Due to the predicted weather conditions, flight operations are expected to be restricted and flights canceled on Sunday, January 5, especially in the morning.
Please check your flight status with your airline.
Due to the predicted weather conditions, flight operations are expected to be restricted and flights canceled on Sunday, January 5, especially in the morning.
Please check your flight status with your airline.
Welcome to our website and thank you for your interest in privacy and data protection with regard to our services. We are pleased to provide you with information here on how your personal data are processed on our websites and in connection with the other services described in this Privacy Statement.
1 Controllers and data protection officers
2 Data processing
2.1 Data processing policy
2.2 Recipients
2.3 Duration of storage
2.4 Scope of the Privacy Statement
3 Generally applicable information on data processing in relation to online services
3.1 Log files
3.2 Cookies and pixels
3.3 Participation in Surveys
3.4 Integrated maps (Google Maps)
3.5 Integrated videos (YouTube)
3.6 Social media
3.7 Eye-Able® assistance software
4 Specific processing activities
4.1 Websites
4.2 Contact form
4.3 Newsletter
4.4 Personalization and user profiles
4.5 WLAN/Wifi
4.6 Photography, video and sound recordings
4.7 Passngr app website
4.8 Parking reservations
4.9 Automatic number plate detection at parking entrances
4.10 Bookings/reservations
4.11 Contests, prize draws, and campaigns in general
4.12 municon conference center
4.13 Aircraft noise complaints
4.14 Applicant portal
4.15 Airport Collaboration Portal
4.16 FMG und Wohnen
4.17 Processing damage events and claims
4.18 Star Alliance Biometrics
4.19 Video surveillance at the airport and in parking facilities
4.20 Customer Acquisition of LabCampus
4.21 Training programmes / Airport Academy
4.22 Luggage handling
4.23 Internal reporting office for reporting persons
4.24 Community Platform LabCampus
4.25 Business-to-Business Portal (B2B)
4.26 Lost & found office
4.27 Service center
4.28 Telephone and video conferences via MS Teams
4.29 Applicant interviews with video via MS Teams
4.30 Contact Parking
4.31 Charging of electric vehicles during parking
4.32 Boarding pass check - access control to the airside part of Munich Airport
4.33 Optimization of punctuality during check-in and departure
4.34 Processing of customer contact data
4.35 Reviews on social media
4.36 Information on the processing of personal data in the context of the Advent calendar competition
5 External booking requirements
5.1 Package travel arrangements
5.2 Flight bookings
5.3 Car rentals
6 Your rights
6.1 Information
6.2 Rectification
6.3 Right to restriction / blocking of processing
6.4 Erasure
6.5 Objection
6.6 Withdrawal
6.7 Data portability
6.8 Right to lodge a complaint with a supervisory authority
7. Exercising the rights of affected persons
Unless another controller is expressly indicated for specific services, the controller for the purposes of all data processing covered in this Privacy Statement is:
Flughafen München GmbH
Nordallee 25
85356 Munich
Germany
Tel. +49 89 975 00
Email: info@munich-airport.de
Contact details for Flughafen München GmbH, referred to below as "FMG" or "we" and their subsidiaries with data protection officers:
Contact data
Nordallee 25
85356 München
Tel. +49 89 975 00
Email: info@munich-airport.de
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Directors
Jost Lammers
Jan-Henrik Andersson
Head of IT
Florian Lesch
Contact data
Terminal1, Modul D
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 975 212 00
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Director
Eva Ranki
Head of IT
Florian Lesch
Contact Data
Postfach 23 17 55
85326 München
Tel. +49 89 975 210 01
Data Protection Officer
Wolf Janz
AeroGround Flughafen München GmbH
Postfach 23 17 55
85326 München
Tel. +49 89 975 215 10
Email: datenschutz@aeroground.de
Managing Directors
David Konradi
Head of IT
Florian Lesch
Contact data
Terminalstrasse Mitte 18
85356 München-Flughafen
Tel. +49 89 975 9 31 77
Email: info.allresto@munich-airport.de
Data Protection Officer
-Data Protection-
Allresto Flughafen München GmbH
Hotel und Gaststätten GmbH
Terminalstrasse Mitte 18
85356 München-Flughafen
Tel. +49 89 975 9 31 77
Email: datenschutz.allresto@munich-airport.de
Managing Directors
Andreas Reichert
Head of IT
Allresto Flughafen München GmbH
Hotel und Gaststätten GmbH
Contact Data
Frachtgebäude Modul C
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 975 92 289
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Director
Claudia Weidenbusch
Head of IT
Florian Lesch
Contact Data
RGS 1, Vorfeld West 1
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 977 500 0
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Director
Jörg Abel
Head of IT
Michael Springborn
Contact Data
Terminalstraße Mitte 18
85356 München
Tel. +49 89 975 936 00
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Directors
Christian Wallner
Sven Zahn
Head of IT
Andre Dlugos
Contact Data
Postfach 24 11 37
München-Flughafen
Tel. +49 89 975 910 74
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Director
Christian Huber
Head of IT
Florian Lesch
Contact Data
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 975 65701
Email: contact@labcampus.de
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Director
René Droese
Head of IT
Florian Lesch
Contact Data
Munich Airport International GmbH
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 975 102 14
Data Protection Officer
Managing Directors
Dr. Lutz Weisser
Lorenzo Di Loreto
Head of IT
Florian Lesch
Contact Data
Visiting address:
Terminalstraße Mitte 26
Bürogebäude Nord N2
85356 München-Flughafen
Postal address:
Postfach 231755
85326 München-Flughafen
Tel. +49 89 975 54500
Email: mucreal@munich-airport.de
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter.mr@munich-airport.de
Managing Director
Michael Hiss
Contact Data
Terminalstraße Nord 1, Ebene Z4
Postfach 23 17 55
85326 München-Flughafen
Tel. +49 89 975 887 01
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
Email: datenschutzbeauftragter@munich-airport.de
Managing Directors
Ivonne Kuger
Matthias Langbehn
Head of Data Processing
Julia Schmidt
We process your personal data in accordance with applicable data protection laws – in particular the provisions of the General Data Protection Regulation (GDPR), the German Data Protection Act (Bun-desdatenschutzgesetz) and other applicable laws.
We process personal data exclusively in accordance with the intended purposes. The main purpose is to operate Munich Airport including all ancillary business activities directly or indirectly supporting this purpose. The purposes related to specific services are concretely outlined in the corresponding descriptions.
We process your personal data only when this is permitted or required under legal regulations or with your consent.
You will find additional information on specific services in the descriptions below. Unless those descriptions specify another legal basis, the data processing is carried out in accordance with Art. 6 Par. 1 sentence 1 f) GDPR (balancing of interests based on our legitimate interest in operating Munich Airport, including all ancillary business activities directly or indirectly related to the purpose of business).
Personal data can be transmitted to the following recipients or categories of recipients:
If there are other recipients, these will be mentioned separately in the individual processing activities.
Personal data are stored only as long as necessary for achieving the specified purposes or in accordance with the storage and archiving periods required by law. After the relevant purpose no longer applies or the expiry of these periods, the corresponding data will be deleted routinely in accordance with the statutory regulations.
If possible, specific storage periods for the various services will be stated.
This Privacy Statement applies to the websites of Flughafen München GmbH and the subsidiaries specified above and for other services described in this Privacy Statement.
Every time the contents of our websites are accessed, data are stored that may permit identification of data subjects.
The following data are collected:
The temporary storage of these data is necessary for processing the site visit in order to ensure that the website can be made available. Further data storage in log files takes place to ensure the functionality of the website and the security of the IT systems. These stored data are analyzed exclusively for purposes of analyzing technical malfunctions and possible attacks on our website. In addition, the data can by analyzed anonymously for statistical purposes.
Categories of recipients
Some websites are operated by external hosting services and/or through external agencies. They act on our behalf as external processors and process the data exclusively in accordance with our instructions.
Duration of storage
To be in a position to conduct proper investigations of technical malfunctions or possible attacks on our website and report as needed to regulatory bodies and security authorities, we delete or anonymize the log files within one month at the latest.
Legal basis
The legal basis for the related processing of your data is Art. 6 Par. 1 sentence 1 f) GDPR (balancing of interests based on our legitimate interest in maintaining the functionality of our website and performing statistical analysis of the use of our website).
Cookies are small files in which certain information is stored either in open or encrypted form. Cookies are sent from the server to your computer and stored there. They initially serve to identify the computer from which our website was accessed. If you log in to our website, cookies serve to notify the server of your login and check the authorizations to retrieve the page.
Cookies can help to improve communications between our server and your computer and therefore make it easier to use our website. Cookies also make it possible to track the path of a user across various pages of the website and possibly across various websites. In addition, cookies can store information of any kind.
Cookies can originate not only with the operator of the website but also with third-party providers. In your browser you can display a list of the cookies stored on your computer, delete some or all of these cookies, or select settings to deactivate or limit the storage of cookies. Please note that some functions (e.g. the login) will not work, or will not be fully functional, if you deactivate the storage of cookies.
Every cookie has an expiry date when it is no longer valid and will be automatically deleted. Details on the expiry dates for certain cookies are described in the sections below.
You can object to the use of cookies that permit the analysis of your user behavior: Tracking Preferences. Details are provided in the following sections. Please note: If you delete the cookies stored in your browser after objecting, you may have to click the links provided here again because the objection to the use of cookies containing personal data will also be documented in the form of anonymous (non-personal) cookies.
Consent management tool
We have integrated the consent management tool "consentmanager" (www.consentmanager.net) from Jaohawi AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of "consentmanager" you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed.
The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, we help our customers (according to GDPR this is the responsible party) to fulfill their legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. "Consentmanager" stores your data as long as your user settings are active. The log data will be deleted after three years. It may happen that we ask you again for your consent. This query takes place after one year at the latest.
You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.
On our website and when using the open WLAN, FMG uses the “etracker Analytics” service of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany (www.etracker.com) for the purpose of measuring the reach of our websites.
Scope of processing
Data that may allow a reference to an individual person, such as the IP address, login or device IDs, are anonymized or pseudonymized as early as possible. It is not used in any other manner, aggregated with other data or shared with third parties.
The following data is stored and processed when you access the page:
It is not possible to display unique visitor figures, the frequency distribution of sessions per visitor in the period and the linking of visits to customer journeys or conversion paths that result from multiple visits over periods of time longer than 24 hours or across multiple devices.
However, it is excluded that user profiles are formed and visitors are “recognized” over time (identification or re-identification is excluded in both processes, as the IP address is shortened and thus anonymized at the earliest possible time by default).
Purpose of processing
The application of eTracker Analytics is used to optimize the respective FMG website through reach measurement and statistical analysis as well as to ensure that the website design is tailored to the needs and is error-free.
Legal basis
Categories of recipients
Personal data is transmitted to the following recipients or category of recipients:
Transmission to third countries
A transmission to a third country outside the European Union or the European Economic Area (EEA) is not intended.
Term of storage and criteria for determining the effective period
The period of observation is limited to a maximum of one day, as all visitor IDs are automatically linked to the respective date and thus recognition of visitors in standard mode is excluded on subsequent days.
Necessity of the data and consequences of failure to provide data
The provision of personal data is neither required by law nor by contract. If you do not provide your data, this will have no impact on your use of our services.
Automated decision-making in individual cases and profiling
Automated decision-making or profiling does not take place. The use of the eTracker is expressly not for the purpose of profiling.
Possibility of erasure or objection
You have the right to object to the processing of personal data concerning you at any time.
You can object to data processing at any time by clicking on the slider.
Further information on data protection at etracker can be found here.
For the LabCampus website, we use Matomo (formerly Piwik), an open source software for statistical analysis of visitor access. Cookies are used, which are saved on your computer for up to 13 months and enable a statistical analysis of the use of the website.
In this context, usage information including the shortened IP address of the accessing computer is transmitted and stored for analysis purposes. By shortening the IP address, website users remain anonymous. Only a "session ID" (cookie) is carried and stored as the common key of a page visit. A "session" ends when the web browser is closed.
The website access information used for usage analyses includes date, time, location (city), browser type, capabilities and language, operating system/device type, length of website visit, visits by server and local time, pages visited, usage history, search engine used and search terms used to access the LabCampus website, URL referencing the LabCampus website.
By "turning off" the tracking, a so-called opt-out cookie is generated in the web browser. This causes Matomo to no longer collect the usage data of this website visit. Note: If this opt-out cookie is deleted by the user in the web browser settings, the collection of statistical data by Matomo is reactivated.
The recipient of the data is the commissioned processor (Büro am Draht GmbH) as well as the responsible departments of LabCampus GmbH. The statistical data generated by the website visit is used exclusively by LabCampus GmbH to improve the online offer and the most targeted use of resources. No other use, combination with other data or transfer to third parties takes place.
The legal basis for the placement of the Matomo cookie on your terminal device is §25 TDDDG (consent).
The legal basis for the data processing associated with our use of Matomo is Art. 6 para. 1 p. 1 lit. f) DSGVO (balancing of interests, based on our legitimate interest in continuously adapting the design of the website to the interests and needs of users).
If you do not consent to the placement of the Matomo cookie, no placement will be carried out. Once you have given your consent to the placement, you can revoke this at any time with effect for the future via the data protection settings of the Consent Manager.
You can object to the described (downstream) data processing at any time, as far as it is person-related. Your opt-out will not have any adverse consequences for you. To do so, please contact: datenschutzbeauftragter@munich-airport.de.
You can find more information about Matomo here.
Our website uses Google conversion tracking. If you have reached our website via an advertisement placed by Google, Google Ads will set a cookie on your computer. The cookie for conversion tracking is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Every Google Ads customer receives a different cookie. Cookies cannot therefore be tracked via the websites of Ads customers.
The information obtained using the conversion cookie is used to create conversion statistics for ads customers who have opted for conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, you will not receive any information that can be used to personally identify users.
You can find more information on the handling of user data on Google Ads in Google's data protection declaration.
In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Google has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
This data processing takes place on the basis of the statutory provisions under Art. 6(1) sentence 1 (a) (consent) of the General Data Protection Regulation (GDPR). You can revoke your consent to Google Ads via the data protection settings in the Consent Manager at any time.
On the website we use technologies from Bing Ads (bingads.microsoft.com), which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft places a cookie on your device if you click on a Microsoft Bing ad. Microsoft and we can see in this way that someone clicked on an ad, was redirected to our website and reached a predetermined landing page. These cookies are not used for personal identification, only the total number of users who clicked on a Bing ad and were then forwarded to the target page can be evaluated. The landing pages are typically booking or registration confirmation pages (e.g. when booking a parking space or an event ticket).
You can prevent the collection of the data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by using the following link http://choice.microsoft.com/de-DE/opt-out your Declare contradiction. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website.
The LabCampus website uses Google conversion tracking. If you have reached our website via an ad placed by Google, a cookie is set on your computer by Matomo and subsequently forwarded to Google Ads. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognize that the user clicked on the ad and was redirected to this page. Each Google Ads customer (here: LabCampus GmbH) receives a different cookie. Cookies can therefore not be tracked beyond the websites of Ads customers.
The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. Customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive information that personally identifies users.
Processor
Büro am Draht
Blücherstr. 22
10961 Berlin
Data processing purposes
Playing out targeted advertising and measuring advertising effectiveness.
Data collected
Legal basis
The following is the required legal basis for the processing of personal data: Art. 6 para. 1 s. 1 lit. a DSGVO (consent).
The required legal basis for the use of cookies and similar technologies for this tool: Art. 25 TDDDG para. 1 (consent).
Place of processing
Germany
Retention period
24 months
Data recipient
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland
For more information on how Google Ads handles user data, see Google's privacy policy.
Transfer to third countries
We would like to point out in this context that the processed data is also sent to the Google Group in the USA as a result of the use of cookies. In terms of data protection law, the USA is an insecure third country in which there is no adequate level of data protection within the meaning of the GDPR. In order to nevertheless establish such a level, Google has concluded the so-called standard contractual clauses (SCC). Through the clauses, Google undertakes to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the USA. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here.
Cookies from Taboola are used on our website. Using these cookies, we can target visitors to our website with advertising by displaying individualized ads for them. For this purpose, a small file with a sequence of numbers is stored in the browsers of the visitors. This number is used to record visitors to the website as well as anonymized data on the use of the website. Subsequently, you may be shown advertisements that are highly likely to take into account previously accessed product and information areas. In addition, we use the cookies to evaluate and support online marketing measures in order to record the effectiveness of the advertisements for statistical purposes. Thus, we can see how many website visitors have clicked on an ad and completed it. In both retargeting and completion conversion tracking, no personal data is stored. You can find more information here.
Processor
Taboola Germany GmbH
Alt-Moabit 2
10557 Berlin
Data processing purposes
Playing out targeted advertising and measuring advertising effectiveness.
Collected data (source: Taboola)
Legal basis
The following is the required legal basis for the processing of personal data: Art. 6 para. 1 s. 1 lit. a DSGVO (consent).
The required legal basis for the use of cookies and similar technologies for this tool: Art. 25 TDDDG para. 1 (consent).
If you wish to object, you can do so at any time and without adverse consequences for you, here.
Place of processing
Germany
Retention period
13 months
Data recipient
Taboola
Transfer to third countries
Taboola also processes data in the USA, among other countries. We therefore point out that there is currently no adequate level of protection for the transfer of your data to the USA according to the ruling of the European Court of Justice and the opinion of the European Data Protection Board. This may entail various risks for the legality and security of data processing.
Taboola uses the so-called standard contractual clause (Art. 46. para. 2 and 3 DSGVO) as the basis for processing data with recipients located in third countries or a data transfer there. Standard Contractual Clauses (SCC) are mandatory templates provided by the EU Commission to ensure that data complies with European data protection standards even if it is transferred to and stored in third countries (such as the USA).
Taboola commits through the clauses to comply with the European level of data protection when processing your relevant data, even if the data is stored, processed and managed in the US. These clauses are based on an implementing decision of the EU Commission. You can find the decision and the corresponding standard contractual clauses here.
For more information on the standard contractual clauses and on the data processed through the use of Taboola, please refer to the Privacy Policy at Privacy Policy | Taboola.com or at Taboola Privacy Addendum | Taboola.com.
For the website LabCampus, the so-called conversion tracking with LinkedIn Insights Tag is used. For this purpose, the LinkedIn Insight Tag is integrated on our pages and a cookie is set on your end device by LinkedIn. This informs LinkedIn that you have visited our web pages, whereby your IP address is also collected. In addition, timestamps and events such as page views are stored. This enables us to statistically evaluate the use of our website in order to constantly optimize it. In this way, we learn, for example, via which LinkedIn ad or interaction on LinkedIn you came to our website. LinkedIn does not share any personal data with the website owner, but only provides reports and notifications (in which you are not identified) about the website audience and ad performance. LinkedIn also provides retargeting for website visitors so that the website owner can use this data to display targeted ads outside of their website without identifying the member.
Processor
LinkedIn Ireland
Wilton Plaza, Wilton Place
Dublin 2, Irland
Data processing purposes
Playing out targeted advertising and measuring advertising effectiveness.
Collected data (source: LinkedIn)
Legal basis
The following is the required legal basis for the processing of personal data: Art. 6 para. 1 s. 1 lit. a DSGVO (consent).
The required legal basis for the use of cookies and similar technologies for this tool: Art. 25 TDDDG para. 1 (consent).
Place of processing
Germany
Retention period
90 days
Data recipient
Disclosure to third countries (source: LinkedIn)
LinkedIn is aware of the July 16, 2020 decision of the European Court of Justice and the September 8, 2020 opinion of the Swiss Federal Data Protection and Information Commissioner (FDPIC) on the repeal of the EU-US Privacy Shield and the Switzerland-US Privacy Shield. LinkedIn follows the developments and guidelines of the European Commission, the FDPIC and the US government.
The LinkedIn Services require that data be transferred from the European Union (EU), the European Economic Area (EEA) and Switzerland to the United States of America (USA) and back. To ensure that personal data from the European Union is protected when transferred outside the EU, the General Data Protection Regulation (GDPR) requires that such transfers be made using certain legal instruments, which are described on the European Commission's website.
LinkedIn relies on standard contractual clauses approved by the European Commission as the legal instrument for data transfers from the European Union. These clauses are contractual obligations that require companies to protect privacy and data security when transferring personal data (e.g., between LinkedIn Ireland Unlimited Company or its customers and LinkedIn Corporation). LinkedIn companies follow standard contractual clauses to ensure that the data flows necessary to provide, maintain, and develop our services are legally secure.
Note: LinkedIn data centers for storing member information are currently located in the United States.
For more information on conversion tracking, please click here. Please note that the data may be stored and processed by LinkedIn so that a connection to the respective user profile is possible and LinkedIn may use the data for its own advertising purposes. For more information, please see LinkedIn's privacy policy at LinkedIn Privacy Policy. You can prevent the analysis of your usage behavior by LinkedIn as well as the display of interest-based recommendations here.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings.
In order to learn more about interests and demands, we use special tools for the efficient performance of surveys that allow us to ask you for your feedback at certain touchpoints and at specific times. The providers of these tools render their services for us as part of data processing and are thus bound by our instructions.
We generally design our surveys so it is not possible to draw conclusions about individual persons during analysis and potential publication (de-facto anonymous data). This means that based on the information you provide and the supplementary knowledge that the party authorized to access it has, it is impossible to trace back to you with reasonable effort. The employees conducting the evaluation do not have access to data that would allow for personal attribution. Please make sure that the information you enter, e.g. in free text fields, does not contain any data that could allow conclusions to be drawn about you or third parties. Participation in user surveys is voluntary.
To collect feedback and evaluate the motives and interests of the participants in our surveys.
During technical performance of anonymous surveys, the following data is processed via links to our website or printed QR codes:
While it is not possible to trace back to individual persons, this cannot be technically ruled out, especially in individual cases depending on the device used or based on the answers you provide in free text fields.
Data may also be stored and retrieved on your devices as part of the technical performance of surveys. The following cookies are implemented during use:
If we proactively e-mailed you about participating in surveys, the following data is also processed as part of such personally addressed surveys, polls, and interviews:
For temporary processing of personal use data for the technical performance of surveys, we process your data as part of a balancing of interests pursuant to Article 6(1)(f) GDPR (based on our legitimate interest in asking visitors to our website about certain topics while balancing your interest in having performance designed with as little data as possible).
The legal basis for the performance of personal surveys and e-mail contact is Article 6(1)(a) GDPR. To the extent that anonymous surveys are conducted on internal matters, the legal basis for contact and for technical performance of the survey is established in Article 6(1)(f) GDPR (based on our legitimate interest in learning more about possible wishes, requirements and suggestions directed at us while balancing your interest in having performance designed with as little data as possible).
The surveys are performed by the specialist departments of Flughafen München GmbH that are assigned to do so. Personal data is not transmitted to third parties.
Survey tools provided as part of data processing
Our website uses Google Maps to represent our location and generate directions. Google Maps is an online map service by the US company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
When retrieving a page on our website requiring a map, your browser will create a direct link to the Google servers and retrieve a map to display on your screen. To use Google Maps functions, it is necessary to process your IP address and information on your possible use of the map. This information is transmitted by your browser to a Google server in the USA and processed there by Google. At present the EU Commission has not yet adopted an Adequacy Decision confirming that the USA generally offers an adequate level of data protection.
In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Google has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on the handling of user data is available in the Google privacy statement.
The legal basis for processing is Art. 6 Par. 1 sentence 1 f) GDPR (balancing of interests based on our legitimate interest in showing visitors to our website their current location and information on directions to the airport).
We embed YouTube videos in our web pages. The operator of the correspondent plugins is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube is a subsidiary of the US company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
When retrieving a page on our website containing an embedded video, your browser will create a direct link to the YouTube servers to retrieve and run the video content on your screen. To use this function, it is necessary to process your IP address and information on your possible use of the map. This information is transmitted by your browser to a YouTube server in the USA and processed there by YouTube. At present the EU Commission has not yet adopted an Adequacy Decision confirming that the USA generally offers an adequate level of data protection.
In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Google has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on data protection at YouTube is available in the Google privacy statement.
The social media channels used by us are described in detail in the sections below. We have a presence on the social media platforms of the following companies:
For our presence on this social media platform, we share responsibility with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The data protection officer of Facebook can be contacted via the following link: Facebook data protection officer.
We have regulated joint responsibility in an agreement covering the respective obligations in accordance with the GDPR. The agreement stipulating the mutual obligations can be accessed via the following link: Facebook information on page insights.
When you access our page on the Facebook platform, Facebook Ireland Ltd., as the operator of the platform in the EU, will process the user data (e.g. personal information, IP address, etc.). These user data serve in particular to create statistical information on the use of our company page on Facebook. Facebook Ireland Ltd. uses these data for market research and advertising purposes and to create user profiles. Using these profiles, Facebook Ireland Ltd. can direct targeted, interest-based advertising at the user both inside and outside Facebook.
It is possible that data will be processed either by Facebook Ireland Ltd. or Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this Facebook has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on processing activities, how to block them and on the deletion of data processed by Facebook is available in the Facebook Privacy Policy.
We are jointly responsible for our presence on this social media platform with Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. In our relationship with Twitter, the user conditions and privacy policy of Twitter (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
At present the EU Commission has not yet adopted an Adequacy Decision confirming that the USA generally offers an adequate level of data protection. In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Twitter has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information is available in the Twitter privacy policy.
We are jointly responsible for our presence on this social media platform with YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA ("YouTube"). YouTube is a subsidiary of the US company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). In our relationship with YouTube, the user conditions and privacy policy of YouTube (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
At present the EU Commission has not yet adopted an Adequacy Decision confirming that the USA generally offers an adequate level of data protection. In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Google has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on data protection at YouTube is available in the YouTube Privacy Statement.
We are jointly responsible for our presence on this social media platform with Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, as the operator of Instagram. In our relationship with Facebook, the user conditions and privacy policy of Instagram (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
It is possible that data will be processed either by Facebook Ireland Ltd. or Facebook Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA. In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, Facebook has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on data protection at Instagram is available in the Instagram privacy statement.
We are jointly responsible for our presence on this social media platform with LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). In our relationship with LinkedIn, the user conditions and privacy policy of LinkedIn (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
It is possible that the processing through LinkedIn Ireland Unlimited Company will also be carried out through LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 in the USA.In this context, we would like to point out that the USA constitutes an insecure third country where an appropriate level of data protection as defined under the GDPR is not ensured. In order to ensure such a level of protection despite this fact, LinkedIn has accepted the “standard contract clauses”. Nevertheless, on the basis of legislation in effect in the USA, there exists a potential risk that your data will be required to be provided to security authorities without the opportunity to defend yourself in court.
Further information on data protection at LinkedIn is available in the LinkedIn privacy policy.
We are jointly responsible for our presence on this social media platform with New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany ("XING"). In our relationship with XING, the user conditions and privacy policy of XING (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
Further information on data protection at XING is available in the XING privacy statement.
We are jointly responsible for our presence on this social media platform with New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany ("kununu"). In our relationship with kununu, the user conditions and privacy policy of kununu (including the linked contents regarding other conditions, policies and pages) define which party will meet the obligations pursuant to the GDPR.
Further information on data protection at kununu is available in the kununu privacy statement.
The purpose of these social media channels is to advertise our products and services and communicate with interested parties or customers.
When you contact us through one of these social media channels, we process the personal data associated with your query in the course of processing the query itself. These data are deleted as soon as the query is fully answered and statutory retention or archiving obligations no longer apply (e.g. in case of subsequent settlement of a contract).
The legal basis for the related data processing is Art. 6 Par. 1 sentence 1 f) GDPR (balancing of interests based on our legitimate interest in presenting our products and services and communicating with interested parties or customers).
The Munich Airport website uses the software application “Eye-Able®” from Web Inclusion GmbH. This tool enables visitors to the website to use a button on the edge of the screen to adjust font sizes, contrasts, and filters and to save their personal settings. The files required for the application, such as JavaScript, style sheets and images, are loaded from an external server. When functions are activated, Eye-Able uses the browser’s local storage to save the settings. All settings are saved locally on your device and are not passed on.
With the support of the "Eye-Able®" tool, we want to give users easier access to our information online.
The legal basis for the technically required inclusion of the "Eye-Able®" service is our legitimate interest in ensuring equal participation of all people, which outweighs the data subjects’ interest in particularly data-minimized processing of their data when visiting our website in accordance with Art. 6 Par. 1 f) GDPR.
The files required for the "Eye-Able®" software application, such as JavaScript, style sheets and images, are loaded from an external server. When functions are activated, "Eye-Able®" uses the browser’s local storage to save the settings as adjusted by the user. All settings are only saved locally on your device and are not passed on.
In the context of order processing, the data is transmitted to Web Inclusion GmbH, Gartenstraße 12c, 97275 Margetshöchheim, Germany.
There is no transmission to third countries.
The locally saved files and settings can be removed by clearing the browser cache.
Specific processing activities by FMG and its subsidiaries are described in greater detail in the following chapters.
The main website of Flughafen München GmbH and its subsidiaries is www.munich-airport.de (in German) and www.munich-airport.com (in English).
This Privacy Statement also applies to all other websites of Flughafen München GmbH and its subsidiaries that are linked to it, in particular the following websites:
Website | Domain | Responsible company |
---|---|---|
Traveller’s Insight | travellers-insight.com | Flughafen München GmbH |
Munich Airport Collaboration Portal | acp.munich-airport.de | Flughafen München GmbH |
ISH – Information Security Hub | ish-muc.com | Flughafen München GmbH |
Aircraft noise map | lx-travisrp01.munich-airport.de/data/travis.php | Flughafen München GmbH |
Parking Reservation | parken.munich-airport.de | Flughafen München GmbH |
Airport Academy | munich-airport.de/academy | Flughafen München GmbH |
Passngr | passngr.de | Flughafen München GmbH |
LabCampus | labcampus.de | LabCampus GmbH |
FMG & Wohnen | munich-airport.de/fmg-und-wohnen | MUC Airport Betriebs GmbH |
Municon | municon.de | Allresto Flughafen München - Hotel und Gaststätten GmbH |
AirBräu | munich-airport.de/airbraeu | Allresto Flughafen München - Hotel und Gaststätten GmbH |
We offer you the option of using a contact form to ask us for information or support on specific questions.
Categories of personal data
We collect your first and last names and email address in any case so that we and/or our system partners to which your query is addressed can contact you.
When you submit the contact form, the current IP address of the sender is saved for security reasons. Your data will be processed and treated confidentially in compliance with the applicable data protection regulations.
We will store and process your data only to the extent and as long as required for handling your message.
In order to process your inquiry in a subject-specific manner and to forward it internally to the right contact person, Munich Airport International GmbH, a subsidiary of Flughafen München GmbH, collects the following additional data in addition to the personal data mentioned: company & position.
Categories of recipients
In some cases, it will be necessary to forward your data to system partners such as airlines, government authorities or other companies in the FMG group to respond to your feedback. In addition, your data can be transmitted to external service providers for website support.
Legal basis
The legal basis for the related processing of your data is Art. 6 Par. 1 sentence 1 b) GDPR (performance of a contract and steps prior to entering into a contract) and Art. 6 Par. 1 sentence 1 f) GDPR (balancing of interests based on our legitimate interest: in answering queries from our customers and other interested parties).
Our website uses Google reCAPTCHA to check and prevent automated servers ("bots") from accessing and interacting with our website. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (hereinafter: Google).
Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU's data protection regulations when processing data in the United States.
This service allows Google to determine from which website your request has been sent and from which IP address the reCAPTCHA input box has been used. In addition to your IP address, Google may collect other information necessary to provide and guarantee this service.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our website and in the prevention of unwanted, automated access in the form of spam or similar. Google offers detailed information at https://policies.google.com/privacy concerning the general handling of your user data.
4.3.1.1 Registration for newsletters
For your registration to take effect, we need a valid email address. To check that the registration is in fact coming from the owner of the email address, we employ the double opt-in process. For that purpose, we log the newsletter order, the dispatch of the confirmation email and the receipt of the requested reply. To log these events, we record the exact time and the IP address of the end device.
4.3.1.2. Basic newsletters and personalized newsletters
If you select a basic newsletter, we will not personalize the contents to reflect your interests in detail. We therefore do not request data from you to personalize the newsletter and instead collect only the data necessary for directly providing the newsletter. Typically this means your email address and possibly your name.
When sending corresponding e-mails to you, we may also consider the following additional information:
In addition, the newsletter content can be personalized by request to reflect your individual interests. For details on the personalization of newsletters, see personalization and user profiles.
Subscribers may also be informed by email of circumstances relevant to the service or registration (e.g. changes in the newsletter offers or technical issues).
4.3.1.3 Duration of storage
Your data will be stored when you subscribe to the newsletter and retained until you unsubscribe. Your registration will be successfully completed when you click the appropriate link in the confirmation email addressed to you.
If you do not confirm the subscription link in the email, we will store your data for two weeks. The link will then expire and it will no longer be possible to use it to confirm your subscription. After this two-week period expires, your data will be immediately deleted. Of course you can register again by repeating the subscription process.
When you cancel your consent to one of our newsletters, the unsubscribe process will be completed within 24 hours. Your data will be anonymized one year after you unsubscribe and the transaction will be fully deleted three years after your data are anonymized.
4.3.1.4 Unsubscribing from newsletters
Your consent for us to save your data and to use that information to send you the newsletter can be with-drawn at any time. Every newsletter contains a link for that purpose. In addition, you can unsubscribe at any time using the following email address, for example: newsletter.abmeldung@munich-airport.de. The withdrawal of your consent has no effect on the legality of the processing up to the time of withdrawal. Due to the lead times of the technical and organizational processes, in exceptional cases you may receive another newsletter after unsubscribing.
Please note that a non-automated unsubscribe or data deletion request may take up to 14 days to implement depending on internal processes.
4.3.1.5 Legal basis
The legal basis for the data processing described in this subsection 4.3.1 is
At various points you can register for a LabCampus e-mail newsletter. By doing so, you give us permission to use your e-mail address for advertising purposes. The sender of the e-mails and controller of the processing is always LabCampus GmbH.
4.3.2.1 Registration for a newsletter, data, purposes, recipients
For an effective registration we need a valid e-mail address. In order to verify that a registration is actually made by the owner of an e-mail address, we use the "double opt-in" procedure. For this purpose, we log the order of the newsletter, the sending of a confirmation e-mail and the receipt of the response requested therein. For the logging of the respective process, we record the exact time and the IP address of your end device.
The following categories of personal data are processed: Gender (optional), title (optional), name, company name, e-mail address.
The content of the emails is information and offers on the following topics related to LabCampus; your data will be processed exclusively for these purposes:
Your data will be transferred to the following recipients or categories of recipients:
A transfer to a third country outside the European Union is intended. Specifically, the following transfer is intended: Transfer of data to United Kingdom of England (safe third country according to the adequacy decision issued by the EU Commission pursuant to Article 45 (3) of the GDPR).
4.3.2.2 Legal basis
The legal basis for the data processing described in this section 4.3 is Art. 6 para. 1 sentence 1 letter a) DSGVO in conjunction with your respective consent.
4.3.2.3 Storage period
Your data will be stored upon registration for the newsletter until revoked. Successful registration takes place when you click on the confirmation link in the e-mail addressed to you.
If you do not confirm the newsletter registration link in your e-mail, we will store your data for two weeks. After that, the link becomes invalid and registration via the link is no longer possible. Your data will then be deleted immediately after this two-week period has elapsed. A new registration is of course possible via a new registration.
As soon as you cancel our newsletter, you will be completely unsubscribed from our newsletter with immediate effect. The complete deletion of your transaction and your data will also take place with immediate effect. Please note that a non-automated unsubscription or deletion may take up to 14 business days due to internal processes.
4.3.2.4 Newsletter withdrawal
You can withdraw your consent to the storage of your personal data and its use for the newsletter dispatch at any time. There is a corresponding link in each newsletter for this purpose. You can also unsubscribe at any time via the following e-mail address: contact@labcampus.de. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Due to technical and organizational process runtimes, it may happen in exceptional cases that you receive another newsletter after you have unsubscribed. The legality of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.
If you primarily wish to receive contents relevant to you, then select personalized information.
To present content that is relevant to you, we need an optimal understanding of your interests. For this per-sonalized information, we therefore create a personalized user profile for you.
In this personalized user profile, we save identifying characteristics such as your name and email address together with your contractual and usage data. This ensures that we can personalize our services for you. For example, in the newsletter you will only receive content provided on countries that are likely to interest you or special tips for business travelers – depending on the aspects that apply to you.
In the user profiles, we collect data from various sources within the Munich Airport group of companies to arrive at the best possible overview of your interests. These sources are based on the declarations of consent submitted by you and may include the following data:
You can withdraw your consent for the storage of your personal data at any time. In addition, you can un-subscribe at any time using the following email address, for example: newsletter.abmeldung@munich-airport.de. Revoking your consent has no effect on the legality of the processing up to the time of revocation. Due to the lead times of the technical and organizational processes, it is possible in exceptional cases that the personalization of content as described in this section will continue for up to 48 hours after your with-drawal of consent.
The free wifi coverage at Munich Airport is provided by Telekom Deutschland GmbH. Consequently, the separate terms and conditions for the HotSpot and the privacy statement of Telekom Deutschland GmbH shall apply. Flughafen München GmbH grants access to the WLAN of Telekom Deutschland GmbH.)
If you wish to use the free wifi, you must identify yourself as a user with your email address. In addition to your email address, we collect the following data:
We only use technically necessary cookies on the WLAN pages (wifi.munich-airport.de), which are required for the technically flawless provision of the site. In particular, these are the following functional cookies:
We collect this data for the following purposes:
When you register to subscribe to our email newsletter, the data provided by you are also used for that purpose: privacy statement for the newsletter.
4.5.3 Legal basis
The following legal basis applies for the lawfulness of processing:
Personal data is transmitted to the following recipients or categories of recipients:
When you are transferred to the wifi access page of Telekom Deutschland GmbH, we also transfer the email address provided by you to that company.
We may transmit data relating to you that we have stored to courts, authorities or other gov-ernmental bodies if this is necessary to prosecute statutory violations or if we are under the obligation to render information to the respective public body for other reasons.
Apart from the foregoing, we do not transmit your data to third parties.
A transfer to a third country outside the European Union respectively the European Economic Area is not intended.
The data collected in connection with your access to wifi will be deleted no later than nine months after you use the wifi service.
The indicated storage periods may be exceeded in exceptional cases if and to the extent that the data in question are needed for a longer period (e.g. for purposes of the required investiga-tion and/or prosecution of a possible violation of the terms and conditions of the contract for use of the service).
The cookies are deleted after each session of the visitor.
The provision of personal data is a contractual requirement [see (GT&C). If you do not enter your data, you may not be able to use the free WLAN.
You have the right to object to the processing of your personal data at any time on grounds relating to your particular situation.
Please send your objection to info@munich-airport.de. We reserve the right to examine your request individually before implementing a restriction or cessation of processing and deletion.
Date: December 21, 2023
This privacy policy applies to photography, video and sound recordings (referred to below as "images and recordings") created by Flughafen München GmbH on various occasions (e.g. photo shoots, events). This privacy policy does not apply to data processing in connection with surveillance measures (e.g. video monitoring).
The images or recordings may be made in connection with photo shoots or events, for example. For this purpose, we will either obtain your consent in advance or at least inform you in your personal invitation or on location (e.g. in case of public events without personal invitations) that such images or recordings will be made. We do not secretly produce images or recordings.
Categories of personal data
In addition to the photos, video and sound recordings, we may process other personal data that we collect from you (such as your name and email address) in connection with the recording.
Flughafen München GmbH may use the images and recordings for print publications, in broadcasting or in electronic media for corporate communications (e.g. reports, flyers, posters, brochures, presentations, websites, intranet, press releases) and for documentation purposes (e.g. archives). The images and recordings may be shared with third parties (e.g. journalists) and disseminated in social media (e.g. Facebook, Twitter). The possible uses of the images or recordings includes all known and unknown uses as well as the editing and modification of the images or recordings. Flughafen München GmbH may grant the same utilization rights to its subsidiaries and participating interests. However, images and recordings will be utilized as de-scribed here only to the extent that this is covered by a basis for authorization (e.g. consent, contract, law).
Duration of storage
If you have granted us your consent or if we have entered into a contract with you, the data will be deleted with the expiry of the consent or contract. If we are processing the data on the basis of a legitimate interest pursuant to Art. 6 Par. 1 f) GDPR, the data will be deleted when the legitimate interest no longer applies.
For FMG employees only: If the recordings are made for purposes of establishing and implementing an employment relationship, we will delete them when the corresponding purpose is fulfilled. If the processing is regulated in a works agreement, the storage periods may be stipulated in that agreement.
Statutory archiving periods may require us to store the data for a longer period on the basis of Art. 6 Par. 1 c) GDPR.
Categories of recipients
If we have obtained the necessary utilization rights for the recordings, we will transfer the recordings to our subsidiaries and participating interests as required so that they can also use them. In all other respects, we will forward your data to our service providers only in compliance with the applicable data protection laws. Our service providers who may be granted access to the recordings and data include IT service providers, printers and advertising agencies.
For our image database we use a solution provided by CELUM GmbH, Passaustrasse 26-28, 4030 Linz, Austria ("CELUM"). The image database is maintained on our servers. CELUM may access the images when providing support. We have entered into an external processing agreement with CELUM under which CELUM has undertaken to process personal data only in accordance with our instructions. Further information on data protection at CELUM is available at: https://www.celum.com/en/privacy-cookie-policy/.
To the extent that we are permitted to use your recordings in social media channels, we cannot preclude the possibility that they will be transmitted into a country outside the EU. The US social media servers used by us are certified under the EU/US Privacy Shield Framework and are obliged to comply with the provisions of the GDPR.
It is also conceivable that, as part of our international media relations and corporate communications, we will transfer some recordings or images in compliance with the applicable data protection regulations to media, press representatives or agencies outside the EU and the European Economic Area so that the recordings or images can be published there.
Legal basis
If you have granted us consent, the legal basis for processing is Art. 6 Par. 1 a) GDPR. If consent is granted by employees of FMG, the legal basis of processing under data protection laws in this case is Art. 6 Par. 1 a) GDPR in conjunction with Section 26 Par. 2 of the German Data Protection Act (BDSG).
If we conclude a contract with you (e.g. for a photo shoot), then the use of the recordings and other personal data will serve the purposes of executing the contract and will take place in accordance with our contractually agreed utilization and exploitation rights. In that case, the legal basis for processing under data protection laws is Art. 6 Par. 1 b) GDPR.
If the recordings are made for purposes of establishing and implementing an employment relationship with FMG, the primary legal basis for processing is Section 26 Par. 1 BDSG.
We will produce photos, video or audio recordings at events etc. without your consent and without a contractual agreement only if a legitimate interest applies in accordance with Art. 6 Par. 1 f) GDPR. Such a legitimate interest may result from the provisions of Section 23 of the German Art Copyright Act (KUG). This is conceivable, for example, in case of:
In addition to the original purpose for producing the recordings, we may also store recordings and the related data for documentation or archiving purposes unless this is prohibited under contractual or statutory regulations. In this case, our legitimate interest in accordance with Art. 6 Par. 1 f) GDPR is the use of the recordings for publications on our company's history.
To the extent that we process data in accordance with Art. 6 Par. 1 f) GDPR, we always give due consideration to the question of whether you have overriding interests in the specific case at hand that outweigh our legitimate interests in using the data.
Passngr is the app shared by a number of German airports. With this app, you always have all of your travel information on hand: your flight data, important information for finding your way in your departure and arrival airports, and the most convenient way of getting to and from the airport. The Passngr app is offered and operated by InfoGate Information Systems GmbH, a subsidiary of Flughafen München GmbH.
For the Passngr app website (https://www.passngr.de), the general privacy information for websites provid-ed in this Privacy Statement applies. In addition, you can enter your mobile phone number on this website to ask for a link to be sent to the Passngr app on your phone. We will use your mobile phone number for this purpose only and will then delete it.
The privacy policy for the Passngr app can be accessed directly from the app under "Settings" – "About the Passngr app".
1. Description and scope of the specific data processing
You can quickly and easily make advance parking reservations on our website at parken.munich-airport.de. The provider and contractual partner is Flughafen München GmbH.
During the booking process for your parking space, the following data are collected:
If you register with us or book without a customer account, we will collect, save and process the above data to make the booking process easier for you. We use your data, among other things, to confirm and provide the booked services (including additional services), invoice processing, reimbursement in the event of cancellation, quality assurance, contact if necessary, e.g. in the case of rebooking, car park or product changes or air traffic restrictions. You can have your customer account deleted by sending an email to our Customer Service Center (info.parken@munich-airport.de). A deletion only takes place after the completion of any ongoing or future parking processes and the associated payment processing.
In addition to booking your parking space, we offer you optional additional services during the booking process, so-called premium services such as a car wash, interior cleaning, etc. In addition to the data mentioned, we also collect the following data:
The additional services are carried out and carried out by our service provider. If the additional services are booked, a copy of the booking confirmation will be sent to the service provider's scheduling department. The service provider can thus plan the corresponding resources for the implementation of the service more efficiently and better allocate the vehicle for the implementation of the service. This also facilitates customer communication, especially when booking additional services.
2. Purposes of processing
1) Booking of parking spaces
2) Booking of additional services such as car wash and interior cleaning
3. Legal bases
The legal basis for the appropriate data processing are
4. Storage period
After your booking, the data will be stored until the respective statutory retention period of ten years has expired. Data that you have additionally provided for booking an optional additional service will be stored for two years.
5. Recipient
The personal data you provide will be collected, stored and processed by us, our system provider as contract processors and the credit card acquirers or payment service providers involved to process your booking and the parking and payment process. In the event that additional services are booked, these will be transmitted to our service provider, who will save and process them.
6. Transmission to third countries
There is a transfer to the United Kingdom (processor location).
7. Options for elimination / revocation
Your processed personal data are, if they are based on the lawfulness of the processing according to Art. 6 Par. 1 sentence b) or c) GDPR, necessary in order to conclude / carry out the contract with Flughafen München GmbH as part of your parking process or the additional service you have booked guarantee. There is consequently no possibility of objection in this regard.
The number plate of your vehicle is read by an infrared camera when entering the parking areas. After successful entry, the recognized license plate number is stored in the parking system together with the time of entry and the entry column.
When the vehicle exits the parking space, the license plate number is recorded again and compared with the data stored when the vehicle entered.
The following personal data is processed as part of automated license plate recognition and the associated processing of parking procedures:
Personal data are processed for the following purposes
For purposes 1, 2, 3, 4, 5, 7: Art. 6 para. 1 lit. b GDPR
Contract fulfillment, e.g. parking space rental agreement / permit agreement, general parking conditions, terms and conditions of use for online parking space bookings, airport usage regulations
For purposes 6, 7 and 8: Art. 6 para. 1 lit. f GDPR
Safeguarding our legitimate interests (Assertion, exercise or defense of legal claims)
For purpose 1: Art. 6 para. 1 lit. a GDPR
Employees can optionally register for the license plate recognition system.
Manufacturer of license plate recognition software for operation, maintenance and support, based in Germany
Operator of an external booking platform for online bookings, based in the UK.
Transfer to third countries is generally not intended. However, there may be third-country transfers to the United Kingdom in the context of online bookings. This is based on the adequacy decision of the EU Commission of June 28, 2021.
Ten days after the successful exit and the completed parking process, the license plate images are deleted from the parking system.
In the system for controlling the parking facilities and storing the relevant data records, the data record is deleted 92 days after a successful exit.
To the extent that the legal basis for processing your personal data is based on Art. 6 (1)(b) or (c) GDPR, this processing is required in order to enter into or fulfill a contractual relationship with Flughafen München GmbH in connection with your parking transaction. Consequently, there is no right to object in that regard.
For all processing activities carried out by us on the basis of our legitimate interests, you have the right, on grounds related to your particular situation, to object to such processing at any time pursuant to Art. 21 (1) GDPR.
On our website at munich-airport.de/airport-tours you can find a selection of seasonal and year-round tours for adults and children where you can obtain in-depth insights into Munich Airport's operations.
The provider of the products and services is Flughafen München GmbH. The bookings and payment transactions are implemented by Regiondo GmbH with headquarters in Munich, Germany.
Categories of personal data
The following data are collected when tours are booked:
Recipients
The personal data provided by you will be collected, stored and processed by us, Regiondo GmbH, and by the credit card acquirer or payment services provider involved in the processing of your booking and the tour and payment transaction.
Duration of storage
After your booking, the data collected will be stored until the end of the applicable statutory retention periods of six and/or ten years.
Legal basis
The legal basis for the processing of your data described in this section is Art. 6 Par. 1 sentence 1 b) GDPR (contractual performance and steps prior to entering into a contract) and Art. 6 Par. 1 sentence 1 c) GDPR (compliance with legal obligation to comply with statutory retention periods).
You can find a list of lounges available at the airport on our website at munich-airport.de/lounges. For some of these lounges you can book tickets or vouchers through our website. The provider of the lounges that can be booked is Flughafen München GmbH. The bookings and payment transactions are implemented by Regiondo GmbH with headquarters in Munich, Germany.
Categories of personal data
The following data are collected when bookings are made:
Recipients
The personal data provided by you will be collected, stored and processed by us, by Regiondo GmbH and by the credit card acquirer or payment services provider involved in the processing of your booking and the lounge use and payment transaction.
Duration of storage
After your booking, the data collected will be stored until the end of the applicable statutory retention periods of six and/or ten years.
Legal basis
The legal basis for the processing of your data described in this section is Art. 6 Par. 1 sentence 1 b) GDPR (contract performance and steps prior to entering into a contract) and Art. 6 Par. 1 sen-tence 1 c) GDPR (compliance with legal obligation to comply with statutory retention periods).
On our website at munich-airport-camarketing.regiondo.de and allresto.regiondo.de you can find events hosted by Flughafen München GmbH and Allresto Flughafen München Hotel und Gaststätten GmbH. For some of these events you can book tickets or vouchers through our website. The event providers are Flughafen München GmbH and/or Allresto Flughafen München Hotel und Gaststätten GmbH. The bookings and payment transactions are implemented by Regiondo GmbH with headquarters in Munich, Germany.
Categories of personal data
The following data may be collected when bookings are made:
The personal data provided by you will be collected, stored and processed by us, by Regiondo GmbH and by the credit card acquirer or payment services provider involved in the processing of your booking and the event and payment transaction.
Duration of storage
After your booking, the data collected will be stored until the end of the applicable statutory retention periods of six and/or ten years.
Legal basis
The legal basis for the processing of your data described in this section is Art. 6 Par. 1 sentence 1 b) GDPR (contract performance and steps prior to entering into a contract) and Art. 6 Par. 1 sentence 1 c) GDPR (compliance with legal obligation to comply with statutory retention periods).
On our website labcampus.de you will find events organized by LabCampus GmbH. You can register online for some of these events via our website. The provider of the events and the person responsible under data protection law is LabCampus GmbH.
Contact the data protection officer: datenschutzbeauftragter@munich-airport.de.
Categories of personal data
The following data will be collected during registration:
Purpose of processing
Your data will be processed for event invitation, implementation and communication based on relevant legitimate interests. Without providing the required data, you will not be able to participate in the event. Following the event, we will send you a one-time email, together with a note on our services, with the most important information at the event.
Legal basis
The legal basis of the corresponding processing of your data is Art. 6 para. 1 lit. f DSGVO (legitimate interest of the responsible party).
Duration of storage
Your data that we process as part of the event will be deleted by LabCampus GmbH after the event has been held and the follow-up has been completed.
Categories of recipients & transfer to third countries
Your data will only be processed by LabCampus GmbH. A transfer to third parties or third countries is not intended.
Revocation/removal options
In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. We would like to point out that in the event of an objection, participation in an event may not be possible. To exercise your rights of access, rectification, erasure, restriction of or objection to the processing and transfer of personal data, to lodge a complaint with the supervisory authority and for further information, please contact: LabCampus GmbH, P.O. Box 23 17 55, 85326 Munich Airport or by e-mail: events@labcampus.de,
The section of the Privacy Statement applies to our processing of personal data of participants in contests, prize draws or campaigns run by Flughafen München GmbH. If you subscribe to a newsletter when taking part in a contest, please note the privacy information regarding newsletters.
For purposes of implementing the prize draw, we process the personal data of the participants – in particular the email address and, at the appropriate time, the address of the winner – which we need for recording the participants' details, notifying the winner and presenting the prize.
For purposes of implementing the prize draw, we store the participants' personal data until the draw is completed and the winner is notified and for a further period in case the winner does not reply when notified so that a new winner must be drawn.
In addition, we store the winner's personal data – including the address obtained when the winner is notified – to complete the necessary steps for awarding the prize and, if applicable, for the duration of any additional statutory retention periods.
Contest participants are not required by law or contractual provisions to provide the above-mentioned personal data. However, for purposes of entering into the contract, i.e. participation in the prize draw, it is necessary to provide the data in our registration form marked as mandatory (as opposed to optional input). The address of the winner obtained after the draw is necessary for sending the prize.
Unless otherwise indicated elsewhere in this Privacy Statement, we transfer your personal data to the following additional recipients or categories of recipients:
Legal basis for the data processing described in the section "Contests, prize draws, campaigns":
The municon conference center is operated by Allresto Flughafen München GmbH - Hotel und Gaststätten GmbH. The municon conference center is located at the heart of Munich Airport in the north building of the Munich Airport Center, thus providing a professional setting for meetings, training seminars, presentations or major events.
The website of the municon conference center offers the opportunity to complete a contact form to submit a callback request. Further information is available under Contact form.
Categories of personal data
The following data are collected when the request is submitted:
Recipients
The data will be used exclusively to make the requested call and, if applicable, to book a conference room. The data will not be shared with third parties.
Legal basis
The legal basis for the data processing described in this paragraph is Art. 6 Par. 1 sentence 1 b) GDPR (contractual performance and steps prior to entering into a contract).
We offer you the possibility of using a contact form to contact us directly regarding aircraft noise. Relevant data collected in this case can be found under Contact form.
Categories of personal data
Special categories of personal data will be noted only to the extent that complainants provide such infor-mation on their own initiative. As they are not needed for the processing of complaints, no further processing will take place. Your data will be processed solely for the following purposes: Processing aircraft noise complaints, including reporting on the number and geographical distribution of aircraft noise complaints at the meetings of the Aircraft Noise Commission and in the Integrated Report of FMG (only the number of com-plaints).
Recipients
Personal data are sent to the following recipients or categories of recipients:
Legal basis
Legal basis for the processing of personal data: Necessity to safeguard the legitimate interests of the controller or a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. (see Art. 6 Par. 1 sentence 1 f) GDPR). FMG has a legitimate interest in limiting the impact of airport operations on the surrounding residents in the interests of good relations with its neighbors and maintaining transparency with regard to environmental issues. In addition, legitimate interests result from the responsibilities of the Aircraft Noise Commission (Section 32b of the Aviation Act (LuftVG), Rules of Procedure of the Aircraft Noise Commission). The Aircraft Noise Commission is formed to engage in consultations with the approval authority, the Federal Supervisory Authority for Air Navigation Services (BAF) and the air traffic management organization. It is notified of measures taken to reduce aircraft noise to protect residents, but can also propose measures on its own initiative. To be able to discharge this responsibility, it is necessary to have knowledge of certain personal data, in particular geographical data and the related geographical distribution and number of aircraft noise complaints.
In case of inquiries under the Environmental Information Act (UIG) regarding the number and geographical distribution of complaints and the reason for the complaint, a special legal basis applies: the UIG.
We are pleased to provide you with the following information on how your personal data will be processed if you apply with Flughafen München GmbH and its subsidiaries, and what rights you have under data protection law. You can apply online through the applicant portal, by email or by regular mail. Your data will then be entered in the applicant portal and processed by the appropriate entity. The company within the Flughafen München Group that is responsible for your application and the processing of your personal applicant data is the company advertising the position or receiving your unsolicited application. Your application documents will be passed on to other companies within the Group or stored in the applicant pool only with your direct consent.
If you consent to your application being shared within the Group, your data may be passed on to the companies listed under section 1, "Controllers and data protection officers". This will increase your visibility and the possibility of being considered for a position.
If we find your application compelling but do not currently have a vacancy for you, we will be happy to include you in an applicant pool for the companies listed under section 1 once you have given your consent. That means you give us permission to store your application for a specified period of time and consider it for vacancies where applicable.
You can also apply for jobs with us through our social media recruiting partner’s platform and your personal account on this platform. The platform provider is responsible for processing data on the platform and within your personal account. Information on data processing can be found here:
https://hire.heyjobs.co/en-us/privacy-policy/
If you decide to apply to us from your personal account on the platform after seeing a vacancy, we process the following data in our account on the platform:
When you send your application, these data are stored on the platform, e-mailed to the employees in the HR department responsible for recruitment and (manually) sent to our applicant portal so that we can continue to process your application. The further information on the subsequent flow of data and how your data is handled is the same as when data is processed directly via the applicant portal. Please see the explanations below for related information on the purpose, legal basis, recipient, duration of storage etc.
Recipients of your data may include the human resources department and the platform partner’s IT administrator. Applicant information stored in the account at our social media recruiting partner is automatically deleted no more than six months after it is received. Applicant information sent by e-mail is also deleted after no more than six months.
Scope of processing
The following data are processed when you use this application channel:
Opening the link or scanning the QR code on the job advertisement directs you to an information page from the provider PitchYou. This provides information on the application process and asks you to consent to the processing of your data in the application process and to the use of WhatsApp to send your application. Clicking on “apply now via WhatsApp” on a mobile device automatically opens the WhatsApp app. Selecting this option on the website produces a QR code that opens the WhatsApp app on your cell phone when it is scanned.
You start the WhatsApp dialog by sending a start message. You can cancel the dialog at any time during the interview by way of a simple “/stop” command and confirming this by clicking on yes. All data collected are immediately deleted. If you do not continue your interview, it will be assumed 24 hours after the last message that you do not wish to continue the interview. Your data will then be deleted.
Once the WhatsApp dialog is completed, your data will be sent to our applicant portal and processed there. For more information on the applicant portal (including on deletion periods), please see the information under “Applying through applicant portal/website”.
Legal basis
If you send us your application via WhatsApp, WhatsApp is used on the basis of your explicit consent in accordance with Art. 6 Par. 1 sentence 1 a) GDPR in conjunction with Art. 49 GDPR. This consent is requested prior to the WhatsApp dialog for the application.
Right to revoke consent
You can revoke your consent at any time with effect for the future without giving the reasons for doing so. This does not result in any disadvantages for you. You can also apply through our website (https://www.munich-airport.com/careers).
Recipients and transfer to third countries
Applications sent via WhatsApp use the provider PitchYou GmbH, Campusallee 9, D-51379 Leverkusen, e-mail: info@pitchyou.de, which receives your data as the processor.
Please note that if you use this channel your personal data may be transferred to third countries, in particular the US. This third country transfer is based on standard contractual clauses. WhatsApp LLC is also certified under the Data Privacy Framework.
We and the service providers acting on our behalf process personal data for the following purposes:
Please note that more than one of the above legal grounds for processing may apply.
The following categories of personal data are processed:
1) Applicant data that you enter in the application form. This generally involves the following data:
Fields marked with an asterisk (*) are required
In addition, depending on the specific job posting and target group, personal data may be required and processed in other input fields.
In case of applicants under 16 years of age (in particular for high school students' internships, other internships, vocational training and, in exceptional cases, also for other positions), the following additional data:
2) Applicant data which you provide by attaching documents (application documents, application photo, etc).
If you use the "Upload CV" function, the selected documents will be automatically extracted and analyzed. This is done by a subcontractor of the applicant portal operator.
3) Applicant data from other platforms (Xing, LinkedIn, Dropbox, etc.) that you allow to be transferred and processed by granting a release. This is done through automated extraction/analysis by the subcontractor of the applicant portal provider. Depending on the platform, a CV may be generated from the available profile data and attached to your application in addition to having your data imported into the application form. You may remove this attachment where appropriate.
That information includes – among other items – the following personal data if entered in the profile or document:
4) Log data collected by the applicant portal provider to ensure proper system operation, error correction and defense against attacks.
This includes the following personal data, which is erased after 180 days:
5) We reserve the right to record applicant information (see 1) and documents in the system manually. For this purpose, a subcontractor of the applicant portal provider can use the “parsing” function. This automatically extracts/analyzes the selected documents.
1) Use / sharing of data within the Group
Your data can be accessed only by employees of Flughafen München GmbH and the Group companies for which the vacancy is being filled. If you consented to having your application shared within the Group, your data may also be shared with the companies specified under section 1, "Controllers and data protection officers".
If we find your application compelling but do not currently have a vacancy for you, we will be happy to include you in an applicant pool for the companies specified under section 1. In this case, you will receive an e-mail from us requesting your permission to include you in the applicant pool. Please see section 14.6.5 for the retention period.
2) Applicant portal service provider
Your personal data will be transferred by the applicant portal provider to an external data center (a subcontractor of the applicant portal provider) for processing. A contract has been signed with the applicant portal provider under which the provider is required, without limitation, to comply with all the requirements of data protection laws and to act solely as instructed by us.
In the event of applications for the subsidiary MAI (Munich Airport International GmbH), we forward the data to an external personnel service provider. A data processing agreement has been entered into with this service provider as well that requires the service provider, in particular, to comply with all requirements of data protection law and to act solely as instructed by Flughafen München GmbH.
3) Online test service provider (for vocational training positions)
Your personal data will be processed and stored by the provider of an online test. The online test is used only in the late selection stages for vocational training positions and cooperative degree programs offered by Flughafen München GmbH. To take the online test, you will receive an email with further information. A contract has been signed with the online test provider under which the provider is required, without limitation, to comply with all the requirements of data protection laws and to act solely as instructed by us.
4) Service providers (general)
We engage external service providers to perform tasks such as programming or data hosting. We have selected these service providers with care and monitor them regularly, particularly with regard to their careful handling and protection of the data that they process. We require all service providers to sign a contract to maintain confidentiality and comply with the data protection requirements of the General Data Protection Regulation (GDPR) and German Federal Data Protection Act (BDSG).
5) Platforms
The platforms of the following providers can be used to complete the application form quickly and easily during the application process:
Please note that these providers and/or their servers may operate at locations outside the EU or the EEA (e.g. in the USA). When an applicant uses a platform, information – which may include personal data – may be sent to and possibly utilized by the platform provider. Please refer to the data protection statement of each platform provider for information on which specific data is stored by the provider in such cases and how it is used.
The applicant portal does not use platform providers' social plugins; these are only links to the platforms. Nor do we use the platforms to capture any personal data or how it is used.
After clicking on the button, you will be transferred to the platform provider's login screen. After logging in and releasing the data, the data will be automatically extracted and analyzed by the subcontractor for the applicant portal.
If you wish to ensure that no data of any kind is processed by the platform providers, enter your data manually in the application form and refrain from using the platforms.
6) Other third parties
We will transfer your personal data to other parties only to the extent that this is required to take steps prior to entering into a contract, if we or another party have a legitimate interest in the data transfer, or if you grant us your permission. In addition, data can be transferred to other parties if we are required to do so by law or under an administrative or court order. Your data will not be used for advertising purposes.
Applicant data
1) Your data will generally be deleted six months after your hiring date, your notification that your application was unsuccessful, or your decision to turn down an offer of employment.
The criterion for the storage period is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
a) Explanation of the legitimate interests
The application documents are stored for a period of six months for the purpose of asserting, exercising or defending legal claims. The six-month period is determined taking into account the deadlines of the General Equal Treatment Act (AGG) and corresponding publications of the Bavarian data protection supervisory authorities.
b) Necessity of the data processing
In the opinion of the supervisory authorities, the necessity of storing data for six months results from the overall view of the time limits applicable in the context of any claims under the AGG and the associated possibilities for legal action.
In case of an application for a vocational training position or a cooperative degree program, all your data will be stored for six months after your application is rejected, you refuse an offer, or your are invited to your first day of work. In case of a rejection on our part or your refusal of an offer, the data will be stored on the basis of legitimate interests (legal concerns).
In case of an application for a high school student's internship, all your data will be stored for six months after your application is rejected, you refuse an offer, or the internship has ended. In case of a rejection on our part or your refusal of an offer, the data will be stored on the basis of legitimate interests (legal concerns).
2) If you have consented to be included in our applicant pool, you will receive a notification about your continued inclusion in the pool after five months. If you consent to remain included in the pool, you will be notified again after a further five-month period. If you do not contact us after this notification, all your data will be erased within three months.
3) If you wish to have your data erased early or withdraw one of your permissions, please send an e-mail with your name, the e-mail address you provided when applying, the job title and company and, for unambiguous identification, your date of birth to jobs@munich-airport.de or contact the person in charge of the advertisement.
4) Please note that when the data is erased, all data associated with the application in question will be removed, making it impossible to obtain information on the application.
Log data
Log data – collected by the applicant portal provider – is erased after 180 days. Log data that has to remain on file for evidentiary purposes will not be erased until the final disposition of the matter and may, in specific cases, be forwarded to the investigating authorities.
Use of cookies
The applicant management system provider only uses temporary (session) cookies. These cookies are automatically deleted as soon as the user closes the browser.
Cookie | Purpose | Stored data | Duration of storage |
---|---|---|---|
JSESSIONID | The purpose of this cookie is to identify your computer during your visit to the application portal pages. | Session ID | Session |
dvinciSessionId | The purpose of this cookie is to identify your computer during your visit across all products. | Session ID | Session |
The use of technically necessary (session) cookies is based on our legitimate interests under Art. 6 Par. 1 f) GDPR. Technically necessary cookies must be included to ensure that the applicant management system works correctly.
Data is not transmitted to third countries as defined by data protection law.
See chapter 6.5 of the privacy policy on how to object to the processing of your personal data on the basis of our legitimate interests (Art. 6 Par. 1 f) GDPR).
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point Art. 6 Par. 1 f) GDPR. In this case, we will no longer process your personal data unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is done for the establishment, exercise or defense of legal claims.
The Airport Collaboration Portal (ACP) serves as the entry point for several applications that fall under various areas of responsibilities and serve various purposes. The portal is operated by Flughafen München GmbH.
Purpose of data processing
Your data will be processed solely for the following purposes:
Categories of personal data
Participation in the Airport Collaboration Portal (ACP) is a quasi-contractual legal relationship; the data not marked as optional must be submitted for user management purposes.
The following categories of personal data are collected:
Recipients
The specialized department has access to the personal data.
Duration of storage
Access data (login) are deleted when the individual leaves the company or when the access privileges are revoked.
Legal basis
The legal basis for the data processing described in this paragraph is Art. 6 Par. 1 sentence 1 b) GDPR (contractual performance and steps prior to entering into a contract).
Data protection inquiries
To exercise rights pertaining to the Airport Collaboration Portal (ACP), the data subject can contact us, preferably by email, at: acp@munich-airport.de.
To offer accommodation to our future employees, existing staff, and partners in the vicinity of the airport, we cooperate with MUC Airport Betriebs GmbH.
Housing inquiries can be submitted to Flughafen München GmbH at: munich-airport.de/fmg-und-wohnen. After an initial review, inquiries are forwarded to MUC Airport Betriebs GmbH via that company's booking software. The data transmitted in this online form are exported in an email that is transferred only within the protected airport network to a special email account that can be accessed only by the responsible employees.
Purpose of processing
We process your personal data solely for purposes of processing and handling your booking inquiry, checking your authorization to access the "FMG und Wohnen" service, entering into a contract, executing a contract, processing your booking and to communicate with you to offer and deliver the "FMG und Wohnen" service. A further purpose is to execute and defend our rights.
Categories of personal data
Legal basis
The legal basis for the related processing of your data is Art. 6 Par. 1 sentence 1 b) GDPR (performance of a contract and steps prior to entering into a contract) and Art. 6 Par. 1 f) GDPR (balancing of interests based on our legitimate interest in checking access authorizations, asserting and defending our rights and forwarding inquiries from our customers).
Recipients
We collect, store and process the personal data provided by you exclusively for the purposes stated above (in particular the processing of your booking). For this purpose, however, we must forward the data. As a result, the data are forwarded to the booking tool apaleo GmbH operated by MUC Airport Betriebs GmbH.
The required transfer of personal data to MUC Airport Betriebs GmbH takes place as required to achieve the stated purposes. After the transfer of the data, the hotel is the sole controller responsible for the processing carried out there under data protection laws. Consequently, Flughafen München GmbH assumes no responsibility for data processing in the hotel operations.
Duration of storage
Your personal data will be stored for a maximum of 12 months after the contract is fully executed. The data will be deleted after that period ends. Please note that statutory retention periods, for example under the German Fiscal Code (AO) or the German Commercial Code (HGB), as legitimate purpose limitations, represent an exception and are handled according to the applicable requirements.
The following text contains information on the processing of your personal data in connection with damages of all kinds, including insurance claims and other ways of settling damages.
Purpose of processing
The purpose of the data processing is the comprehensive handling of the damage event, which is not possible without processing your personal data. We process your data in accordance with the relevant data protection regulations, in particular the Insurance Policy Act (Versicherungsvertragsgesetz – VVG) and all other applicable laws.
Categories of personal data
To process the damage event, we store and process the personal data of the concerned parties (e.g. first name, last name, date of birth, address, telephone number) as well as data regarding the events (e.g. the damage event) and material facts (e.g. vehicle identification data) that may relate to natural persons.
Recipients
Personal data are sent to the following recipients or categories of recipients:
Duration of storage
We process and store your personal data as long as necessary to meet our legal obligations. The damage reports and files are retained in accordance with the statutory retention periods.
Legal basis
The legal basis for the processing of personal data is as follows:
In exceptional cases, special categories of personal data are processed (e.g. health-related data). In such cases, the data are generally processed on the basis of Art. 9 GDPR e.g. Art. 9 Par. 2 e) GDPR if these data are manifestly made public by you.
Source of the data
If the personal data are not obtained directly from the data subject, they are obtained from
Star Alliance Biometrics is a product of Star Alliance Service GmbH (hereinafter referred to as "Star Alliance") and enables the voluntary biometric identification (facial recognition) of passengers at the airport. Terminal 2 Gesellschaft mbH & Co oHG (hereinafter referred to as "Terminal 2 Gesellschaft" respectively “we”) currently supports the use of the biometric identification service offered by Star Alliance Biometrics at the following access points: boarding pass control.
At the airport access points managed by Terminal 2 Gesellschaft, which have integrated the Star Alliance Biometrics’ identification service, a short video sequence will be recorded of you if you wish to use the biometric identification service. A photo is extracted from the video sequence and sent to Star Alliance for biometric matching with your biometric profile stored in Star Alliance Biometrics.
This data protection notice refers exclusively to the recording of the short video sequence/photo of your face by the camera at the access point in the Terminal 2 Gesellschaft's area of responsibility.
For the subsequent data processing in connection with the biometric matching in the area of responsibility of Star Alliance as well as for the enrolment for Star Alliance Biometrics and the use of the corresponding Star Alliance Navigator App, the Star Alliance Privacy Notice applies.
Controller for data processing within the scope of this data protection notice is
Terminal 2 Gesellschaft mbH & Co oHG
Terminal Street North 1, Level Z4
P.O. Box 23 17 55
85326 Munich-Airport
You can reach our data protection officer at datenschutzbeauftragter@munich-airport.de.
A short video sequence and an extracted photo of your face are processed.
Processing is necessary to enable the use of the biometric identification service at the boarding pass control, i.e. for Star Alliance to biometrically match the photo taken with your biometric profile stored in Star Alliance Biometrics.
The legal basis for this processing is your consent given in Star Alliance Biometrics to be identified at Munich Airport via the Star Alliance Biometrics’ identification service (Art. 6 para. 1 p. 1 lit. a) DSGVO).
You can withdraw your consent at any time in the profile management of the Star Alliance Navigator App. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Please note:
Unless you have given your consent or withdrawn it, you are neither permitted nor able to (successfully) use the biometric identification service. Alternative means of boarding pass control (e.g. boarding pass scan) are available to you. You are neither contractually nor legally obliged to use the biometric identification service.
Should you - contrary to the express notice at the access point - attempt to use the biometric identification service without being enrolled for Star Alliance Biometrics or without having given your consent to be identified at Munich Airport, a video sequence/photo will nevertheless be taken of you and sent to Star Alliance for biometric matching. However, the identification will then fail and the identification process will be completed with an error message.
Your personal data will be deleted as soon as the identification process at the boarding pass control is completed.
Your personal data will be transmitted to the following (categories of) recipients:
You have the following rights:
To exercise your rights, you can contact us by e-mail at datenschutzanfrage@munich-airport.de.
In order to be able to process your request, we would like to point out that we process your personal data collected within the scope of the data protection request in accordance with Art. 6 Para. 1 S. 1 lit. f) DSGVO (for documentation and discharge purposes) and delete it after 3 years.
Furthermore, you have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR).
No automated decision making including profiling takes place.
Important note:
However, we would like to point out once again that we only record a short video sequence as part of the biometric identification process and use a photo from this and delete both from our systems immediately after the identification process is complete. The above-mentioned rights can therefore generally not be implemented, if only because no more personal data is available from you.
"CCTV Videoverantwortliche/r" der Flughafen München GmbH
Nordallee 25, 85356 München-Flughafen, Deutschland
E-Mail: cctv@munich-airport.de
Information on the data protection officer of Flughafen München GmbH can be found under Controllers and data protection officer.
Flughafen München GmbH collects, stores and processes personal data in the context of video surveillance only to the extent required by law, to fulfill the specified, clear purposes or to fulfill the specified, clear purposes or to fulfill our legitimate interest.
The data is processed for the following purposes and the resulting legitimate interests:
Legitimate interest in data processing exists in the following context:
Data processing is carried out on the basis of the following legal bases:
Data is stored in individual cases depending on the camera, purpose, situation, user and usage in accordance with the role and usage concept. The storage period is graded accordingly. The data is deleted when the purpose of storage no longer applies. The deletion concept and the deletion periods are based on the legal requirements and the purposes of storage.
All authorized groups of persons in accordance with the role and usage concept with differentiated access to images and video images and/or video recordings (authorities, public bodies, subsidiaries and associated companies, airlines).
A transfer of personal data to third countries is not intended.
In the case of processing based on our legitimate interests pursuant to Art. 6 para. 1 lit. f
GDPR, you have the right to erasure and withdrawal of your personal data. In addition, without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the General Data Protection Regulation (GDPR).
Further information on your rights to information, rectification, erasure, restriction of processing, objection and data portability can be found at Your rights.
Video surveillance in the parking facilities at Munich Airport is carried out to maintain the functionality and operational safety of the facilities and to ensure trouble-free use of the parking areas and facilities.
Video surveillance in these areas also serves to ensure airport security in accordance with the requirements of the European Commission (Regulation (EU) 2015/1998 of the Commission) and to protect property in structural and technical facilities. Areas that need to be protected in particular include, for example, the parking ticket machines or the electric charging infrastructure.
The video surveillance is identified on site by camera symbols and information on data protection.
The processing of personal data is carried out for the following purposes:
The legal basis for data processing is:
Personal data is transmitted to the following recipients or categories of recipients:
In principle, the transfer to third countries is not intended.
Video recordings are stored for a period of 10 days and then automatically deleted unless they are needed as evidence in criminal proceedings or to clarify legal claims.
For all processing activities that we base on our legitimate interests, you have the right to object to the processing at any time on grounds relating to your particular situation, in accordance with Art. 21 (1) GDPR.
Please address the objection to kontakt.parken@munich-airport.de. We reserve the right to carry out an individual examination of your request before implementing a restriction or discontinuing processing and deletion.
For the purpose of customer acquisition and network building, LabCampus conducts (promotional) events and lead generation campaigns. Contact data provided to LabCampus in this context will be processed by LabCampus as follows:
Categories of personal data
The following categories of personal data are processed:
Purpose of processing
Your Data will be processed for the purpose of arranging appointments, sending information about our products and services, news and event notices from LabCampus.
After providing your telephone/mobile number or if you ask us on the phone to send you information electronically by e-mail, we will also use this data with your consent to contact you individually and send you information. Without providing the required data, we cannot send you this information.
If, in the context of telemarketing campaigns, we receive personal data from publicly accessible sources or from information provided by your colleagues and process this data for the above-mentioned purposes, we will inform you of this within one month or at the latest at the time of the first contact.
For registration to our newsletter, we refer to section 4.3.2 of this privacy policy, which also applies to registration via business cards as part of promotional campaigns and events.
Legal basis
The legal basis for the processing of your personal data given to us is Art. 6 para. 1 sentence 1 letter f) GDPR (legitimate interest). The legal basis for the processing of personal data based on the handover of your business cards is Art. 6 para. sentence 1 letter a) GDPR (your consent by handing over the business card).
Storage period
We store your data for the purpose of contacting you until we receive your objection, but at the longest for a period of two years to the end of the year after the last communication, provided that no contractual relationship has been established.
Categories of recipients & transfer to third countries
Your data will be processed by LabCampus GmbH. A transfer to third countries is not intended. Recipients of the data are the responsible departments at LabCampus GmbH, as well as processors for marketing services and for the provision of IT services and those for the improvement, maintenance and support of these services.
Objection
You can object to the processing of your data at any time by sending an e-mail to: contact@labcampus.de. In the event of your revocation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. We would like to point out that in the event of your objection, no further contact can be established by LabCampus.
Withdrawal of your given consent
If we process personal data on the basis of your consent, you can withdraw this at any time via the following e-mail address: contact@labcampus.de. The withdrawal of your consent doesn´t affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. The lawfulness of the data processing operations carried out until the withdrawal remains unaffected by the withdrawal.
This data protection information applies to the following LinkedIn profiles: https://www.linkedin.com/company/labcampus/
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") is responsible for the processing of personal data entered by visitors while visiting our LinkedIn profile.
We use LinkedIn Lead Ads to generate contacts and addresses. Lead Ads are an ad format that is displayed to registered LinkedIn users. They contain form functions that enable the simple and rapid generation of leads. After the user actively consents (opt-in), contact information the user has stored with LinkedIn is entered into forms:
Once the data in the form has been sent successfully, the user is shown a thank-you page where we can integrate a call to action (e.g. a referral to the LC landing page). We do not send your personal data to third-party advertisers or advertising networks.
The processing of this data serves the purpose specified above and takes place on the basis of Art. 6 Par. 1 a) GDPR on the basis of your voluntary consent upon registering and logging in to LinkedIn. We store your data until your consent is revoked. You can revoke your consent with future effect at any time by sending an email to contact@labcampus.de
We do not know the full extent of data collection, i.e. which of a visitor's data is collected by LinkedIn overall and the purposes for which it is processed by LinkedIn. The necessary information has not been provided to us by LinkedIn. Please understand that we can only provide information to the extent allowed for by our knowledge of the data processing within our area of responsibility and our influence on this data processing.
We would also like to point out that your data may also be processed outside the European Union and the European Economic Area. This could result in risks, e.g. because it could complicate the enforcement of user rights. Further details can be found in the privacy policies of the individual providers.
The Data Protection Officer of LinkedIn can be contacted through the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Further information on data processing by LinkedIn can be found at: https://privacy.linkedin.com/
The following categories of personal data are processed:
The following categories of data are processed for participation in training courses:
In addition, we also process information on the participant's date and place of birth if this is required by law or official regulations.
Your data is exclusively processed for the following purposes:
Personal data is processed on the following legal basis:
Personal data is transmitted to and processed by the following recipients or categories of recipients:
A transfer to a third country outside the European Union is not intended.
Some internal training courses include learning content in the form of videos, which may be hosted on servers in third countries. This content is integrated without tracking measures by the video hoster. Personal identification can be ruled out only given if you access the learning content from our internal network or via a VPN connection to our FMG network.
If you wish to participate in an internal training course without a VPN connection from your home network or via a mobile phone network, you must accept the possible transmission of your IP address to insecure third countries. Please note that your IP address constitutes personal data and that the level of protection and your rights as a data subject in third countries with a lower security standard, in particular the United States of America, may not correspond to that of the European Union (see ECJ case C-311/18).
Personal data is stored only for as long as is necessary to fulfil the stated purposes or as required by the statutory storage and retention periods. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely deleted in accordance with the statutory provisions.
Specifically, the following retention periods apply:
a. Online Learning Portal: The personal data will be completely deleted after the expiry of all certificates and a follow-up period of six months.
b. Event manager (registration forms): The personal data will be deleted after six years under existing EASA regulations.
c. Event management system and billing system: Personal data of persons who have aviation security training will be deleted from the event management system six years after the end of the effective period of the aviation security training. For all other persons, personal data will be deleted six years after the last seminar attendance. Invoices are deleted ten years after the end of the calendar year in accordance with Section 147 AO (German Fiscal Code) / Section 257 HGB (German Commercial Code); other documents, such as offers, are deleted six years after the end of the calendar year in accordance with Section 147 AO / Section 257 HGB.
The provision and storage of personal data in the context of dangerous goods training is regulated in Annex 18 of the Convention on International Civil Aviation, including the "Technical Instructions for the Safe Transport of Dangerous Goods by Air" (ICAO T.I.) issued by the International Civil Aviation Organization (ICAO) Doc 9284-AN/905, as well as DOC 10147 whose application is laid down, inter alia:
- in Commission Regulation (EU) No 965/2012 of 5 October 2012 laying down technical requirements and administrative procedures related to air operations pursuant to Regulation (EC) No 1139/2018 of the European Parliament and of the Council and
- in Commission Regulation (EU) No 139/2014 of 12 February 2014 laying down requirements and administrative procedures related to aerodromes pursuant to Regulation (EC) No 2018/1139 of the European Parliament and of the Council.
Sections 2, 11 and 14 of the Dangerous Goods Transport Act, BGBl. I No. 145/1998, as amended by BGBl. I No. 108/1999, 5th Section - "Training of persons involved in the carriage of dangerous goods by civil aviation"
Failure to provide this information will mean that participants will not be able to register for the required training courses. Proof and certificates for any necessary training courses cannot be issued either.
If the personal data are not collected directly from the person concerned, they come from the data entered by the person making the registration.
Automated decision-making is not used. Depending on the type of web-based training (WBT), the issue of the certificate may depend on various factors (e.g. completion of a specific part or the entire WBT, assessment tests, etc.). Compliance with these factors is usually checked automatically by the respective WBT programme.
4.21.11 Cookies training platform
a. Description and scope of data processing
We only use technically necessary cookies on the Airport Academy training platform; details can be found in section b. The cookies used are always activated, as they are necessary for the provision of the training platform. The cookies used guarantee functions without which the training platform cannot be used as intended.
Flughafen München GmbH is responsible for the cookies used; the platform provider acts as a processor. Cookies from third parties are not used.
b. Purposes, legal bases and retention period
The specific purposes of the cookies used and information on the retention period can be found in the following overview:
Cookie name | Type | Description |
---|---|---|
cscx | session | Provides our 24x7 global performance monitoring system with regional statistics to ensure our pages (react and legacy pages) load quickly and consistently. Contains the name of the portal logged into and the numeric system identifier of the logged in user. |
csodlaunch | session | This cookie is used during course playing and should identify if the current launch attempt belongs to an existing attempt or a new one. Contains the Corp Name and the User Id. |
multiVPoll | session | This cookie is used during course playing and should identify if the current launch attempt belongs to an existing attempt or a new one. Contains the Corp Name and the User Id. |
sco | session | This cookie is used for course launch functionality in the Online Course Player for Scorm 1.2/AICC . The cookie keeps track of the Sco ID if launched as the player can display multi SCOs which can be launched. Can contain the Sco relative path and user int identifier. |
AWSALB | persistent 1 week | This cookie is used to manage routing of the user request through application load balancing by ensuring the same route. |
AWSALBCORS | persistent 1 week | This cookie is used to manage routing of the user request through application load balancing by ensuring the same route. As AWSALB but with ‘same site’ attribute. |
ASP.NET_SessionId | This is a default cookie that is required for ASP based pages to load. Without this cookie, our website will not function. Contains the unique session identifier. Does not contain any Personal Information. | |
CYBERU_lastculture | This cookie is used to ensure our login and maintenance pages load in the local language of origin. Contains the Region (e.g., U.S.) of the incoming machine. | |
loginCyberU_LogoutRedirectUrl | This cookie holds the redirect URL used after a user's session times out. | |
CYBERU_backUrl | Is used internally by our CSX application to redirect to login page in password reset and MFA functionalities. |
The use of cookies is in our legitimate interests pursuant to Art. 6 para. 1 (f) GDPR in the provision of a training platform.
c. Option of removal
You have the right to object to the use of Cookies. You can use your browser to display the cookies stored on your computer, delete the existing cookies or set the configuration so that not all or no cookies are stored. Please note that some functions may not work or may not work properly if you deactivate the setting of Cookies.
This information about the processing of your personal data is based on the processing of your personal data as part of the luggage handling and securing of a fast, accurate and correct flight dispatching by Flughafen München GmbH (FMG).
Based on § 45 LuftVZO, FMG - as the airport operator - is responsible to provide and develop the infrastructure for the reliable execution of the air traffic.
This also includes the administration and the operation of central infrastructure facilities such as the luggage system incl. the associated luggage transportation equipment - starting with the transport from the check-in counters of the airlines including the required sorting and ending with the transport on the destination conveyors as well as the transport of the pieces of luggage that are subject to control to and from the control points.
FMG receives the required personal data of the airlines to fulfill the tasks as the airport operator as part of the provision of the central infrastructure of the luggage system with luggage transport and sorting.
To fulfill the tasks, FMG additionally provides information about the status of the luggage based on a request by your airline.
This includes the following data:
Purposes:
Legal principles:
The a.m. personal data are transmitted via the SITA network to the airline with which you established a transport contract. If the airline has its seat in a third country outside the EU, then this can involve a data transfer to this third country.
Contracting partner of FMG for access to the SITA network is SITA Switzerland Sarl, 26 Chemin de Joinville, 1216 Cointrin, Schweiz. In accordance with Art. 45 GDPR, the EU Commission has decided that Switzerland offers an adequate level of data protection.
Data subject/airlines.
The Legal and Compliance (RCC) corporate unit of Flughafen München GmbH (“FMG” or “we”) offers employees and external parties the opportunity to report compliance violations to an internal reporting office. Employees and external parties such as providers, contractors, suppliers and customers can contact the internal reporting office and report violations of legal provisions within the scope of § 2 of the Whistleblower Protection Act (HinSchG), in particular in connection with corruption, fraud, theft, embezzlement, vandalism, property damage, competition offenses. Issues related to the Lieferkettensorgfaltspflichtengesetz (LkSG) [Supply Chain Due Diligence Act], the prevention and handling of sexual harassment, violations of the Code of Conduct and the guidelines of the FMG Corporation such as the “Gifts and Invitations Guideline” and other regulations applicable in the FMG can also be reported.
FMG is controller for the internal reporting office under the data protection law. As part of the option provided in the Whistleblower Protection Act (HinSchG) of entrusting a third party with the tasks of an internal reporting office, FMG also assumes the tasks of an internal reporting office for the following corporate companies as joint controller in accordance with art. 26 GDPR:
In principle, the data subjects can contact the controller of the internal reporting office (FMG) as well as the controller of the corporate companies, which the FMG entrusted with the tasks of the internal reporting office. As part of the agreement about joint controllership, FMG and the above-mentioned corporate companies also agreed about close coordination when fulfilling requests from data subjects and notifications of data protection violations and possible communications to the data subjects in accordance with art. 34 GDPR. You can reach the internal reporting office of FMG using the following contact data:
Interne Meldestelle
RCC Flughafen München GmbH
Nordallee 25
85356 München
Germany
Phone: +49 89 975 403 40
(Monday to Friday during regular office hours)
Email: hinweise@munich-airport.de
The contact data of the entrusting corporate companies and the contact details of the respective data protection officers can be found under section 1 of this data protection declaration.
Datenschutzbeauftragter
Flughafen München GmbH
Nordallee 25 85356 München
Germany
Email: datenschutzbeauftragter@munich-airport.de
The submission of notices to the reporting office is voluntary, a report can also be made without us processing the data of the person providing the notice.
In particular, we use the online portal "Business Keeper Monitoring System" of the EQS Group AG, Karlstraße 47, 80333 Munich (hereinafter: BKMS® System). In this context, please note that anonymous tips should only be submitted from private devices outside the company network, as this is the only way to ensure the required confidentiality.
As part of the task completion, the following personal or person identifying data are regularly processed by the reporting office:
FMG offers employees and business partners the opportunity to report compliance violations directly to the internal reporting office. This can be provided via various reporting channels, e.g. personal conversation, phone, letter, email or the BKMS® system.
The internal reporting office is responsible to maintain reliable principles of corporate management in day-to-day operations, the possibility of reporting violations via the BKMS® system is designed as an additional mechanism for employees and external parties to also anonymously submit notices and be available for questions.
For processing of notices as per HinSchG:
The reporting office processes the personal data of persons providing notices, persons involved in the proceedings and persons who may be accused due to legal obligations (art. 6 para. 1 lit. c GDPR). These obligations are applicable for HinSchG for:
If special categories of personal data are processed by the reporting office, then this is justified with the necessity for the fulfillment of the task (art. 9 para. 2 lit. g GDPR i.c.w. § 10 sentence 2 HinSchG).
If the HinSchG requires consent as a prerequisite for certain actions by the reporting office (e.g. for the transfer of personal data of the person giving the notices or phone recordings or word logs in case of phone reports), then such consent will be obtained. In these cases, the processing is carried out with art. 6 para. 1 lit. a GDPR.
If the legitimate interests of the controller or a third party require further processing and do not outweigh the interests or fundamental rights and freedoms of the data subjects, processing can also be carried out on the basis of art. 6, para. 1 lit. f GDPR for example to protect against accusations of reprisals.
For the processing of notices outside the application area of HinSchG:
For reports that are assigned to the Lieferkettensorgfaltspflichtengesetz (LkSG) [Supply Chain Due Diligence Act], the legal basis for the processing is based on art. 6 para. 1 lit. c GDPR in conjunction with § 8 LkSG (enabling of and procedural rules for the complaints procedure, confirmation of receipt of notices, discussion of the facts). Data processing when taking remedial measures is based on art. 6 (1) (c) GDPR i.c.w. § 7 LkSG.
The processing of personal data in the context of processing notices that contain violations of regulations outside the scope of the HinSchG is justified with the protection of legitimate interests (art. 6 para. 1 lit. f) GDPR). The legitimate interest lies in uncovering and preventing grievances and thus in averting damage to the FMG corporation, employees and customers. The processing of notices serves primarily to uncover and check abuses and violations of the law, and is embedded in our compliance management system. Based on this regulation and liability scope, the personal data required for processing the notices must also be processed. The interest of data subjects in not processing the data takes second place, since reports can be made voluntarily and anonymously and an appropriate level of protection is guaranteed for the confidentiality and integrity of the data of the whistleblower and any third parties involved through technical and organizational measures.
The personal data is processed exclusively for the purpose of processing notices and strictly under the stipulation that access to the data is only granted to certain persons and only to the extent that is absolutely necessary for the processing of the notice. Of course, all persons who have access to data are obligated to confidentiality.
1. Internal use and possible transfer of that data within the corporation
The specific recipients of data depend on the content of the notice. Incoming notices are received by a small group of expressly authorized and specially trained employees of the compliance organization at FMG (employees of the reporting office) and the notices are always treated confidentially.
The reporting office checks whether an in-depth investigation is required and which internal bodies must be involved in clarifying the facts of a case. The reporting office also regularly informs top management about the content of the notices received, since the resolution of reported violations is one of their areas of responsibility. In addition, the auditing, corporate safety, legal and human resources departments are often called in to process notices or additional contact persons, which are required to execute the follow-up actions, are identified.
If reports for subsidiaries are received by the reporting office within the context of the entrusting relationship, or if notices addressed to the parent company also affect corporate companies, then the management of the subsidiaries and, if necessary, the responsible offices or departments of the corporate companies will be informed and consulted to process the notice, because the respectively affected corporate companies have the original responsibility to resolve and pursue an identified violation.
We ask that you only send the notices to the reporting office that relate to the reporting categories listed in paragraph 1 of this data protection information. We will not forward your request for reasons of confidentiality, but ask you to contact a suitable office if your notice is outside the area of responsibility of the reporting office.
2. Disclosing data to controllers outside the FMG corporation
Investigations may require the involvement of other FMG employees or employees of corporate companies and possibly also external parties such as specialized law firms, auditors or forensic experts. Of course, all internal and external parties involved in the process are obligated to the confidential treatment of disclosed information.
3. Disclosure to government agencies
If necessary, FMG may be legally obligated to provide information on compliance violations to government agencies (e.g. investigating authorities or courts). In case of such obligations, as well as seizures, we are unable to withhold the information you have submitted.
4. Whistleblower system service provider
The BKMS® system is provided by Business Keeper GmbH (member of the EQS Group), Bayreuther Str. 35, 10789 Berlin in Germany as processing on behalf of FMG.
Personal data and information entered into the whistleblower system is stored in the BKMS® system in a high-security computer center. Only FMG can review the data; the processor and third parties have no access to the data. This is ensured in a certified process through comprehensive technical and organizational measures.
As a matter of principle, personal data is not transferred to third countries outside the EU/EEA as part of the fulfillment of the duties of the reporting office.
Depending on the content of the notice, it may be necessary in individual cases to also pass on the data to recipients in third countries. In third countries, the rights of data subjects and the confidential treatment of personal data may not be legally guaranteed to the same extent as in the EU.
If you, as the reporting person, do not want us to transfer your personal data to countries outside the EU, please let us know in your report and we will check whether a transfer is not necessary to protect our legitimate interests. Please note that it may not be possible to fully process your report without passing on your data.
After the plausibility check has been carried out, the reporting office will check whether storage is required.
Irrespective of the storage periods listed below, after the notice has been checked and the notice procedure has been completed, measures are taken to make the process documentation as data-efficient as possible, e.g. by means of blacking out or pseudonyms.
The procedural documents are generally deleted after the individual case has been examined 3 years after the conclusion of the notice procedure. The documentation may be kept longer to meet the requirements of the Whistleblower Protection Act or other legislation, as long as this is necessary and proportionate.
As a person providing notices, a person involved in the process and possibly an accused person, you are entitled to the following rights of a data subject based on the GDPR:
To exercise your rights and to revoke your consent, please contact the controller at the contact address given above. Alternatively, you can also assert your data protection rights via the BKMS® system or at the following email address: datenschutzanfrage@munich-airport.de
Please note that the reporting office must also protect the rights of third parties and can therefore only provide information in abridged form or blackened out if this would seriously impair the achievement of the processing goals (art. 14 para. 5 lit. b GDPR) or would disclose information which by its very nature should be kept secret (§ 29 para.1 BDSG).
You have the right to file a complaint with the supervisory authority if you believe that the processing of your personal data is unlawful. The contact data for the supervisory office responsible for us are: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Post office box 1349, 91504 Ansbach, Germany, Phone: +49 (0) 981 / 53 1228, poststelle@lda.bayern.de, www.lda.bayern.de.
If personal data has not been collected from the data subject and there is an obligation to provide information, we will refer you separately to the information provided here and let you know the source of the personal data in accordance with the circumstances of the individual case.
Please note that the appropriate period for the notification is subject to separate review criteria due to the specific circumstances of the processing of your personal data by the internal reporting office and, in particular, deviations from the period defined in Art. 14 para. 3 lit. a GDPR may also be justified in the confidentiality obligations due to overriding legitimate interests of third parties.
We reserve the right to change our safety and data protection measures if this is required due to legal or technical developments. In these cases, we will also adapt our data protection notices accordingly. Therefore, please note the current version of our data protection information.
The communication between your terminal and the BKMS® system takes place via an encrypted connection (SSL). The IP address of your computer will not be saved while using the whistleblower portal. To maintain the connection between your computer and the BKMS® system, a cookie is stored on your computer that only contains the session ID (so-called null cookie). The cookie is only valid until the end of your session and becomes invalid when the browser is closed. As the person providing the notice, you have the option of setting up a protected mailbox in the BKMS® system with a pseudonym/user name and password of your choice. Therefore, you can communicate securely with the reporting office using your name or anonymously.
Version: January 2, 2025
See below for information on why and for how long we process your personal data, the legal basis for this, and your rights with regard to data processing if you use our LabCampus community platform.
Websites of providers to which we link here are subject to the privacy notices or policies published on those sites.
Please take time to read our privacy policy, as it contains important information about how we use your personal data.
When we use the term “data” in this text, we are referring exclusively to personal data as defined by the GDPR.
Our platform offers you a wide range of services. For example, you can learn about the latest innovations at LabCampus and about various catering options. You can utilize services via the platform, e.g. contacting LabCampus Community and Facility Management. The community platform also has a forum for exchanging information. The forum is intended to promote interdisciplinary cooperation and thus innovation.
The LabCampus community platform can only be accessed by registered users. For this reason, we provide you with the option of creating a community account and thus registering to use our platform. To do so, enter your details and submit them to us via the form provided here. We store the data transmitted to us and do not disclose them to third parties.
To create your account, we process your work e-mail address and the password chosen by you. The password must fulfill the minimum criteria described in the terms of use. We process it only as a hash value and cannot read your password in plain text but can recognize whether a correct or incorrect password is used for further log-in attempts.
Once you have registered, we first check whether your e-mail domain, i.e. the part of the address that comes after the @ symbol, is enabled for use of our platform. If this check comes back positive, your account is created and we send you a link with a request to confirm your e-mail address as part of a double opt-in procedure. In this way, we make certain that you have access to the e-mail account indicated and that you entered your e-mail address correctly. Otherwise, you receive an error message and are informed that your e-mail address has not been validated for use of the platform.
Your community account is only activated once you click on the verification link, and only then can you log in to the community platform and complete your registration. To do so, you must enter your position at the company and a nickname, which must comprise at least two letters. In addition to the information provided, we save the date and time at which you created your community account in order to log your registration with the portal and as proof of your e-mail verification if necessary. We also save the date and time of your most recent login.
Provision of the data requested is essential for the creation of your community account. Without these data, we cannot create a community account. We use the data to provide your community platform account. The data are saved in your personal central account, where you can view them at any time and change your password.
When your account is created, your traffic data as described under “3.1 Log files" above are also processed.
A contact form is provided for communication within our platform. The entries made in the form are forwarded to the e-mail account of the LabCampus team responsible for the particular inquiry. Further communication takes place by e-mail. When the information is forwarded, the text of the message and the following data are processed: the e-mail address connected to your account as the sender of the message, the date and time at which the message was sent, the information that the message came from the platform as the subject of the message, the language setting you have chosen for the platform, and the identification number assigned by the system to your account.
You can like posts that we publish in the community. These likes, like views, are anonymous, which means that neither we nor the community members can see which posts you have viewed and which you have liked.
When we embed videos on our platform, these are saved on YouTube. YouTube is a platform provided by YouTube LLC, with its registered office at 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google. We embed our videos via YouTube because local hosting is not sufficiently powerful for the presentation of the videos. For more information, see "3.5 Integrated videos (YouTube)."
If you have given us consent to place cookies for the statistical analysis of visitor access, i.e. reach measurement, via the consent management tool from "consentmanager" integrated into our website, we use these cookies to improve the quality of our platform and its content. These cookies tell us how the platform is used by the community, enabling us to continuously optimize our offering and our posts. For more information, see "3.2 Cookies and pixels." Information on the consent management tool is provided under "3.2.1 General information on cookies" and on reach measurement under "3.2.2.2 Matomo – LabCampus."
Your data are processed in order to make it possible to register on and login to our community platform as well as to communicate with you.
Registration on the platform is voluntary and based on your consent in accordance with Art. 6 Para. 1 (a), Art. 4 (11) in conjunction with Art. 7 Para. 4 GDPR.
In connection with the use of the platform, your data are processed in accordance with the applicable terms of use. The legal basis for this is Art. 6 Para. 1 (b) GDPR.
We process the e-mail address provided for the purpose of efficient and effective communication. This purpose also constitutes our legitimate interest. The legal basis for this is Art. 6 Para. 1 (f) GDPR.
Our community platform is maintained and operated by our partner, Das Büro am Draht Software-Entwicklung GmbH, located at Blücherstrasse 22, 10961 Berlin (hereinafter "BaD"). It is hosted by our partner Hetzner Online GmbH, located at Industriestrasse 25, 91710 Gunzenhausen (hereinafter Hetzner). We use AWS Cognito for control of access and AWS Secret Manager for account management. AWS Cognito and AWS Secret Manager are offerings of Amazon Web Services EMEA SARL, located at 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter AWS). Likewise, we use AWS for the forwarding of inquiries submitted via the contact form.
BaD, Hetzner and AWS all process your data, unless we have explicitly stated otherwise here, on our behalf and according to our instructions within the European Union (EU). This means that BaD, Hetzner and AWS do not and are not permitted to use your data for themselves, particularly not for their own purposes or their own promotions.
Please note that AWS complies with the data protection code of conduct for cloud infrastructure services providers (CISPE), i.e. the code of conduct ratified by the European Data Protection Board (EDPB) and adopted by the French data protection authority CNIL in accordance with Article 40 GDPR, and therefore undertakes to comply with the EU’s data protection standards, even when data are transmitted outside of the EU, so that your personal data are adequately protected under data protection law.
You can delete your own account via the platform at any time by clicking "Delete account" in your account settings and telling us your reason for doing so. Your data will then be deleted. You can also send an e-mail to community@labcampus.de or request deletion via the contact form available here. Your account will then also be deleted.
Status: September 2023
The Business-to-Business (B2B) portal is available to airport users, airlines, airline associations, representatives of the licensing authority or service providers operating at the Munich site to gain access to personalised information of various kinds. To ensure that the information published on the portal is only accessible to authorised persons, you must create a personalised user profile. The portal is also used to register for newsletters, events or expedited parking or to order publications and make specific enquiries.
Your data will only be processed for the following purposes:
Categories of personal data
Profile data depending on use case.
IT usage data (system-related)
Depending on the intended use of the portal:
Personal data is not transferred to third countries.
In order to exercise his or her rights concerning the B2B portal, the person concerned may contact the B2B portal, preferably by e-mail, at the following address:
datenschutzanfrage@munich-airport.de
Status: 6.9.2023
As a transport business, the airport is required under Sections 978 et seq. of the Bürgerliches Gesetzbuch (BGB – German Civil Code) and state lost property laws to maintain a Lost & Found office In order to comply with the legal requirements, it is necessary to process personal data of finders, owners, proprietors, and employees.
The following data are collected in order to properly process the lost property, comply with legal obligations, and protect legal interests:
In addition to the Lost & Found employees (specialist department), the following external recipients receive your personal data:
The data are pseudonymized three years after the date of the auction.
Billing data are pseudonymized and stored for 10 years in accordance with the tax regulations.
The legal basis for the processing of your data as described in this section is Article 6 (1) sentence 1c) of the GDPR in conjunction with Sections 978 et seq. of the BGB, Section 10 of the bayerische Fundverordnung (BayFundV – Bavarian Lost Property Regulation) and Article 6 (1) sentence 1f) of the GDPR (legitimate interest).
In the Service Center at Munich Airport, you can find a wide range of services to make your stay at Munich Airport as enjoyable as possible:
The following data are collected to identify customers and allocate items or property and for billing:
If the person picking up the item is not the customer:
Personal data are sent to the following categories of recipients:
Delivery notes are stored for up to 13 months.
Billing data are stored until the end of the respective statutory retention periods of six or ten years.
The legal basis for the processing described in this section is Article 6 (1) sentence 1b) of the GDPR (performance of a contract or steps prior to entering into a contract) and Article 6 (1) sentence 1f) of the GDPR (legitimate interest).
Privacy Policy regarding the conduct of telephone and video conferences via MS Team
This privacy policy contains information on the processing of personal data in connection with the use of Microsoft Teams in order to conduct telephone and video conferences (online meetings) and other communication involving persons who are not present locally.
Unless another controller is expressly named for individual services, the controller for all processing operations covered by this privacy policy is:
Flughafen München GmbH
Nordallee 25
85356 Munich
Germany
Tel. +49 89 975 00
E-mail: info@munich-airport.de
Contact details for Flughafen München GmbH, hereinafter also referred to as "FMG" or "we", and its subsidiaries can be found here.
Data protection officer of Flughafen München GmbH, Nordallee 25, 85356 München-Flughafen, e-mail: datenschutzbeauftragter@munich-airport.de
The contact details for data protection officers at our subsidiaries can be found here.
For conducting telephone and video conferences (online meetings) and other communication involving people who are not present locally.
Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft").
When using Microsoft Teams, various types of personal data are processed. The scope of data processing depends on the information provided and settings made by the data subject and whether Microsoft Teams is used via the app or the browser.
Depending on the type and scope of participation and the individual settings of the data subject, the following personal data may be processed:
If the online meeting is recorded, this fact will be communicated to the data subjects in advance, and – if necessary – consent will be obtained. The fact that an online meeting is being recorded is also indicated by a banner during the meeting.
Personal data is transmitted to the following recipients or categories of recipi-ents:
A transfer to a third country outside the European Union is not intended, but cannot be ruled out in the context of the use of MS Teams. The transfer is justified under data protection law, as the following instruments are used under Art. 44 et seq. GDPR:
Personal data will only be stored for as long as is necessary to achieve the stat-ed purposes or as required by the statutory storage and retention periods. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely deleted following the statutory provisions.
Every data subject has the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object to processing, and the right to data portability within the scope of the statutory provisions.
Contact details for exercising your rights as a data subject:
Flughafen München GmbH
Data protection request
Nordallee 25
85356 Munich
E-mail: datenschutzanfrage@munich-airport.de
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes applicable law. The competent supervisory authority in Bavaria for the non-public sector is Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht), Ansbach.
As a rule, the data subject is not obliged to provide the personal data. Likewise, there is generally no legal requirement for provision, nor is provision necessary for the conclusion of a contract.
However, participation in online meetings is not possible without providing the minimum required personal data.
Automated decision-making does not take place.
Further supplementary information on data protection can be found in the general privacy policy.
Date: October 25, 2023
Privacy Policy regarding the conduct of applicant interviews with video via MS Teams
This privacy policy contains information on the processing of personal data in connection with the use of Microsoft Teams in order to conduct telephone and video conferences (online meetings) and other communication involving persons who are not present locally.
Controller of the processing activities is the respective company of Munich Airport Group to which you sent your application. Contact details for Flughafen München GmbH and its subsidiaries can be found here.
Data protection officer of Flughafen München GmbH, Nordallee 25, 85356 München-Flughafen, e-mail: datenschutzbeauftragter@munich-airport.de
The contact details for data protection officers at our subsidiaries can be found here.
The Microsoft Teams application is used to conduct video interviews with applicants and online meetings.
Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "Microsoft").
When using Microsoft Teams, various types of personal data are processed. The scope of data processing depends on the information provided and settings made by the data subject and whether Microsoft Teams is used via the app or the browser.
Depending on the type and scope of participation and the individual settings of the data subject, the following personal data may be processed:
Video interviews are not recorded. As an applicant, by acknowledging the data protection information, you guarantee that you will also not make any recordings.
Communication between FMG and you as an applicant is encrypted throughout the entire video interview.
Confidentiality: As an applicant, you also guarantee that you will maintain confidentiality about presentations and all internal company information that may be shared with you by the specialist departments during a video interview. This rule also applies to screenshots, which are also prohibited.
Transparency during the MS Teams conference
You will be informed in advance by the recruiting team about all participants in the MS Teams conference (name, department) when you are invited to the interview. The attendance data required for participation will be made available to the interview participants announced in advance only. Transparency is ensured during the MS Teams conference through communication and visibility of all discussion partners and attendees. By taking note of the data protection information or participating in the video interview, you guarantee that you will not pass on the participation data to unauthorized persons.
Before the video interview begins, you should make sure that the people present in your room are aware that audio and/or video will be transmitted as part of the video interview and that their image and words can be transmitted to the other participants in the interview. If necessary, you should inform the persons present in the room accordingly and, if applicable, name the recipients of the voice and video transmission. If there are people in the room who are not participants in the video interview or who do not agree to a corresponding transmission, they must be given the opportunity to leave the room before the interview begins.
The processing of personal data is based on your consent pursuant to Article 6(1) letter a of the GDPR in conjunction with Section 26(2) of the BDSG (German Federal Data Protection Act) and, with regard to the content of the job interview, on the basis of Section 26(1) sentence 1 of the BDSG.
Voluntary nature of participation in video interviews and right of withdrawal
We have already informed you in advance that the video interview is only one of several options. Your participation is voluntary. Alternatively, the following options are also possible: telephone interview, on-site interview, etc.
Please contact the recruiting team if you would like to choose another option.
You have the right to revoke your consent at any time with effect for the future without giving reasons for doing so. To do this, please contact: jobs@munich-airport.de.
Personal data is transmitted to the following recipients or categories of recipi-ents:
A transfer to a third country outside the European Union is not intended, but cannot be ruled out in the context of the use of MS Teams. The transfer is justified under data protection law, as the following instruments are used under Art. 44 et seq. GDPR:
Personal data will only be stored for as long as is necessary to achieve the stat-ed purposes or as required by the statutory storage and retention periods. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely deleted following the statutory provisions.
Every data subject has the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to object to processing, and the right to data portability within the scope of the statutory provisions.
Contact details for exercising your rights as a data subject:
Flughafen München GmbH
Data protection request
Nordallee 25
85356 Munich
E-mail: datenschutzanfrage@munich-airport.de
Contact details for subsidiaries of Flughafen München GmbH can be found here.
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they consider that the processing of personal data relating to them infringes applicable law. The competent supervisory authority in Bavaria for the non-public sector is Bavaria DPA (Bayerisches Landesamt für Datenschutzaufsicht), Ansbach.
As a rule, the data subject is not obliged to provide the personal data. Likewise, there is generally no legal requirement for provision, nor is provision necessary for the conclusion of a contract.
However, participation in online meetings is not possible without providing the minimum required personal data.
Automated decision-making does not take place.
Further supplementary information on data protection can be found in the general privacy policy.
Date: November 23, 2023
By using a contact form under https://www.munich-airport.de/kontaktanfrage-parken-4624305 on the web page of Munich Airport, parking customers, interested persons and web page visitors can obtain information on various topics from Munich Airport.
In the context of your contact approach, the data entered by yourself into the entry mask are being processed. This comprises your contact data as well as any facts and details provided by you.
Contact Data:
Information and facts:
The described data or data categories of your person are processed for the purpose of answer-ing and dealing with your inquiry, which has been transmitted to us in the free text field “Your message”. In general the provision of the contact form “Contact Parking” serves the purpose of making it possible for interested persons, visitors of the web page and particularly parking customers to address their issues and inquiries regarding parking at Munich Airport with Flughafen München GmbH.
This concerns in particular following topics:
The processing of personal data is based on following legal basis:
In general service providers commissioned by FMG with administration services of our IT-systems may receive your personal data. In addition, operators of data processing service centers, in which applications implemented by us, are hosted, may receive your personal data.
For the provision of the contact form, FMG uses a system of ConSol Consulting & Software Solutions GmbH with headquartes in Munich. A data processing agreement has been concluded with the provider of the software solution, which obliges the provider in particular to comply with all legal data protection requirements and to act in addition solely within the instructions of Flughafen München GmbH.
A transfer of data to a third country outside the European Union does not take place.
3 months after the closure of your file your data are blocked for further processing and are deleted at the latest 6 years after the closure of the file.
Personal data are provided on a voluntary basis. If you do not provide these data, we may as a consequence not be able to process your inquiry.
You are entitled at any time to object to the processing of your personal data for reasons which arise from your personal situation.
Please do send your objection to kontakt.parken@munich-airport.de. We reserve to make an individual assessment of your request before execution of a limitation or discontinuation of the processing or deletion.
We do offer various options for charging your electric vehicle while parking.
The charging and payment process is performed by using the bar code on the parking ticket and is linked to the parking transaction. Please scan the bar code of your parking ticket at the scanner of the eSelector and start the charging process by selecting the charging point.
Please note: If you are using a parking garage with automatic number plate detection, your vehicle license plate may also be linked with the parking ticket as part of the entire parking process. (Please cf. paragraph 4.9 Privacy Policy Privacy Policy - Munich Airport (munich-airport.com)).
Payment for the electricity charged and if applicable for the parking charges is made before the exit at automatic pay stations. Further information concerning charging of your electric vehicle can be found here: Charging electric vehicles - Munich Airport (munich-airport.com).
In addition to the data collected during the parking process and if applicable for an online reservation, following data are processed:
Further information regarding the scope of data processing during the parking process and for online reservations can be found in this data privacy statement under paragraph 4.8 Park-ing reservations and paragraph 4.9 Automatic number plate detection at parking entrances.
Data are processed for following purposes:
The processing of personal data is based on following legal basis:
Personal data are transmitted to following recipients resp. categories of recipients:
A transfer to a third country outside the European Union is not intended.
The data record is stored for up to 92 days in the system for controlling the parking facilities and storing the relevant data records.
Your processed personal data are required, insofar as they are based on the lawfulness of processing in accordance with Art. 6 para. 1 lit. b or c GDPR, to ensure the conclu-sion/execution of the contract with Flughafen München GmbH as part of your parking process. Consequently, there is no possibility of objection in this regard.
Special security precautions apply at airports. Only authorized persons may be granted access to the airside security area.
Data protection officer
Flughafen München GmbH
Nordallee 25
85356 Munich
Germany
e-mail datenschutzbeauftragter@munich-airport.de
When accessing the airside security area, the following categories of data are collected by scanning the boarding pass:
Processing is used to ensure authorization for access to the airside security area (access control).
Necessity for compliance with a legal obligation to which the controller is subject as an airport operator [see Article 6, paragraph 1, sentence 1, letter c) GDPR]. The legal obligation arises from Section 8 of the German Aviation Security Act (LuftSiG).
Personal data is transmitted to the following recipients or categories of recipients:
Group companies: FMSicherheit Flughafen München Sicherheit GmbH
Some of the data is also available to airline employees at the gate for individual queries as part of the process for optimizing the punctuality of check-in (see "Optimization of punctuality during check-in and departure").
Transmission to a third country outside of the European Union is not planned.
The data on your boarding pass will be stored for 30 days in the boarding pass control system in order to be able to trace any faults and comply with official requests. After 30 days, the data is pseudonymised and used for statistical purposes (aggregated figures) for operational analysis. The pseudonymous data will be deleted after 18 months.
The data is collected as part of boarding pass scans during boarding pass checks.
The provision of personal data is voluntary. However, it is not permissible to grant you access to the airside part of Munich Airport if you do not provide this data.
Date: March 25, 2024
If any passengers have failed to appear at the gate of their flight during the boarding process, a decision must be made as to whether the gate will be closed and the baggage of these passengers will be unloaded to ensure punctual departure. Airlines' gate staff can search for the last contact point of a boarding pass scan by seat number or boarding sequence number, so that they can better assess whether the missing passengers can still be expected soon.
Data protection officer
Flughafen München GmbH
Nordallee 25
85356 Munich
Germany
E-mail: datenschutzbeauftragter@munich-airport.de
Optimization of punctuality of check-in and departure.
Required for the purposes of pursuing the legitimate interests of the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject [see Article 6, paragraph 1, sentence 1, letter f) GDPR]. The legitimate interests consist of punctual handling and adherence to the flight schedule and thus serve all of the data subjects.
Boarding pass scanner number (location) and scan time are transmitted to the following recipients on the basis of the flight and seat number or boarding sequence number:
Airlines or their employees, or authorized employees at the gate
Group company: aerogate München Gesellschaft für Luftverkehrsabfertigungen mbH
Transmission to a third country outside of the European Union is not planned.
Retrieval via the seat number or boarding sequence number is possible only until the flight is closed.
The scan time and location are recorded as part of boarding pass scans during boarding pass checks (see 4.36).
The provision of personal data is voluntary. However, it is not permissible to grant you access to the airside part of Munich Airport if you do not provide this data.
Date: March 25, 2024
For customer communication with partners and service providers, the following data is processed by the FMG departments and subsidiaries with which the customers are in contact:
First name/last name, business e-mail address, telephone number and, if applicable, fax number, company (employer) incl. address, communication content
Customer relationship management
(maintaining contact directories and lists, processing of offers and orders, communication with contact persons)
Art. 6 (1) sentence 1 lit. f GDPR: Legitimate interest (efficient processing of quotations and orders as well as corresponding business correspondence)
Art. 6 (1) sentence 1 lit. b GDPR: if the data subject becomes or is a party to the contract.
Art. 6 (1) sentence 1 lit. c GDPR: if required by law, e.g. for validation of supplier relationships.
In the course of communication with data subjects and the processing of contracts, the providers of the applications and IT systems used by FMG may also receive your personal data, e.g. operators of data centers that host applications used by us may have access to your personal data. In the case of any third country transfers of personal data outside the EEA, the requirements of Chapter V of the GDPR are met by us as the controller and by the processors involved.
Your data will generally be stored for as long as is necessary to achieve the above-mentioned purpose and will be deleted once the purpose no longer applies. This is usually the case when the business relationship has ended and there are no statutory retention periods to the contrary.
If your data is processed on the legal basis of legitimate interest, you have the right to object to the processing of your data at any time. In the event of changes to contacts (contact persons) and contact details, please get in touch with your direct contact person.
If you published a review about Munich Airport on Google Maps, we evaluate this review in order to learn from it and improve the services at Munich Airport. For suitable reviews, we can also publish an answer, e.g. to answer a question contained in the review.
Google is responsible for Google Maps and the reviews published there. Further information on this can be found in Google's privacy policy.
Flughafen München GmbH is responsible for the evaluation of the reviews published on Munich Airport as described here. Their contact details and the contact details of the data protection officer can be found above in section 1.
We process the following data categories of the published reviews:
We use techniques from the field of "artificial intelligence" to automatically discover structures and patterns in the published reviews and gain insights from them. We also use such techniques to automatically prepare possible answers to new reviews from previous reviews and our responses to them. The publication of an answer (and the answer text) is always based on the decision of a human employee.
The data of individual reviews are stored and evaluated by us for up to 10 years, so that we can track and evaluate trends and developments in the quality of our services over longer periods of time.
The legal basis for the processing described in this section is Art. 6 (1) sentence 1 (f) GDPR (balance of interests, based on our legitimate interest in improving the services at Munich Airport and communicating with our reviewers about it).
You can object to the processing of your data described here at any time, e.g. by e-mail to datenschutzanfrage@munich-airport.de. In the event of your objection, we will no longer process the data of your review(s), unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.
The recipients of the review data processed by us are our responsible specialist department and the contract processors for IT services that we use. A transfer to third countries is not intended.
On our website you will be redirected to the external booking platforms described below. The bookings are processed independently of Flughafen München GmbH. The privacy policy of the provider in question will apply.
The booking process "Package holidays" is operated by travianet GmbH, a company in the FTI Group, with headquarters in Deggendorf, Germany. The process is subject to the privacy policy of travianet GmbH.
The booking process "Car rentals" is operated by TravelJigsaw Limited with headquarters in London, UK. The trade name of the rental car booking platform is Rentalcars.com. The process is subject to the terms of the privacy policy of Rentalcars.com.
Under data protection laws, data subjects have various rights with regard to their personal data, in particular a right to information on the personal data in question, the rectification and erasure of data, the restriction of processing, objection to processing, data portability and the right to withdraw consent at any time. Unless otherwise indicated in the various processing steps, you can exercise your rights by contacting datenschutzanfrage@munich-airport.de. Further information on the processing of your personal data when asserting your rights or other data protection inquiries can be found in Individual processing activities in the appropriate section.
The data subject has the right pursuant to Art. 15 GDPR to obtain information from the controller on the processing of his/her personal data by the controller. Please note that this right may be restricted under certain circumstances in accordance with statutory regulations (in particular Section 34 of the German Data Protection Act (BDSG)).
The data subject has the right pursuant to Art. 16 GDPR to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Depending on the purposes of the pro-cessing, the data subject has the right to have incomplete personal data completed.
The data subject has the right pursuant to Art. 18 GDPR to obtain from the controller restriction of processing of personal data pertaining to him/her.
By way of clarification, please note: To ensure that a data block can be complied with at all times, it is generally necessary to keep certain personal data of the data subject in a restricted data file.
The data subject has the right, pursuant to the criteria set out in Art. 17 GDPR, to obtain from the controller the erasure of personal data pertaining to him/her.
The data subject has the right, pursuant to the criteria set out in Art. 21 GDPR, to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds warranting protection for the processing which override your interests, rights and freedoms or which serve to establish, exercise or defend against legal claims.
The data subject has the right to withdraw his/her consent with future effect at any time. The withdrawal of consent shall not affect the lawfulness of processing of personal data based on consent granted prior to the withdrawal.
The data subject has the right, pursuant to Art. 20 GDPR, to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and to transmit the data to another controller or to have the data transmitted directly from one controller to another.
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged infringement if they believe that the processing of personal data relating to them violates the law. The supervisory authority in the state of Bavaria responsible for the non-public area of the airport is the Bavarian State Office for Data Protection Supervision, Ansbach.
This information about the processing of your personal data refers to the processing and answering of your inquiries in accordance with art. 15-21 of the General Data Protection Regulation (GDPR).
Flughafen München GmbH (in the following: FMG) or the subsidiary/affiliated company to which your data protection inquiry refers or to which you addressed your inquiry are responsible with respect to legal data protection.
The contact data can be found in section 1 of this data protection declaration. The contact data of the identified data protection officer can also be found here.
Note: Inquiries that affect subsidiaries/affiliated companies of FMG must be addressed directly to the subsidiary/affiliated company of FMG. A current overview of the corporate structure can be found on the website under https://www.munich-airport.com/company-profile-263193.
Please note that many other companies are also active on the premises of the Munich airport and these companies may - on their own responsibility - process data about you. This refers, for example, to airlines that start and land on the Munich airport. The respective inquiries should be addressed directly to the data protection officers of the respective airline. An overview of the airlines can be found here.
7.1.1 Coordination/processing/answering of your inquiry
On one hand, we process your personal data for the on-time, content-correct and complete processing and the answering of your inquiry. For this purpose it is required to hand your inquiry to selected internal FMG departments that can normally process your personal data and therefore can research for applicable personal data.
In close cooperation with the data protection officer of FMG, the corporate Compliance unit reviews your inquiry, performs an identification with the affected departments, coordinates the obtaining of the required information, prepares the answer to your inquiry and answers it centrally addressed to you. An external legal advice is obtained if this is required.
The department selection is made individually and depends on your relationship with FMG (whether you are, for example, a passenger, a subscriber of a newsletter, participant in contests, user of the free WIFI, user of the contact form of the website, user of the online parking lot booking, supplier or other contract partner, etc.).
The personal data that you transmitted to us directly through your inquiry and those that we process based on the FMG services that you used are processed.
This can, for example, include the following data:
A complete, final listing of all data is not possible, because it depends on your specific inquiry and the services used by you.
The processing activity does not generally include special categories of personal data (e.g. health data, data about religious or ideological beliefs, data about the racist or ethnic family background). However, this may be possible in individual cases if it is necessary for the processing of the specific inquiry.
7.1.2 Answer and documentation of completed inquiries
After we answered your inquiry, we store our answer delivered through the respec-tive communication channels as well as the associated documentation.
Stored are through this process:
This also affects inquiries that were answered by us with a required identification question about your person and which could not be further processed due to the lack of an identification confirmation by you.
7.2.1 Processing/answering of your inquiry
We process your personal data for the purpose of the on-time processing and answering of your inquiry. The obligation for answering is based on our own commitment to the transparency against the affected persons as well as the GDPR-conforming processing of personal data. The processing and answering of your inquiry is also based on the requirements in section III GDPR, especially art. 12-21 GDPR (legal basis art. 6 para. 1 lit. c GDPR).
Our justified interests to correctly and completely answer your inquiry with regards to content in a timely manner are also based on the above (legal basis art. 6 para. 1 lit. f GDPR). The processing of your personal data as described here is required for this purpose. Basic rights and freedoms of third parties must be incorporated accordingly.
7.2.2 Answer and documentation of completed inquiries, legal defense
We store the required documents for completed and answered inquiries by affected persons for a specified time to counteract possible later legal disputes (especially for the defense against claims) and to be able to address accountabilities (especial-ly against the regulating authority). Our justified interests are also based on the above (legal basis art. 6 para. lit. f GDPR). The processing of your personal data as described here is required for this purpose.
7.3.1 Processing/answering of your inquiry
7.3.2 Answer and documentation of completed inquiries
A transfer of your above mentioned personal data to third countries does not take place.
Data are generally retained for three years for any subsequent legal disputes (legal basis: Art. 6 Par. 1 f) GDPR, balancing of interests). This period corresponds to the standard limitation period for claims under Section 195 of the Bürgerliches Gesetzbuch (BGB – German Civil Code). If no other limitation period is determined, the period commences at the end of the year in which the claim arose (Section 199 Par. 1 BGB).
The data are erased if they are no longer required and this is not precluded by legal retention periods.
Your personal data that we handle as part of the processing and answering of your inquiry are regularly provided by you. We either received the data from you as part of the inquiry, or the personal data are the result of the service booked by you, or the service used by you. We do not use any other source for the data acquisition. In individual cases, however, it is possible that third parties have transmitted certain data about you to us (e.g. an airline you use, with which you take off or land at Munich Airport).
The provision of your personal data is not legally or contractually required, or re-quired for the establishment of a contract. You are not obligated to provide your da-ta.
However, the non-provision of your data may result in the fact that we cannot allo-cate certain data that is stored in our devices to your person and therefore cannot process and answer your inquiry or can only partly process and answer your inquiry.
An automated decision making in accordance with art. 22 GDPR that causes a legal effect against you or a profile generation do not take place.
By addressing datenschutzanfrage@munich-airport.de, you have the option to object to the processing of your personal data. However, a revocation may result in the fact that we cannot process and answer your inquiry or we cannot completely process and answer your inquiry.
Additional information about your rights in accordance with art. 15-21 GDPR can be found under item 6 of the data protection declaration.
We reserve the right to amend this Privacy Statement to ensure that it is always in compliance with the current legal requirements or to implement changes in our services in the Privacy Statement, e.g. when introducing new services. For your next visit to our website the new Privacy Statement will then apply.