The following gives a simple overview of what happens to your personal information when you visit our website.
1. An overview of data protection
Data collection on our website
Who is responsible for the data collection on this website? The data collected on this website are processed by the website operator. The operator’s contact details are the following:
How do we collect your data?
Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form. Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyse how visitors use the site.
How long do we store your data?
We store your personal data in accordance with our data retention policy. This policy is reviewed and updated internally to ensure we do not store your data for longer than is necessary. We also review how and where we store any data to ensure that we meet our obligation to store data securely. In addition, some of the data we hold may be subject to certain legal and regulatory obligations, which provide a minimum retention period for different types of data. The retention period varies depending on the data we hold.
What rights do you have regarding your data?
Data subjects enjoy the following rights in relation to personal data that is processed and recorded: The right to make access requests in respect of personal data that is held and disclosed. The right to refuse personal data processing, when to do so is likely to result in damage or distress. The right to refuse personal data processing, when it is for direct marketing purposes. The right to be informed about the functioning of any decision-making processes that are automated which are likely to have a significant effect on the data subject. The right not to solely be subject to any automated decision-making process. The right to claim damages should they suffer any loss as a result of a breach of the provisions of the GDPR. The right to take appropriate action in respect of the following: the rectification, blocking and erasure of personal data, as well as the destruction of any inaccurate personal data. The right to request that the relevant supervisory authority carry out an assessment as to whether any of the provisions of the GDPR have been breached. The right to be provided with personal data in a format that is structured, commonly used and machine-readable. The right to request that his or her personal data is sent to another data controller; and The right to refuse automated profiling without prior approval. Under the GDPR and the Act, you may ask for a copy of the information we hold about you and you may request rectifications be made to this information if it is inaccurate or not up to date. Please write to the data protection officer (‘DPO’) at the AVIAREPS AG or email firstname.lastname@example.org.
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever personal data is to be processed: Consent: you have given AVIAREPS AG or one of its subsidiaries (e.g. any of the following depending on the situation freely, specific, informed or unambiguous) consent for your personal data to be processed for a specific purpose. Contract performance: the processing is necessary for the performance of a contract you have with AVIAREPS AG or one of its subsidiaries, which had asked you to take specific steps before entering into a contract. Compliance with legal obligation: the processing is necessary for AVIAREPS AG or one of its subsidiaries to comply with the law (e.g. the tax/social security obligation/employment law) (not including contractual obligations). Protection of vital interests: the processing is vital to an individual’s survival Public interest: the processing is necessary for AVIAREPS AG or one of its subsidiaries to perform a task that is in the public interest or for its official functions, and the task or function has a clear basis in law. Legitimate interests: the processing is necessary for AVIAREPS AG or one of its subsidiaries legitimate interests, or the legitimate interests of a third-party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests
To help protect the privacy of data and personally identifiable information you transmit through use of this our website, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities..
Personal data shall not be transferred to a country outside of the EU unless the country provides appropriate protection of the data subject’s ‘rights and freedoms’ in relation to the processing of personal data. The following safeguards and exceptions are in place to ensure that data is not transferred to a country outside of the EU, with the transfer being off limits, unless one or more of the safeguards or exemptions listed below apply: Safeguards: Assessing the adequacy of the transfer, by reference of the following: The nature of the personal data intended to be transferred The country of origin and country of intended destination The nature and duration of the personal data use The legislative framework, codes of practice and international obligations of the data subject’s country of residence; and the security measures to be implemented in the country of intended destination in relation to the personal data • Binding corporate rules: AVIAREPS is free to implement approved binding corporate rules in relation to personal data transfer outside of the EU, however only with prior permission from the relevant regulatory body. • Model contract clauses: AVIAREPS is free to implement model contract clauses in relation to personal data transfer outside of the EU and there will be an automatic recognition of adequacy of transfer, should the model contract clauses receive approval from the relevant regulatory body Exceptions: In the absence of an adequacy decision, including binding corporate rules and model contract clauses, no transfer of personal data to a third country may take place unless one of the following preconditions is satisfied: Explicit consent has been provided by a fully informed data subject, who has been made aware of all possible risks involved considering appropriate safeguards and an adequacy decision; The personal data transfer is a prerequisite to the performance of a pre-existing contract between the data controller and the data subject or when the data subject requests that pre-contractual measures are implemented The personal data transfer is a prerequisite to the conclusion or performance of a pre-existing contract between the data controller and another person, whether natural or legal, if it is in the interest of the data subje The personal data transfer is in the public interest The personal data transfer is required for the creation, exercise or defense of legal claims The data subject is not capable of giving consent, whether due to physical or legal limitations or restrictions and the personal data transfer is necessary for the protection of the key interests of the data subject or of other persons The personal data transfer is made from an approved register, confirmed by EU or Member State law as having the intention of providing public information and which is open to consultation by the public or by an individual demonstrating a legitimate interest, but only so far as the legal requirements for consultation are fulfilled.
Analytics and third-party tools
2. General information and mandatory information
Notice concerning the party responsible for this website
The party responsible for processing data on this website is: AVIAREPS AG Josephspitalstrasse 15 80331 Munich Fax: +49 89-54 50 68 42 Management Board: Edgar Lacker (CEO), Heinz Knolle, Marcelo Kaiser, Thomas Drechsler Telephone: +49 89-55 25 33 73 Email: email@example.com The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
Revocation of your consent to the processing of your data
Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.
Right to file complaints with regulatory authorities
If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htmlhttps://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or in fulfilment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Opposition to promotional emails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received
3. Data protection officer
Statutory data protection officer
We have appointed a data protection officer for our company: PROLIANCE GmbH www.datenschutzexperte.de Leopoldstr. 21 80802 München E-Mail: firstname.lastname@example.org. When contacting the data protection officer, please state the company to which your inquiry relates. Please refrain from enclosing sensitive information such as a copy of an ID card.
4. Data collection on our website
Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.
Registration on this website
You can register on our website in order to access additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject your registration. To inform you about important changes such as those within the scope of our site or technical changes, we will use the email address specified during registration. We will process the data provided during registration only based on your consent per Art. 6 (1)(a) GDPR. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed. We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
5. Social media
Facebook plugins (Like & Share buttons)
6. Analytics and advertising
Google AdWords and Google Conversion Tracking
If you would like to receive our newsletter, we require a valid email address as well as information that allows us to verify that you are the owner of the specified email address and that you agree to receive this newsletter. No additional data is collected or is only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties. We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1) (a) GDPR. You can revoke consent to the storage of your data and email address as well as their use for sending the newsletter at any time, e.g. through the “unsubscribe” link in the newsletter. The data processed before we receive your request may still be legally processed. The data provided when registering for the newsletter will be used to distribute the newsletter until you cancel your subscription when said data will be deleted. Data we have stored for other purposes (e.g. email addresses for the members area) remain unaffected.
8. Plugins and tools
Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR. Further information about handling user data, can be found in the data protection declaration of YouTube und https://www.google.de/intl/de/policies/privacy
This site uses the Google Maps map service via an API. It is operated by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO. Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.