This Privacy Notice applies to the processing of personal data in the context of the website and services offered on www.airsiders.com.

---

The Website and the services are collectively referred to as the “Services”.

When using the Website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the data that your browser transmits to our server. If you view our Website, we collect the following data:

• • IP address
  • Date and time of the request
  • Content of the request (specific page URL, but not the content of the page as such)
  • Access status/HTTP status code
  • Web page where the user was referred from (referrer)
  • Information about operating system and browser software
  • Preferred language setting and screen resolution

For crash reports, which are automatically generated in case of a misfunction on our website, the following information is stored:

• analytic information
• page load time
• URL requests to the backend
• browser information of the user
• IP address of the user

The aforementioned data will be processed by us for the following purposes:

• Provision of the Websit
• Evaluation of system security and stability
• Compile aggregated, anonymous usage statistics that serve to improve the Website

This data may only be personally identifiable via the IP address. Depending on your way of access to the Internet, the IP address may be completely anonymous, or your access provider stores the assignment of a dynamic IP address to you. In the latter case, combining the above-mentioned data with that of your access provider can eventually make a connection between you personally and the above-mentioned data. However, we will only initiate this if this is appropriate in individual cases for the purposes of legal prosecution, and we will otherwise only cooperate in this if this is ordered by competent authorities or courts in individual cases.

---

We rely on a 3rd party provider to create crash reports. We have concluded a contract with the provider as required by data protection law, which ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

---

The legal basis for the provision of the Website is Performance of Contract. For the other purposes, the legal basis is the Legitimate Interest in keeping the Website and the underlying systems secure, and to improve the usability and performance of the Website. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

---

The data will be stored until the end of the calendar month following use and then be deleted or anonymized (unless required in individual cases for the purpose of legal prosecution) within two working days.

When using our services, i.e., to book flights, we will process your personal data. This includes in particular the following information:

• Name
• Date of birth
• Gender
• Email address
• Phone number
• Country of residence
• Home address
• Frequent Flyer number (optional)
• Credit card details
• Billing address
• Booking information
• Baggage details

In the case of multiple passengers being included in a single booking, only the phone number, email address and home address of the lead passenger is requested.

---

The legal basis for the processing is performance of contract, as far as the data is about the lead passenger, and legitimate interest for other passengers.

Should you have any questions on our services or a flight booking, you may contact our customer support. The customer support will be able to access the following information:

• First Name
• Last Name
• Order Information (flight itinerary)
• Email Address
• Phone number
• Gender
• Date of Birth
• Country of Residence

For customers who have not made a booking but nonetheless contact our support, only information that has been communicated directly by the customer will be available, i.e. a message, a name, and possibly contact information.

---

The legal basis for the processing is performance of contract or in order to take steps at the request of the data subject prior to entering into a contract.

---

We rely on a third party provider to provide our customer service. We have concluded a contract with the provider as required by data protection law, which ensures that they only process the personal data of our website visitors according to our instructions and in compliance with the GDPR.

When you use the Website, we use technologies to store information on your device. We refer to these technologies as “cookies” while, for the purpose of this Privacy Notice, this also includes functionally similar technologies (e.g., HTML5 storage objects). Our web server supplying the Website can store cookies on your computer or mobile device, respectively. The cookie data are then transmitted back if your computer or mobile device requests information from our servers, so that cookie data can be processed in order to provide the requested information.

---

If you use the Website, you can inspect the cookies in your internet browser. You can also adjust your browser settings to accept cookies or not. Also, we ask you whether or not you want to accept cookies on our Website (your choice is stored in a cookie).

---

We use:

• Session cookies which are deleted automatically if you close your browser;
• Persistent cookies which remain on your device for a pre-defined period of time.

We use cookies to:

• identify anonymous users (so you are re-identified, but the information is not connected you personally)
• identify customers and registered users

We use Cookies and similar technologies to better understand how users interact with our website and for marketing purposes

---

Cookies that are technically required for the provision of our services (essential cookies) will be used relying on the legal basis of performance of contract. For any other (non-essential) cookies, we will ask for your consent.

• a) Cookie Consent with Usercentrics

The legal basis for using the following services is your informed consent. To ask for your consent, we have implemented a consent management platform (CMP) on our website. On your first visit, you are requested to provide us with information on which services might be activated. The services are provided by Usercentrics (Usercentrics GmbH, Rosental 4, 80331 München, Website: https://usercentrics.com/).

---

If you visit our website, the following information will be processed by Usercentrics on our behalf:

• your consent and/or revocation of consent
• your IP address
• information on your browser and device
• date and time of your website visit

Furthermore, Usercentrics will store a Cookie in your browser to manage your privacy settings.

---

We use Usercentrics to comply with the legal requirements stemming from the use of certain web-technologies. The legal basis for processing your data for this purpose is art. 6 para (1) lit. c) GDPR. Further information on the various cookies and services included using Usercentrics can be found in the cookie settings [include link]. You may change your privacy settings any time

---

We have concluded a contract with Usercentrics as required by data protection law, which ensures that Usercentrics only processes the personal data of our website visitors according to our instructions and in compliance with the GDPR.

---

Further information and Usercentrics’ privacy policy can be found at: https://usercentrics.com/privacy-policy/

---

• b) Google Analytics

Our Services use Google Analytics, a web analysis service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). With this service, we track the behavior of users in order to generate anonymous statistics. This included ‘clickstreams’, i.e., which functions of the Website you see in which order. Google Analytics uses Cookies. You can find further information about ‘Google Analytics’ Privacy Policy at: http://www.google.com/intl/de/analytics/privacyoverview.html.

---

We collect the following data in this context:

• Special pseudonymous Cookie ID
• Clickstream
• IP address (anonymized immediately upon receipt)
• Date and time of the request
• Content of the request (specific page URL, but not the content of the page as such)
• Information about operating system and browser software
• Preferred language setting and screen resolution

We collect this data in order to fix eventual problems and further improve our Services in terms of technology, stability, security and user experience, based on a Legitimate Interest in these purposes.

• c) Chatbot and communication services

Our website includes a Chatbot and other communication services. When using our communication services, the following personal data will be processed:

• IP address
• Chat Messages (message contents including media)
• analytics information (statistical information, technical information, metadata)

The purpose of these services is to improve your user experience and to provide customer support in a swift and efficient manner.

---

The legal basis for the provision of communication services is Performance of Contract. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

• d) Hotjar

We use services provided by Hotjar (Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian’s STJ 3141, Malta) in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience, which enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes

• User behavior (e.g., how much time users spend on which pages, which links users choose to click, what users do and don’t like, etc.)
• IP address (anonymized immediately upon receipt)
• device screen size, device type
• browser information,
• geographic location (country only) derived from IP address, and
• the preferred language used to display our website.

Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

---

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site:
https://help.hotjar.com/hc/en-us/categories/115001323967-About-Hotjar

• e) Facebook Pixel

We use tracking technologies offered by Facebook (Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland). This allows users of our website to be shown interest-based ads (‘Facebook ads’) when visiting the Facebook social network or other websites that also use this method can be shown interest-based advertisements (‘Facebook ads’). With the use of the Facebook pixel, we pursue the purpose of optimising our ad campaigns on Facebook. In particular, we would like to ensure, that our Facebook ads correspond to the potential interest of the users. Furthermore, with the help of the Facebook pixel, we can track the effectiveness of Facebook ads for statistical purposes. The Facebook pixel collects the following information:

• HTTP Headers – Anything present in HTTP headers. HTTP Headers are a standard web protocol sent between any browser request and any server on the internet. HTTP Headers include IP addresses, information about the web browser, page location, document, referrer and person using the website.
• Pixel-specific Data – Includes Pixel ID and the Facebook Cookie.
• Button Click Data – Includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks
• browser information,
• Optional Values – Developers and marketers can optionally choose to send additional information about the visit through conversion tracking. Example custom data events are conversion value, page type, and more.
• Form Field Names – Includes website field names like ‘email’, ‘address’, ‘quantity’ for when you purchase a product or service. We don’t capture field values unless you include them as part of Advanced Matching, or conversion tracking

When loading the Facebook pixel, your browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data, collected by Facebook through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of the Facebook pixel, Facebook receives the information that you have clicked on an ad from us or that you have opened the corresponding website of our Internet presence. If you are logged in to a Facebook service as a registered user, Facebook can assign the visit to your account. Even if you are not registered with Facebook or are not logged in, there is a possibility that Facebook uses your IP address or other identifiers to track your visit on our website.

---

Further information can be found in Facebook’s privacy policy, available at: https://www.facebook.com/about/privacy/

• f) LinkedIn Pixel

We use tracking technologies offered by LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). For this purpose, the LinkedIn Pixel (“Insight Tag”) is embedded on our websites, which establishes a connection to the LinkedIn server.

---

The LinkedIn pixel collects the following data:

• IP address,
• device and browser properties and
• page events (e.g. page views).

In addition, LinkedIn might use additional information if the data can be linked to a registered and logged in user of LinkedIn.

---

With the help of LinkedIn’s tracking technology, we can create reports on the performance of our advertisements, as well as information on website interaction, including visitors who may have reached us through our campaigns on LinkedIn.

---

LinkedIn does not share personal data with us, but offers anonymized reports on website audience and display performance. In addition, LinkedIn offers the possibility of retargeting. We can use this data to display targeted advertising outside our website without identifying you as a website visitor.

---

Members of LinkedIn can disable the use of their personal data for marketing purposes in their LinkedIn profiles. You can also opt-out from the LinkedIn retargeting ads using this link:

---

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

---

Further information can be found in LinkedIn’s privacy policy, available at: https://www.linkedin.com/legal/privacy-policy

• g) Hubspot

On our website, we use services provided by HubSpot (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). Hubspot is an integrated software solution that we use for our online marketing activities. In particular, we collect the following information:

• Tracking leads,
• Name
• Company name,
• Email

To this extent, we use HubSpot to track B2B activities. Information collected in this course is stored on servers operated by HubSpot. It may be used by us to contact B2B visitors to our website and to determine which of our company’s services are of interest to them. Services provided by Hubspot will be only used in B2B areas of our website.

---

The privacy policy of Hubspot can be found here: https://legal.hubspot.com/privacy-policy

• h) Leadinfo

We use services provided by Leadinfo (Leadinfo B.V., Rivium Quadrant 141, 2909 LC Capelle aan den IJssel, Niederlande) to better understand the B2B audience of our website. Leadinfo provides information on which companies visit our website. This allows us to optimize our services and improve the user experience for business users. Services provided by Leadinfo will be only used in B2B areas of our website. Leadinfo processes the following information:

• IP address,
• Check against Leadinfo database to identify to which company a visitor belongs.

We only use this information to improve our services for B2B customers. We will not use the information collected to create personal profiles of our visitors.

When you contact us by e-mail or via a contact form, we will store and process your e-mail address and, if you provide it, your name and telephone number in order to respond to your message.

---

We will restrict the processing of the data arising in this context after processing is no longer necessary. Your message and our response will further be stored in order to fulfill legal obligations (German trade and tax laws, §§ 257 HGB, 147 AO) for the duration of six full years, and afterwards be deleted.

Ordinary course of internet connections

---

All Services are based on internet connections. Your data is transferred to us via the internet and vice versa. Also, the data you make public through the Services (e.g. your name, address or travel information) are transferred to other entities such as airlines via the Internet. This happens in the course of Performance of Contract. Internet connections are potentially worldwide. Depending on your location, or the locations of other users respectively, data may be transferred to and from countries that have no adequate level of data protection.

---

Web hosting and mail services

---

To offer high availability, speed and quality, our website is hosted by external service providers using a computing center in Frankfurt, Germany. In addition, to provide you with travel information such as the link to your baggage details, we rely on external service providers for the provision of email services.

---

In addition, we rely on services of external service providers as outlined in chapter 3.

---

The legal basis for the transfer of personal data to these service provides is performance of contract.

---

Ticketing providers and airlines.

---

To book your flight connection, we will transfer your personal data to aggregators, consolidators and airlines.

---

The ticket provider(s) used to book your flight connection will then transfer your personal data to the airlines offering the flight connection. For further information on the processing of personal data by the airline, please see the airline’s privacy policy. Transferring your personal data to the ticketing providers and/or airlines is required for us to perform our contractual obligations. A link to the applicable privacy information will be provided with your booking (if provided by the ticket provider).

---

The legal basis for the transfer of personal data to these service providers is performance of contract.Payment Providers

---

We offer various payment methods to our customers booking flight connections. To process your payment, we rely on external payment providers. Personal data processed by payment providers is limited to the information necessary for the performance of our contract.

---

The legal basis for the transfer of personal data to these service providers is performance of contract.

---

Insurance companies

---

Our virtual interline tickets include a guarantee that your flight connections are reliable. In case of delays or other issues, you will get a respective refund. In the course of performance of this contractual obligation, we will transfer details on your bookings to external insurance companies. Data will be only processed for the purpose of offering you the guarantee. Information on the insurance company that covers your booking can be found in your booking information.

---

The legal basis for the transfer of personal data to these service providers is performance of contract.

We refer to different legal bases in this Privacy Notice. Such terms refer to certain provisions of the General Data Protection Regulation (GDPR):

• “Consent” refers to Art 6 para 1 sentence 1 lit a GDPR.
• “Performance of Contract” refers to Art 6 para 1 sentence 1 lit b GDPR.
• “Legal Obligation” refers to Art 6 para 1 sentence 1 lit c GDPR (in conjunction with the legal obligation named for each individual case).
• “Legitimate Interest” refers to Art 6 para 1 sentence 1 lit f GDPR.

If you have given your Consent to the processing of your data and/or the receipt of marketing e-mails, you can withdraw your Consent at any time with effect for the future. To do this, notify (e.g. by e-mail) the Controller mentioned under 1. above or its data protection officer.

---

To the extent we base the processing of your personal data on a Legitimate Interest, you may object to the processing. To do this, notify (e.g. by e-mail) the Controller mentioned under 1. above or its data protection officer. If you wish to file such an objection, we kindly ask you to explain the reasons why your interest outweighs ours. In the event of your objection, we will check the situation and either stop or adjust our processing of your data, or point out to you our overriding interest, on the basis of which we will continue our processing.

You are entitled to request from us:

• Access to your personal data (right to information) pursuant to Article 15 GDPR,
• Rectification of any inaccurate personal data pursuant to Article 16 GDPR
• Erasure of your personal data (“right to be forgotten”) in particular cases in accordance with Article 17 GDPR.
• Restriction of processing your personal data for the period during which a rectification or erasure request is examined, in accordance with Article 18 GDPR.
• To receive your personal data in a structured, commonly used and machine-readable format for transmission to another controller (right to data portability) in accordance with Article 20 GDPR.

If you wish to exercise one or several of these rights, please notify (e.g. by e-mail) the Controller mentioned under 1. above or its data protection officer.

If you wish to complain about data processing, please notify (e.g. by e-mail) the Controller mentioned under 1. above or its data protection officer.

---

You also have the right to file a complaint with the competent data protection supervisory authority. As Airsiders is located in Berlin, the Berliner Beauftragte für Datenschutz und Informationsfreiheit (Berlin Commissioner for Data Protection and Freedom of Information) is the competent authority pursuant to art. 55 GDPR. However, you may also choose to file your complaint with any other supervisory authority within the European Economic Area, in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

This Privacy Notice is currently valid as of August 18th, 2021. We reserve the right to amend this Privacy Notice. You can refer to the current version of the Privacy Notice at any time at:

---

https://airsiders.com/privacy-policy