Data protection information

Scope

These are the data protection notices for our Flightpass service. The sale and provision of the service is carried out by Swiss International Air Lines Ltd. The website is operated by Lufthansa Innovation Hub GmbH. You can contact us at any time about all topics relating to data protection and the fulfilment of individual rights.

1. Contact

Swiss International Air Lines Ltd.
Corporate data protection officer
ZRHLX/DHL
post office box
8058 Zurich Airport
Switzerland
dataprotection@swiss.com

Lufthansa Innovation Hub GmbH
Rosenthaler Str. 32
10178 Berlin
datenschutz@lh-innovationhub.com


2. Collection of personal data

You can visit the website and inform yourself about our offers without revealing any personal data. We only ask for personal data where this is necessary to provide our own services and to process transactions you make with SWISS or our partners. We collect and process your personal data carefully and only for the purposes described in this data protection declaration and only to the extent necessary for this purpose. We only store your personal data to the extent and for as long as it is necessary to provide our services or we are obliged by law to do so.
In addition, we collect data in order to analyse the use of the website in general, to obtain indications for improving our services and to gear our marketing measures to the recognisable needs of our customers. We also collect and process such data using cookies. You can find information about how they work and the choices you can make about them in our Cookie Policy: https://www.swiss.com/ba/de/rechtliches/cookie-policy.

3. Data processing for the provision of services

In order to provide our own services and to process transactions, we require personal information to varying degrees. When a profile is opened, contact information is requested, in particular surname, first name, date of birth, telephone number and e-mail address. We also require the following information to process flights booked by you and operated by SWISS or our partners: Your preferred payment method, your address and your Miles & More membership number (if available and desired). For regulatory reasons it is also necessary for us to pass on certain personal and booking data to authorities in Switzerland and abroad in connection with security and entry clarifications (e.g. advanced passenger information data ("API data") to the authorities in the USA). If you carry out transactions directly with our partners or other third parties via the website, a contract is concluded between you and the service provider concerned. The service provider is entitled to process your personal data to process the transaction and any other services directly provided by him. The data protection principles of the service provider concerned apply. If you have any questions in this regard, please contact the respective contractual partner directly.

4. SWISS Marketing measures

We will keep you up to date on relevant developments and SWISS offers. We use the so-called double opt-in procedure to send our newsletter: If you order our newsletter on our website, e.g. by clicking on a confirmation field, we will send you a notification e-mail. You can confirm your order by activating an appropriate link. If you no longer wish to receive newsletters from us at a later date, you can unsubscribe at any time free of charge either in the newsletter itself or in your profile.

5. Data security

We protect your personal data through appropriate security measures and on secure servers. The website is protected by appropriate technical and organisational measures against loss, destruction and manipulation as well as against access, alteration or distribution by unauthorised persons. Particularly sensitive data (e.g. access data to the profile account) are encrypted during transmission via the Internet (SSL).

6. Email dispatch via Mailchimp

If you sign up for our service, we will notify you via email about current activities in your user account. In this context, we use the provider Mailjet, which takes care of the email dispatch. With the processing of data for the dispatch of product-related emails, there is no transfer to third parties.

7. Passing on the data to third parties

We do not process your data completely ourselves but use programs and services from other companies ("tools"). We will change the tools we use from time to time if we consider it appropriate for legal, technical or economic reasons. Here, too, we do not process all your data ourselves, but use the programs and services of other companies ("tools"). We will change the tools we use from time to time if this makes sense for legal, technical or economic reasons. We currently use the following tools for the administration and provision of data (in particular IP addresses, cookies and log files):

If you do not allow us to use these tools, we may no longer be able to fulfil existing contracts between us or may have to resort to solutions that are less convenient for you. Passing on the data to providers or storage locations in countries outside the European Union only to the extent necessary for the completion of orders. We only transfer your data to providers or storage locations in countries outside the European Union to the extent necessary to process orders and execute contracts.

8. Changes

We reserve the right to change this privacy policy at any time. Changes apply from their publication on this website.

9. Rights of the data subject and right of appeal

The Lufthansa Innovation Hub attaches great importance to ensuring that our manufacturing processes are fair and transparent. They are entitled to the following rights:
If you have given us permission to process your personal data, we hereby inform you that you can revoke this permission at any time.
You can exercise your rights by sending an e-mail to dataprotection@swiss.com or datenschutz@lh-innovationhub.com . In order to process your application and for identification purposes, we would like to point out that we process your personal data in accordance with Art. 6 Para. 1 lit. c DSGVO and delete it after a period of 3 years.
In addition, you have the right to complain to a supervisory authority. You can find out which supervisory authority is responsible for you on the website of the Federal Commissioner for Data Protection and Freedom of Information at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html