We take the protection of your personal data very seriously. Your privacy is an important concern for us. The following provisions serve to inform you about the processing of personal data in accordance with the requirements of the General Data Protection Regulation (DSGVO).
In particular, taking into account the information obligations under Articles 12 to 14 DSGVO, as well as to inform you about the existing data subject rights under the DSGVO in accordance with Articles 15 to 22 and Article 34 DSGVO.
Notes on the responsible entity
The responsible party for the processing of your personal data is:
gateretail / gategroup Holding AG
8152 Glattbrugg Switzerland
Telephone: +41 44 533 7000
Contact information of our data protection officer
Purpose of the data collection
The purpose of the data collection is to optimise our website(s), analyse errors, customise our website(s) to your needs, provide you the opportunity to get in touch with us and, if applicable, to sell goods and services.
General Data Processing
In principle, we collect and use personal data of our users only to the extent necessary to provide a functional website and our contents and services. The collection and use of personal data of our users is only carried out after the consent of the user. An exception is made in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by legal regulations.
Legal basis for the processing of your data:
- Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a) of the EU General Data Protection Regulation (EU-GDPR) serves as the legal basis.
- In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations which are necessary to carry out pre-contractual measures.
- Insofar as it is necessary to process personal data in order to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.
- In the event that vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 para. 1 lit. d) GDPR is used as the legal basis.
- If the processing is necessary to safeguard the legitimate interests of our company or a third party and if the interest, fundamental rights and fundamental freedoms of the person concerned do not outweigh the former interest, Art. 6 para. 1 lit. f) GDPR applies as the legal basis for the processing.
Legitimate interests can be in particular:
- the answering of inquiries;
- the performance of direct marketing activities;
- the provision of services and/or information intended for you;
- the processing and transfer of personal data for internal or administrative purposes;
- the operation and administration of our website;
- the technical support of the users;
- the prevention and detection of fraud and criminal offences;
- the protection against non-payment when obtaining creditworthiness information in connection with the requests for goods and services; and/or
- the protection of network and data security, insofar as these interests are in accordance with the applicable law and with the rights of the user
Categories of recipients:
- Service providers for the optimization of websites, online marketing service providers and tools, service companies for information and communication technology, companies for software and equipment maintenance, some of them are described in detail below;
- Social networks and communities;
- Internal recipients according to the “need to know” principle.
User data / Server log files
Whenever you visit our website, our systems automatically collect data and information from the computer system of the calling computer. The following types of data are collected: Browser type, version used, operating system of the user, internet service provider, IP address of the user, date and time of retrieval, websites from which the user's system has come to our website or to which the user of our website accesses. The legal basis for the temporary storage of data and logfiles is Art. 6 para. 1) lit. f) GDPR with the above mentioned legitimate interests. The temporary storage of the IP address by the system is necessary to enable the website to the computer of the user. For this purpose, the user's IP address must remain stored for the duration of the session.
Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes also include our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f) GDPR. The data will be deleted as soon as they are no longer required for the purpose of their collection. In the case of the collection of data for the purpose of providing the website, this is the case when the respective session has ended. The collection of the data for the provision of the website and the storage of the data in log files is essential for the operation of the website. Furthermore, we reserve the right to check the files if, based on concrete evidence, there is a legitimate suspicion of illegal use or a concrete attack on the pages. In this case, our legitimate interest is the processing for the purpose of clarification and criminal prosecution of such attacks and illegal use.
When you register to shop with us, you may provide us with:
Your personal details, including your full name, postal and billing addresses, email addresses, phone numbers. Information relating to your Air Europa SUMA programme, Air Europa SUMA card number.Your account login details, such as your username and the password that you have chosen.
When you shop with us online or browse our Websites, we may collect:
Information about your online purchases (for example, what you have bought, when you bought it and how you paid for it) Air Europa flight details or Home delivery address. Information about your online browsing behaviour on our Website and information about when you click on one of our adverts (including those shown on other organisations’ websites). Information about any devices you have used to access our Services (including the make, model and operating system, IP address, browser type and mobile device identifiers)
When you use your Air Europa SUMA client number to earn miles, or use e-vouchers, we may collect:
Transaction information, including the online purchases you earn SUMA miles for and how you use your SUMA miles as payment.
When you contact us or we contact you or you take part in promotions, competitions, surveys or questionnaires about our Services, we may collect:
Personal data you provide about yourself anytime you contact us about our Services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media. Details of the emails and other digital communications we send to you that you open, including any links in them that you click on.
Other sources of personal data
We may also use personal data from other sources, such as, online media channels. This helps us improve and measure the effectiveness of our marketing communications, including online advertising.
Technical cookies: Some elements of our website require that the calling browser can be identified even after a page change. The purpose of this use is to enable the function of the website in the first place. Examples of technically necessary cookies are the provision of a shopping cart or the login as a registered user. The processing is therefore based on Art. 6 para. 1 lit. b) or f) GDPR.
Functional cookies: There may be functions which are not technically necessary for the operation of our website, but which considerably simplify its use, such as the adoption of language settings or font sizes, the memorization of search terms, etc. Processing is also carried out on the basis of Art. 6 para. 1 lit. b) or f) GDPR.
General statements about web beacons / tracking pixel
Web beacons are invisible graphics with the size of a pixel. They are used by partner companies, for the purpose of tracking a user via various web pages to create a profile for use in advertising tailored to the user (targeting). A pixel integrated into the web page is loaded from the partner's server when the web page is accessed. In this way, the partner receives your IP address, as well as information about your browser and its version, browser plug-ins used (browser fingerprint), your operating system and your network operator. For the integration of external services through web beacons / tracking pixels or other scripts, the specifications for advertising cookies apply accordingly.
Content of external providers
Contact us via e-mail
You can contact us via the provided e-mail address. In this case, the user's personal data transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.
The legal basis for the processing is:
- For the receipt of the data based on the sending of the contact form as consent in accordance with Art. 6 para. 1 lit. a) in connection with Art. 5 (expected processing) GDPR or alternatively on the basis of the legitimate interest of answering your contact request according to Art. 6 para. 1 lit. f) GDPR.
- For the processing of data transmitted in the context of sending an e-mail, Art. 6 para. 1 letter f) GDPR with the above-mentioned legitimate interests.
- If the e-mail contact aims at the conclusion of a contract, an additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
The data will be deleted as soon as they are no longer required for the purpose of their collection. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended and there is no reason for further storage. The conversation is finished when it can be concluded from the circumstances that the matter in question has been finally clarified. Retention periods under commercial and tax law may exist.
The user has the possibility to revoke his or her consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
Data collection during registration and registered use
Our website require registration. The data collected in the process is used for the purpose of using the respective websites and services, unless otherwise described and explicitly agreed upon during registration. The data collected is derived from the input mask in the context of registration, processing is based on Art. 6 para. 1 lit. b) GDPR. All other data that you can enter at a later date to complete your profile are optional and voluntary and are based on the legal basis of Art. 6 para. 1 lit. a) GDPR. After registration, we may inform you about relevant circumstances related to our offer for which you have registered by means of the deposited e-mail address.
Furthermore, we reserve the right, in the case of orders or commissions, to pass on personal data to third parties for credit information purposes, insofar as this is necessary to protect our legitimate interests. In doing so, only the data required to calculate the creditworthiness using a mathematical-statistical procedure by the credit agency will be transmitted. We require creditworthiness information in order to be able to decide on the establishment and execution of a contractual relationship while safeguarding our legitimate interests.
Data transmission via the internet
Data transmission via the internet is generally associated with certain risks. A special encryption of the data is not carried out, especially messages from the contact form of our website and messages in the service chat are transmitted unencrypted.
Please bear this in mind when transmitting data. If you wish to communicate with us by means of encrypted e-mail, this is possible by using SMIME encryption. Please inform us of your wish to use encryption, as we regularly send unencrypted e-mails due to the current low market penetration of e-mail encryption methods.
If you provide us with personal data, this data will only be passed on to third parties if this is necessary for the processing of the contractual agreement or if another legal reason legitimises this passing on. However, we provide certain services with the cooperation of service providers. We have carefully selected these service providers and have taken appropriate measures to protect your personal data.
The personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. Data will also be blocked or deleted when a storage period prescribed by the above-mentioned standards expires, unless there is a need to continue storing the data for the purpose of concluding or fulfilling a contract.
How we protect personal data
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place. We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities. We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL). We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you. However, whilst we take appropriate technical and organisational measures to safeguard your personal data, please note that we cannot guarantee the security of any personal data that you transfer over the internet to us. The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by companies operating outside the EEA who work for us or for one of our service providers. We will ensure appropriate protection is in place to make sure your personal data remains protected and is treated in line with this Policy.