+++ Companies of the FTI GROUP file for insolvency. FAQs atwww.fti-group.com/en/insolvency. Support Hotline (German/English) at +49 (0)89 710 45 14 98. +++ +++ All departures up to and including 5 July 2024 are cancelled. From 6 July 2024, all package tours and certain individual services are cancelled. +++
+++ CAUTION: Fraud attempts are spreading via SMS and email asking for bank details. Please check carefully who the sender is. +++
Thank you for your interest in our company.
In the following, we - as the data controller - inform you about which data is collected by us and how we process this data.
1. Scope
The following privacy notice provides you with an overview of the collection and processing of your personal data in relation to general communication with us as well as your rights as a data subject. We had to keep this information on data protection quite general, as we do not know the reasons and circumstances of individual contacts with our company conclusively in advance.
Please also note our separate data protection notice, which provides you with more detailed information about data processing for the following reasons, in particular:
- With regard to data processing in the context of your communication on our social media channels, we refer to our separate Privacy Notice Social Media.
- Our data protection information with regard to the conclusion and execution of contracts for travel services by FTI Touristik, the dispatch of newsletters, customer information and surveys, as well as with regard to the implementation of analyses and research projects can be found here (German).
2. Data Controller
The controller responsible for the processing of your personal data is
FTI Touristik GmbH
Landsberger Str. 88, 80339 Munich, Germany
You can contact our data protection officer at: dataprotectionofficer@fti.de
3. Object of data processing
Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
4. Purposes and legal bases of our data processing
In accordance with the legal regulations, we generally only collect data that is required for communication with you and to deal with your request. If we ask you to provide further information in our communications, the information is always voluntary and marked as such, but is necessary for the response.
- For the processing of personal data that is necessary for the performance of a contract with you, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. This may include enquiries or complaints relating to our offers and services, or the processing of enquiries and applications for employment or commissioning by our company.
- Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation or in the public interest to which our company is subject, Art. 6 (1) (c) or (e) GDPR serves as the legal basis. These obligations arise from commercial or tax law, money laundering or criminal law. The processing serves the fulfilment of legal obligations, in particular also in order to comply with stately control and information obligations.
- If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing. Depending on the individual case, this processing serves e.g. business communication with you or your company, the processing of your data in a central customer service platform, as well as for upstream or downstream customer loyalty purposes or for sales promotion purposes, to respond to government enquiries, to assert or defend legal claims, and for our operational reporting.
- In the event that vital interests of your person or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis. This may be necessary, for example, as part of our crisis management.
- Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) (a) GDPR serves as the legal basis. You can revoke your consent at any time with effect for the future.
5. Recipients and data processing in third countries
Within our company, access to your data will only be granted to those departments or persons who need it to perform their respective tasks in connection with the processing activities referred to in this Privacy Notice.
Depending on the individual case, external recipients may use third parties commissioned to process your data (e.g. service providers for the technical infrastructure and maintenance of our communication systems), public bodies (such as courts, tax or law enforcement authorities) or private entities (such as credit agencies) as well as group companies of the FTI GROUP.
Please note that we may transfer and process personal data in countries other than your country of residence. This may also apply to countries outside the EU or the EEA (so-called third countries). The laws of these countries may not guarantee a level of protection for your personal data comparable to that of your country of origin. If we transfer your personal data to such a country, we will ensure that the transfer is in accordance with the requirements of Art. 45 et seq. GDPR.
We will only transfer your personal data to third countries if they have an adequacy decision by the EU Commission or if appropriate safeguards, including EU standard contractual clauses, are in place. Information and copies of this can be requested by you from the contact provided.
6. Automated decision-making, including profiling
Automated decision-making (including profiling) does not take place.
7. Duration of retention of personal data
We process and store your personal data only for as long as is necessary to fulfil the purpose for which it was collected. Thereafter, we delete or anonymise your personal data, with the exception of data that we are required to continue to store in order to comply with legal obligations (e.g. we are obliged to keep documents such as business letters, contracts and invoices for a certain period of time due to retention periods under tax and commercial law) or retain them within the framework of the statutory statute of limitations for the assertion, exercise or defence of legal claims.
8. Your rights
As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR. Please note that we will need to verify your identity before we can comply with your request to exercise your data protection rights. This practice allows us to protect our customers' personal data from fraudulent requests.
- Right of access
In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that under certain circumstances, your right of access may be limited in accordance with the law.
- Right to rectification
If the information concerning you is no longer correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
- Right to erasure
Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data. Your right to deletion depends, among other things, on whether the data concerning you is still required by us to fulfil our legal tasks or whether we have a legitimate interest in storing it.
- Right to restriction of processing
Within the framework of the provisions of Art. 18 GDPR, you have the right to request a restriction of the processing of data concerning you.
- Right to data portability
According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible.
- Right to object
In accordance with Art. 21 GDPR, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. However, we are not always able to comply with this, e.g. if legal provisions oblige us to process data as part of our official duties.
- Withdrawal of your consent
If we rely on your consent as the legal basis for processing your personal data, you can withdraw that consent at any time.
Exercising your rights
To revoke your consent to the use of data, to assert a right to information or the correction, blocking or deletion of your data, or to exercise the other rights of data subject mentioned above, please contact:
FTI Touristik GmbH
Att: Data Protection Officer
Landsberger Straße 88
D-80339 Munich, Germany
Email: datenschutz@fti.de
Right to lodge a complaint
If you believe that we have not complied with data protection regulations when processing your data, you can lodge a complaint with a supervisory authority. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.
9. Changes to this privacy notice
This document is subject to periodic revision or supplementation.
Munich, 6. May 2024