We are The Flight-Refund GmbH. We have our registered office at Pascalstraße 6 in 52076 Aachen, Germany and our principal place of business at the same address. We are registered with the Trade Register at the Court of Aachen under company number 20051. Contact us at firstname.lastname@example.org.
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.
Note: this does not constitute your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.
In the context of our services, we may collect personal data relating to visitors of our website. This automatically includes the timestamp of the visit, the IP-address, browser information and other technical details which are generally automatically requested and submitted by your computer. If you start using our site to check flights or request support regarding compensation payments, we will also require additional information about your flight, your contact details and other relevant and personal information. In case of success (and after having a valid contract), we will also request your bank details to make payments.
We may collect information about you in various ways:
Directly from you when you enter forms on our website or fill in additional info on paper or on contractual documents we send you. We also receive your information directly if you send us emails.
Directly from your browser through technical handshake-solutions that are normally used on the internet to establish a secure connection and to identify computers between each other.
Indirectly if you have contracted another person to represent your interests towards your claim on our platform. This other person may provide information about you (such as your name, address, date of birth and other details) which is required for a successful completion of the claim.
Indirectly by setting a cookie when you login or for marketing analysis purposes (For example: We want to know how many unique people visit our website, so we set a cookie with a unique number. If you visit the site once in the morning and once in the evening, we will count you only as one visitor).
We collect the following information about you and we use it for the following purposes:
Your identification and contact information (name, address, telephone number, email address or other contact details) for:
-Quality management internally
Electronic localisation information and IP address and surfing behaviour for:
-Quality management internally
Bank account for:
For the processing of your personal data for the purpose of claim analysis and management, we rely upon your consent. We note that you have the right to withdraw that consent at any time. You may do so by sending an email to email@example.com
In the context of the purposes as listed above, we may share your personal data with third parties, such as external law firms to represent our and your interests in court. We also use external data processors for our IT infrastructure and email administration. We will ensure that, where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing your personal data to a third party. For example, we enter into data processing agreements with relevant parties (providing for restrictions on the use of your personal data and obligations with respect to the protection and security of your personal data).
The parties to whom we may disclose your personal data as referred to above may be located in countries outside the European Economic Area (EEA), which countries may offer a lower level of data protection than in your area. For example, such shall be the case in the following situations:
-For marketing analytics via Google Analytics
-For certain email processing activities via Google
In such case, it shall be ensured that adequate measures are taken to ensure adequate protection of your personal data in accordance with applicable data protection legislation. More specifically, we implement the following measures, such as signing the Binding Corporate Rules or the EU Standard Contractual Clauses, which our partners have provided us. Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent. We do not foresee this as a viable business path and do not intend to do so.
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
More specifically, the following storage periods apply:
-Emails are stored for one year and then deleted when legally possible (Some emails need to be stored for a longer period of time).
-Personal Data related to your cases and requests are removed, overwritten or securely encrypted after 3 years (a claim expires after 3 years, maintaining the data is generally not sensible or required), unless the case is ongoing or legal requirements enforce us to act differently.
-Logfiles on our server for IP addresses and other technical stuff are removed after 6 months in general. Snapshots from this files might be maintained for longer if there are valuable learnings, however, this information is generally not connected to your account or other data and can not be correlated without significant effort.
-Paper based documents are removed after 5 or 10 years, mostly due to tax or legal reasons.
We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures:
-Clear internal rules and boundaries regarding data access, enforced by our IT system.
-Encypted storage of passwords and other significant data, to ensure that even in case of a possible data breach no relevant information is available to the thief.
-Usage of experienced and certified third parties with world-class data protection facilities and rules for our infrastructure.
-Limited access to databases, backups and technical systems, with multiple authentication methods required.
Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
You have the right to:
-information about and access to your personal data;
-rectify your personal data;
-erasure of your personal data (‘right to be forgotten’);
-restriction of processing of your personal data;
-object to the processing of your personal data;
-receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization.
Please feel free to contact us at firstname.lastname@example.org for any issues.
Finally, you have the right to lodge a complaint with the relevant authorities relating to the processing of your personal data by us. The link is https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
We use certain cookies on our website. Some of them are essential to make our site work, others serve to provide you a better, faster and safer user experience by allowing us to improve claim checking flow and speed issues. Cookies are small pieces of data that are stored on your computer or mobile device via your browser. On our website, we use the following cookies:
|Name of the cookie
|Type of cookie)
|Purpose of the cookie
|this is required for logins and to keep track of users when navigating along pages. Disabling this cookie might make usage of the page impossible
|git, gat, ga
|This cookie allows us to recognize the visitors of our webiste, to count the number of visitors and to identify the way in which they navigate. This allows us to improve the user navigation and to ensure that visitors can faster and easier find what they need
All major internet browsers offer the option to manage the cookies that were installed on your computer or mobile device. In case you do not wish that this site places cookies on your system, you may limit or delete these easily by adjusting you mobile or browser settings. In addition, you can set you mobile or browser settings in such a way that you get a notification every time you receive a cookie on your computer or mobile device, so that you can decide whether you wish to accept this cookie or not.
Please note that when you disable certain cookies of which we are making use, the possibility exists that certain parts of our system will no longer function properly and you will no longer enjoy an optimal user experience.
Right to information and right to access your personal data:
You may at any time request more information on our processing activities and the personal data that we are keeping from you.
Right to rectification of inaccurate or incomplete personal data:
You have the right to require us to, without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
Right to deletion of your personal data (‘right to be forgotten’):
You may request us to delete (part of) your personal data in the following situations:
− when the processing is no longer necessary for achieving the purposes for which they we collected or otherwise processed these; or
− when the processing was based on your consent and you have decided to withdraw that consent;
− when you have other reasonable grounds to object to the processing of your personal data;
− when we would unlawfully process your personal data;
− when your personal data have to be erased in compliance with a legal obligation directed to us.
We note that in some case, we may refuse to delete your personal data:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation; or
- for the establishment, exercise or defence of legal claims.
Right to restriction of processing:
You may request us to (temporarily) restrict the processing of your personal data in the following situations:
− when you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or
− when the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
− when we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
− pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data (free of charge):
You may under certain circumstances object to the processing of your personal data, when such processing is based on our “legitimate interests”. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary.
Where we process your personal data for direct marketing purposes, you may at any time object to the processing thereof or withdraw your consent thereto. You also have the right not to be subject to profiling for direct marketing purposes.
Right to data portability:
In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies:
− in case the processing is based on consent or on the necessity for the performance of a contract; and
− in case the processing is carried out by automated means.