Privacy Statement

Thank you for visiting our website www.flughafen-stuttgart.de / www.stuttgart-airport.com and for your interest in our company. We process your personal data exclusively within the scope of the legal data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (Federal Data Protection Act, new BDSG).

In the following, we would therefore like to inform you about the processing (e.g. collection, storage, transfer) of personal data when using our website. Pursuant to Art. 4 (1) GDPR, the General Data Protection Regulation defines personal data as

"any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."

.

 

.

Table of Contents

I Name and address of the controllers

II Name and address of the company’s Data Protection Officer

III General information on data processing

1. Scope of processing of personal data
2. Legal basis for the processing of personal data
3. Recipients or categories of recipients to whom the data may be transferred
4. Period of storage, erasure

IV Collection and storage of personal data by Flughafen Stuttgart GmbH as well as the type and purpose of their use

1. Visits to the website www.flughafen-stuttgart.de / www.stuttgart-airport.com
2. Use of cookies
3. Use of external services with technically unnecessary cookies
4. Contact forms and e-mail contact
5. Newsletter
6. Social media profiles and comment functions on our website
7. Flight status notification by e-mail
8. Booking options and other functions of our website
9. Subscription to the “Flugblatt” airport magazine

V   Rights of the data subject

1. Right to access, pursuant to Art. 15 GDPR
2. Right to rectification, pursuant to Art. 16 GDPR
3. Right to erasure (“Right to be forgotten”), pursuant to Art. 17 GDPR
4. Right to restriction of processing, pursuant to Art. 18 GDPR
5. Right to data portability, pursuant to Art. 20 GDPR
6. Right to object, pursuant to Art. 21 GDPR
7. Right to withdraw your consent for the data protection declaration , pursuant to Art. 7 Para. 3 GDPR
8. Automated individual decision-making, including profiling, pursuant to Art. 22 GDPR
9. Right to lodge a complaint with a supervisory authority, pursuant to Art. 77 GDPR

VI Data security

VII   Queries

VIII Status of this Data Protection Declaration

.

 

.

I   Name and address of the controllers

Flughafen Stuttgart GmbH
Flughafenstraße 32
D-70629 Stuttgart
Germany

PO Box 23 04 61
D-70624 StuttgartGermany

Telefon: +49 711 948-0
Telefax: +49 711 948-2241
E-Mail: info@stuttgart-airport.com

Legal representatives:

Management Board
Ulrich Heppe (CEO)
Carsten Poralla (Managing Director)

 

II   Name and address of the company’s Data Protection Officer

You can contact Flughafen Stuttgart GmbH's Data Protection Officer either by using a postal service or e-mail.

By postal service:
Corporate Data Protection Officer
Flughafen Stuttgart GmbH
Flughafenstraße 32
70629 StuttgartGermany

By e-mail:
DSB@stuttgart-airport.com

III   General information on data processing

1. Scope of processing of personal data
   
   As a matter of principle, the processing of our users' personal data only takes place
   
   
   • insofar as this is necessary for the provision of a functional website and for the presentation of the relevant contents
   • and/or insofar as we, as the controllers, have obtained the user's consent, pursuant to Art. 6 Para. 1 lit. a GDPR
   • and/or insofar as the processing of personal data is permitted by law (Art. 6 Para. 1 lit. b - f GDPR).
2. Legal basis for the processing of personal data
   
   Art. 6 Para. 1 lit. a GDPR serves as the legal basis insofar as we obtain the data subject’s consent for the processing of personal data.
   
   Art. 6 Para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for performing pre-contractual measures.
   
   Art. 6 Para. 1 lit. c GDPR serves as the legal basis insofar as the processing of personal data is required to fulfil a legal obligation to which Flughafen Stuttgart GmbH is subject.
   
   Art. 6 Para. 1 lit. f GDPR serves as the legal basis for processing if this is necessary to protect a legitimate interest of Flughafen Stuttgart GmbH or a third party.
   
   
3. Recipients or categories of recipients to whom the data may be transferred
   
   
   • Courts, authorities or other state bodies, insofar as a legal obligation exists
   • External bodies, insofar as this is necessary to fulfil the purposes stated in each case
   • External contractors within the framework of the provisions of Art. 28 GDPR
   • Other cooperation partners whose participation is necessary to provide the service
4. Period of storage, erasure
   
   Personal data are only stored for as long as this is necessary to achieve the purposes stated in each case or pursuant to the legally stipulated retention periods.

IV   Collection and storage of personal data by Flughafen Stuttgart GmbH and the type and purpose of its use

1. Visit to the website www.flughafen-stuttgart.de / www.stuttgart-airport.com
   

   
   If you merely use our website www.flughafen-stuttgart.de / www.stuttgart-airport.com for information purposes (only viewing and reading), i.e. if you do not contact us (for example via a contact form) and do not submit any other information to us, we only collect the personal data that are transferred automatically or that your browser - depending on the terminal device and configuration of the client - transfers to our server.

   This information is temporarily stored in a so-called log file. In this case, only data collected by our system are recorded. The following data are collected:

   • IP address,
   • date and time of access,
   • name and URL of the requested page,
   • website from which access is made (so-called referrer URL),
   • information about the browser type and version used,
   • operating system and its interface,
   • language and version of the browser software,
   • Internet service provider of the user.

   Art. 6 Para. 1 lit. f GDPR constitutes the legal basis for the temporary storage of these data and the log files. The data are stored in log files to ensure the website’s functionality and, in the event of any errors or problems in the network, to carry out an adequate analysis and thus ensure the security of our information technology systems. These data are not evaluated for other purposes. Pursuant to Art. 13 Para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.

   The log files and thus also the data stored in them are erased after 14 days. The log files are not saved beyond this period.
   
   

2. Use of cookies
   

   
   Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. If a user calls up a website, cookies can be stored on the user's operating system. The stored cookies contain a characteristic string that enables a unique identification of the browser when the website is visited again.

   We use two types of cookies on our website: technically necessary cookies and technically unnecessary cookies.

   • Technically necessary cookies
     Technically necessary cookies are those used to make our website more user-friendly. Some elements of our website require that the visitor’s browser can be identified even after a page change. Without these cookies, we are unable to provide you with certain functionalities of our website, such as the language settings of our website.
     
     
   • Technically unnecessary cookies
     Additionally, we also use cookies on our website that are not technically necessary and enable an analysis of the user's surfing behaviour, such as determining the frequency of page views, or the use of website functions (see also Section 3 of this Data Protection Declaration).
     
     
   In the case of cookies, Art. 6 Para. 1 lit. f GDPR constitutes the legal basis for the processing of personal data.
   
   The purpose of using technically necessary cookies is to simplify the use of our website for the user. Some functions of our website cannot be offered without the use of cookies. These are functions that require the browser to be recognised even after a page change. Adopting the selected language setting is one example of this.
   
   The purpose of using technically unnecessary analysis cookies is to improve the quality of our website and its contents. Through the analysis cookies, we learn how the website is used and can thereby continuously improve the functionalities and contents of our website.
   
   Pursuant to Art. 13 para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.
   
   Most browsers automatically accept cookies. The cookies are then stored on the user's terminal device and transferred to us by the user. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transfer of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be erased at any time. However, the complete deactivation of cookies may cause you to be unable to use all functions of our website to the full extent.
   
   
3. Use of external services with technically unnecessary cookies
   
   

   1. Google Analytics

      Our website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics also uses "cookies", which are text files placed on your computer, to help analyse your website-using behaviour. The information generated by the cookie about your use of this website is usually transferred to a Google server in the US and stored there. The IP address transferred by your browser in the context of Google Analytics is not merged with other Google data. Our website uses Google Analytics with the extension "_anonymizeIp()". This shortens the IP addresses for further processing. Only in exceptional cases, the full IP address is transferred to a Google server in the US and shortened there. On our behalf, Google uses this information to evaluate your use of the website, to compile reports on website activities and to provide us with other services relating to the use of the website and the Internet.

      Art. 6 Para. 1 lit. f GDPR constitutes the legal basis for the processing of personal data, as well as an agreement on processing within the meaning of Art. 28 GDPR. We use Google Analytics to analyse and regularly improve the use of our website. Using theses analyses, we can improve our offer and make it more interesting for you. Pursuant to Art. 13 Para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.

      As a user, you can at any time erase cookies that have already been set by Google Analytics in your Internet browser. The personal data that Google Analytics collects is erased or made anonymous after 14 months.

      You may refuse the use of cookies by selecting the appropriate settings in your browser; however, please note that if you do this, you may not be able to use the full functionality of our website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from Google’s processing of these data by downloading and installing the browser plug-in available at the following link:
      http://tools.google.com/dlpage/gaoptout?hl=de

      Google is certified according to the Privacy Shield Framework and thus offers a safeguard to comply with European data protection law and thus the GDPR.

      More information can be found here:
      https://www.privacyshield.gov/participant?id=a2zt000000001L5AAl&status=active
      https://www.privacyshield.gov/EU-US-Framework

      Terms of use of Google Analytics:
      http://www.google.com/analytics/terms/de.html

      Overview of data protection:
      http://www.google.com/intl/de/analytics/learn/privacy.html

      Data protection declaration:
      http://www.google.de/intl/de/policies/privacy

      You can find a more detailed explanation of Google Analytics at:
      https://www.google.com/intl/de_de/analytics

   2. Google-Maps
      

      
      We use the offer of Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

      By visiting the website, Google receives the information that you have visited the corresponding subpage of our website. In addition, personal data (such as your IP address) are transferred to Google. This occurs regardless of whether you have a Google Account that you are logged in with or whether you do not have a Google Account. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on Google, you must log out prior to visiting our website. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place in particular (even for users who are not logged in) to provide needs-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, whereby you must contact Google to exercise the right to object.

      For more information about the processing of personal data by Google Maps, please see Google's data protection declaration. They will also provide you with further information about your respective rights and setting options to protect your privacy.

      Data protection declaration:
      http://www.google.de/intl/de/policies/privacy

      Google also processes your personal data in the US and has submitted to the EU-US Privacy Shield:
      https://www.privacyshield.gov/EU-US-Framework.

      Further information can also be found in the Terms of Use:
      https://www.google.com/intl/de_US/help/terms_maps.html.

      
      
   3. affilinet Tracking Cookies
      
      Our website uses an affilinet network, operated by affilinet GmbH, Sapporbogen 6-8, 80637 Munich. affilinet uses a cookie on your computer to correctly track sales and/or leads. This cookie is set by the domain partners.webmaster-plan.com or banners.webmasterplan.com. This cookie complies with the applicable privacy policy. The cookies used by affilinet are accepted in the standard settings of your web browser. You can prohibit the storage of these cookies by deactivating the acceptance of the cookies of the corresponding domains in your web browser. affilinet tracking cookies do not store any personal data, but only the ID of the referring partner and the number of the advertising media (banner, text link or similar) clicked by the visitor, which are required for payment processing. When a transaction is completed, the Partner ID is used to assign the commission to be paid to the referring partner. Details can be found in the cookie guidelines of affilinet (https://www.affili.net/de/knowledge-zone/ueber-cookies).
      
      
      
4. Contact forms and e-mail contact
   
   

   You can contact us by e-mail at info@stuttgart-airport.com In this case, the personal data transferred by e-mail about you are stored.

   There is also a contact form on our website which can be used to contact Flughafen Stuttgart GmbH electronically on various topics.

   When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, your name, your request and when contacting the aircraft noise prevention representative your postcode and residence) are stored by us in order to answer your request appropriately. In addition, a copy of the contact form and thus also your entries, as well as the time of your establishment of contact, is stored in our content management system ("CMS"). The data from the contact form are transferred to our web server in encrypted form.

   Depending on the subject matter on which you contact us by e-mail or using the contact form, your data and your request are transferred to third parties. A transfer to third parties only takes place if this is necessary to clarify and respond to the contact request.
   
   A transfer to third parties occurs in particular in the following cases:

   • For feedback/queries on boarding (e.g. check-in, luggage tracing, boarding support)
     To clarify the facts of each case, your personal data and your inquiry may be transferred to:

     Stuttgart Airport Ground Handling GmbH (SAG)
     PO Box 23 02 70
     D-70622 StuttgartGermany

     and/or to:

     Stuttgart Ground Services GmbH
     PO Box 23 04 11
     70624 StuttgartGermany

   • For feedback/queries on security issues (e.g. security check, passport control):
     To clarify the facts of the case, your personal data and your inquiry may be transferred to:

     Bundespolizeidirektion Stuttgart
     Wolfgang-Brumme-Allee 52
     D-71034 BoeblingenGermany

     and/or to:

     Bundespolizeiinspektion am Flughafen Stuttgart
     D-70629 StuttgartGermany

     and/or to:

     Polizeipräsidium Reutlingen
     Kaiserstraße 99
     D-72764 ReutlingenGermany

     and/or to:

     Polizeirevier Flughafen Stuttgart
     Flughafenstraße 36
     D-70629 StuttgartGermany

     and/or to:

     Zollamt Flughafen Stuttgart
     Flughafen Stuttgart
     D-70629 StuttgartGermany

   • For feedback/queries on check-in and boarding with Lufthansa, Austrian Airlines and Swiss-Air, as well as queries about the Lufthansa Lounge:
     To clarify the facts of the case, your personal data and your inquiry may be transferred to:

     Deutsche Lufthansa AG
     Stationsleitung am Flughafen Stuttgart
     D-70629 StuttgartGermany

   • For feedback/queries on the Elli-Beinhorn-Lounge:
     To clarify the facts of the case, your personal data and your inquiry may be transferred to:

     ChillOutLounges GmbH
     PO Box 420 131
     D-30662 HannoverGermany

   • For feedback/queries on shops or catering services on the terrain of the airport:
     To clarify the facts of the case, your personal data and your inquiry may be transferred to to shops or catering services on the campus of Stuttgart Airport.

   • For queries on noise abatement:
     Your personal data and your request are forwarded directly to the Noise Abatement Officer of the Stuttgart Regional Board. By contacting the Noise Abatement Officer of the Stuttgart Regional Board, furthermore the mention of the postcode and the residence is necesary. This enables the Noise Abatement Officer of the Stuttgart Regional Board to follow up your request and answer your questions appropriately.

     Lärmschutzbeauftragter für den Flughafen Stuttgart
     Regierungspräsidium Stuttgart
     Ruppmannstraße 21
     D-70565 StuttgartGermany

   Art. 6 Para. 1 lit. f GDPR and Art. 6 Para. 1 lit. a GDPR constitute the legal bases for data processing if you contact us by e-mail or via the contact form.

   Regardless of whether you contact us by e-mail or using the contact form, your data are used exclusively to process and answer your enquiry appropriately. This also applies to any transfer of your data to third parties.

   Personal data are only stored for as long as this is necessary to achieve the above-mentioned purpose or pursuant to the legally stipulated retention periods.

   This is the case with the personal data that you send us as part of an enquiry by e-mail or contact form when the conversation with the user has ended, i.e. when the relevant facts have been finally clarified.

   The data are only processed to be able to answer your contact request appropriately and conclusively. Pursuant to Art. 13 Para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.

5. Newsletter
   
   Flughafen Stuttgart GmbH offers special user groups (travel agency partners, business partners/corporates and members of the press) the option of subscribing for a target group-oriented newsletter. With these newsletters, we regularly send out target group-relevant information/invitations about Flughafen Stuttgart GmbH by e-mail.

   Art. 6 Para. 1 lit. a GDPR constitutes the legal basis for the processing of the data after the user registers for the newsletter. The collection of your personal data serves for verification and correct allocation to the target group-oriented newsletter and to ensure that the newsletter can be delivered. Your data are used exclusively for sending the newsletter.

   Your personal data are only stored for as long as necessary to achieve the above-mentioned purpose or pursuant to the legally stipulated retention periods. We store your data for as long as the subscription to your newsletter is active. As a user, you can cancel your subscription to the respective newsletter at any time by withdrawing your consent and without needing to give any reasons.

   To do this, you can send an e-mail to Betroffenenrechte@stuttgart-airport.com or click the “Unsubscribe” button in the newsletter.

   1. Newsletter for travel agency partners, business partners/corporates
      
      If you belong to the travel agency partners, business partners user group and are interested in subscribing to the “Travel agency partners, business partners/corporates” newsletter, please contact Marketing@stuttgart-airport.com. To consider your registration, we need information about you (e-mail address, name) and the organisation/company to which you belong. Section 4 of this Data Protection Declaration applies to contacting us by e-mail.

      The “Newsletter2Go” newsletter software is used to send the newsletter to travel agency partners, business partners/corporates. Your data are transferred to Newsletter2Go GmbH. Newsletter2Go is prohibited from selling your data or using it for any purpose other than sending the newsletter. Newsletter2Go is a certified provider in Germany, selected according to the requirements of the GDPR.

      Further information can be found here:
      https://www.newsletter2go.de/informationen-newsletter-empfaenger

      Art. 6 Para. 1 lit. f GDPR constitutes the legal basis for the transfer to Newsletter2Go. The dispatch service provider is used to ensure the smooth technical dispatch of the newsletters and to guarantee the IT integrity of Flughafen Stuttgart GmbH's servers. Pursuant to Art. 13 para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.

   2. Newsletter for members of the press (“Press Newsletter”)
      
      If you are a member of the Press user group and are interested in subscribing to the “Presserundschreiben” newsletter, please contact Presse@stuttgart-airport.com. To consider your registration, we need information about you (e-mail address, name) and the organisation/company to which you belong. Section 4 of this Data Protection Declaration applies to contacting us by e-mail.

6. Social media profiles and comment functions on our website
   
   

   1. Social media profiles
      
      Flughafen Stuttgart GmbH maintains profiles on various social networks. You can find links to these profiles on our website. Flughafen Stuttgart GmbH maintains the following profiles:

      • ​https://www.facebook.com/FlughafenStuttgart
      • https://www.twitter.com/STR_Flughafen
      • https://www.instagram.com/Stuttgartairport
      • https://www.snapchat.com/add/str_flughafen
      • https://www.youtube.com/user/StuttgartAirport
      • https://www.xing.com/companies/flughafenstuttgartgmbh

      
      We look forward to you visiting one of our profiles in the above-mentioned networks. In this case, the terms and conditions and data protection regulations of the respective operators apply.
      
      All references to social media profiles on our website are integrated by means of a link. Personal data are therefore not transferred on to third parties without your active involvement.
      
      A transfer only takes place if you initiate it yourself by clicking on the link. In this case, the data protection regulations of the respective social network apply. As a user, your respective rights and setting options to protect your privacy can be found in the providers' data protection information.

      • https://www.facebook.com/policy.php
        
      • https://twitter.com/privacy
        
      • https://help.instagram.com/155833707900388
        
      • https://www.snap.com/en-US/privacy/privacy-policy
        
      • https://www.youtube.com/static?template=privacy_guidelines
        
      • https://privacy.xing.com/de/datenschutzerklaerung

   2. Activation of DISQUS in our blog

      In our blog, various authors describe their personal views on a topic and report from a subjective perspective on topics relating to Stuttgart Airport. Readers can comment on these contributions. We use the DISQUS comment service for this, offered by DISQUS Inc, 301 Howard Street, Suite 300, San Francisco, CA 94105, US (“DISQUS”).

      This comment function is disabled by default. To be able to use the DIQUS comment function, the user must first activate it. This is done by setting an appropriate cookie. If you do not activate the DISQUS comment function, no personal data are transferred to DISQUS.

      You can activate DISQUS on our website by clicking on the “Activate DISQUS (comments)” button. Then you can log in to DIQUS using an existing DISQUS account or using an existing social media account (for example, Facebook) and write comments. You can also use the DISQUS function as a guest, without creating an account with DISQUS and without creating a social media account. When you activate the comment function DISQUS and/or write comments, personal data, such as:

      • your IP address,
      • time of the comment,
      • content of the comment (e.g. also name, e-mail address of the comment creator)

      are transferred to DISQUS and thus to servers in third countries. DISQUS and its function is embedded on our website only. The use of the comment function therefore takes place according to the conditions of DISQUS and exclusively in the relationship between you, as user, and DISQUS itself. Please, therefore, read the data protection information (https://help.disqus.com/terms-and-policies/diqus-privacy-policy) and the DISQUS terms of use (https://help.disqus.com/terms-and-policies/terms-of-service). To erase data, only DISQUS can be contacted.
      As a user and as far as you activate the comment function of DISQUS, the use of DISQUS and the associated transfer of personal data to DISQUS is legally based on Art. 6 Para. 1 lit. f GDPR.

      Personal data is processed for the purpose of an efficient and user-friendly design of the comment management.

      Pursuant to Art. 13 para. 1 lit. d GDPR, we are herewith informing you as a user that this is in our legitimate interests.

      DISQUS is certified according to the Privacy Shield Framework and thus offers a safeguard to comply with European data protection law and thus the GDPR.

      The link to the privacy policy can be found here: https://www.privacyshield.gov/participant?id=a2zt0000000TRkEAAW&status=Active

      If you do not wish your personal data to be transferred to DISQUS, we recommend that you do not activate the comment function.

7. Flight status notification by e-mail
   
   

   As a user of our website, you have the option of being notified by e-mail about status updates of flights that you can select yourself.

   As a user, you can subscribe to the flight status (for example, status: en-route; status: landed; status: boarding) and flight status changes for a specific flight by e-mail. For this purpose, we collect your e-mail address in the registration form for notification. This data is only collected to inform you of any changes in the flight status of the desired flight(s).

   Registration for flight status notification occurs via the so-called Double-Opt-In procedure. This means that after registration you will receive an e-mail asking you to confirm your registration for flight status notification by clicking a link. Only if you make this confirmation will you receive the desired flight status notifications and flight status changes by e-mail. In the course of the Double-Opt-In procedure, the following data are stored:

   • e-mail,
   • IP address in the server log,
   • time of confirmation.
   Art. 6 Para. 1 lit. a GDPR constitutes the legal basis for this data processing.
   
   Personal data are only stored for as long as this is necessary to achieve the above-mentioned purpose or pursuant to the legally stipulated retention periods. Your e-mail address is routinely erased after a period of 4 days, but no later than 7 days, after the end of the respective flight.
   
   
8. Booking options and other functions of our website
   
   

   1. Booking VIP services
      
      On our website, you have the possibility to book VIP services around your flight. These are special services (e.g. shuttle service).

      You will find a booking form on our website for this purpose. Depending on which VIP package you book, we request various information required to book the package (e.g. your name, number of adults and children travelling with you, flight details). As the performance of the ordered service takes place at an international commercial airport and is therefore subject to legal security requirements, we pass on your data to third parties within the framework of the execution of the contract, insofar as this is necessary. In this sense, third parties are the authorities involved (cf. Section 4) as well as the internal departments required for the execution of the contract (e.g. terminal supervision, operations officer on duty) and external cooperation partners (e.g. the booked airline, the handling partner responsible for this airline, the security service provider used for personnel and goods control). Art. 6 Para. 1 lit. b GDPR constitutes the legal basis for this data processing. The data are processed exclusively for the purpose of executing the contract.
      Personal data are only stored for as long as this is necessary to achieve the above-mentioned purpose or pursuant to the legally stipulated retention periods.

   2. Booking airport tours
      
      You can book airport tours on our website. We provide you with a platform for your booking enquiry/booking for this purpose. Within the framework of the booking enquiry/booking, we collect the data necessary for carrying out the tour (number of participants, type of group, address of the contact person/booking organisation or the booking company, billing address, telephone number, e-mail address). After booking, you receive an acknowledgement of receipt of the reservation request and a confirmation e-mail if the booking was successful.

      Art. 6 Para. 1 lit. b GDPR constitutes the legal basis for this data processing. The data to be provided are required for the execution and processing of the airport tour and booking. The transfer of data to us is encrypted as part of the SSL encryption of our website.

      Personal data are only stored for as long as this is necessary to achieve the above-mentioned purpose or pursuant to the legally stipulated retention periods.

   3. Application portal
      
      Online, you have the opportunity to apply for a job with us using the application portal “d.vinci” of d.vinci HR-Systems GmbH, Nagelsweg 37 - 39, D-20097 Hamburg, Germany; this is integrated on our homepage.

      The personal data which you enter are only stored by d.vinci HR-Systems GmbH. Art. 6 Para. 1 lit. b GDPR constitutes the legal basis for this data processing. We have carefully selected d.vinci HR-Systems GmbH and have made contractual regulations in accordance with the requirements of the GDPR (Art. 28 GDPR).

9. Subscription to the “Flugblatt” airport magazine
   
   

   You can register for a free subscription to our “Flugblatt” airport magazine on our website. If you would like to receive the airport magazine, please send an e-mail with your name and full address to publikationen@stuttgart-airport.com.

   If you register to receive the airport magazine, your personal data are processed exclusively for the purpose of sending the magazine. Your personal data are required to send you our airport magazine and thus to provide the service for your requested subscription.

   Art. 6 Para. 1 lit. a GDPR constitutes the legal basis for the processing of your personal data. Your personal data are only stored for as long as it is necessary to provide the subscription. We store your data as long as your subscription to the magazine remains active. Your personal data are forwarded to the shipping service for the purpose of sending you the magazine. Your personal data are not transferred to other third parties.

   You can cancel your subscription to the airport magazine at any time and without giving reasons by withdrawing your consent.

   You can send an e-mail to Betroffenenrechte@stuttgart-airport.com at any time.

   Section IV, Paragraph 4 of this Data Protection Declaration applies to contacting us by e-mail.

V Rights of the data subject

Within the meaning of the GDPR, you are a data subject if we process your personal data. Therefore, you have rights vis-à-vis Flughafen Stuttgart GmbH as the controller. If you wish to exercise such a right, please contact:

Flughafen Stuttgart GmbH
Flughafenstraße 32
70629 Stuttgart
GermanyE-Mail: Betroffenenrechte@stuttgart-airport.com

You are entitled to the following rights:

1. Right to access, pursuant to Art. 15 GDPR
   
   Pursuant to Art. 15 GDPR, you have the right to access information on your personal data processed by us. In particular, you may access information on the purposes for the processing, the category of personal data, the categories of recipients to whom your data have been or will be transferred, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of lodging a complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details.

   You also are entitled to the right to access information as to whether your personal data is being transferred to a third country or to an international organisation. In this context and pursuant to Art. 46 GDPR, you may request to be informed of the appropriate safeguards in connection with the transfer.

2. Right to rectification, pursuant to Art. 16 GDPR
   
   Vis-à-vis us as data controller and in accordance with Article 16 of the GDPR, you are entitled to the right to rectify and/or complete your personal data if the personal data relating to you and being processed is incorrect or incomplete. We, as controllers, must make this rectification without delay.

3. Right to erasure (“Right to be forgotten”), pursuant to Art. 17 GDPR
   
   Pursuant to Art. 17 Para. 1 GDPR, you are entitled to the right to request the erasure of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (cf. Art. 17 Para. 3 GDPR).

   If we, as controller, have made the personal data relating to you public and we are obliged to erase this personal data pursuant to Art. 17 Para. 1 GDPR, we will take appropriate measures, including technical measures (taking into account the available technology and the costs for implementation) to inform other data processors who process the personal data that you, as data subject, have requested the erasure of all links to these personal data or of copies or replications of these personal data.

4. Right to restriction of processing, pursuant to Art. 18 GDPR
   
   Pursuant to Article 18 GDPR, you are entitled to the right to demand the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful but you reject their erasure and we no longer need the data, but you need them to assert, exercise or defend any legal claims or you have filed an objection against the processing pursuant to Article 21 GDPR.

5. Right to data portability, pursuant to Art. 20 GDPR
   
   Pursuant to Art. 20 GDPR, you are entitled to the right to receive the personal data you have provided us with in a structured, common and machine-readable format or to request the transfer to another controller.

6. Right to object, pursuant to Art. 21 GDPR
   
   On the basis of Article 6(1)(e) or (f) of the GDPR, you are entitled to the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation.

   As controllers, we then no longer process the personal data relating to you unless we can prove that there are compelling reasons worthy of protection for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend any legal claims. If the personal data relating to you are processed for direct marketing purposes, you have the right to object to the processing at any time. If you object to the processing for direct marketing purposes, the personal data concerning you is no longer processed for these purposes.

7. Right to withdraw your consent for the data protection declaration, pursuant to Art. 7 Para. 3 GDPR
   
   You are entitled to the right to withdraw your consent for this Data Protection Declaration at any time. The withdrawal of consent shall not affect the legality of the processing carried out on the basis of the consent until withdrawal.

8. Automated individual decision-making, including profiling, pursuant to Art. 22 GDPR
   
   You are entitled to the right not to be subject to a decision based exclusively on automated processing - including profiling - that has any legal effect against you or significantly impairs you in any similar manner.

9. Right to lodge a complaint with a supervisory authority, pursuant to Art. 77 GDPR
   
   You are entitled to the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of your place of residence, workplace or our company headquarters.

   The supervisory authority responsible for Flughafen Stuttgart GmbH is:

   Der Landesbeauftragte für den Datenschutz und die Informationssicherheit
   PO Box 10 29 32
   70025 StuttgartGermany

   Telefon: 0711/615541-0
   Fax: 0711/615541-15
   E-Mail: Poststelle@lfdi.bwl.de

VI Data security

We use SSL (Secure Socket Layer) encryption with 256-bit encryption on our website. You can recognise the encryption of our website and its individual areas by the lock or key symbol in the lower status bar of your browser.

Within the meaning of Art. 32 GDPR, we principally use suitable technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are constantly developed and improved in accordance with technical progress and technical development.

VII  Queries

If you have any questions regarding the processing of your personal data by us or your rights as a data subject, you can contact our Data Protection Officer at any time. Also, if you have any suggestions or other information on the subject of data protection, you can contact our Data Protection Officer at any time. You will find the contact details in II. of this Data Protection Declaration.

VIII   Status of this Data Protection Declaration

This Data Protection Declaration is currently valid and dated 25 May 2018.