa Group airlines 
  • vicarious agents, e.g. service providers for ground handling services and other additional related services
  • Miles & More GmbH as operator of the website
  • etracker GmbH as a service provider for web analytics
  • noris network AG as an infrastructure service provider (provision of the website)

What are your data protection rights?

Lufthansa is committed to ensuring fair and transparent processing. That is why it is important to us that persons concerned can not only exercise their right to object but also to exercise the following rights where the respective legal requirements are satisfied:

  • Right to information, Art. 15 of the GDPR
  • Right to rectification, Art. 16 GDPR
  • Right to erasure (“right to be forgotten”), Art. 17 GDPR
  • Right to restriction of processing, Art. 18 GDPR
  • Right to data portability, Art. 20 GDPR
  • Right to object, Art. 21 of the GDPR

If you wish to exercise your right, you can contact us at the addresses provided in the “Who can I contact” section.

Please provide the following details so that we can identify you:

  • Name
  • Postal address
  • Email address and optionally: customer number or booking code or ticket number

If you send us a copy of your ID, please black out all other information apart from your first and last name and address.

In order to be able to process your request, as well as for identification purposes, please note that we will use your personal data in accordance with Art. 6 para. 1 (c) of the GDPR.

You also have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in combination with Section 19 GDPR.

For Lufthansa:

The Officer for Data Protection and Freedom of Information of the State of Hesse, Postfach 3163, 65021 Wiesbaden, datenschutz.hessen.de

For SWISS International Air Lines:

Federal Data Protection and Information Commissioner, Feldeggweg 1, 3003 Bern, www.edoeb.admin.ch

For Austrian Airlines:

Austrian data protection authority, Barichgasse 40-42, 1030 Wien, www.dsb.gv.at

Information about your right to object pursuant to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Article 6 (1) (e) or (f) of the GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data that relates to you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or in case processing is necessary for the establishment, exercise or defence of legal claims.

If personal data that relates to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data that relates to you shall no longer be processed for such purposes.

You have the option of exercising your right of objection in connection with the use of the services of the information company using an automated procedure - notwithstanding Directive 2002/58/EC - in which technical specifications are used.