Privacy Policy

We take the protection of your data seriously.

The protection of your privacy when processing personal data is paramount to us. When you visit our website, our web server automatically saves your Internet service provider’s IP address, the website you are visiting us from, the web pages you visit on our website and the date of your visit and its duration. This information is essential for the technical transmission of our website and the secure operation of our server. The personalised evaluation of this data does not take place.

Data Controller:

Fly away GmbH & Co. KG
Rudolf-Breitscheid-Str. 16
D-90762 Fürth
Tel. +49 911 8151-810
Fax +49 911 8151-815
Email info@flyaway.aero

Personal Data

Personal data is data about your person. It contains your name, address and email address. You do not have to disclose any personal data about yourself in order to visit our website. In some cases we may need your name and address and other information in order to be able to provide you with the service you have requested.

The same applies when we supply you with info material at your request or we respond to your enquiries. We will always make you aware of this in such cases. What is more, we only save the data you transfer to us automatically or voluntarily.

When you use one of our services, we normally only collect the data that we require for providing that service to you. We may also ask you for further information, but that will be of a voluntary nature. Whenever we process personal data, we do so in order to provide you with our services or to pursue our commercial goals.

Establishing Contact

When establishing contact with us (e.g. over our contact form, by email, telephone or social media), the information the person enquiring provides is processed to the extent that it is necessary to respond to the enquiries and any actions requested.
Our response to enquiries as a part of contractual or pre-contractual relationships takes place in order to fulfil our contractual obligations or to respond to (pre-)contractual enquiries and otherwise on the basis of our legitimate interest in responding to enquiries.

• Data types processed: Inventory data (e.g. names, addresses), contact data (e.g. email, telephone numbers), content data (e.g. entries made on online forms).
• Data subjects: Communication partners.
• Processing purpose: Enquiries and communication.
• Legal principles: Contract fulfilment and pre-contractual enquiries (Art. 6 (1) (b) GDPR), legitimate interests (Art. 6 (1) (f) GDPR).

Automatically saved data

Server log files

The provider of this website automatically collects and stores information in what are referred to as server log files that your browser sends to us automatically. This information includes:

• Date and time of the request
• Name of the file retrieved
• Website where the request came from (referrer URL)
• Access status (file transfer, file not found, etc.)
• Browser and operating system used
• Full IP address of the querying computer
• Volume of data transferred

This data is not merged with other data sources. Processing takes place in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.
We save this data for a short period of time For reasons of technical security, in particular to defend against attempted attacks on our web server. Drawing conclusions about individual persons based on this data in not possible. No later than seven days later, the data is anonymised by docking the IP address at domain level, so that establishing a link to the individual user is no longer possible. The data is also processed anonymously for statistical purposes; as a part of this, it is not compared with other data or disclosed to third parties, not even in extracts. The number of page views is only presented in our server statistics, which we publish every two years in our activity report.

Cookies

When you visit our website, we may save information on your computer in the form of cookies. Many cookies contain what is known as a cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string which allows web pages and servers to be assigned to the specific Internet browser in which the cookie was stored. This allows the websites and servers visited to distinguish the individual’s browser from other Internet browsers that contain other cookies. The unique cookie ID can be used to recognise and identify a particular Internet browser.

Using cookies allows the data controller to provide the users of its website with more user-friendly services which would not be possible without setting cookies. Without your consent, we only use cookies that are required technically on the legal basis of our legitimate interest pursuant to Art. 6 (1) (f) GDPR.

Use of Borlabs Cookie

We use the consent management tool Borlabs Cookie on our website from the software house Borlabs – Benjamin A. Bornschein (Georg-Wilhelm-Str. 17, 21107 Hamburg; “Borlabs”).
The tool allows you to grant consent to data processing over our website, and, in particular, the setting of cookies, as well as the ability to exercise your right to revoke the consent you have already given.
The purpose of data processing is to obtain and document the consent required for data processing and by doing so comply with legal obligations.
Cookies can be used for this purpose. The following including other information may be collected: the date and time of the page view, information about the browser and device you are using, UID (randomly assigned, anonymous ID) and opt-in and opt-out data. This data is not disclosed to third parties.
Data processing is carried out for the purpose of fulfilling a legal obligation based on Art. 6 (1) (c) GDPR.
You can find more information about data protection at Borlabs here: https://de.borlabs.io/borlabs-cookie/ (in German only).

Google Analytics

Google Analytics automatically collects and stores data (IP address, visit time, device and browser information and information on how you use our website) for website analysis purposes, from which user profiles are created based on pseudonyms. Cookies may be used for this purpose. Your IP address is never merged with other data from Google.

We have enabled the data sharing settings for “Google products and services” for the purpose of the optimised marketing of our website. This allows Google to access the data that Google Analytics collects and processes and subsequently use it to improve Google services. Sharing data with Google within the scope of data sharing settings made takes place on the basis of an additional agreement between the data controllers. We have no influence over the data processing that Google subsequently performs.

We also use the Google Analytics add-on function Google Optimize to create and run tests.

For the purpose of web analysis, the Google Signals add-on function from Google Analytics facilitates what is referred to as “cross-device tracking”. If your Internet-enabled devices are linked to your Google account and you have enabled the “Personalised Advertising” setting in your Google account, Google may generate reports about your user behaviour (in particular, cross-device user statistics ), even if you change the end device you use. We do not process any personal data in this regard; what we do receive however are statistics compiled on the basis of Google Signals.

For purposes of web analysis and advertising, the Google Analytics function DoubleClick cookie allows your browser to be recognised when you visit other websites. Google uses this information for compiling website activity reports and for providing other services related to website activity.

Google Ads

When you visit our website, the Google Remarketing cookie is set for advertising purposes in Google search results and on third-party websites. The cookie automatically enables interest-based advertising based on the pages you visit and by using a pseudonymous CookieID by collecting and processing data (IP address, time of visit, device and browser information as well as information about you use our website). Any further data processing only takes place if you have enabled the “Personalized Advertising” setting in your Google account. In this case, if you are logged in to Google when you visit our website, Google will use your data in combination with Google Analytics data to collate and define target group lists for cross-device remarketing.

Google Tag Manager

Our website uses Google Tag Manager. Tag Manager does not collect personal data. The tool serves for triggering other tags that, in themselves, may collect data in certain circumstances. Google Tag Manager does not access this data. If disabled at domain or cookie level, it remains in effect for all tracking tags implemented with Google Tag Manager. You can find the data privacy statement from Google for this tool here: https://www.google.com/analytics/terms/tag-manager/

Google Maps

For the purpose of visually displaying geographical information, Google Maps collects data about how you use the functions of Google Maps, and, in particular, your IP address and location data, transmits it to Google where Google then processes it. We have no influence over the data processing that Google subsequently performs here.

Google Webfonts

For the purpose of displaying the content on our website in standard form, the “Google Fonts” script code collects data (IP address, visit time, device and browser information) and transfers it to Google where it is then processed by Google. We have therefore embedded the fonts on our own server in compliance with data protection regulations, so that data is not transferred to Google.

Security

We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation and unauthorised access. All our employees and the service providers that work for us are obliged to comply with the data protection laws that apply.

Whenever we collect and process personal data, it is encrypted before it is transferred. This means that third parties cannot misuse your data. As a part of this, we constantly subject our security measures to a continuous process of improvement and we are constantly revising our data protection statements. Please make sure that you have the most recent version available.

Rights of data subjects

You have the right to information about the personal data we have stored on your person at any time and to its correction, deletion and the restriction of its processing. You also have the right to object to it being processed and to data portability and also to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can ask for information from us as to whether and to what extent we process your data.

Right to rectification:
If we process data on your person that is incomplete or incorrect, you can ask us to correct or complete it at any time.

Right to deletion:
If we unlawfully process data on your person or if our processing disproportionately interferes with your legitimate interest in protecting your privacy you can ask us to delete your data. Please note that reasons may exist that prevent immediate deletion, e.g. in the case of retention obligations regulated by law.
Regardless of whether you exercise your right to deletion, we will delete your data immediately and in full to the extent that there is no legal or statutory obligation to retain data in this regard.

Right to restrict processing:
You can demand that we restrict the processing of your data if:
• You contest the accuracy of the data and do so for a period of time that allows us to verify the accuracy of the data.
• Its processing is unlawful and you refuse to have it deleted and instead demand that its use be restricted,
• We no longer need the data for the intended purpose, but you still need it to assert or defend legal claims, or
• You have objected to the data being processed.

Right to data portability:

You can demand that we provide you with the data you have provided us with in a structured, standard and machine-readable format and that you can transfer it to another data controller without us hindering you in doing so, provided that

• we process this data on the basis of the consent you have granted, which can be revoked, or for implementing a contract between us and
• that said processing is performed with the aid of automated processes.
• If technically feasible, you can demand that we transfer your data directly to another data controller.

Right to object:

If we process your data out of a legitimate interest, you can object to us processing it at any time; This would also apply to an instance of profiling based on these provisions. If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending against legal claims. You can object to your data being processed for direct marketing purposes at any time without giving reasons.

Right to appeal:

If you are of the opinion that we are in breach of German or European data protection law when processing your data, then please contact us so that we can clarify any issues. Naturally, you also have the right to contact the supervisory authority responsible for your data, which would be the office for data protection supervision in your state.
If you wish to exercise any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Changes to this Privacy Policy

We reserve the right to change our Privacy Policy if new technologies should make it necessary. Please make sure that you have the most recent version available. If we make fundamental changes to this Privacy Policy, we will post them on our website.

All interested parties and visitors to our website can contact us regarding data protection issues under the following contact details:

Mr. Thomas Friedrich
Dr. Schwarz & Partner mbB
Rudolf-Breitscheid-Str. 16
D-90762 Fürth
Tel. +49 911 8151-853
Email datenschutz@schwarzundpartner.de

Information obligations acc. to Art. 13 and Art. 14 GDPR

We take the protection of your personal data particularly seriously. For this reason, we process your personal data (“data” for short) on the basis of the statutory provisions alone. With this Privacy Policy we want to inform you about the processing of your data at our company and the data protection claims and rights to which you are fully entitled in terms of Art. 13/14 European General Data Protection Regulation (EU GDPR).

1. Who is responsible for data processing and who can you contact?

The data controller responsible is:
Fly away GmbH & Co. KG
Rudolf-Breitscheid-Str. 16
D-90762 Fürth
Tel. +49 911 8151-810
Fax +49 911 8151-815
Email info@flyaway.aero

The company data protection officer is:
Mr. Thomas Friedrich
Dr. Schwarz & Partner mbB
Rudolf-Breitscheid-Str. 16
D-90762 Fürth
Tel. +49 911 8151-853
Fax datenschutz@schwarzundpartner.de

2. What data is processed and from what sources does it originate?

We process the data we receive from you in the context of contract initiation or processing, based on the consent you grant.

Personal data includes:

Your master data/contact details, including for customers/prospects, e.g. first and last name, address, contact details (email address, phone number, fax), bank details.

For business partners/suppliers, this includes, for example, the name of your legal representative, company, commercial register number, VAT ID, company number, address, contact details (email address, phone number, fax), bank details.

We also process the following additional personal data:
• Information about contract data type and contents, order data, turnover and document data, customer and supplier history and consulting documents,
• Advertising and sales data,
• Information from your electronic communications with us (e.g. IP address, log-in data),
• Other data that we have received from you within the scope of our business relationship (e.g. during meetings with customers,
• Data we generate ourselves from master/contact data and other data, such as via analyses of customer demand and potential,
• Documentation of the consent you declared for receiving newsletters, for example.

3. For what purposes and on what legal basis is the data processed?

We process your data in accordance with the provisions of the General Data Protection Regulation (GDPR) and the 2018 German Federal Data Protection Act (BDSG) as amended from time to time:

• To fulfil (pre-)contractual obligations (Art. 6 (1) (b) GDPR):
For the purpose of executing the contract, your data is processed online or at our main premises. Particular processing of the data take places when the business relationship is initiated with you and when we execute contracts with you.
• To fulfil legal obligations (Art. 6 (1) (c) GDPR):
Your data needs to be processed for the purpose of fulfilling various legal obligations, e.g. from the German Commercial Code and the German Tax Code.
• To protect legitimate interests (Art 6. (1) (f) GDPR):
Based on a balancing of interests, data processing may take place beyond the actual fulfilment of the contract in order to protect our legitimate interests or those of third parties. Data processing for the purpose of safeguarding legitimate interests takes place, for example, in the following cases:
– Advertising or marketing (see No. 4),
– Business control measures and to enhance our services and products;
– Maintaining a groupwide customer database to improve customer service
– Within the scope of the legal proceedings
• Within the scope of the consent you have granted (Art. 6 (1) (a) GDPR):
If you have granted us your consent to process your data, e.g. to send you our newsletter.

4. Processing personal data for advertising purposes

You may object to the use of your personal data for advertising purposes at any time, either completely or with regard to individual measures without incurring any costs other than those for the basic rate transmission costs.

Under the legal conditions set out in Sec. 7 (3) Unfair Competition Act (UWG,) we are entitled to use the email address that you provided when concluding the contract for direct marketing for our own similar goods or services. You will receive these product recommendations from us regardless of whether you have subscribed to a newsletter.
If you do not wish to receive such recommendations from us by email you can object to the use of your address for this purpose at any time without incurring any costs other than those for the basic rate transmission costs. Notifying us in text form is sufficient to prevent this. An unsubscribe link is always included in every email as well of course.

5. Who receives my data?

Even if we use a service provider for commissioned data processing, we are still responsible for protecting your data. All data processing companies are mandated by contract to treat your data confidentially and only process it only within the scope of the service they are providing. The data processing companies we commission only receive your data to the extent that they need it for rendering the respective service they provide. These are, for example, IT service providers, IT companies and software companies that we need to sue to operate and secure our IT system, and publishers of advertising and directories for our own advertising campaigns.
Your data is processed in our customer database. The customer database supports enhancing the quality of existing customer data (removing duplicates, moved/deceased flags, address corrections) and allows it to be enriched with data from public sources.
This data is made available to group companies insofar as required for processing the contract. Customer data is stored on a company-related basis and separately.
Authorities and courts as well as external auditors can be the recipients of your data if there is a legal obligation to supply them with it and in the context of a legal prosecution.
In addition, for the purpose of initiating and fulfilling contracts, insurance companies, banks, credit agencies and service providers also may be the recipients of your data.

6. How long do you save my data for?

We process your data until our business relationship with you terminates or until the applicable statutory retention periods have expired (such as those from the German Commercial Code, German Tax Code etc.), and also until the end of any legal disputes in which the data is required as evidence.

7. Does my personal data get transferred to a third country?

In principle, we do not transfer any data to a third country. In individual cases, a transfer only takes place on the basis of an adequacy decision by the European Commission, standard contractual clauses, appropriate guarantees or your express consent.

8. What data protection rights do I have?

You have the right to information about the personal data we have stored on your person at any time and to its correction, deletion and the restriction of its processing. You also have the right to object to it being processed and to data portability and also to lodge a complaint in accordance with the requirements of data protection law.

Right to information:
You can ask for information from us as to whether and to what extent we process your data.

Right to rectification:
If we process data on your person that is incomplete or incorrect, you can ask us to correct or complete it at any time.

Right to deletion:
If we unlawfully process data on your person or if our processing disproportionately interferes with your legitimate interest in protecting your privacy you can ask us to delete your data. Please note that reasons may exist that prevent immediate deletion, e.g. in the case of retention obligations regulated by law.
Regardless of whether you exercise your right to deletion, we will delete your data immediately and in full to the extent that there is no legal or statutory obligation to retain data in this regard.

Right to restrict processing:
You can demand that we restrict the processing of your data if
• you contest its accuracy and do so for a period of time that allows us to verify the accuracy of the data.
• Its processing is unlawful and you refuse to have it deleted and instead demand that its use be restricted,
• We no longer need the data for the intended purpose, but you still need it to assert or defend legal claims, or
• You have objected to the data being processed.

Right to data portability:

You can demand that we provide you with the data you have provided us with in a structured, standard and machine-readable format and that you can transfer it to another data controller without us hindering you in doing so, provided that
• we process this data on the basis of the consent you have granted, which can be revoked, or for the execution of a contract between you and us and
• that said processing is performed with the aid of automated processes.
If technically feasible, you can demand that we transfer your data directly to another data controller.

Right to object:

If we process your data out of a legitimate interest, you can object to us processing it at any time; this would also apply to an instance of profiling based on these provisions. If you object, we will no longer process your personal data unless we can establish compelling legitimate grounds for its processing that outweigh your interests, rights and freedoms, or its processing for purposes of asserting, exercising or defending against legal claims. You can object to your data being processed for direct marketing purposes at any time without giving reasons.

Right to appeal:

If you are of the opinion that we are in breach of German or European data protection law when processing your data, then please contact us so that we can clarify any issues. Naturally, you also have the right to contact the supervisory authority responsible for your data, which would be the office for data protection supervision in your state.
If you wish to exercise any of these rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

9. Am I obliged to provide data?

We need to process your data to conclude or fulfil the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to implement an existing one and have to terminate it. However, granting your consent to data processing is not mandated with regard to data that is irrelevant to performing the contract or that is not required by law.

Fly away GmbH & Co. KG

+49 911 477 604-00

info@flyaway.aero