Privacy Notice

Fraport AG Frankfurt Airport Services Worldwide ("Fraport", "we", "us"), with its registered office in Frankfurt am Main, Germany, is the data controller for the processing of personal data relating to you.

Fraport AG Frankfurt Airport Services Worldwide

60547 Frankfurt am Main

Executive Board: Dr Stefan Schulte (Chairman), Anke Giesen, Julia Kranenberg, Dr Pierre Dominique Prümm, Dr Matthias Zieschang

Frankfurt am Main Local Court, HRB 7042

Phone: +49 69 690-0

Mail: info@fraport.de

Contact details of the data protection officer: You can reach Fraport's data protection officer at datenschutz@fraport.de.

1.2. Scope

This data protection declaration applies to the websites operated by Fraport at www.frankfurt-airport.de and www.frankfurt-airport.com, the corresponding (mobile) web services and the services and functions offered via these websites:

Travel homepage (frankfurt-airport.com)
The travel homepage informs website visitors about what Frankfurt Airport has to offer, such as flights, restaurants, shops and the other infrastructure of Frankfurt Airport.
Online trading platform (shop.frankfurt-airport.com)
On the online trading platform, goods and services of traders located at Frankfurt Airport are offered for sale, including delivery of the goods within Germany. Purchases can be made as a guest or as a registered customer.
Parking Webshop (parken.frankfurt-airport.com)
Users can reserve and pay for parking spaces at Frankfurt Airport for the period of their choice via the Parking Webshop. The contract can be processed as a guest or as a registered user.
Service Shop (serviceshop.frankfurt-airport.com)
In the Service Shop you can purchase services offered at Frankfurt Airport.
Fraport Conference Center
The Fraport Conference Center offers services relating to meeting and conference facilities.
Visitor Services
Visitor Services offers airport tours and operates the Visitor Terrace in Terminal 2 and the Visitor Centre in Terminal 1. Tickets for the services can be booked via the website.
VIP services (vip.frankfurt-airport.com)
The VIP service offers you exclusive assistance for departure, arrival or transfer at Frankfurt Airport.
The user account "Fra-ID" (account.frankfurt-airport.com)
Fraport allows you to create a user account. This user account allows you to centrally manage your purchases, reservations and entered data. You can regularly use the services described above without having to register or identify yourself
The offer platform (pass.frankfurt-airport.com) is part of the user account and offers vouchers for download for fully registered Fra-ID holders. These can be redeemed at various shops on the site.

1.3. Third-party offers

In addition, Fraport includes links to third-party websites or content on some websites, for example YouTube or the lost property office site operated by FraAlliance GmbH. These are third-party offers, which Fraport will make clear to you at the appropriate point. For these offers, the website or offer provider's own separate data protection regulations regularly apply. In these cases, please refer to the information on the corresponding websites or within the corresponding offers for the corresponding data protection information.

2. Glossary - Definitions of terms

We want our privacy policy to be readable and understandable for the public, but also for our customers. To ensure this, we would first like to explain some of the terms used by the European legislator in the context of the General Data Protection Regulation (GDPR).

2.1. Personal Data

Personal data is any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is a person who can be identified, directly or indirectly, by reference to, for example, a name, address details, identification number such as a vehicle registration number, account details, etc., or to one or more particular characteristics of a physical, physiological, genetic, mental, economic, cultural or social nature.

2.2. Processing

Processing is any operation performed with or without the aid of automated procedures in relation to personal data, such as collection, recording, extraction, consultation and use. It also includes disclosure by transmission, dissemination or any other form of making available, alignment, combination, restriction or erasure or destruction.

2.3. Profiling

Profiling is any type of automated processing of personal data which consists of using that personal data to analyze or predict certain personal aspects relating to a natural person, to include aspects relating to that natural person's performance at work, economic situation, personal preferences, health, interests, behavior, location or change of location.

2.4. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

3. General information on data collection and processing when using our services

Fraport processes personal data of website visitors to the extent that this is actually necessary for the provision of a functional website, the website content and for the fulfilment of the desired service and contract performance.

3.1. Purpose

Fraport processes your personal data for the purpose of providing the requested services. The specific personal data processed in the context of your requested service can be found under the relevant service in section IV of this data protection declaration.

3.2. Legal basis

Insofar as Fraport has obtained the consent of the data subject for the processing of personal data, Article 6 (1), sentence 1 a) of the DSGVO shall apply as the legal basis.

If the processing of personal data is necessary for the performance of a contract with the data subject or for pre-contractual measures initiated by the data subject, Article 6(1)(b) DSGVO serves as the legal basis.

If the data processing is the result of a legal obligation to which we are subject, Fraport relies on Article 6 (1) c) of the GDPR as the legal basis.

Insofar as the processing of personal data is necessary to protect the legitimate interests of Fraport or a third party - without jeopardising the interests, fundamental rights or freedoms of the data subject - Article 6 (1), sentence 1 f) DSGVO applies as the legal basis.

3.3. Data transfer to third parties

Data is only passed on if this is necessary for the performance of the contract or to protect the legitimate interests of Fraport. This is the case, for example, if we commission companies (such as technical service providers, travel service providers, logistics service providers) with the performance of corresponding services in order to enable the performance, operation, security and availability of our services.

If, for example, you book travel services (e.g. flight or hotel offers) or order other services (e.g. tours or airport visits) via a booking mask included in our services, we collect the data necessary to fulfill your booking request and implementation and pass this on to third parties (e.g. airlines, travel agencies, etc.) to the extent necessary to fulfill your request. In individual cases, further data protection conditions may apply to these services and related services provided by third parties (e.g. data processing by an airline). For details, please refer to the information provided by the respective providers.

We also pass on data to third parties if we are legally obliged to do so (e.g. in the case of official enquiries).

3.4. Storage and deletion of data

All personal data that Fraport collects and stores is automatically deleted as soon as the purpose for collecting it has been fulfilled and there is no legal obligation to continue storing it. We delete or anonymise your data as soon as the legally required retention period has expired. The specific storage periods for the corresponding services you have used can be found in the specific descriptions of data processing under section IV of this data protection declaration.

3.5. Obligation to provide personal data

The collection of your personal data is indispensable for the conclusion of a contract as well as for the fulfilment of your enquiry, service and/or contractual obligations. If you do not provide us with the requested information, neither the fulfilment of your request, a successful conclusion of a contract nor further services will be possible. You voluntarily provide us with personal data that is neither required by law nor necessary for the performance of the contract for the provision and use of the services you have selected.

3.6. Automated decision-making and profiling

You are not subject to a decision based solely on automated processing - including profiling - as a result of the processing of your data.

3.7. Data security

Protecting the information you give us or that we receive about you is a top priority for us. Our websites use the widely used SSL (Secure Socket Layer) procedure in conjunction with the highest level of encryption supported by your browser (usually 256-bit encryption). If your browser does not support this encryption, 128-bit v3 technology is used. You can tell whether the contents of our website are transmitted in encrypted form by the fact that a key or lock symbol is displayed in the lower status bar of your browser.

The SSL certificates are issued by Entrust Certification Authority - L1K.

Fraport also uses suitable technical and organisational security measures to prevent accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties as far as possible. Fraport continuously adapts these measures in line with technological developments.

4. Your data subject rights

As a data subject within the meaning of the GDPR, you are entitled to assert the following rights vis-à-vis Fraport at datenschutz@fraport.de. These are the right to information, the right to correction, the right to deletion, the right to restriction of processing, the right to object and, in certain cases, a right to data portability. Finally, you have the right to lodge a complaint with a competent supervisory authority if you believe that the processing of personal data concerning you violates data protection law (for Hesse, this is the Hessian Commissioner for Data Protection and Freedom of Information in Wiesbaden, www.datenschutz-hessen.de).

4.1. Declarations of consent can be revoked at any time

If you have given us consent for certain data processing pursuant to Art. 6 (1) a) DSGVO or Art. 9 (2) a) DSGVO, you are entitled to revoke this consent at any time in writing to Fraport AG at datenschutz@fraport.de without affecting the lawfulness of the processing carried out on the basis of the consent until the revocation.

4.2. Right to information

You have the right to request confirmation from Fraport as to whether it is processing personal data relating to you. You can also request information about the personal data processed. If you request this, the controller must provide you with further information about the data processing as specified in Article 15 of the GDPR.

4.3. Right to rectify inaccurate personal data

You have the right to demand that Fraport immediately correct any inaccurate personal data relating to you and/or complete any incomplete personal data.

4.4. Right to erasure of personal data

You have the right to request Fraport to delete personal data relating to you without delay if it is no longer required for the purposes pursued. Art.17 DSGVO also provides for other reasons that give you the right to have the personal data relating to you deleted.

4.5. Right to restriction of data processing

Article 18 of the GDPR regulates certain situations in which you have the right to request a restriction of data processing. This applies in particular in the event that you object to the processing of personal data relating to you. For the duration of the review, you can make use of your right to restriction of data processing in accordance with Art.18 DSGVO.

4.6. Right to data portability

Under the conditions of Art. 20 DSGVO, you have the right to data portability. This includes the right to receive personal data relating to you that you have provided to Fraport in a structured, common and machine-readable format and the right to transfer this data to other data controllers without hindrance. Where technically feasible, you may also request that the data be transferred directly to another controller.

4.7. Right to lodge an objection at any time

In addition to the aforementioned right to withdraw consent given to Fraport at any time, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1), sentence 1 e) or f) DSGVO; this also applies to profiling based on these provisions. The personal data will then no longer be processed by Fraport unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms. Even if the processing serves the assertion, exercise or defence of legal claims, Fraport may continue to process personal data relating to you.

4.8. Possibility of objection in the case of direct advertising

You may object to the use of your personal data for direct marketing purposes at any time by contacting Fraport AG, Frankfurt Airport, 60547 Frankfurt am Main, Germany, or at datenschutz@fraport.de, even if and to the extent that such use is based on a legitimate interest of Fraport.

5. Purposes of processing - Fraport processes your personal data for the following purpose

5.1. Data processing in the context of contact requests for services or other concerns

You can contact Fraport via our website in various ways. For example, via contact forms on the respective service websites, e-mail or by calling one of our service numbers. Our customer service is available for all questions regarding shops and gastronomy, online orders via the online trading platform at service@frankfurt-airport-shops.com or 069-79540540, and for car park bookings at parken.online@fraport.de.

If you make use of these options for an enquiry, the personal data contained in the input mask of the contact form or stated in your e-mail to us or during a telephone call will be stored. Fraport only uses the processing of your personal data from an input mask, e-mail or telephone call to process your enquiry.

The legal basis for the processing of data when contacting us via the contact form is the consent of the user in accordance with Art.6 Para.1 a) DSGVO. You give your consent to the processing of the data during the submission process of the contact form. You can revoke your consent to the processing of personal data at any time. In such a case, the conversation, in particular the processing of an enquiry, cannot be continued. When contact is made by e-mail or telephone, Fraport has the necessary legitimate interest to collect the data for processing the enquiry and to store it in accordance with Art.6 para.1 f) DSGVO. Both points of contact are carried out by the same Fraport processor, with whom Fraport has concluded a processing agreement in accordance with Art. 28 DSGVO.

As a rule, no data is passed on to third parties unless this is absolutely necessary for the proper processing of your enquiry. This could be the case, for example, if you have a question about an order placed on the online trading platform and we need to forward your enquiry to the respective retailer with whom you have concluded a purchase contract for clarification. All personal data stored in the course of contacting us will be automatically deleted two months after the last contact.

5.2. Data processing for advertising purposes - newsletter, competitions, surveys, personalised advertising

Receipt of newsletters

We also offer you the opportunity to register (even without a customer account) on our websites for newsletters, such as the Frankfurt Airport B2C Retail Newsletter. If a newsletter for which you can register on our pages is not a newsletter for which Fraport is responsible, we will make this clear before registration.
We will only send newsletters if you have previously consented to receive them at the e-mail address you have provided. You can revoke your consent at any time free of charge to Fraport AG, Frankfurt Airport, 60547 Frankfurt am Main at datenschutz@fraport.de, by making settings in your customer account or by pressing the revocation link in any advertising mail received, with effect for the future, without the legality of the processing carried out on the basis of the consent up to the revocation being affected.

The legal basis for this data processing is Art.6 para.1a) DSGVO. After entering your e-mail address in the corresponding form, you will receive a notification e-mail from Fraport with a confirmation link. By clicking on this link, you confirm that you have actually ordered and wish to receive the newsletter. Only when you have clicked on this link you are entered in our distribution list for sending the e-mail newsletter (so-called double opt-in procedure). You give the following consent:

"By clicking the "Register" button, I consent to Fraport AG Frankfurt Airport Services Worldwide, 60547 Frankfurt am Main, collecting, storing and using the personal data I have provided here for the purpose of sending me the newsletter I have requested.
I would like to receive the Frankfurt Airport B2C Retail Newsletter from Fraport AG by e-mail. In this newsletter, I would like to be informed about offers, promotions and news concerning Frankfurt Airport. This includes shopping on site at Frankfurt Airport as well as online on the online retail platform, special offers for visitors and travellers such as parking facilities, conference offers, tours, etc. and information on new free as well as paid attractions.

I am aware that I have the right to revoke my consent at any time. I can do this in my customer account - if available - as well as via links at the end of each newsletter e-mail or by sending an e-mail to datenschutz@fraport.de. The revocation of consent does not affect the lawfulness of the processing of the above-mentioned personal data, which took place on the basis of the consent until its revocation; rather, the revocation of my consent only affects the future. If I refuse to give my consent or revoke my consent in the future, the newsletter/information e-mail to which I have subscribed can no longer be sent to me.

In addition, you can activate personalised newsletter tracking by clicking the checkbox when ordering the newsletter. You hereby give the following consent:

"I allow Fraport to record and evaluate my personal usage behaviour in the newsletter in order to better tailor the content to my personal interests and preferences. This also includes the analysis through individual measurement, storage and evaluation of opening rates and the click rates in recipient profiles for the purpose of designing future newsletters according to the interests of our readers. I am aware that I can revoke this consent at any time with effect for the future - if available - in the customer account as well as by means of links at the end of each e-mail."

When registering for a customer account and later in your account settings, you have the option of agreeing to receive certain types of newsletters and to be contacted by Fraport for customer satisfaction surveys, market surveys and opinion polls. By clicking on the checkbox, you consent to receiving the Fraport newsletters you have selected to your e-mail address. By activating the corresponding checkbox, you agree that Fraport may use your contact data as described above for customer care and advertising purposes.

Insofar as further declarations of consent are required for the implementation of advertising measures, the measures shall only be carried out after obtaining the corresponding consents. The right to use personal data (inter alia for the implementation of advertising measures) on the basis of legal permissions or separately obtained declarations of consent remains unaffected by the above declaration of consent or its revocation.

Raffles

If you register to participate in competitions organised by Fraport, we will use the data you provided during the respective registration for the purpose of conducting the competition, in particular to notify you of the prize in accordance with Art.6 para.1 b) DSGVO.

Only the data actually necessary for the execution of the competition, such as first name, surname and contact details, will be collected. Your personal data will be deleted immediately after the end of the competition, unless you have expressly given Fraport your consent to receive advertising, e.g. to your e-mail address, in accordance with Art.6 Para.1 a) DSGVO as part of your participation in the competition. In addition, we may send you vouchers, discounts, etc. to your e-mail address, provided that you have also expressly consented to such receipt in advance. For legal reasons, Fraport may not send you any such advantage offers/vouchers or newsletters without your express consent. Fraport will always inform you of the exact conditions of participation together with the respective competition.

Personalised advertising

Fraport is entitled to use stored data about you, e.g. the categories of goods purchased (e.g. "watches") or services purchased from us, for the personalisation of advertising materials (e.g. e mail, banners on the website). The data is used for this purpose exclusively in a highly pseudonymised form. Our aim is to send you advertising that is geared solely to your actual or perceived needs and accordingly not to bother you with useless advertising. The legal basis for this data processing is Art. 6 (1) f) DSGVO, provided that no cookies or tracking technologies are used. If cookies or tracking technologies are used, the use of your personal data for advertising purposes is based on the consent(s) given for this purpose (cf. Art. 6 para. 1 sentence 1 a) DSGVO and section 2 below).

Participation in surveys

You can voluntarily take part in surveys on our websites. We use the ‘Professional Analytics’ tool from Survalyzer AG, Technoparkstrasse, 18005 Zurich, Switzerland. Survalyzer AG acts as a processor for Fraport AG.

When you participate in a survey, we store your IP address and - if requested - the other personal data you enter (e.g. email address) on servers within the European Union. This data will be deleted immediately after the survey has been analysed. Your personal data will not be transferred to third parties. The legal basis for the processing of your personal data is Art. 6 (1) f) GDPR. Fraport has a legitimate interest in using the information you enter to record your opinion on the experience of your website visit or the use of services.

5.3. Data processing for the creation and management of the customer account

For the convenient administration of purchases made, bookings as well as individual settings for the receipt of newsletters and vouchers for all our services, website users have the option of setting up a central personal user account for the services mentioned in section I.

You can open the customer account either during a booking or purchase process via our services or without a purchase process at https://account.frankfurt-airport.com in various ways.

Types/categories of personal data

Create the account

Normal required account creation via email address:
When registering as part of the account creation process, we will ask you for your first name, last name, email address and ask you to set a password.

Registration with Facebook:
The "Facebook Login" service is offered in the EU by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. Depending on your personal data protection settings on Facebook and the information stored there, the general and publicly accessible information stored on the user's profile is transferred from Facebook to the user account when the Facebook Login is used. This includes: First name, last name, email address, profile picture. We do not transfer any personal data of the user from the customer account to Facebook Login. Nevertheless, Facebook becomes aware that your Facebook Login has been used to create an account or log in to your customer account on our website. For more information, please see Meta Platforms Ireland Limited's Terms of Use and Privacy Policy. (https://www.facebook.com/legal/terms?ref=pf)

Registration with Google:
Registration with Google is offered in the EU by Google Ireland Limited Gordon House, Barrow Street, Dublin 4, Ireland. Depending on the personal data protection settings at Google and the information stored there, the general and publicly accessible information stored on the user's profile is transferred to the user account by Google when the Google login is used. This includes: First name, last name, email address. Fraport does not transmit any personal data of the user from the customer account to Google. Nevertheless, Google will be aware that your Google login has been used to create an account or log in to your customer account on our website. Further information can be found in the terms of use and privacy policy of Google Ireland Limited (https://policies.google.com/privacy?hl=en).

Register with Apple:
"Sign up with Apple" is offered in the EU by Apple Distribution International Ltd,Hollyhill Industrial Estate, Hollyhill, Cork, Republic of Ireland. When you first sign up, Apple will only provide the following information: First name, last name, email address. Fraport does not transmit any personal data of the user from the customer account to Apple. However, Apple will know that your Apple login has been used to create an account or log in to your account on our website. For more information, please see the Apple Distribution International Ltd. terms of use and privacy policy (https://www.apple.com/de/legal/privacy)

Manage the account
The user can enter and edit their personal master data (first name, last name, Miles & More card number, date of birth, country, e-mail address) in the My Profile area.
In addition, the user can store any number of addresses and also delete them again. The address data entered there can then be used when booking the various services (e.g. the online trading platform) so that address data does not have to be entered there again. As part of the account management, the user can give Fraport permission to receive certain newsletters and newsletter tracking, as well as provide further details on individual preferences in order to receive advertising from Fraport that is tailored to the user.

If the user has made orders or digital bookings via the online trading platform, these can be viewed in his personal account and, depending on the case, also cancelled.

Orders on the online trading platform: The customer's order data (order number, billing address, e-mail address, ordered items) are displayed in the account. Furthermore, in the case of online purchases (delivery to one address), the customer can download the merchant's invoice as a pdf file and display the shipping address and tracking number of the parcel service provider.
Ordering parking space bookings: The customer's order data (see section "Parking space booking") is displayed in the account. In addition, the customer has the option in the self-service to resend his entry ticket and invoices.

Transmission to third parties

No personal data will be transmitted to third parties.

Legal basis

The collection and processing of personal data is based on Art. 6 (1) sentence 1 a) DSGVO. You have given us your consent to the processing of personal data by creating your customer account.

Location

All your personal data is stored in the EU. Your data is stored at the Fraport data centre in Frankfurt Main, the West Europe Azure Cloud and the Datacenter EU of our service provider SAP Deutschland SE, Hasso Plattner Ring, 69190 Walldorf.

Retention period and deletion:

Your personal data will be stored in the account until you delete the customer account.
Please note that Fraport will continue to store your contract or invoice data even after your account has been deleted in order to comply with statutory retention obligations.

6. Data processing for the execution & initiation of contracts

6.1. Purchase of goods or services via the online trading platform

When purchasing goods or services via the online trading platform, Fraport collects and processes your personal data for the purpose of executing the purchase contract in accordance with Art.6 para.1 sentence 1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Depending on the selected items or delivery methods (Click & Collect), you may be required to provide details of your flight.

Types/categories of personal data

Purchase of products and delivery to an address
In the case of delivery to a desired address, we collect from you a title, first and last name, e-mail address (for sending the necessary order e-mails), Miles & More service card number (optional) as well as address data for billing and delivery address (if different), data on the purchase (e.g., order number, invoice amount, item).

Reservation for our Click & Collect service as a passenger
If you order items as a passenger for your flight and would like to pick them up at Frankfurt Airport before your departure, we collect from you a title, first and last name, e-mail address (for sending the necessary order e-mails), reservation data (e.g., order number, invoice amount, item), Miles & More service card number (optional), and your flight information (flight date, departure time or arrival time, flight number, airline, gate, destination). We collect this information for your flight booking and check the transmitted details against an internal flight database operated by Fraport to determine the ideal pick-up location and pick-up time for your goods at Frankfurt Airport or to check the availability of goods at your departure gate.

Reservation for our Click & Collect service as a non-traveller
If you order items as a non-traveller (e.g. visitor to the airport), we will generally make the items available to you in the public area of the terminal before the security or border controls. For this purpose, we record a title, first and last name, e-mail address, Miles & More service card number (optional) and reservation data (e.g. order number, invoice amount, item).

In principle, we reserve the right to check whether your order meets the contractual requirements for reservations/purchases on the online trading platform (for example, commercial resales are prohibited).

If you have a customer account (see chapter "Creating and managing the customer account"), we will also save your address data entered in the checkout forms as a selectable address in the account - if you expressly wish to do so using the checkbox ("Save address in profile"). You can then conveniently select this address in the order process for further orders.

Transmission to third parties

To process your orders, your data (see above) will be transmitted to the respective retailer. If you have ordered from more than one retailer within one purchase, each retailer will only see those items that were purchased/reserved from them.

For delivery to your desired address, the seller forwards the delivery address to the logistics company or shipping partner commissioned by him.

Payment service provider

If a payment is necessary, this is made via independent third parties to whose website you are redirected to process the payment. Fraport itself does not make any payments. Credit card payments are processed by Payone GmbH, Germany. Payments with Paypal are processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b (purpose of the contract).

Location

Your data is stored on Amazon Web Services servers located in Frankfurt am Main, the Fraport data centre located in Frankfurt am Main and the West Europe Azure Cloud. If you have a customer account, your addresses will be stored in SAP's Datacenter EU.

Service provider

Omnevo GmbH, Kirchgasse 6, 65185 Wiesbaden operates the online trading platform and its underlying systems. Fraport has concluded an order processing agreement with the aforementioned service provider in accordance with Art. 28 DSGVO.

Retention period and deletion

We keep your personal data relating to your orders for six years due to the legal obligation to retain them and anonymise them on 31.12. of the sixth year. Example: If you place an order on 15.05.2022, we will anonymise your data on 31.12.2028.

6.2. Book a parking space via the Frankfurt Airport Parkenshop

When booking a parking space via the Parking Shop, Fraport collects and processes your personal data for the purpose of executing the contract in accordance with Art.6 Para. 1 S.1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

In the case of a car park booking, we collect from you a title, first and last name, e-mail address (for the digital dispatch of the necessary documents and confirmations), booking data (e.g., booking number, reserved time/space, invoice amount). Optionally, you can provide us with your Miles & More service card number and a billing address if you wish to receive an invoice.

If you have a customer account (see chapter "Creating and managing a customer account") and log in to the Parkenshop with it, we will fill in the data stored in the customer account for you, such as title, first name, surname and address.

Transmission to third parties

No data will be passed on to third parties.

Payment service provider

Payment is made via independent third parties to whose website you are redirected to process the payment. Fraport itself does not make any payments. Credit card payments are processed by VR-Payment GmbH, Germany. Payments with PayPal are processed by Paypal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b) (purpose of the contract) DSGVO.

Storage location

For the provision of the Frankfurt Airport Parkenshops service, data is stored by the service providers on servers in Germany and the EU with a comparable level of data protection on the basis of concluded order processing agreements.

Service provider

Syzygy Deutschland GmbH, Horexstraße 28, 61352 Bad Homburg v.d.H. operates the Frankfurt Airport Parkenshop and its underlying
system.

Dr. toews, IT-Lösungen, St. Valentinstr. 11, 67271 Mertesheim operates the corresponding booking management system.

Customer service is provided by Zwei Löwen Mediawerk GmbH, Hafenweg 46-48, 48155 Münster.

Fraport has concluded a contract processing agreement with the aforementioned service providers in accordance with Art. 28 DSGVO.

Retention period and deletion

We keep your booking data for ten years due to legal retention obligations. Example: If you make a car park booking on 15.05.2022 for the period 01.06. to 15.06.2022, we will delete your data on 01.01.2033.

6.3. Book a parking space via the Frankfurt Airport Aboshop

In the subscription shop, you have the option of submitting an application for a parking agreement for one or more parking spaces. Fraport processes your personal data to initiate the contract in accordance with Article 6 (1) sentence 1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

When you submit the application, we record your title, first and last name, telephone number, e-mail address (for sending the necessary confirmations and contract documents) as well as the billing and delivery address and, if applicable, the company address. In addition, we record the first and last name of the parking card user as well as the vehicle registration number of the vehicles.

Transmission to third parties

None of your data will be passed on to third parties.

Payment service provider

If a contract is concluded, payment will be made on account. The invoice will be issued by Fraport AG. Your billing address will be stored for this purpose

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b) DSGVO (purpose of the contract).

The legal basis for the data of the parking card user, including the vehicle registration number, is Art. 6 para. 1 p. 1 f) (legitimate interest). We use this data to make the parking card assignable to a user/vehicle.

Location

For the provision of the Frankfurt Airport Aboshop service, data is stored by the service provider on servers in Germany and the EU with a comparable level of data protection.

Service provider

Syzygy Deutschland GmbH, Horexstraße 28, 61352 Bad Homburg v.d.H. operates the Frankfurt Airport Aboshop and its underlying system.

Dr. toews, IT-Lösungen, St. Valentinstr. 11, 67271 Mertesheim operates the corresponding administration system.

Customer service is provided by Zwei Löwen Mediawerk GmbH, Hafenweg 46-48, 48155 Münster.

Fraport has concluded a contract processing agreement with the aforementioned service providers in accordance with Art. 28 DSGVO.

Retention period and deletion

If a contract is concluded, we keep your personal data relating to your contract for the entire term of the contract and for ten years after termination of the contract due to the statutory retention obligations. Example: If you conclude a contract on 15.05.2022 with a term from 01.06.2022 to 31.08.2022, we will delete the contract data on 01.01.2033.

6.4. Purchase of tickets for airport tours and admission to the Fraport Visitor Centre via the Fraport Visitor Service online webshop

When purchasing tickets for airport tours and admission to the Fraport Visitor Centre via the Fraport Visitor Service online webshop, Fraport collects and processes your personal data for the purpose of executing the purchase contract in accordance with Art.6 para. 1 sentence 1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

To purchase a ticket for an airport tour or the Fraport Visitor Centre, we collect your title, company name, first and last name, billing address, telephone number, purchase data (e.g., order number, invoice amount, services/articles booked) and e-mail address of the person making the booking as well as the name(s) of the possible accompanying person(s).

Transmission to third parties

Your data will not be transferred to third parties at any time.

Payment service provider

If a payment is necessary, this is made via independent third parties to whose website you are redirected to process the payment. Fraport itself does not make any payments. Credit card payments are processed by the company VR Payment. Payments with PayPal are processed by PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b) DSGVO (purpose of the contract).

For the name(s) of the possible accompanying person(s), Art.6 para. 1 p.1 f) DSGVO is the legal basis (legitimate interest). We use this data to ensure that the correct participants take part in the respective tour or visitor group.

Location

Your data is stored at the Fraport data centre in Frankfurt Main and on servers operated by Plus.line AG in Frankfurt Main.

Service provider

BEMBEL GmbH, Große Rittergasse 88, 60594 Frankfurt develops and maintains the online shop of the Fraport Visitor Service and underlying systems.

Fraport has concluded an order processing agreement with the aforementioned service provider in accordance with Art. 28 DSGVO.

Retention period and deletion

6.5. Submitting a booking request for VIP handling via the VIP service website

If users submit an offer request regarding VIP handling via the website, Fraport collects and processes your personal data for the purpose of processing the offer request in accordance with Article 6 (1) sentence 1 b) of the German Data Protection Regulation (DSGVO). On this basis, Fraport only collects personal data that is actually necessary to initiate the contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

To check the offer request for VIP handling, Fraport records the flight data (date and flight number), title, first and last name of the passengers. In addition, information can be provided on whether the passenger is a small child (<2 years) or whether there are (currently) any mobility restrictions. We use this data to optimally tailor our services to your needs, for example to provide suitable child seats or vehicles for your transport. In addition, we record the title, first and last name, telephone number and e-mail address of the person making the enquiry (client).

Transmission to third parties

No personal data will be transmitted to third parties for the purpose of reviewing the offer request and submitting a contract offer.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b (purpose of the contract).

The legal basis for the passenger information is Art. 6 para. 1 p. 1 f) DSGVO. We need this data to be able to provide you with a suitable offer for VIP handling (e.g. type and number of vehicles required, child seats).

Location

For the provision of the service(s) specified in the VIP booking form, data is stored by the service provider on servers in Germany and the EU with a
comparable level of data protection.

Your data is stored at the Fraport data centre in Frankfurt Main and on the servers of Plus Line AG in Frankfurt Main.

Service providers and authorities

House of Yas GmbH, Sechtemer Straße 5, 50968 Cologne operates the booking form. Fraport has concluded an order processing agreement with the aforementioned service provider in accordance with Art. 28 DSGVO.

Retention period and deletion

If a contract is concluded, we will retain your personal data relating to your order for six years on the basis of the statutory retention obligation
and anonymise it on 31.12. of the sixth year. Example: If you place an order on 15.05.2022, we will anonymise your data on 31.12.2028. If no contract is concluded, we will delete your personal data immediately after rejecting the booking request.

6.6. Purchase of Gate to Gate services via the online webshop

When you purchase a gate-to-gate service via the online webshop, Fraport collects and processes your personal data for the purpose of executing the purchase contract in accordance with Art.6 para. 1 sentence 1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

For the purchase of a gate to gate service, the data processed is the passenger's first and last name, flight data (booking code, departure airport, flight number arrival, flight number departure, destination airport), and telephone number.

We collect the following data from the person making the booking: title, first name, surname, billing address (street and house number, postcode, town,
country), e-mail address, purchase data (e.g. order number, invoice amount, service booked).

Transmission to third parties

The data is not transmitted to third parties at any time.

Payment service provider

If a payment is necessary, this is made via independent third parties to whose website you are redirected to process the payment. Fraport itself does not make any payments. Credit card payments and Sepa direct debit procedures are carried out by the company VR Payment.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b) (purpose of the contract).

If the travellers are not or not only the person making the booking, the legal basis for processing this personal data is Art. 6. para. 1 p. 1 f) (legitimate interest). We need this data to be able to offer you the right service and to identify or contact the travellers on site.

Location

Your data is stored at the Fraport data centre in Frankfurt Main and on servers operated by Plus.line AG in Frankfurt Main.

Service providers and authorities

BEMBEL GmbH, Große Rittergasse 88, 60594 Frankfurt, Germany, develops and maintains the online shop and underlying systems. Fraport has concluded an order processing agreement with the aforementioned service provider in accordance with Art. 28 DSGVO.

Retention period and deletion

6.7. Booking requests for MyAirport Guide escort services by FraSec Services GmbH at Frankfurt Airport via Fraport AG's online webshop

In the case of booking requests for MyAirportguide escort services at Frankfurt Airport via Fraport AG's online webshop, FraSec Services GmbH collects and processes your personal data for the purpose of executing the purchase contract in accordance with Art.6 para. 1 sentence 1 b) DSGVO. On this basis, FraSec Services only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and FraSec Services. Failure to provide the necessary data will mean that we will not be able to provide the services we offer to you.

Type of data

The following data is processed for booking requests: Salutation, title, company name, first and last name, address, VAT ID number, telephone number, e-mail address of the person making the booking as well as name(s), age and telephone number(s) of the person(s) to be accompanied. Pseudonyms may be used for the names of the persons to be accompanied, provided that the Passengers have been informed of this by the Ordering Party. Telephone numbers of the guests are optional.

Transmission to third parties

Your data will not be transmitted to third parties at any time. Fraport AG merely provides the platform for FraSec Services GmbH and does not collect any personal data itself.

Payment service provider

Where payment is required, this is made via independent third parties to whose website you are directed to process the payment. FraSec Services itself does not make any payments. Credit card payments and, if offered, SEPA direct debit mandates are carried out by the company VR Payment.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b (purpose of the contract).

Location

Your data is stored at the Fraport data centre in Frankfurt Main and on servers operated by Plus.line AG in Frankfurt Main.

Service provider

BEMBEL GmbH, Große Rittergasse 88, 60594 Frankfurt develops and maintains Fraport's online shop and underlying systems.

Fraport has concluded an order processing agreement with the aforementioned service provider in accordance with Art. 28 DSGVO.

Retention period and deletion

We keep your personal data relating to your orders for six years due to the legal obligation to retain them and anonymise them on 31.12. of the sixth year in each case. Example: If you place an order and we confirm an escort service for 15.09.2022, we will delete your data on 31.12.2028. If your order request is rejected, the data will be anonymised within 24 hours of receipt of the order.

6.8. Request to rent a conference room of the Fraport Conference Center

When you enquire about renting a conference room at the Fraport Conference Center (FraCC), Fraport collects and processes your personal data for the purpose of executing the sales contract in accordance with Art.6 para. 1 sentence 1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer or provide you with the services offered by us or third parties, or not to the full extent.

Types/categories of personal data

When renting a conference room, the personal data processed are in particular the company, company address, first name and surname of the person making the booking, e-mail address and first name and surname of the contact person at the location of the event.

Transmission to third parties

If a technical service provider is necessary for the rented service (provision of special conference technology that goes beyond the scope of the equipment provided by FraCC), this service provider shall receive the company name of the client. In the case of "more complicated" technical services, the technical service provider will also receive the customer's telephone number and/or e-mail address after consultation with the customer so that direct arrangements can be made.

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b DSGVO (purpose of the contract).

The legal basis for personal data that is not that of the enquirer is Art. 6 para. 1 p. 1 f DSGVO (legitimate interest). We need this information in order to know the responsible contact person on site at the time of the event.

Location

The storage location for your data is the
Fraport computer centre located in Frankfurt Main and the servers of Plus Line
AG located in Frankfurt Main.

Service provider

TPS Veranstaltungsservice GbR, Feldstraße 2, 63303 Dreieich, Germany, provides and maintains technical equipment as required.

Retention period and deletion

6.9. Sale of bus tickets via the online webshop

When purchasing daily/monthly tickets for the staff bus at the Frankfurt site via the online webshop, Fraport collects and processes your personal data for the purpose of executing the purchase contract in accordance with Art.6 para. 1 p.1 b) DSGVO. On this basis, Fraport only collects personal data that is actually necessary for the initiation, execution and termination of a contract between you and Fraport. Failure to provide the necessary data will result in us not being able to offer you the services offered by us or third parties.

Types/categories of personal data

For the purchase of a ticket for the use of the staff buses, the data processed are the user's title, first and last name, address and e-mail address. For holders of an airport ID card (select "employee" when booking the ticket), the ID card number and the name of the company are also requested.

Transmission to third parties

Your data will not be transferred to third parties at any time.

Payment service provider

Legal basis

In principle, the legal basis for processing your personal data is Art.6 para. 1 p.1 b (purpose of the contract).

Location

Your data is stored at the Fraport data centre in Frankfurt Main and on the servers of Plus Line AG in Frankfurt Main.

Service providers and authorities

BEMBEL GmbH, Große Rittergasse 88, 60594 Frankfurt develops and maintains the online shop and underlying systems.

Retention period and deletion

We keep your personal data relating to your orders for 6 years due to the legal obligation to retain them and anonymise them on 31.12. of the 6th year. Example: If you order on 15.05.2022, we will anonymise your data on 31.12.2028.

7. Website visit and IT-Tools

7.1. Necessary collection of personal data for the correct operation of the websites

When visiting our websites and using our services, information is automatically collected from the user's terminal device. This includes, for example, the IP address assigned to you by your internet provider, the website(s) from which you visit us, your browser type (incl. version and language), your device type and related information (e.g. resolution of the monitor), device IDs (e.g. your MAC address or comparable device IDs) as well as information on your operating system, date and duration of your visit as well as further information on the use of our services (e.g. search queries, pages viewed, click behavior). The legal basis for the temporary storage is Art.6 para.1 f) DSGVO.

Fraport processes and uses this data to display our websites correctly and to determine the causes of technical difficulties. This data is also used to technically optimize the websites and to ensure the security of our computer systems and networks. Subject to the further descriptions in this data protection declaration, this data does not allow us to draw any conclusions about you. Fraport only stores your IP address and MAC address in anonymised form. The collection of this data is absolutely necessary for the operation of our websites. Accordingly, there is no possibility of objection on the part of the user.

The data is deleted as soon as the purpose of its collection is no longer necessary.

For the shopping cart on the online trading platform, for example, this is the case after two weeks. Log files are deleted after 30 days at the latest.

Due to the classification as critical infrastructure, we take into account the increased requirements from the IT security laws for the detection of attacks on the IT infrastructure. Your data can therefore be stored in a separate analysis system for up to a maximum of 12 months. The legal basis for the temporary storage is Art.6 para.1 f) DSGVO.

Furthermore, we use the services of third parties to fulfill our offers (more under "technologies used"). For all these services, we pay attention to server locations within the European Union. We would like to inform you that it cannot be ruled out that the data will be transferred to the USA and could be subject to access by the security authorities there in accordance with 50 U.S.C. §1881(b)(4), 50 U.S.C. § 1881a (= FISA 702).

7.2. Cookies and Internet and tracking technologies

Cookies and similar technologies are used on our websites.
Cookies are small text files that are stored on the end device (smartphone, computer or similar) in the cache of the site visitor's internet browser. Information is stored in the cookie that is related to the specific end device used, for example the IP address or the browser type. However, a cookie can also store which content you see on our websites and how you interact with the content. However, this does not mean that we gain direct knowledge of your identity. In addition, our emails or web pages may contain small, transparent image files or lines of code to record how you interact with them. This information is used to help website publishers better analyze and improve their services. An example of this would include serving personalized advertising from our advertising partners.

7.3. Use of cookies and tracking technologies, legal basis and purpose

We use temporary cookies, so-called session cookies, which are stored on your end device for a certain fixed period of time. These allow us, for example, to offer you a shopping basket display with the number of items in your shopping basket or to statistically record the use of our website and optimize our offer.

Other cookies, so-called session-spanning cookies, remain on your computer and enable us, among other things, to recognize your Internet browser so that data already entered is not lost during the interruption of a usage process (e.g. interruption of the Internet connection) or the change to another service within our offer. These cookies also enable us to make the offer more attractive to you, for example by displaying information tailored to your interests.

We also use cookies in our websites that enable an analysis of your surfing behavior.

In accordance with legal requirements, the storage and retrieval of information on end devices, for example by setting cookies, is only permitted if you have given us your consent in advance.

The legal basis for this is § 25 Paragraph 1 Sentence 1 TTDSG as well as Art. 6 Paragraph 1 lit. A DSGVO. However, you do not have to give your consent if the storage/retrieval is necessary for the function of the website (cf. Section 25 (2) No. 2 TTDSG).or Art. 6 (1) lit. F DSGVO).

A necessity is given, for example, with regard to ensuring the following functionalities:

Enabling the maintenance of log-in
Ensuring system security
Display of the shopping basket

With regard to the data processing that is necessary for the operation of the website, you do not have the right to object.

When accessing our website, the user is informed about the use of cookies for third-party analysis and advertising purposes (i.e. all those cookies and tracking technologies that require consent) and his or her consent to the processing of personal data used in this context is obtained. In this context, we also refer to this privacy policy.

You give your consent to all technologies used by us that require your consent by clicking on the "Accept all" button in the Privacy Settings banner on our websites. By clicking on "Accept all", you give us your consent for Fraport to store data on or retrieve data from your terminal device.

By clicking on "Refuse all", you refuse the use of all technologies that require your consent. Technologies for the provision of our website functionalities or the protection of our legitimate interests according to Art. 6 para. 1 p.1 f) DSGVO remain unaffected by this.

You can also agree or disagree to individual analysis or advertising functionalities by clicking on "Privacy settings" in the banner. In the menu that opens, you can obtain detailed information about each service and selectively give your consent.

Cookies are stored on your end device and transmitted to us by it. You have the option of preventing or restricting the storage of cookies on your computer by setting your browser accordingly. In this case, for example, you can no longer be shown offers tailored to your interests. The function of our websites may also be restricted and not offer you a satisfactory experience, as videos, for example, but also tools relating to travel safety or our chatbot will not function. Please note that you may still see advertisements in our services.

You can delete cookies that have already been stored on your terminal device at any time.

We would like to expressly point out to you that your corresponding data collection and processing consent can be adjusted at any time with effect for the future vis-à-vis Fraport. To this end, you will find the options to agree to all cookies, reject them or discontinue each service at the bottom of each page under the "Cookie settings" button.

For your transparency, we therefore classify the suppliers into the categories "Essential", "Functional" and "Marketing".

8. Cookie and tracking technologies used

8.1. Usercentrics Consent Management Platform (Essential)

Service description	This is a consent management service. On the website, Usercentrics GmbH is used as a processor for the purpose of consent management.
Processing company	Usercentrics GmbH Sendlinger Str. 7, 80331 Munich, Germany
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. datenschutz@usercentrics.com
Data processing purposes	This list represents the purposes of data collection and processing. Compliance with legal obligations Consent storage
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Local Storage Pixel
Collected data	This list contains all (personal) data collected by or through the use of this service. Opt-in and opt-out data Referrer URL User Agent User settings Consent ID Date of consent Consent type Template version Banner language
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. c DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. The consent data (consent given and revocation of consent) is stored for three years. The data will then be deleted immediately.
Data recipient	The recipients of the data collected are listed below. Usercentrics GmbH

8.2. ChatBot (Essential)

Service description	This is a website chat service.
Processing company	Airbot Technology Limited Office 7, 35-37 Ludgate Hill, London EC4M 7JN, United Kingdom
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. dpo@airport.ai
Data processing purposes	This list represents the purposes of data collection and processing. Tracking conversations in the website chat Optimisation of the user experience
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Local memory
Collected data	This list contains all (personal) data collected by or through the use of this service. IP address Date and time of the visit Usage data Browser information Device Information
Legal basis	The following is the required legal basis for the processing of data. Art. 6 (1) (a) GDPR
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. The data is deleted as soon as it is no longer required for processing.
Data recipient	The recipients of the data collected are listed below. Airbot Technology Limited

8.3. Google Analytics 4 (Functional)

Service description	This service allows users to measure traffic and engagement on their websites and mobile apps using customisable reports. Google Signals is activated to enable cross-device tracking.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/contact/general_privacy_form
Data processing purposes	This list represents the purposes of data collection and processing. Marketing Analysis
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Tracking Code Cookies
Collected data	This list contains all (personal) data collected by or through the use of this service. Account details Anonymised IP address Bounce rates Browser information Click path Date and time of the visit Unit information Downloads Duration of visit Location information Internet service provider Mouse movements Screen resolution Behavioural data Referrer URL App updates
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. The customer can choose how long Google Analytics stores data. The maximum retention period is 26 months.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. United States of America Singapore Taiwan Chile
Data recipient	The recipients of the data collected are listed below. Alphabet Inc, Google LLC, Google Ireland Limited
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: Session Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. Google: Used to distinguish users. Type: cookie Duration: 2 years Google: Used to distinguish users. Type: cookie Duration: 1 day Google: Used to maintain session status. Type: cookie Duration: 2 years Google: Contains campaign-related information. If you have linked your Google Analytics and Google Ads accounts, the Google Ads website conversion tags will read this cookie unless you opt out. Type: cookie Duration: 2 months, 29 days

8.4. Google Tag Manager (Functional)

Service description	This is a tag management system. Via the Google Tag Manager, tags can be integrated centrally via a user interface. Tags are small sections of code that can track activities. Script codes of other tools are integrated via the Google Tag Manager. The Tag Manager makes it possible to control when a certain tag is triggered.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/contact/general_privacy_form
Data processing purposes	This list represents the purposes of data collection and processing. Tag management
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Website tags
Collected data	This list contains all (personal) data collected by or through the use of this service. Aggregated data on tag resolution
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. The data is deleted 14 days after retrieval.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. United States of America Singapore Taiwan Chile
Data recipient	The recipients of the data collected are listed below. Alphabet Inc, Google LLC, Google Ireland Limited

8.5. SAS CI360

Service description	This is a web analysis and optimization service.
Processing company	SAS Institute Inc.
Data processing purposes	This list represents the purposes of data collection and processing. Marketing Advertising Web analytics Optimisation
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Accept cookies Pixel tags
Collected data	This list contains all (personal) data collected by or through the use of this service. IP address Usage data App updates Device information Pages visited Downloads Location information Widget interactions Date and time of the visit Click path Browser information JavaScript support Referrer URL Flash version Buying activity
Legal basis	The following is the required legal basis for the processing of data. Art. 6 (1) (a) DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union

8.6. Searchperience (Functional)

Processing company	AOE GmbH Luisenforum Kirchgasse 6 65185 Wiesbaden
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. datenschutz@aoe.com
Data processing purposes	This list represents the purposes of data collection and processing. Automated, anonymised analysis of customer behavior on the website Creation of recommendations based on an algorithm
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies Pixel
Collected data	This list contains all (personal) data collected by or through the use of this service. Anonymised user ID Browsing behavior
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. Germany
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. Germany
Data recipient	The recipients of the data collected are listed below. AOE GmbH

8.7. Sherpa (Functional)

Processing company	VISA RUN INC 313 Richmond Street East, Unit 868, Toronto, Ontario, Canada M5A 4S7
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. ivan@joinsherpa.com
Data processing purposes	This list represents the purposes of data collection and processing. Show travel restrictions
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Local memory
Collected data	This list contains all (personal) data collected by or through the use of this service. IP address Date and time of the visit Usage data Browser information Unit information Widget interactions

8.8. AWIN (Marketing)

Service description	This is an affiliate network.
Processing company	AWIN AG Eichhornstraße 3, 10785 Berlin, Germany
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. global-privacy@awin.com
Data processing purposes	This list represents the purposes of data collection and processing. Affiliate marketing Tracking
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies Journey Day
Collected data	This list contains all (personal) data collected by or through the use of this service. Viewed advertisements Browser information Clicked ads Unit information Device operating system Referrer URL Time at which the advertisement was clicked on Time at which the advertisement was viewed Touchpoint to the advertising medium Usage data User Agent Business transaction Information about orders Leads Newsletter information Success of the referrer
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Data recipient	The recipients of the data collected are listed below. AWIN AG
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 1 year Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. zttpvc: Set when you see an advertisement. Stores an ID for the website showing the advertisement and the time you saw the advertisement. Type: cookie Duration: Session Domain: ad.zanox.com ztvc: Set when you see an advertisement. Stores an ID for the website showing the advertisement and the time you saw the advertisement. Type: cookie Duration: Session Domain: www.zanox-affiliate.de zptpvc: Set when you see an advertisement. Stores an ID for the website where the advertisement was shown and the time when you saw the advertisement. Type: cookie Duration: 2 months, 29 days Domain: www.zanox-affiliate.de zpvc: Set when you see an advertisement. Stores an ID for the website where the advertisement was shown and the time when you saw the advertisement. Type: cookie Duration: 2 months, 29 days Domain: www.zanox-affiliate.de ztcc: Set when you click on one of AWIN's links. Stores IDs for the referring website, the ad you clicked on, the group of ads the ad belongs to, the time you clicked on it, the ID for the type of ad and any references the referring page adds to the click. Type: cookie Duration: Session Domain: www.zanox-affiliate.de zcc: Set when you click on one of AWIN's links. Stores IDs for referring websites, ads you clicked on, group of ads the ad belongs to, time you clicked on it, ID for the type of ad and any references the referring site adds to the click. Type: cookie Duration: 1 year Domain: www.zanox-affiliate.de bld: Sets a browser-specific ID to identify a new click on the same browser. Type: cookie Duration: 1 year Domain: awin1.com aw***: Set when you click on one of AWIN's links. Stores IDs for the referring website, the ad you clicked on, the group of ads the ad belongs to, the time you clicked on it, the ID for the type of ad, the ID for the product and any references the referring website adds to the click. Type: cookie Duration: 30 days Domain: awin1.com AWSESS: Set when you see an advertisement and is used to help AWIN ensure that you are not always shown the same advertisement. Type: cookie Duration: Session Domain: awin1.com awpv*: Set when you see an advertisement. Stores an ID for the website where the advertisement was shown and the time you saw the advertisement. Type: cookie Duration: 1 day Domain: awin1.com AW: Set when you click on one of AWIN's links. Stores IDs for the referring website, the ad you clicked on, the group of ads the ad belongs to, the time you clicked on it, the ID for the type of ad, the ID for the product and any references the referring website adds to the click. Type: cookie Duration: 30 days Domain: awin1.com _aw_m_***: Set when you click on one of AWIN's links. Stores IDs for the referring website, the ad you clicked on, the group of ads the ad belongs to, the time you clicked on it, the ID for the type of ad, the ID for the product and any references the referring website adds to the click. Type: cookie Duration: 30 days

8.9. DoubleClick Floodlight (Marketing)

Service description	This is a conversion tracking service from Google.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/troubleshooter/7575787?hl=en
Data processing purposes	This list represents the purposes of data collection and processing. Analysis Conversion tracking Marketing Optimisation
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies Pixel Local Storage
Collected data	This list contains all (personal) data collected by or through the use of this service. Click path Cookie ID IP address Unique identifier of the mobile device Number of visits Pages visited Transactions Usage data
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. The data will be deleted as soon as they are no longer needed for the processing purposes.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. United States of America Singapore Chile Taiwan
Data recipient	The recipients of the data collected are listed below. Alphabet Inc. Google LLC Google Ireland Limited
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 30 days Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. IDE: This cookie is generated by DoubleClick Floodlight and used to store "CheckForPermission" values. Type: cookie Duration: 30 days Domain: doubleclick.net

8.10. Facebook Pixel (Marketing)

Service description	This is a tracking technology offered by Facebook and used by other Facebook services. It is used to track visitors' interactions with websites ("events") after they have clicked on an ad placed on Facebook or other services provided by Meta ("conversion").
Processing company	Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://www.facebook.com/help/contact/540977946302970
Data processing purposes	This list represents the purposes of data collection and processing. Analysis Marketing Retargeting Advertising Conversion tracking Personalisation
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies Pixel
Collected data	This list contains all (personal) data collected by or through the use of this service. Viewed advertisements Respected content Unit information Geographical location HTTP header Interactions with advertising, services and products IP address Clicked elements Marketing information Pages visited Pixel ID Referrer URL Usage data User behavior Facebook cookie information Facebook User ID Usage/click behavior Browser information Device operating system Device ID User Agent Browser type
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. User interactions recorded on the websites are stored for no longer than two years. However, the data is deleted as soon as it is no longer needed for the purposes of processing.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. Singapore United States of America Worldwide
Data recipient	The recipients of the data collected are listed below. · Meta Platforms Ireland Ltd, Meta Platforms Inc.
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 1 year Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. _fbp: Cookie from Facebook used for website analytics, ad targeting and ad measurement. Type: cookie Duration: 3 months Domain: facebook.com

8.11. Google Ads Conversion Tracking (Marketing)

Service description	This is a conversion tracking service. This service records what happens after a click on an ad placed by us via Google Ads when users subsequently visit the website. With conversions, we measure whether users perform a certain action on the website (e.g. whether services are ordered) after clicking on an ad placed by us via Google Ads. This allows the user to understand which keywords, ads, ad groups or campaigns lead to the desired user interaction.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/troubleshooter/7575787?hl=en
Data processing purposes	This list represents the purposes of data collection and processing. Conversion tracking Analysis Measuring the success of the marketing campaigns
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies Tracking pixel Tracking Code
Collected data	This list contains all (personal) data collected by or through the use of this service. Browser language Browser type Clicked ads Cookie ID Date and time of the visit IP address Referrer URL Web request User behavior
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. United States of America Singapore Taiwan Chile
Data recipient	The recipients of the data collected are listed below. Google Ireland Limited, Google LLC, Alphabet Inc
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 1 year Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. test_cookie: Set as a test to check whether the browser allows cookies to be set. Does not contain any identification features. Type: cookie Duration: 15 minutes Domain: doubleclick.net IDE: Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and show them personalized advertising. Type: cookie Duration: 1 year Domain: doubleclick.net _gcl_aw: This cookie is set when a user clicks on a Google ad to access the website. It contains information about which ad was clicked on, so that successes achieved, such as orders or contact requests, can be attributed to the ad. Type: cookie Duration: 2 months, 29 days _gcl_dc_: This cookie is set when a user clicks on a Google ad to access the website. It contains information about which ad was clicked on, so that successes achieved, such as orders or contact requests, can be attributed to the ad. Type: cookie Duration: 2 months, 29 days

8.12. Google Ads Remarketing (Marketing)

Service description	This is a remarketing service. Using remarketing, the user can display interest-based advertisements to users of the website on other websites within the Google Display Network (e.g. in Google Search or on YouTube). For this purpose, the user's interactions are analysed, e.g. which products and services a user is interested in. This enables targeted advertising to be displayed to the user on other websites even after the user has visited the website.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/troubleshooter/7575787?hl=en
Data processing purposes	This list represents the purposes of data collection and processing. Remarketing Advertising Tracking the user action
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies
Collected data	This list contains all (personal) data collected by or through the use of this service. Duration of visit IP address Pages visited Content in which the user is interested Website usage Referrer URL Advertising ID Date and time of the visit Unit information Browser information
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. United States of America Singapore Taiwan Chile
Data recipient	The recipients of the data collected are listed below. Google Ireland Limited Google LLC Alphabet Inc.
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 1 year Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. IDE: Contains a randomly generated user ID. Based on this ID, Google can recognize the user across different websites and show them personalized advertising. Type: cookie Duration: 1 year Domain: doubleclick.net test_cookie: Set as a test to check whether the browser allows cookies to be set. Does not contain any identification features. Type: cookie Duration: 15 minutes Domain: doubleclick.net

8.13. usemax advertisement (Marketing)

Service description	This is an advertising service that displays ads and provides onsite optimization and email retargeting.
Processing company	Emego GmbH Werdener Str. 36, 46047 Oberhausen, Germany
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. mail@matutis.de
Data processing purposes	This list represents the purposes of data collection and processing. Advertising Optimisation Retargeting
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies
Collected data	This list contains all (personal) data collected by or through the use of this service. IP address Date and time of the visit Session duration Browser type Referrer URL Internet provider Screen resolution
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Data recipient	The recipients of the data collected are listed below. Emego GmbH Service providers

8.14. YouTube Video (Marketing)

Service description	This is a video player service.
Processing company	Google Ireland Limited Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data protection officer of the processing company	Below you will find the e-mail address of the data protection officer of the processing company. https://support.google.com/policies/contact/general_privacy_form
Data processing purposes	This list represents the purposes of data collection and processing. Show videos
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Cookies (if the "Privacy-Enhanced" mode is not activated)
Collected data	This list contains all (personal) data collected by or through the use of this service. Unit information IP address Referrer URL Viewed videos
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Disclosure to third countries	This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes, without any possible redress available to you. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing. Worldwide
Data recipient	The recipients of the data collected are listed below. Alphabet Inc. Google LLC Google Ireland Limited
Memory information	Below is the longest potential storage time on a device set when using the cookie storage method and when using other methods. Maximum limit for the storage of cookies: 10 years Non-cookie storage: No
Stored information	This service uses various means to store information on a user's device as listed below. PREF: This cookie stores your preferences and other information, in particular preferred language, how many search results should be displayed on your page and whether or not you want to activate Google's SafeSearch filter. Type: cookie Duration: 10 years VISITOR_INFO1_LIVE: This cookie measures your bandwidth to determine whether you are receiving the new player interface or the old one. Type: cookie Duration: 6 months use_hitbox: This cookie increases the "Views" counter of the YouTube video. Type: cookie Duration: Session YSC: This is set on pages with embedded YouTube video. Type: cookie Duration: Session

8.15. Sovendus (Marketing)


Service description	This is an e-commerce marketing service. It rewards customers with vouchers and special offers after shopping.
Processing company	Sovendus GmbH Hermann-Veit-Str. 6, 76135 Karlsruhe, Germany
Data protection officer of the processing company	Below you can find the email address of the data protection officer of the processing company. datenschutz@sovendus.de
Data processing purposes	This list represents the purposes of data collection and processing. Marketing Providing Service
Technologies used	This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser. Java Script
Collected data	This list contains all (personal) data collected by or through the use of this service. Hashed version of email address Order number IP address Address Country Date of birth
Legal basis	The following is the required legal basis for the processing of data. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the period of time during which the collected data are stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes. Data are deleted as soon as they are no longer needed for the processing purposes.
Data recipient	The recipients of the data collected are listed below. Sovendus GmbH

8.16. Criteo (Marketing)

Service description	This is an advertising service. It is used to create personalized ads for consumers.
Processing company	Criteo SA 32 Rue Blanche, 75009 Paris, France
Data protection officer of the processing company	Below you can find the email address of the data protection officer of the processing company.. dpo@criteo.com
Data processing purposes	This list represents the purposes of the data collection and processing Advertisement Marketing Personalisation Retargeting
Technologies used	This list represents all technologies this service uses to collect data. Typical technologies are Cookies and Pixels that are placed in the browser. Cookies
Collected data	This list represents all (personal) data that is collected by or through the use of this service. Browser information Click path Date and Time of visit Device Information Files viewed Location Information IP address Mobile advertising IDs Number of page views Products viewed Seach terms Technical IDs Usage data Number of ads served Referrer URL E-mail address
Legal basis	In the following the required legal basis for the processing of data is listed. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately. European Union
Duration for saving the data	The retention period is the time span the collected data is saved for processing purposes. The data must be deleted as soon as it is no longer needed for the stated processing purposes. Technical data is stored. Cookies expire 13 months after their last update.
Transfer to third countries	This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the provider's privacy policy or contact the provider directly. Worldwide
Data recipient	In the following the recipients of the data collected are listed. Criteo SA
Stored information	r.ack This is used for identification on Safari. Type: cookie Duration: 1 hour ASP.NET_Sessionid The session ID is used to uniquely identify a browser on the server. Type: cookie Duration: Session uid This is used to identify users for remarketing purposes. Type: cookie Duration: 1 year optout This cookie allows Criteo to identify the disabled users. Type: cookie Duration: 5 years uic Its is used to identify the context of the user, e.g. in which stage of the buying process the user is. Type: cookie Duration: 6 months evt This cookie contains the information about the last visited page on the customer's website. Type: cookie Duration: 6 months udc This is used for dynamic inventory selection. Type: cookie Duration: 6 months acdc This is used to collect data on whether the user accessed the website from a mobile or stationary device. Type: cookie Duration: 6 months zdi This is used to capture how often a user triggers a passback on a publisher's zone. Type: cookie Duration: 6 months eid This cookie contains the user ID of publishers/marketers. Type: cookie Duration: 6 months Cto_tld_test This is used to identify the visitor across visits and devices. This allows the website to present relevant advertising to the visitor. Type: cookie Duration: 1 day cto_bundle This is used to present relevant content and advertising to the visitor. Type: web criteo_write_test This is used to help third-party advertisers provide personalized content and advertising while users are browsing other websites. Type: cookie Duration: Session opt This cookie contains the information whether a user has unsubscribed from the service or from one of the marketers within the network. Type: cookie Duration: 1 year cto_lwid This cookie creates an alternative unique Criteo user ID per user and partner, which is used for tracking solutions. Type: cookie Duration: 1 year, 1 month cto.idcpy This cookie is used to create a User-ID. Type: cookie Duration: 1 year, 1 month cto_clc This cookie helps Criteo to better manage the tracking solution. Type: cookie Duration: 1 day cto_axid This cookie is created only when the user graph is enabled for the client and supports Criteo's tracking solution. Type: cookie Duration: 1 year, 25 days cto_pxsig This cookie is created only when the user graph is enabled for the client and supports Criteo's tracking solution. Type: cookie Duration: 1 hour cto_idfs, cto_sid Used to show users relevant ads and information Type: cookie Duration: 1 year, 1 month

8.17. Criteo OneTag (Marketing)

Service description	The Criteo OneTag is a JavaScript tag that Criteo uses to track the behavior of users as they browse your site.
Processing company	Criteo SA 32 Rue Blanche, 75009 Paris, France
Data protection officer of the processing company	Below you can find the email address of the data protection officer of the processing company. dpo@criteo.com
Data processing purposes	This list represents the purposes of the data collection and processing Advertisement Marketing Tracking Personalisation Optimization
Technologies used	This list represents all technologies this service uses to collect data. Typical technologies are cookies and pixels that are placed in the browser. Cookies
Collected data	This list represents all (personal) data that is collected by or through the use of this service IP-address. IP address Browser information Usage data Device information Date and time of visit Mobile advertising IDs Android/Google advertising-ID iOS identifier for advertisers Third party information Cookie ID
Legal basis	In the following the required legal basis for the processing of data is listed. Art. 6 para. 1 p. 1 lit. a DSGVO
Place of processing	This is the primary location where the collected data is processed. If the data is also processed in other countries, you are informed separately. European Union
Duration for saving the data	The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. Data is deleted as soon as it is no longer required for the purposes of processing.
Data recipient	In the following the recipients of the data collected are listed. Criteo SA
Stored information	cto_bundle This is used to provide functions across pages. Type: cookie Duration: 1 year, 1 month

FRA-ID

Privacy Notice

1. Scope and contact information

2. Glossary - Definitions of terms

3. General information on data collection and processing when using our services

4. Your data subject rights

5. Purposes of processing - Fraport processes your personal data for the following purpose

6. Data processing for the execution & initiation of contracts

7. Website visit and IT-Tools

8. Cookie and tracking technologies used

Help us to improve our website!

What can we do better for you?