back to Privacy Portal

Privacy notice General communication & business relationship

Thank you for your interest in our company. In the following, we - as the data controller - inform you about which data is collected by us and how we process this data.

(updated: Sept 2024)

 

1. Scope

The following privacy notice provides you with an overview of the collection and processing of your personal data in relation to general communication with us as well as your rights as a data subject. We had to keep this information on data protection quite general, as we do not know the reasons and circumstances of individual contacts with our company conclusively in advance. Furthermore, we inform you about data processing in the context of business relationships with our business partners.

Please also note our separate data protection notice, which provides you with more detailed information about data processing for the following reasons, in particular:

  • With regard to data processing in the context of your communication on our social media channels, we refer to our separate Privacy Notice Social Media.
  • Our data protection information with regard to the conclusion and execution of contracts for travel services by FTI Touristik, the dispatch of newsletters, customer information and surveys, as well as with regard to the implementation of analyses and research projects can be found here (German).

 

2. Data Controller

The controller of your personal data is the company with which you contact in the context of communication or with whom you have or intend to have a business relationship as our business partner:

  • FTI Touristik GmbH
    Insolvenzverwalter RA Axel W. Bierbach
    Landsberger Straße 88, 80339 Munich, Germany
     
  • BigX-tra Touristik GmbH
    Insolvenzverwalter RA Axel W. Bierbach
    Landsberger Straße 88, 80339 Munich, German
     
  • FTI Ticketshop GmbH
    Landsberger Straße 88, 80339 Munich, Germany

You can reach our data protection officer of above companies at dataprotectionofficer@fti.de.
 

  • FTI Flight Trading GmbH
    Insolvenzverwalter RA Axel W. Bierbach
    Landsberger Straße 88, 80339 Munich, Germany
     
  • Meeting Point Hotelmanagement Holding GmbH
    Insolvenzverwalter RA Oliver Schartl
    Landsberger Straße 88, 80339 Munich, Germany
     
  • Meeting Point International GmbH
    Insolvenzverwalter RA Oliver Schartl
    Landsberger Straße 88, 80339 Munich, Germany
     
  • sonnenklar Reisebüro GmbH
    Insolvenzverwalter RA Axel W. Bierbach
    Landsberger Straße 88, 80339 Munich, Germany
  • Kairaba Lounge GmbH
    Insolvenzverwalter RA Thomas Funk
    Landsberger Straße 88, 80339 Munich, Germany
     
  • LMM Last Mile Media GmbH & Co. KG
    Landsberger Straße 88, 80339 Munich, Germany

 

3. Object of data processing

Personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

4. Purposes and legal bases of our data processing

In accordance with the legal regulations, we generally only collect data that is required for communication with you and to deal with your request.

  • For the processing of personal data that is necessary for the performance of a contract with you, Art. 6 para 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. This may include enquiries or complaints relating to our offers and services, or the processing of enquiries and applications for employment or commissioning by our company.
     
  • Insofar as the processing of personal data  is necessary for the fulfilment of a legal obligation or in  the public interest to which our company is subject, Art. 6 para 1 lit. c) or lit. e) GDPR serves as the legal basis. These obligations arise from commercial or tax law, money laundering or criminal law. The processing serves the fulfilment of legal obligations, in particular also in order to comply with stately control and information obligations.
     
  • If the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first interest, Art. 6 para 1 lit. f) GDPR serves as the legal basis for the processing. Depending on the individual case, this processing serves e.g. business communication with you or your company, the processing of your data in a central customer service platform, as well as for upstream or downstream customer loyalty purposes or for sales promotion purposes, to respond to government enquiries, to assert or defend legal claims, and for our operational reporting.
     
  • In the event that vital interests of your person or another natural person require the processing of personal data, Art. 6 para 1 lit. d) GDPR serves as the legal basis. This may be necessary, for example, as part of our crisis management.
     
  • Insofar as we obtain your consent for the processing of personal data, Art. 6 para 1 lit. a) GDPR serves as the legal basis. You can revoke your consent at any time with effect for the future.

Depending on the individual case, external recipients may use third parties commissioned to process your data (e.g. service providers for the technical infrastructure and maintenance of our communication systems), public bodies (such as courts, tax or law enforcement authorities) or private entities (such as credit agencies) as well as group companies of the FTI GROUP.

If we ask you to provide further information in our communications, the information is always voluntary and marked as such, but is necessary for the response.

 

As part of the contract initiation and the further business relationship, we process personal data of our business partners and, if applicable, their employees.

The scope and type of processing depend on the individual circumstances and the agreed service, but may include the following categories of data in particular: information about the company, professional and private contact details, organizational and communication data, data on personal/professional circumstances, creditworthiness and business data, ID data, certificate of good conduct, audio and video recordings and photos, if applicable, health data (e.g. accidents on the road). factory premises), data from permissible monitoring equipment (e.g. data from IT security programs), information about work equipment received and other voluntary information.

The purposes of the processing are primarily based on the services provided or agreed upon in each case and are, for example, the preparation, implementation and termination of business relationships, the creation and management of access authorisations to premises and IT systems, IT administration or project management, accounting and taxes, auditing and ensuring legally compliant action, asserting and defending against legal claims, fraud and  and money laundering prevention, combating terrorist financing, storage and archiving, statistical evaluations for corporate management, cost recording and controlling, implementation of marketing measures and supplier management, quality assurance and product improvement.

The legal basis for this processing of personal data is in particular Art. 6 para. 1 lit. a) GDPR (your consent), lit. b) (pre-contractual measures, performance of a contract), lit. c) (fulfilment of a legal obligation), lit. d) (vital interests) or lit. f) (for the protection of legitimate interests of us or a third party).

You only need to provide the personal data necessary for the interaction that is necessary in the context of the business relationship or that we are legally obliged to process. If you do not provide us with the relevant data, it is possible that a business relationship cannot be established.

 

5. Data processing in third countries

Within our company, access to your data will only be granted to those departments or persons who need it to perform their respective tasks in connection with the processing activities referred to in this Privacy Notice.

Please note that we may transfer and process personal data in countries other than your country of residence. This may also apply to countries outside the EU or the EEA (so-called third countries). The laws of these countries may not guarantee a level of protection for your personal data comparable to that of your country of origin. If we transfer your personal data to such a country, we will ensure that the transfer is in accordance with the requirements of Art. 45 et seq. GDPR.

We will only transfer your personal data to third countries if they have an adequacy decision by the EU Commission or if appropriate safeguards, including EU standard contractual clauses, are in place. Information and copies of this can be requested by you from the contact provided.

 

6. Automated decision-making, including profiling

Automated decision-making (including profiling) does not take place.

 

7. Duration of retention of personal data

We process and store your personal data only for as long as is necessary to fulfil the purpose for which it was collected. Thereafter, we delete or anonymise your personal data, with the exception of data that we are required to continue to store in order to comply with legal obligations (e.g. we are obliged to keep documents such as business letters, contracts and invoices for a certain period of time due to retention periods under tax and commercial law) or retain them within the framework of the statutory statute of limitations for the assertion, exercise or defence of legal claims.

 

8. Your rights

As a data subject, you have various rights under the GDPR, which arise in particular from Articles 15 to 18 and 21 of the GDPR. Please note that we will need to verify your identity before we can comply with your request to exercise your data protection rights. This practice allows us to protect our customers' personal data from fraudulent requests.

  • Right of access
    In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In your request for information, you should specify your request in order to make it easier for us to compile the necessary data. Please note that under certain circumstances, your right of access may be limited in accordance with the law.
     
  • Right to rectification
    If the information concerning you is no longer correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.
     
  • Right to erasure
    Under the conditions of Art. 17 GDPR, you can request the deletion of your personal data. Your right to deletion depends, among other things, on whether the data concerning you is still required by us to fulfil our legal tasks or whether we have a legitimate interest in storing it.
     
  • Right to restriction of processing
    Within the framework of the provisions of Art. 18 GDPR, you have the right to request a restriction of the processing of data concerning you.
     
  • Right to data portability
    According to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, insofar as this is technically feasible.
     
  • Right to object
    In accordance with Art. 21 GDPR, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. However, we are not always able to comply with this, e.g. if legal provisions oblige us to process data as part of our official duties.
     
  • Withdrawal of your consent
    If we rely on your consent as the legal basis for processing your personal data, you can withdraw that consent at any time.
     

Exercising your rights

To revoke your consent to the use of data, to assert a right to information or the correction, blocking or deletion of your data, or to exercise the other rights of data subject mentioned above, please contact the respective controller. Please send your enquiry to the respective data protection officer or to the postal address with the addition ‘Attn: Data Protection’.

Of course, you are entitled to your data protection rights free of charge, without incurring higher transmission costs than for the basic rates for submitting your request.
 

Right to lodge a complaint

If you believe that we have not complied with data protection regulations when processing your data, you can lodge a complaint with a supervisory authority. The supervisory authority responsible for us is the Bavarian State Office for Data Protection Supervision (BayLDA), Promenade 18, 91522 Ansbach, Germany.

 

9. Changes to this privacy notice

This document is subject to periodic revision or supplementation.