Privacy Policy

We are pleased that you have decided to visit our website, where we offer personalized functionality in addition to current information and news about our company. For us, transparency and integrity regarding the processing of your personal data are important concerns. We comply with data protection regulations, particularly the EU General Data Protection Regulation (GDPR), the new German Federal Data Protection Act (BDSG-neu) and the Telecommunications Telemedia Data Protection Act (TTDSG). In this data protection notice, we explain what information (including personal data) is processed during your visit to and use of our internet services (website), and what rights you have regarding your personal data.

I. Who is responsible for data processing?

The party responsible for the processing of personal data according to data protection law is Eurowings GmbH, Waldstraße 249, 51147 Köln. All instances of “we” or “us” in this data protection notice refer to this entity. Our Lufthansa Group Head Data Protection Officer can be contacted at datenschutz@dlh.de. For questions and information relating to data protection, you are also welcome to contact our Data Protection team at Datenschutz-ew@eurowings.com.

II. Which principles do we adhere to?

In accordance with data protection regulations, we only process your personal data where permitted by law (Art. 6 (1) b GDPR), where this is in our legitimate interest (Art. 6 (1) f GDPR) or if you have given your explicit consent (Art. 6 (1) a GDPR). On this website, we may also collect data that cannot be attributed to you on its own. In certain cases – particularly when combined with other data – this information may still be considered “personal data” under data protection law. We may also collect information on this website that can neither directly nor indirectly be used to identify you, e.g. summarized information about all users of this website.

III. What types of data do we process? For which purposes and on what legal basis is this data processed?

You may access our website without providing direct personal data (such as your name or email address). In this case as well, we must collect and store certain information in order to enable you to access the website. We also use certain analytical methods on our website and have integrated services from third party providers. We also offer you some features on our website for which we must collect personal data.

We collect and process personal data to the following extent:

Log files: When you visit this website, our web server automatically stores information about your device and browser. This includes information about the browser type and version, the operating system, the internet provider, your device’s IP address and ID, the date and time of your visit, the website that linked you to ours, and the pages on our website that you visited. We process this technical information in our system log files and do not link it to your other personal data. We process this technical information in order to enable you to access our website, to ensure the functionality of our website and the security of our IT systems, and to optimize our website. The legal basis for the processing is Article 6 (1) f) GDPR. This processing of your data is justified by our overriding interests. Eurowings has a legitimate interest in ensuring the technical functioning of the website and the services offered on it, as well as in protecting the website from attacks, from which you also benefit. 

Necessary cookies: Cookies are small text files that are stored in the Internet browser you are using after accessing our website. A cookie contains a characteristic string of characters that makes it possible to uniquely identify the browser when a website is called up again. Since cookies can be stored on your computer, you have control over their use. You can set your browser to inform you about the placement of cookies. In this way, the use of cookies is transparent for you. You can delete already stored cookies at any time (also automatically). In addition, you can generally refuse the storage of cookies via your browser settings. Necessary cookies are used for the administration of the website. They enable smooth processes, e.g. ensuring login and security functions, and are stored for the duration of the session and then automatically deleted. Necessary cookies cannot be disabled. The legal basis for processing these cookies and similar technologies is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. The basis of our legitimate interest is to ensure the security and functionality of this website.

Tracking cookies: To analyze the surfing behavior of our users, we use so-called analysis or tracking cookies. For this purpose, we use software from the company Matomo on this site. The software sets a cookie on the user’s computer. If individual pages of our website are called up, the following data is stored:

  • Two bytes of the IP address of the user’s accessing system
  • The website that was accessed
  • The website that linked the user to the one that was accessed (the referrer)
  • The subpages of the website that were accessed
  • The length of time spent on the website
  • How often the website was accessed

This software runs entirely on our website’s servers. User data is only stored there. This data is not made available to third parties.

The software is designed to not store the complete IP address; two bytes of the IP address are hidden (e.g.: 192.168.xxx.xxx). This ensures that the data cannot linked to the accessing device.

The legal basis for the processing of personal data is Article 6 (1) a) GDPR.

Processing users’ personal data allows us to analyze the browsing patterns of our users. Analyzing this collected data allows us to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. These purposes represent a legitimate interest on our behalf for the processing of data according to Article 6, Paragraph 1 (f) of the GDPR. By anonymizing the IP address, the interests of users regarding the protection of personal data are appropriately safeguarded.

The data is deleted as soon as it no longer necessary for our record-keeping purposes. For us, this is the case after 6 months.

On our website, we offer our users the opportunity to opt out of the analysis. This requires following a link. The opt-out process places an additional cookie in the browser of the user’s system, signaling that the user’s data is not to be recorded. If the user deletes the cookie from their system, they will have to repeat the opt-out process to replace the cookie.

Further information on the privacy settings of the Matomo software can be found here: https://matomo.org/docs/privacy/

Matomo (Piwik) web analysis

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Statistical analysis: Eurowings analyzes visits to the web app with the goal of understanding readers’ needs and continuously improving the selection of news items. As is standard, the IP address assigned by a user’s internet service provider is stored on an internal server in the Eurowings network. The IP address is not linked to a specific person. Only anonymous, aggregated data is evaluated for statistical purposes in the context of web analytics.

Other legitimate interests: When necessary, we process your data in addition to the previously mentioned purposes to protect our legitimate interests or the interests of third parties; the legal basis for this is Article 6, Paragraph 1 (f) GDPR. Our legitimate interests include:

  • The assertion of legal claims and defense in legal disputes
  • The prevention and investigation of crimes
  • The management and development of our business, including risk assessment

Embedded videos: We have embedded a number of videos on our website, some of which are also available on our YouTube channel (a service of YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA – “YouTube”). The embedded videos on our website are depicted in a section of the website, but do not begin to play until you actively click on them. When you play an embedded YouTube video, a connection is made to YouTube’s servers in order for the video to play in your browser. The integration of YouTube videos into our website uses YouTube’s so-called “Privacy Enhanced Mode,” which, according to YouTube, does not place cookies on your device. However, your IP address is recorded upon playing the video, and in this way, YouTube is able to see that you visited our website. According to YouTube, this information cannot be traced back to you unless you are logged into YouTube or another Google service at the time of the visit. As soon as you start a video by clicking on it, YouTube in Privacy Enhanced Mode only stores cookies on your device that do not contain any personally identifying information – unless you are logged into a Google service at the time. Storage of these cookies can be prevented with the appropriate browser settings and extensions. More information about data processing is available here, along with the privacy policy notifications of YouTube and Google: www.google.de/intl/de/policies/privacy/.

IV. Am I required to provide data?

In order to leave comments under a news feed, we require an email address and a username. This is the only way for us to provide targeted feedback to questions and discussions and to prevent inappropriate comments.

V. Who receives my data?

Generally speaking, your personal data is processed internally in our company. Depending on the type of personal data, only certain departments/ organizational units have access to your personal data. In particular, this includes the departments responsible for providing our services and our IT department. Our division of roles and authorizations means that data access within our company is limited to the functions and scope necessary to fulfill the particular purpose of the processing.

We may transfer your personal data to third parties in cases where it is legally permitted. These third parties may include:

  • Service providers whom we have hired to perform certain contractual services according to Art. 28 GDPR that may involve processing personal data, as well as any of their subcontractors that we have approved
  • Public and private entities to whom we are legally required to disclose your personal information

VI. How long is my personal data stored?

We generally retain your data as long as we have a legitimate interest in storing it that is not outweighed by your interest in the discontinuation of its storage.

We may also continue to retain your data without a legitimate interest if we are legally required to do so (for example, to meet record-keeping requirements). We will delete your personal data without any further action on your part once it is no longer required for our processing and/or the storage is no longer legally permitted.

As a rule… 

  • Log data is deleted within thirty days unless there is a legal reason for not doing so, such as the detection of misuse or the identification and elimination of technical disruptions.
  • Personal data collected during user registration for the use of the comment function is deleted when the user account is deleted.

The personal data that we store for record-keeping requirements is deleted once the required time has passed. Personal data that we only retain to meet record-keeping requirements is generally restricted so that it can only be accessed if it is necessary for the purpose of the record-keeping requirement.

 VII. What are my rights?

Right to object according to Art 21. GDPR
You have the right to object at any time, for reasons relating to your particular situation, to the processing of personal data concerning you that occurs on the basis of Article 6 (1) f) GDPR. In the event of your objection, we will no longer process the personal data concerning you unless we can demonstrate compelling reasons for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Withdrawal of permissions
If you have given us permission to use your data (e.g. in the context of sending information via email), you may revoke this permission at any time with effect on the future. You can also contact us in other ways, e.g. by sending a message by post, fax or email to one of the contacts mentioned at the beginning of this data protection notice. The withdrawal of consent does not apply retroactively and therefore does not affect the lawfulness of the data processing until the date of withdrawal.

Additional rights
As the data subject, you have the right to the following:

  • Information regarding which personal data we have recorded (GDPR Art. 15)
  • Correction of false or incomplete data (GDPR Art. 16)
  • Deletion of personal data (GDPR Art. 17)
  • Restriction of processing (GDPR Art. 18)
  • Data portability (GDPR Art. 20)

To exercise these rights, you can contact our privacy team at Datenschutz-ew@eurowings.com at any time. The postal address is:

Datenschutz-Team Eurowings
Waldstr. 249
51147 Köln

You are also entitled to lodge a complaint with a competent supervisory authority for data protection at any time pursuant to Art. 77 GDPR in conjunction with Section 19 BDSG. The supervisory authority responsible for Eurowings is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen

Kavalleriestr. 2-4

40213 Düsseldorf

Telefon: 0211/38424-0

Fax: 0211/38424-999

E-Mail: poststelle@ldi.nrw.de