Privacy Policy

The protection of your data is of the highest priority for Drive2Flight GmbH. In our privacy policy, we wish to explain how we process your data. Please also inform other persons whose data you transmit to us (e.g. fellow travellers) about this policy.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, shall always be carried out in accordance with the General Data Protection Regulation (GDPR). By means of this privacy policy, our company wishes to inform the public about the nature, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled.

Overview

1. Controller and Contact Information

The controller within the meaning of the GDPR and other data protection laws applicable in the Member States of the European Union is:

Drive2Flight GmbH
Scharnweberstr. 137
13405 Berlin
Deutschland

Managing Director: Yusuf Kirca

Contact for data protection enquiries:
Email: contact@drive2flight.com
Phone: 03040729999

Further information can be found at: Legal Notice

2. Data Protection Officer

For questions regarding data protection, our Data Protection Officer is available to assist you:

Data Protection Officer
Drive2Flight GmbH
Scharnweberstr. 137
13405 Berlin

Email: datenschutz@drive2flight.com

Any data subject may contact our Data Protection Officer at any time with any questions or suggestions regarding data protection.

3. Purpose and Legal Basis of Data Processing

3.1. Performance of Contract (Art. 6(1)(b) GDPR)

We process your data for the organisation and execution of airport transfers. The data processed includes:

  • First name, surname
  • Billing and delivery address (pick-up address, destination address)
  • Email address
  • Telephone number
  • Flight number and flight details (for airport transfers)
  • Number of passengers
  • Luggage details
  • Special requirements (child seat, wheelchair, etc.)
  • Billing and payment data

The legal basis is Art. 6(1)(b) GDPR (performance of contract). Your email address is also processed pursuant to Art. 6(1)(c) GDPR in order to send you the order confirmation. Data is stored in accordance with statutory retention periods (generally 10 years pursuant to the German Commercial Code (HGB) and the German Fiscal Code (AO)).

3.2. Booking Form and Payment Processing

The data entered via our booking form is processed for the purpose of carrying out your journey. This includes personal data as well as information regarding luggage, fellow travellers and special requests.

Payment service provider Stripe:

For payment processing, we use the service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, D02 H210, Ireland. Your payment data (credit card number, expiry date, security code) is transmitted directly to Stripe and processed there in accordance with Stripe's privacy policy. We do not store any complete credit card data ourselves.

The legal basis for the transmission of data to Stripe is Art. 6(1)(b) GDPR (performance of contract). Stripe may also use the data for fraud prevention and compliance with legal obligations (Art. 6(1)(c) and (f) GDPR).

Further information can be found in the Stripe Privacy Policy.

Additional payment methods:

When using PayPal, your payment data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. Further information: PayPal Privacy Policy.

3.3. Disclosure of Booking Data to Partner Companies

In order to carry out your journey, it is necessary to disclose certain booking data to our partner companies (executing transport companies and drivers). This includes in particular:

  • Pick-up address and destination address
  • Telephone number for enquiries
  • First name and surname
  • Flight number and estimated arrival time
  • Details of fellow travellers (number)
  • Luggage details
  • Additional services (e.g. child seat, wheelchair, luggage options, special requirements)

The disclosure of this data is carried out exclusively for the purpose of executing and processing your booking pursuant to Art. 6(1)(b) GDPR (performance of contract). Our partner companies are contractually obliged to use the data received exclusively for the fulfilment of the agreed transport service and to delete it upon completion of the service in accordance with applicable data protection provisions.

We have concluded data processing agreements pursuant to Art. 28 GDPR with all partner companies to ensure the protection of your personal data.

3.4. Legitimate Interest (Art. 6(1)(f) GDPR)

In the following cases, we base the data processing on our legitimate interest:

  • Improvement and optimisation of our services
  • Ensuring IT security and the operation of our website
  • Prevention of fraud and misuse
  • Assertion of legal claims and defence in legal disputes
  • Direct marketing (with right of objection pursuant to Art. 21 GDPR)

4. Provision, Hosting and Content Delivery Networks (CDN)

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host's servers. This may include, in particular, IP addresses, meta and communication data, contact data, names, booking information and other data generated via the website.

The use of the host is for the purpose of the secure, fast and efficient provision of our website by a professional provider (Art. 6(1)(f) GDPR - legitimate interest). Our host will only process your data to the extent necessary for the fulfilment of its performance obligations and will follow our instructions with regard to this data.

Host used:

[Insert the name of your hosting provider here, e.g. AWS, Hetzner, etc.]
[Address of the hosting provider]
[Country]

To ensure data protection-compliant processing, we have concluded a data processing agreement pursuant to Art. 28 GDPR with our host.

Server location: The servers are located in [Country, e.g. Germany/EU]. No data transfer to third countries outside the EU/EEA takes place.

5. Use of Cookies and Tracking Technologies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device. We use both technically necessary cookies and cookies for analytical and marketing purposes.

Cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain other cookies.

The data subject may prevent the setting of cookies by our website at any time by means of a corresponding setting in the internet browser used, and may thus permanently object to the setting of cookies. Furthermore, cookies that have already been set may be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, not all functions of our website may be fully usable.

5.1. Consent Management Platform

We use a Consent Management Platform to lawfully obtain your consent for the storage of certain cookies or the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR (legal obligation pursuant to TTDSG).

You may manage and change your consent settings at any time via the cookie settings on our website. Your consent settings are stored in a cookie on your device.

5.2. Technically Necessary Cookies

These cookies are required to ensure the basic functions of our website. These include:

  • Session cookies for booking management
  • Cookies for storing your language settings
  • Cookies for storing your cookie settings
  • Security cookies for fraud prevention

The legal basis is Art. 6(1)(f) GDPR (legitimate interest in the functionality of the website). These cookies cannot be deactivated, as the website would otherwise not function properly.

Storage duration: Session cookies are deleted at the end of your browser session. Settings cookies are stored for a maximum of 12 months.

5.3. Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). Google Analytics uses cookies to analyse the use of our website.

Types of data processed:

  • IP address (anonymised through IP masking)
  • Pages visited and time spent
  • Browser type and version
  • Operating system
  • Referrer URL (previously visited page)
  • Date and time of access
  • Device used (desktop, tablet, smartphone)
  • Click paths and interactions on the website

Purpose: Analysis of user behaviour to improve our offering and to optimise the website. The analysis is carried out in a pseudonymised manner, so that no direct attribution to your person is possible.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner). Data processing only takes place after your express consent via our cookie consent tool.

IP anonymisation: We have activated IP anonymisation. Your IP address will be truncated by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there.

Data transfer: Google may also process your data in the USA. An adequacy decision of the EU Commission (EU-US Data Privacy Framework) exists for transfers to the USA.

Storage duration: The data collected by cookies is automatically deleted after 14 months.

Right of withdrawal: You may withdraw your consent at any time via our cookie settings. In addition, you may prevent the installation of cookies by adjusting your browser software settings accordingly, or install the browser add-on to deactivate Google Analytics: https://tools.google.com/dlpage/gaoptout

Further information: Google Privacy Policy and Google Analytics Data Usage

5.4. Google Ads and Conversion Tracking

We use Google Ads, a service provided by Google Ireland Limited, for the placement of advertisements. When you arrive at our website via a Google advertisement, Google Ads places a conversion cookie on your device.

Types of data processed:

  • Cookie ID
  • IP address
  • Information about clicks on advertisements
  • Pages visited after clicking on an advertisement
  • Conversion events (e.g. completed bookings)

Purpose: Performance measurement of our advertising campaigns, optimisation of advertisement placement and determination of conversion rates.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner).

Data transfer: Google may also process your data in the USA. An adequacy decision of the EU Commission (EU-US Data Privacy Framework) exists for transfers to the USA.

Storage duration: 90 days for conversion cookies.

Right of withdrawal: You may withdraw your consent at any time via our cookie settings. In addition, you may deactivate personalised advertising in your Google account settings: https://www.google.com/settings/ads

Further information: Google Privacy Policy

5.5. Meta Pixel (formerly Facebook Pixel)

We use the Meta Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to measure the effectiveness of our advertisements on Facebook and Instagram.

Types of data processed:

  • Cookie ID and Pixel ID
  • IP address
  • Pages visited and actions performed
  • Information about your device (browser type, operating system)
  • Conversion events (e.g. completed bookings)

Purpose: Performance measurement of advertising campaigns on Meta platforms, creation of Custom Audiences for targeted advertising and optimisation of advertisement placement.

Legal basis: Art. 6(1)(a) GDPR (consent via cookie banner). Data processing only takes place after your express consent.

Data transfer: The data collected by the Pixel is transmitted to Meta servers, which may also be located in the USA. An adequacy decision of the EU Commission (EU-US Data Privacy Framework) exists for data transfers to the USA.

Storage duration: The data is stored by Meta for up to 180 days, unless it is deleted beforehand.

Right of withdrawal: You may withdraw your consent at any time via our cookie settings. As a registered Facebook user, you may also adjust your advertisement settings here: https://www.facebook.com/settings/?tab=ads

Further information: Meta Privacy Policy and Meta Pixel Information

5.6. Managing Your Cookie Settings

You may adjust your cookie settings at any time via our cookie banner or in your browser settings. Please note that if certain cookies are deactivated, not all functions of our website may be fully usable.

6. Collection of General Data and Information (Log Files) when Using the Website

The servers of the website collect a series of general data and information with each access by a data subject or automated system. This general data and information is stored in the server log files. The following may be collected:

  • Browser type and version
  • Operating system used
  • Referrer URL (the previously visited page)
  • Hostname of the accessing computer
  • Pages and files accessed
  • Date and time of access
  • IP address
  • Internet service provider of the accessing system
  • Amount of data transferred
  • Indication of whether the retrieval was successful

When using this general data and information, no conclusions are drawn about the data subject. Rather, this information is needed to:

  • Deliver the content of our website correctly
  • Ensure the functionality of our website
  • Ensure the data integrity of our information technology systems
  • Provide law enforcement authorities with the necessary information in the event of cyber attacks
  • Optimise our website and services

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in ensuring the operation and security of our website).

The anonymous data of the server log files is stored separately from all personal data provided by a data subject and is automatically deleted from the servers after 7 days.

7. Technical and Organisational Measures (Security)

Drive2Flight GmbH, as the controller, has implemented numerous technical and organisational measures to ensure the most comprehensive protection possible of the personal data processed.

7.1. Encryption (SSL/TLS)

The transfer of data from the data subject's computer to the servers, as well as the downloading of data from the servers to the user's computer, is encrypted. We use the current encryption standard TLS (Transport Layer Security, Version 1.3) for this purpose.

This established cryptographic method is used worldwide as the standard for highly sensitive transactions on the internet, such as in online banking and sensitive internet applications in the healthcare sector. The encryption combines a public key with a random symmetric key.

The lock symbol in the browser window indicates whether information is being transmitted securely. The authenticity of the encryption code of Drive2Flight GmbH is confirmed by an SSL/TLS certificate. By clicking on the lock symbol at the top of the screen, the user can learn more about the certificate.

7.2. Additional Security Measures

  • Regular security updates and patches
  • Firewalls and intrusion detection systems
  • Access restrictions and authorisation concepts
  • Regular data backups
  • Employee training in data protection
  • Confidentiality obligations for employees
  • Pseudonymisation and encryption of data where possible

Despite these measures, we wish to point out that the transmission of data over the internet can never be completely secure. We therefore cannot guarantee absolute security.

8. GPS Tracking and Location Data

For the optimal execution of your airport transfer and to improve service quality, we may use GPS tracking and location data.

8.1. Tracking During the Journey

During your booked journey, the vehicle may be equipped with GPS technology that collects the following data:

  • Current position of the vehicle
  • Route driven
  • Speed
  • Journey duration
  • Time of pick-up and arrival

Purpose:

  • Optimisation of routing and avoidance of delays
  • Information about estimated arrival time
  • Proof of proper service delivery
  • Safety for passengers (emergency assistance in case of accidents)
  • Billing based on distance travelled (for variable pricing)
  • Quality assurance and customer satisfaction

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in safety and quality assurance).

Storage duration: GPS data is stored for a maximum of 30 days after completion of the journey and is subsequently deleted, unless statutory retention obligations or legitimate claims exist to the contrary.

8.2. Live Tracking for Customers (Optional)

Where offered, you may track the current position of the vehicle in real time via our website or app. This enables you to:

  • View the estimated arrival time
  • Plan your pick-up
  • Increased sense of security

The use of this feature is voluntary. You will need an individual tracking link for this purpose, which we will send you before or during the journey.

8.3. Location Data via Mobile Apps

If you use our mobile app, we may, with your consent, access the location data of your mobile device in order to:

  • Suggest your current location as a pick-up address
  • Display available vehicles in your vicinity
  • Calculate the best route

Legal basis: Art. 6(1)(a) GDPR (consent). You may revoke the location sharing in the settings of your mobile device at any time.

9. Communication and Notifications

9.1. Email Communication

We send you emails for the following purposes:

  • Booking confirmation
  • Journey details and driver information
  • Reminders for upcoming journeys
  • Invoices and payment confirmations
  • Changes or cancellations
  • Important notifications regarding your booking

Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(c) GDPR (legal obligation to transmit invoices).

9.2. SMS Notifications

With your consent, we send you SMS notifications regarding:

  • Driver details and vehicle registration number
  • Notification upon arrival of the driver
  • Delays or changes
  • Important reminders

Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (performance of contract for booking-related SMS).

You may object to the sending of SMS at any time by sending an email to contact@drive2flight.com or using the unsubscribe option in the SMS.

9.3. Telephone Contact

We may contact you by telephone:

  • To clarify booking details
  • In the event of changes or problems
  • For enquiries regarding your booking
  • In a customer service context

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

9.4. Newsletter and Advertising (Optional)

With your express consent, we send you newsletters with information about:

  • Special offers and discounts
  • New services
  • Tips for travellers
  • Company news

Legal basis: Art. 6(1)(a) GDPR (consent).

You may unsubscribe from the newsletter at any time by clicking the unsubscribe link in each newsletter email or by sending an email to contact@drive2flight.com. After your unsubscription, we will delete your email address from our newsletter distribution list, unless you have expressly consented to further use or we reserve the right to further data use that is permitted by law.

10. Contact Options via the Website

The website of Drive2Flight GmbH contains, due to statutory requirements, information that enables rapid electronic contact with our company as well as direct communication with us, which also includes a general address of so-called electronic mail (email address).

If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller is stored for the purpose of processing or contacting the data subject.

Data processed:

  • Name
  • Email address
  • Telephone number (if provided)
  • Message content
  • Time of contact
  • IP address (for abuse prevention)

Purpose: Processing of your enquiry and contacting you

Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(b) GDPR (pre-contractual measures)

Storage duration: Your data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For data transmitted via the contact form, this is the case when the respective conversation with you has ended and no statutory retention obligations exist to the contrary.

No disclosure of this personal data to third parties takes place, unless this is necessary for the processing of your enquiry or required by law.

Contact information can be found at: Contact

11. AI Chat Support and Automated Communication

On our website, we offer chat support that is powered by Artificial Intelligence (AI). This service helps you to quickly obtain answers to frequently asked questions.

11.1. How the AI Chat Works

Our chat support is based on a predefined knowledge base of frequently asked questions (FAQ). The AI analyses your inputs and compares them with the existing questions in order to provide you with the appropriate answer.

Important notes:

  • The AI chat works exclusively with predefined questions and answers
  • The answers may not always be completely precise or individually tailored to your situation
  • For complex or individual enquiries, we recommend contacting us by email at booking@drive2flight.com
  • The AI chat does not replace personal advice from our customer service team

11.2. No Storage of Chat Histories

We do not store any chat histories or conversations from the AI chat support. The chat session takes place exclusively in your browser and is not logged or archived on our servers.

This means:

  • Your messages and questions are not stored
  • No personal data is collected from the chat
  • After closing the browser or leaving the page, the chat session is completely terminated
  • No analysis or evaluation of chat content takes place

11.3. Technical Data Processing

For the technical provision of the chat support, the following data is temporarily processed:

  • Your entered messages (only during the active session in the browser)
  • Session information to maintain the chat connection

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in providing an efficient customer service channel).

Storage duration: No permanent storage. All data is deleted at the end of the browser session.

11.4. Limitations and Recommendations

Since the AI chat is based on predefined answers, it cannot answer all individual questions. For the following matters, we recommend direct contact with our team:

  • Changes to existing bookings
  • Complaints or grievances
  • Individual special requests
  • Urgent enquiries on the day of travel
  • Questions about specific booking details

For these matters, you can reach us at: booking@drive2flight.com

11.5. AI Telephone Assistant

For the processing of telephone customer enquiries, we use an AI-powered telephone assistant. This assistant answers incoming calls and can conduct conversations with callers to answer basic enquiries or record information for our customer service.

How it works:

  • The AI telephone assistant answers incoming calls automatically
  • It can answer simple questions and record information
  • For more complex matters, a callback by our customer service team is offered
  • The system informs callers that they are speaking with an AI assistant

Data processed:

The AI telephone assistant may create call logs that may contain the following information:

  • Caller's telephone number (via caller ID)
  • Caller's name (if provided)
  • Matter and content of the enquiry
  • Callback request and preferred contact times
  • Date and time of the call
  • Booking number or reference number (if provided)

Purpose of data processing:

  • Processing of your telephone enquiry
  • Enabling a qualified callback by our customer service team
  • Documentation of customer matters for correct processing
  • Improvement of our service quality

Disclosure of call logs:

The call logs created by the AI telephone assistant are forwarded to our internal customer service team. This enables seamless processing of your matter, particularly when a callback is requested. The disclosure is carried out exclusively internally and serves the processing of your enquiry.

Legal basis: Art. 6(1)(b) GDPR (performance of contract or pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in efficient customer support).

Storage duration: The call logs are stored for the duration of the processing of your matter and are subsequently deleted in accordance with our deletion schedules, unless statutory retention obligations exist to the contrary. For booking-related enquiries, the retention periods specified under section 13 apply.

Notes:

  • The AI telephone assistant does not store audio recordings of conversations - only text-based summaries are created
  • You may request direct contact with a human employee at any time
  • For time-critical or complex matters, we recommend contacting us by email at booking@drive2flight.com

12. Data of Fellow Travellers and Special Needs

If you transmit data of fellow travellers to us (e.g. names, number of persons, luggage details), you confirm that these persons have been informed about our privacy policy and have consented to the transmission of their data.

12.1. Special Categories of Personal Data

If you inform us of special needs (e.g. mobility impairments, wheelchair requirements, health restrictions), this information may constitute special categories of personal data within the meaning of Art. 9 GDPR.

Legal basis: Art. 9(2)(a) GDPR (explicit consent). By providing such information in the booking form, you grant us your explicit consent for the processing of this data.

Purpose: The processing of this data is carried out exclusively to enable you to receive appropriate and safe transport (e.g. provision of a wheelchair-accessible vehicle, consideration of assistive devices).

Voluntariness: The provision of this information is voluntary. However, without this information, it may not be possible to provide suitable transport.

Withdrawal: You may withdraw your consent at any time with effect for the future. The withdrawal may result in us being unable to carry out the transport as requested.

13. Routine Erasure and Blocking of Personal Data

The controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or insofar as this has been provided for by the European legislator or other legislators in laws or regulations to which the controller is subject.

If the storage purpose ceases to apply, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with the statutory provisions.

13.1. Overview of Retention Periods

Data Type Retention Period Legal Basis
Booking data and invoices 10 years § 147 AO, § 257 HGB (statutory retention obligations)
Contact form enquiries Until completion of the enquiry, then up to 3 years Legitimate interest, warranty claims
GPS tracking data 30 days after end of journey Legitimate interest (proof, quality assurance)
Cookie data (Analytics) 14 months Consent
Server log files 7 days Legitimate interest (IT security)
Newsletter subscription Until withdrawal Consent
Customer account Until deletion of the account Performance of contract
AI chat data No storage Legitimate interest

14. Legal Requirements for the Provision of Personal Data; Obligation of the Data Subject to Provide Personal Data; Possible Consequences of Non-Provision

We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual provisions (e.g. information about the contractual partner).

It may occasionally be necessary for the conclusion of a contract that a data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company concludes a contract with them for an airport transfer.

Data required for a booking:

  • Surname and first name
  • Email address
  • Telephone number
  • Pick-up address and destination address
  • Desired pick-up time
  • Number of passengers
  • Payment information

Non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded and we would be unable to offer you an airport transfer.

Before providing personal data, the data subject may contact our Data Protection Officer. Our Data Protection Officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract, or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences non-provision would have.

15. Your Rights

You have the following rights with regard to the data stored about you:

15.1. Right to Confirmation (Art. 15 GDPR)

You have the right to obtain confirmation from us as to whether personal data concerning you is being processed.

15.2. Right of Access (Art. 15 GDPR)

You may request information about the data stored about you. This information includes in particular:

  • the purposes of processing
  • the categories of personal data being processed
  • the recipients or categories of recipients to whom the data has been or will be disclosed
  • the envisaged period of storage
  • the existence of a right to rectification, erasure, restriction or objection
  • the existence of a right to lodge a complaint with a supervisory authority
  • the origin of the data, if it was not collected from you
  • the existence of automated decision-making including profiling

15.3. Right to Rectification (Art. 16 GDPR)

You may request the rectification of inaccurate data and the completion of incomplete data.

15.4. Right to Erasure (Art. 17 GDPR)

You may request the erasure of your data, provided that no statutory retention obligations exist or other reasons preclude erasure (e.g. assertion of claims).

The right to erasure does not apply where the processing is necessary:

  • for compliance with a legal obligation
  • for the establishment, exercise or defence of legal claims
  • for reasons of public interest

15.5. Right to Restriction of Processing (Art. 18 GDPR)

You may request the restriction of data processing if:

  • you contest the accuracy of the data
  • the processing is unlawful, but you object to erasure
  • we no longer need the data, but you require it for the establishment of claims
  • you have lodged an objection and it has not yet been determined whether our legitimate grounds override yours

15.6. Right to Data Portability (Art. 20 GDPR)

You have the right to request your data in a structured, commonly used and machine-readable format and to transmit this data to another controller.

15.7. Right to Object (Art. 21 GDPR)

You may object to the processing of your data on grounds relating to your particular situation, where the processing is based on Art. 6(1)(e) or (f) GDPR.

Objection to direct marketing: Insofar as we use your data for direct marketing, you may object to this processing at any time without giving reasons. After your objection, we will no longer use the data concerned for the purposes of direct marketing.

15.8. Right to Withdraw Consent (Art. 7(3) GDPR)

Where the processing is based on consent, you may withdraw such consent at any time with effect for the future. The lawfulness of the processing carried out on the basis of the consent until the withdrawal remains unaffected.

15.9. Right to Lodge a Complaint with a Supervisory Authority (Art. 77 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data is unlawful.

The supervisory authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin
Telefon: 030 13889-0
E-Mail: mailbox@datenschutz-berlin.de
Website: www.datenschutz-berlin.de

15.10. Exercising Your Rights

To exercise your rights, please contact:

Email: datenschutz@drive2flight.com
or by post to the address stated above.

We will respond to your request without undue delay, but at the latest within one month. In complex cases, this period may be extended by a further two months. We will inform you of any such extension.

16. Definitions

The privacy policy of Drive2Flight GmbH is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily legible and understandable for the public as well as for our customers and business partners. To ensure this, we wish to explain the terminology used in advance.

16.1. Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

16.2. Data Subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller.

16.3. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

16.4. Restriction of Processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

16.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

16.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

16.7. Controller or Person Responsible for Processing

Controller or person responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

16.8. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

16.9. Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

16.10. Third Party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

16.11. Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

17. Validity and Amendments to this Privacy Policy

This privacy policy is currently valid as of January 2025.

Due to the further development of our website and offerings, or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on our website at www.drive2flight.com/datenschutz.

In the event of material changes, we will inform you by email or by means of a clearly visible notice on our website.