Data protection
To make Passngr better we need anonymous usage
statistics, which we create with Google Analytics for Firebase.
You can deactivate this at any time in the settings under “Privacy
Policy – Google Analytics for Firebase”.
Passngr Privacy Policy
Table of contents
Go to top of page
General Information
Passngr is your personal airport service app. With
Passngr you will receive relevant information and offers at the
right place and at the right time for your stay at participating
airports.
Go to top of page
The Passngr application is offered and operated by the
Flughafen München GmbH
(until July 6th, 2023 by InfoGate Information Systems GmbH)
Business address
Nordallee 25
85356 München-Flughafen
Telephone +49 89 975 00
Postal address
P.O. Box 23 17 55
85326 München-Flughafen
Data Protection Officer
Flughafen München GmbH
Nordallee 25
85356 München
E-Mail: datenschutzbeauftragter@munich-airport.de
Management Board
Jost Lammers (CEO and Chairman of the Management Board)
Nathalie Leroy (CFO and Director of Infrastructure)
Jan-Henrik Andersson (Managing Director of Commercial and Security)
Head of IT
Florian Lesch
Go to top of page
Data processing when using the app
Various basic services of Passngr can be used without
creating a user account. You can, for example, receive flight
information, select your landing or departing flight to receive
matching offers, or activate push-notifications. In this regard we
only process the data required for your use, such as your IP address,
the operating system you are using, the content you have requested,
your location (if applicable), and an ID number for push notifications
assigned by your operating system. The data under "My Flights", "My
Services", "Booked Services", "Stored Services" and "Visited Services"
are stored anonymously in this case.
To use all functions of the app you can set up a personal user account.
Simply create your user account with your email address and password.
Under "Settings-Profile" you can add your name, address and other information,
change your details and delete your account completely. We use this voluntary
information as part of campaigns and promotions, such as sending personalized
greetings or birthday vouchers.
To complete your registration, we will send you an email to your specified
address with a link to a confirmation website. Please confirm your
registration within 24 hours by visiting this website. Without confirmation
your registration data will be deleted. If you cannot find the email in
your mailbox (possibly also in a spam folder), please contact our support.
The legal basis for the data processing described in this section is Article
6(1)(b) GDPR (performance of the contract and pre-contractual measures).
Go to top of page
Location-based functions
Automatic airport change
The Passngr app allows you to automatically change airports based on location changes. To do this, we use a feature of your smartphone operating system that permanently accesses your location information in the background. The function is active even when the app itself is closed, so that it can immediately show you the correct airport when you use the app again. To do this, the app registers so-called "geofences" of participating airports and is informed by the operating system when you enter the area of a participating airport. A push message is then generated locally to inform you of the change of airport. The location monitoring only runs locally on your smartphone. There is no communication with our data center in the process.
The legal basis for the data processing described in this section is Article 6(1)(b) GDPR (contract performance, i.e. the provision of the described function of the Passngr app). You can deactivate the function at any time via the menu item "Settings - Airport change based on location changes".
Automatic Wi-Fi registration
To automatically log you into the WLAN provided by your home airport, the Passngr app uses a so-called Wi-Fi auto registration function. This function of your smartphone operating system permanently accesses your location information in the background and is also active when the Passngr app is closed. This is necessary to detect which Wi-Fis are within range and to perform an auto-login in the portal if the Wi-Fi of the home airport is suitable. This means that the existing Wi-Fi connections in the vicinity of your smartphone are compared with the Wi-Fi connection of the home airport. To do this, the app registers the Wi-Fi identifiers on the operating system for which it is to be activated when they come within range of your smartphone. After an additional plausibility check (comparison of your current location with the location of your home airport via geofence), the login attempt is started so that you can use the Wi-Fi.
The legal basis for the data processing described in this section is Article 6(1)(b) GDPR (contract performance, i.e. the provision of the described function of the Passngr app). You can deactivate the function at any time via the menu item "Settings – Wi-Fi".
Go to top of page
Transfer of data to the home airport
In the app you can agree that Flughafen München GmbH transmits some
of your data related to the app to your respective home airport.
Specifically, these are the following data:
- Basic information
- Salutation
- Name (first and last name)
- Email address
- Postal address incl. country
- Date of birth
- Device data
- Language
- Language settings
- Time of last login
- User data
- Saved flights
- Destination, gate, gate, travel period (if return flight is
saved)
- Role: Passenger, pick-up, bring, transfer
- Viewed coupons
- Has shopped in a shop
- Type and price of the purchase
- Has used a restaurant
- Type and price of consumption
- Has booked a service
- Type and price of consumption
- Has booked a parking space
- Type and price of the booking
- Has ordered a product
- Type and price of the order
- Favourite topics: Shopping, dining, parking, services
- Number and types of bookings made
- Number and types of services viewed
- Geodata (i.e. the time of the visit to a "Point of
Interest")
- Boarding pass data
- Information about accompanying travellers (anonymous)
- Length of stay at the airport
The exact wording of the corresponding consent can be
found under the menu item "Settings - Home Airport". It also describes
how the home airport processes the data received. If you change your
home airport this automatically terminates your consent to the previous
home airport. At the same time you will be asked for consent to the
transmission of data to your new home airport.
Your consent to the transfer of data to your home airport is voluntary.
You can withdraw your consent at any time. Upon termination or withdrawal
of consent, Flughafen München GmbH will no longer transmit data to the home airport,
and the home airport will delete the data previously transmitted. However,
the termination or withdrawal of consent shall not affect the lawfulness
of processing based on the consent before the termination or withdrawal.
The legal basis for the data processing described in this section is Article
6(1)(a) GDPR in conjunction with your consent.
Go to top of page
Email newsletter
In the app you can also consent to receive email newsletters
from various airport operators. In this case Flughafen München GmbH makes a one-time
transmission of your email address, your full name and your chosen
language to the operator of the respective airport. The exact wording
of the corresponding consent can be found under the menu item "At the
airport - About the airport ". It also describes how the airport
processes these data for the purposes of its newsletter.
Your consent to this data transmission is voluntary. Since Flughafen München GmbH only
makes a single transmission of your email address, full name and language
to the respective airport operator, you cannot retroactively withdraw the
consent given for the transmission. You can, however, withdraw your consent
to the airport’s newsletter at any time. For this purpose, please contact
the respective airport operator whose newsletter you have ordered. The
withdrawal of consent does not affect the lawfulness of processing based
on the consent before its withdrawal.
The legal basis for the data processing described in this section is Article
6(1)(a) GDPR in conjunction with your respective consent.
Go to top of page
Usage profiles
To show you relevant content and offers in the app,
Flughafen München GmbH analyses your use of the Passngr app in the form of
pseudonymised usage profiles. For this purpose we store for each
use the usage start time, the device IP address, the device ID
(a random, unique ID number that identifies your device), the
operating system, the page of the app you use, the time spent on
the page, booked services, potentially the location (if location
data was activated), and the usage end time. To the extent these
data could be used to identify you as a person (such as, for example,
the IP address) we strive to store the data only in redacted from
so that it is no longer possible to identify you.
For location data we particularly use the service "Proximity DMP",
which is provided by Beaconinside GmbH (Gustav-Meyer-Allee 25 - BIG
Building 12.5, 13355 Berlin, Germany). This service collects data
generated by so-called "beacons" and "geofences" and determines whether
you are in the vicinity of a specific point of interest (e.g. near a shop
offering products that are relevant to you).
Flughafen München GmbH creates and uses the usage profiles based on these data exclusively to:
- analyse the use of information and services provided in the
app
and
- offer you more relevant information or services in the
future.
If you do not agree to this you can uninstall the app
at any time and delete your user account at any time. All data stored
in your user profile will then be deleted or anonymized immediately.
Otherwise, we will delete or anonymize the data stored in a usage profile
no later than two years after their respective collection.
The legal basis for the data processing described in this section is Article
6(1)(b) GDPR (performance of the contract and pre-contractual measures).
Go to top of page
Push notifications
For sending push messages to mobile devices we use the service of
Pushwoosh Inc. .1224 M St NW, Suite 101, Washington, DC 20005, U.S.A.
The push messages are sent using a pseudonymous push token assigned by
your operating system or the corresponding push service. Neither we nor
Pushwoosh can derive personal data via the push token or assign it to a
device.
Push Messages are sent on the basis of your consent to push notifications in
accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at
any time by revoking Passngr’s permission for push notifications in your
device’s settings. The withdrawal of consent shall not affect the lawfulness
of processing based on consent before its withdrawal.
Go to top of page
Crash reports
To improve the stability and reliability of our apps, we rely on
anonymized crash reports. To do this, we use the Visual Studio App Center, a
service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399,
USA ("Microsoft").
If you voluntarily and expressly agree to submit a crash report after a crash of the
Passngr app, crash information will be sent to the servers of our service provider
and stored there for evaluation by us. These crash reports do not contain any personal
information. These consist of a stack trace, some device information (no serial number,
etc.), the app version, the time stamp of the crash, and the list of software libraries
loaded into memory on crash. There are no processor register contents or log files
included. For more information about MS-Appcenter, please visit https://appcenter.ms/.
For information about privacy at Microsoft, see https://privacy.microsoft.com/en-us/privacystatement.
There is currently no decision by the EU Commission that the US generally provides an
adequate level of data protection. However, Microsoft has committed to comply with the
US Department of Commerce's Privacy Shield Agreement between the EU and the US on the
collection, use and storage of personal information from EU Member States. More
information can be found here: https://www.privacyshield.gov/welcome.
The legal basis for the data processing described in this section is Article 6 (1) (f)
GDPR (balance of interests - based on our legitimate interest in improving the stability
and reliability of our app).
Go to top of page
Payment of booked services
Flughafen München GmbH uses the payment service provider
Novalnet AG
Gutenbergstraße 2
85737
Ismaning
Tel: +49 89
923068320
to handle the payment process for services of various service providers
that can be booked in the app. For this purpose, Novalnet AG requires
certain information, including your personal data: Your name and address,
bank account number and bank code or credit card number (including
expiration date), invoice amount and currency, and the transaction
number.
When you book some of these data are transmitted via the Passngr app to
Novalnet AG. The remaining data required will be collected directly by
Novalnet AG in the payment step of the booking process. Novalnet AG uses
the information to process the payment and may pass it on to Flughafen München GmbH or
the respective provider of the booked service. Novalnet AG will handle the
information in accordance with the applicable data protection laws in
Germany.
To protect our legitimate interest, particularly if we (and/or the
respective provider of the service) assume a credit risk, Novalnet AG
may obtain a credit report from the companies listed below on the basis
of mathematical-statistical procedures. To this end, Novalnet AG transmits
the personal data required for a credit check to these companies and uses
the information received on the statistical probability of a default for
a balanced decision on establishing, implementing or terminating the
contractual relationship. The credit information may contain probability
values (score values) which are calculated on the basis of scientifically
recognized mathematical-statistical methods and whose calculation includes,
but is not limited to, address data. Your legitimate interests will be
considered in accordance with the statutory provisions.
To the extent permitted by law and taking into account your legitimate
interests, an exchange of address and credit data with the following
company may occur for these credit checks:
Infoscore Consumer Data GmbH
Rheinstr. 99
76532
Baden-Baden
Germany
Infoscore Consumer
Data GmbH obtains credit information for Novalnet AG based on
mathematical-statistical methods using address data from the following
companies:
informa Solution GmbH
Rheinstraße 99
76532 Baden-Baden
atriga GmbH
August-Bebel-Str. 29
63225 Langen
Germany
Tel.: +49
(0)6103 – 37896299
E-Mail: info@acdc-pool.info
Web: http://www.acdc-pool.info
If you would like information about the data stored about you by the
companies mentioned above, please contact them directly. Within the credit
check Novalnet AG does not receive any detailed information about you.
Novalnet AG reserves the right to exclude certain payment methods for
initial and follow-up bookings, depending on the credit check and the
amount of the charge.
Regarding payment processing itself, the legal basis for the data
processing described in this section is Art. 6(1)(b) GDPR (performance
of the contract and pre-contractual measures); with regard to the credit
check it is Art. 6(1)(f) GDPR (balancing of interests – based on our
interest and the interest of the other affected provider not to suffer
from defaults).
Go to top of page
Deletion of inactive accounts
We adhere to the principles of data avoidance and data economy. For this
reason we delete according to the terms of use your user account, if you
do not log in the Passngr app for more than 4 years or do not use the app
in the logged-in state. The legal basis for this data processing is Art. 6
para. 1 lit. b) GDPR (contract performance).
After the deletion of your user account, a renewed registration is of
course possible.
Go to top of page
Categories of recipients to which your data may be
disclosed
- Courts, public authorities or other governmental entities in
case of legal obligations
- External data processors pursuant to Art. 28 GDPR, in particular
Flughafen München GmbH
- External recipients and in-house departments to the extent
it is necessary to fulfil the purposes described above (for example,
as described above, the home airport or an airport whose email
newsletter you have ordered in the app)
Go to top of page
Storage periods
We adhere to the principles of data avoidance and data minimisation.
Therefore, we only store your personal data for as long as is necessary to achieve
the purposes described herein, or as provided for by the various mandatory
retention periods under applicable laws. After discontinuation of the respective
purpose or expiration of these retention periods, the corresponding data will
be automatically blocked or deleted in accordance with the statutory provisions.
Go to top of page
Your rights
You have the right to demand information about your
personal data stored by us at any time. Furthermore, you have the
right to demand correction, blocking or, except for the mandatory
data storage for business transactions, deletion of your personal
data. For such requests please contact us at the address given above.
To block data the corresponding data must be stored in a lock file
for control purposes. Provided there is no legal archiving obligation
you can also request the deletion of these lock file data. If there is
a legal archiving obligation we will lock your data upon request.
You also have the right to receive from us the data relating to you
provided to us in a structured, common and machine-readable format;
You may transmit (or have transmitted) these data to other controllers.
Go to top of page
Right to lodge a complaint with a supervisory
authority
Without prejudice to any other administrative or
judicial remedy, if you believe that the processing of your personal
data is unlawful you have the right to lodge a complaint with a supervisory
authority, particularly in the EU Member State of your place of residence,
employment, or the place of alleged infringement.
The supervisory authority for the non-public sector in Bavaria is the Bavarian
State Office for Data Protection Supervision in Ansbach.
Go to top of page
Changes to this privacy policy
We reserve the right to change this privacy policy from time
to time to ensure continued compliance with applicable legal requirements,
or to reflect changes to our services, e.g. when introducing new services.
The new privacy policy will then apply to your continued use of the app.
Go to top of page
Questions to the data protection officer
If you have questions regarding data
protection matters please contact our data protection officer or send
an email to us at datenschutzbeauftragter@munich-airport.de.
Go to top of page
Google Analytics for Firebase
To make Passngr better we need anonymous statistics on how
different Passngr users work with the app. We create these statistics
with the help of Google Analytics for Firebase, an analytics service
provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043,
USA, hereinafter referred to as “Google”).
The legal basis for this processing of data is Article 6 (1) f) GDPR
(balancing of interests, based on our legitimate interest to tailor the
app to its users’ interests and needs). You can object to this processing
of data at any time by deactivating Google Analytics for Firebase below.
Your device transmits the information collected with the help of Google
Analytics for Firebase on your use of this app to Google servers in the USA,
where they are stored for up to 14 months. Currently there is no decision
of the EU Commission that the USA generally provide an adequate level of
protection for personal data. Google undertakes, however, to comply with
the EU-US Privacy Shield Framework as set forth by the US Department of
Commerce regarding the collection, use and retention of personal information
from European Union member countries. More information in this regard is
available here:
https://support.google.com/analytics/answer/7105316?hl=en
More information on the collection of data by Google Analytics for Firebase
is available here:
https://support.google.com/analytics/answer/7105316?hl=en
You can deactivate the collection and the transmission of data by Google
Analytics for Firebase here:
Go to top of page