Flugplatz: Privacy policy

Our privacy policy

Privacy policy for the domain www.flugplatz-strausberg.de

We would hereby like to inform you how we process your data on this website. 

1. Name and contact details

1.1. Data controller

Strausberger Flugplatz GmbH 
Kastanienallee 38
15344 Strausberg

Tel: +49 3341 345 370
Fax: +49 3341 345 379
Email: info@sfg-strausberg.de

 

1.2. Name and contact details of the Data Protection Officer

Lawyer Markus Selent
Hendrik Klünder & Markus Selent GbR
Schwanebecker Chaussee 5
13125 Berlin

Tel: +49 30 6093 3555
Fax: +49 30 6093 3558

Email: selent@point-of-law.de
www.point-of-law.de

2. Processing of your personal data

2.1. Which of your data do we use and where does your data come from?

We process data that we receive from you when you visit the website.

2.1.1. Processing in server logs

This is data that arises in the course of communication between your device and our web servers and is stored there. In particular, this is temporarily the connection data of the accessing computer. This data set is comprised of:

  • the page from which the file was accessed,
  • the file name,
  • the date and time of the request,
  • the amount of data transmitted,
  • the access status (file transmitted, file not found),
  • a description of the type of web browser used,
  • the IP address of the accessing computer shortened by the last three digits.

2.1.2. Use of contact forms

If you use contact forms on our website, we collect the data that you send us via this contact form. This includes in particular:

  • PPR application (contact details (first and last name, email address), customer addresses, aircraft registration number, flight origin and destination)
  • Request to book hangar (contact details (first and last name, institution, email address), address)
  • Book order (contact details (first and last name, email address), customer addresses)
  • Customs declaration (contact details (first and last name, email address), telephone no., aircraft registration number, travel dates, data for customs)

2.1.3. Links and widgets

If you use links inserted on our website, you will be forwarded to the corresponding linked sits. The links are recognizable as such. This relates in particular to App2Drive, the limousine / chauffeur service and the links to our affiliates. By using the link, you will be forwarded to third-party websites of other data controllers. The respective website operator is responsible for complying with the data protection regulations.

We have also inserted so-called widgets on our website. This is where external content has been integrated into our website. This is necessary in order, for example, to show you the weather on site, to integrate certain forms (e.g. PPR see Section 2.1.2.) or video modules (e.g. Youtube). By activating these widgets, at least your data according to Section 2.1.1. will be transmitted to the widget provider. In addition, there is also the data that is generated through the use of the widget.

The functionality of these widgets may be dependent on your specific consent. Therefore, the widgets will only be loaded and a connection to the respective provider established if you allow this by clicking on the widget. Permission is only effective in the respective session. Once the session has ended, your consent is also withdrawn. If you visit our website again and use the widget, you have to give your consent again.

Exceptions to this are:

  • the meteoblue AG weather widget. This is integrated without dependence on consent. This will, for example, transmit the data mentioned in Section 2.1.1. to meteoblue AG. You can find out about the data processing that takes place here at https://content.meteoblue.com/de/rechtliches/datenschutz.
  • the VBB widget for the journey planner. This is integrated without dependence on consent. This will, for example, transmit the data mentioned in Section 2.1.1. to VBB. You can find out about the data processing that takes place here at https://www.vbb.de/datenschutz/.
  • the aeroPS GmbH widget for the PPR application. This widget support us in communicating with you. It is loaded immediately without you giving your prior consent. We have concluded a contract with aeroPS GmbH, governing the order data processing in accordance with the data protection regulations.

2.1.5. Cookies

We use cookies on our website that are used for various purposes. You can also adjust your browser settings to inform you about the placement of cookies. This makes the use of cookies transparent to you. You can of course also have your browser ban the placement of cookies. However, this may result in you not being able to use the full scope of our website anymore.

We use the following types of cookies on our website:

  • required, consent-free cookies: without their use, you cannot use our website as intended. They are used exclusively by us and are only stored on your computer during the current browser session. These cookies adjust the functionality of the website so that you are always shown a version that your computer and connection can handle. They also support the switch from a http- (unencrypted) session to a https- (encrypted) session), thus enhancing the security of your visit to your website. The required cookies we use include: 
    • sgsConsentMaps

 

2.2 For what purposes and on what legal basis do we process your data?

We process your personal data in accordance with the data protection regulations of the GDPR, the German Federal Data Protection Act (BDSG) or special legislation.

2.2.1. Processing in server logs

When you visit our website, we process your data according to Art. 6 para. 1 lit. f GDPR. The log data is collected and stored to prevent interference with our websites, to identify attacks on our infrastructure early on and defend against them and to maintain availability. We take your legitimate interests into account by anonymising the collected log data as soon as possible, but at the latest after 7 days. We only carry out a personally identifiable evaluation of the log data if there is reasonable grounds for suspecting an attack or intentional or unintentional interference with our systems. 

2.2.2. Use of contact forms

Insofar as you use contact forms to get in touch with us, the basis results from the purpose for which you have sent us your contact details. The legal bases then result from Art. 6 para. 1 lit.  b) , c) or f) GDPR.

2.2.3. Links and widgets

Insofar as you follow the corresponding links, this is done on the basis of your own decision. The use of widgets used is based on your consent within the meaning of Art. 6 para. 1 lit a) GDPR or in the case of the directly loaded widgets based on Art. 6 para. 1 lit. b), c) or f) GDPR, depending on the purpose of the communication.

2.2.4. Cookies

Depending on the type of cookie used, different legal bases are considered.

  • required, consent-free cookies: The legal basis for their use is Art. 6 para. 1 lit. f) GDPR. Our legitimate interests include the interest in the reasonable use of our website by users. As these cookies are not evaluated on a personal basis and the user's interest in the functionality of the website also exists, no reasons can be identified that outweigh our legitimate interest.
  • Functional cookies: The legal basis for their use is Art. 6 para. 1 lit. a) GDPR.

 

2.3. How long will your data be stored?

2.3.1. Processing in server logs

We process and store your data on the server logs for a maximum of 7 days. We anonymise this data no later than this moment.

2.3.2. Use of contact forms

We process and store your data from the contact forms if this is necessary for the original purpose. In addition, we are subject to various retention and documentation obligations based on such laws as the German Commercial Code (HGB) and the Tax Code (AO). The periods for retention and documentation specified in these regulations range from two to ten years. Certain data must be deleted as soon as the purpose has been fulfilled (e.g. simple enquiries without a contractual background). Finally, the retention period is also determined based on statutory limitation periods, which, for example, according to Article 195 et seq. German Civil Code (BGB) may be up to thirty years, whereby the usual limitation period is three years. Once the storage of the data is no longer required and there are no statutory retention periods, your data will be immediately deleted. 

2.3.3. Links and widgets

We do not store the use of links and widgets. With respect to the use of your data by the corresponding provider, check the provider’s respective data protection information.

2.3.4. Cookies

Depending on the type of cookie used, different deletion periods are considered. Our required cookies are deleted after one session.

3. Disclosure of your data

3.1. Who receives your personal data?

Within the company, only those departments receive your data that require it to fulfil the abovementioned purposes. Data processors and other service providers we use may also receive data for these purposes. These include companies in the IT services and telecommunications categories.

We shall only pass on information if legal regulations require it, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example, public bodies and institutions (offices, financial or aviation governing bodies etc.) if there is a legal or official obligation. Other data recipients may be those bodies for which you have given us consent to share your data.

3.2. Is your data sent to a third country or to an international organisation?

Data is only sent to countries outside the European Economic Area (third countries) if you use corresponding widgets for which you have given your prior consent.

NOTE: Please do not use the corresponding widgets (Youtube and Google Maps) if you do not want data to be sent to the USA. The use of these widgets results in personal data of website users being sent to the USA.

Such use of service providers that send data to the USA is only permitted if an adequate level of data protection is ensured in the USA. Until 16 July 2020, this was possible, for example, if the US company had self-certified under the Privacy Shield. In this way, the adequate level of data protection required by the GDPR should be established. In its ruling of 16 July 2020 (Ref: C-311/18), the European Court of Justice declared the Privacy Shield invalid. You can consult the wording of the ruling here. 

In summary, the ECJ concludes that the scope and legal reach of the US surveillance laws do not ensure sufficient protection for EU data. According to the ECJ, this poses the risk of violating the rights of EU citizens enshrined in the General Data Protection Regulation. Thus, the Court states that „the limitations on the protection of personal data assessed by the Commission in Privacy Shield Decision 2016/1250, which result from the fact that, under United States law, the United States authorities may access and use such data transferred from the Union to that third country, are not regulated in such a way as to satisfy requirements equivalent in substance to those existing under Union law in accordance with the principle of proportionality“.

We have concluded corresponding standard contractual clauses with Google to provide further guarantees for the protection of your data. EU standard contractual clauses continue to remain valid following the ECJ’s decision. Nevertheless, our duty is to minimise the risks for the data subjects. In the case of US legislation, however, we are unable to do so. 

The use of the corresponding widgets, about whose use we provide information here, is of vital importance to us. We would therefore like to use it on our website.

We will, however, only transmit your personally identifiable data if you have provided your express consent for this. You have the right to revoke your consent at any time. Revocation of consent does not affect the legality of processing carried out on the basis of the consent up to the point of revocation. Since your consent is only valid for the respective website visit, it ends automatically when you leave our website.

4. Your rights

You have a right of access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR), right to restriction of processing (Art. 18 GDPR), right to data portability (Art. 20 GDPR) and right to object to processing (Art. 21 GDPR). Please contact us if you would like to exercise these rights.

If you believe that the processing of your personal data breaches existing data protection regulations, you can complain to a supervisory authority, without prejudice to other remedies. You can address the complaint in particular to a supervisory authority in the member state of your residence, place of work or the place of the alleged infringement.

 

Strausberg, 25 May 2022

Further data protection information for our customers

Informationsblatt zur Datenverarbeitung für Kund:innen
pdf