Travel ID Privacy Policy

Austrian Airlines AG, Brussels Airlines SA/NV, Deutsche Lufthansa AG, Eurowings GmbH, EW Discover GmbH and Swiss International Air Lines AG, as Lufthansa Group airlines, and Miles & More GmbH are the operators of Travel ID.

Unless otherwise stated in this Privacy Policy, “we” or “us” or “Travel ID operators” refers to the Lufthansa Group airlines and Miles & More GmbH as the controllers with joint responsibility (“Joint Controllers”) for the processing of your personal data as defined in Article 26 of the General Data Protection Regulation of the European Union (“GDPR”). We have concluded a Joint Controller Agreement for this purpose. We will gladly answer any further questions you may have in this regard.

More information and contact addresses for the Lufthansa Group airlines and Miles & More GmbH can be found in the introduction to the ​Travel ID Terms and Conditions of Use and in the respective legal notices of the Travel ID operators.

To ensure the protection of your personal data, all Travel ID operators have appointed a data protection officer. Please feel free to contact these data protection officers with data-protection-related queries concerning Travel ID.

The data protection officer of Deutsche Lufthansa AG, Miles & More GmbH, Eurowings GmbH and EW Discover GmbH:

Deutsche Lufthansa AG

Group Data Protection Officer
FRA CJ/D
Lufthansa Aviation Center
Airportring
60546 Frankfurt am Main
Germany
Email: datenschutz@dlh.de

Austrian Airlines AG Data Protection Officer:

Austrian Airlines AG
Legal office – Data Protection
Office Park 2
PO box 100
1300 Vienna Airport
Austria

Swiss International Air Lines Ltd. Company Data Protection Officer:

Swiss International Air Lines Ltd.
Company Data Protection Officer
ZRHS/CJ
Postfach 8058
Zurich Airport
Switzerland
Email: dataprotection@swiss.com

Brussels Airlines SA/NV Data Protection Officer:

Brussels Airlines
Data Protection Officer
Airport Bld. 26, General Aviation - Ringbaan
1831 Machelen
Belgium
Email: privacy@brusselsairlines.com

Head office in the UK for purposes of compliance with applicable data protection laws: World Business Centre 1, Newall Road, London Heathrow Airport, Hounslow, Middlesex, TW6 2FA, England

When you register for Travel ID, the only mandatory information we request is your email address, your title, your first and last names, your date of birth and a password. Your country and preferred language settings will be automatically transferred - as far as technically possible - using the country and language settings you entered on the respective websites or apps of the Travel ID operators. This information is required in order to create a Travel ID profile and to use the Travel ID services described in detail below and in the Travel ID Terms and Conditions of Use.

You are free to add further information to your Travel ID profile on a voluntary basis. This could be, for example, your address or your mobile phone number or flight preferences, such as preferred departure airport. You can also voluntarily store documents such as travel or health documents (cf. Section 7 of this Privacy Policy) or payment details. We also use this information to provide the Travel ID services described below and in the Travel ID Terms and Conditions of Use.

When you visit our websites and apps, our aim is to make it easier and quicker for you to find and use the information that is relevant to you. That is why we give you the option of using your Travel ID when you log in to the websites and apps of the Travel ID operators, so that the respective service you wish to use is already personalised without a new customer profile having to be created each time. Examples of this personalisation might be that you are greeted by name when you access the respective website/app, or we might provide information relevant to your current flight booking and/or pre-populated forms.

As may be required in individual cases, we process the data stored in your Travel ID profile to enable you to log in with your Travel ID and to personalise the content displayed in the website/app you access.

If you do not wish to use the login service, you are, of course, free to use the website/app without logging in. In this case, the content you access will no longer be personalised, unless you subsequently enter certain types of information manually (such as your current flight booking), in order to obtain specific information, e.g. in relation to your flight. In such cases, any data you input manually will not be linked to your Travel ID profile.

We use the data you enter in your Travel ID profile to make the booking process easier for you through pre-populated forms. This could be data you actively provided during registration or added at some later point, or data you gave as part of a previous booking and which we automatically use for another booking. We also use your data given during your booking to provide you with pre-populated forms for online check-in and at self-service check-in machines. If you fill out other forms, such as during your participation in a lucky draw or when you send customer feedback using one of our electronic feedback forms on the website, for example to report lost baggage or provide feedback on your travel experience, the contact details required are also pre-populated from your Travel ID profile.

Your past bookings will be displayed in your Travel ID profile. This means you can continue to keep track of your previous bookings with Travel ID operators in the future, and access and print booking documents and invoices. These bookings are automatically saved in your Travel ID profile when you have made the booking while logged in. It is also possible to add bookings to your profile retroactively. Your Travel ID profile shows the bookings for a maximum of the last ten years.

You have the option of using the health document check process to have your health-related documents checked for validity for entry to or travelling through a country. You can upload your health-related documents, such as vaccination certificates or proof of recovery, to your Travel ID profile. When using this process, you consent to the storage and checking of your health-related documents and, in particular, special categories of personal data as defined in the GDPR.

You have the right to withdraw your consent to the use of health-related data at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn. If you withdraw your consent, the documents will be deleted from your Travel ID profile.

The legal basis for the data processing described is represented by your consent given in accordance with Art. 6 (1)(a) GDPR.

Your health-related documents will be deleted automatically after 12 months.

Once you have booked a flight, you may be shown a list of possible additional services for your flight in the Travel ID operators’ booking portals. These may be additional flight-related Travel ID operator services, such as premium meals or upgrades, or additional third-party services, such as rental cars or insurance policies.

For this purpose, we process data stored about you with Travel ID operators, such as flight data and the data stored in your profile, provided you have consented to the use of your data.

If you give us your consent in this respect, we also use information collected by means of cookies to analyse your response to the services offered, i.e. whether you have clicked on or purchased them, in order to continuously improve the personalisation of our offers.

During the registration process and subsequently in your Travel ID profile, you have the option of giving us consent to send you information and individual offers regarding the services of the Lufthansa Group airlines and their respective partner companies, and to communicate with you for this purpose via electronic means of communication (e.g. email, SMS/MMS) and/or by telephone.

In addition, you can give Miles & More GmbH permission to send you offers relating to your possible membership of the Miles & More programme if you are not yet a member of the Miles & More programme.

If you give us the relevant consent, we will process your contact details (i.e. name and telephone number and/or email address) in order to send you the information and personalised offers in accordance with your statement of consent.

As we only wish to send you information and offers that you are really interested in, we also process with your consent the information stored in your Travel ID profile regarding previous bookings, such as itinerary, travel period, booking class, and information about your current booking, such as your travel destination, selected fare and preferences stored in your Travel ID profile, in order to personalise the information and offers. For example, by analysing information regarding your forthcoming trip, we may send you special offers or vouchers for additional services for your trip or for services available at your travel destination.

You have the right to withdraw your consent at any time. You can also decide for yourself the extent to which you wish to receive information and individual offers from us by adjusting your communication settings. You may withdraw your consent to marketing communications for individual areas as well (such as for the email newsletter only) in your Travel ID profile. For further information on your right of withdrawal, please refer to Section 15 of this Privacy Policy.

You can choose to actively enable a “stay logged-in” feature when logged into Travel ID operators’ websites and apps, which means that you will not be required to log in again after ending your session and later re-visiting the website/app.

With your consent, we use cookies for this purpose, so that when you return to the website/app you will be automatically recognised.

When the “stay logged-in” feature expires, you will be asked to log in again. In addition, you will always be prompted to log in again if you are in the process of carrying out activities which require an enhanced level of security, such as changing your profile data.

If you no longer wish to use the Travel ID services, you may delete your Travel ID profile at any time. The personal data collected in connection with your use of Travel ID will then be deleted immediately - subject to conflicting retention requirements and obligations.

You can delete your Travel ID profile, as well as any specific items of data you have provided in your Travel ID profile, yourself by logging into your Travel ID profile and using the delete button located next to your personal details.

We also delete your provisional Travel ID profile if you do not confirm your registration within the period stated in the confirmation email, or if you have had a confirmation email with an activation link sent to you more than three times and do not use it.

We also reserve the right to delete your Travel ID profile if you have not used it for ten years.

Should you register for the Miles & More programme via Lufthansa Group airline websites or apps at some time in the future, both Travel ID registration and the linking of both profiles is required.

If you are already a member of the Miles & More programme at the time of your Travel ID registration, please link your Travel ID profile to your Miles & More account. In this way, it is easier for us to ensure that you only receive the communication you want and that the different profile details do not contradict each other.

You decide whether to create this link by giving your consent. Data synchronisation is performed between your Travel ID profile and your Miles & More account when you give your consent. Specifically, the data you have stored in the two accounts will be synchronised or transferred as follows when you make the link:

The master data (e.g. surname, first name, address, telephone number) given voluntarily during registration or at a later date will be compared. If these do not match, the title, first and last names, address, mobile phone number and date of birth from your Miles & More account will be automatically stored. The email address will be taken from your Travel ID profile.

Other data, such as your preference details, will be compared if this information is stored in both accounts, and the preferences from the Miles & More account stored.

As you are given the option to consent to advertising communications from us in both profiles, and we want to be sure that we only contact you if you actually want us to, these communication settings are also synchronised during the account linking process. This ensures that we will only contact you if you have given your consent to this in both your Travel ID profile and your Miles & More account. Please note that if you give or withdraw your consent after the accounts are connected, this is then effective for both of your accounts.

You have the right to withdraw your consent at any time. For further information on your right of withdrawal, please refer to Section 15 of this Privacy Policy.

Specific cookies are used on the registration page as part of the registration process. You can find these under ​Information on cookies and similar technologies.

We use local storage functionality on the registration page. This means that your data is stored locally in your browser’s cache once you have logged in. Your data is deleted after you have closed the browser window, except for your last chosen login method. Providing you do not delete your browser’s cache, this information is retained and can be read the next time you access the website. By using local storage, we facilitate the correct display of your data when you are using our website without slowing the process unnecessarily or overloading the interfaces.

If you do not want local storage to be used, you can change your settings accordingly in your browser at any time. Please note that if you do so the functionalities of our website may be limited or no longer available. In particular, you will then not be able to access your personal profile.

With regard to cookies and the functionality of local storage on the individual websites of Travel ID operators, the respective Privacy Policies and information about cookies and similar technologies of the Travel ID operators shall apply.

We process your data to the extent and as long as necessary for the processing purposes described in this Privacy Policy.

If the purpose for which your data was processed no longer applies, this data will be deleted, unless the retention thereof is required for the following purposes:

• fulfilment of statutory retention periods, which may result from obligations under commercial or tax law; these periods may amount to up to ten years
• assertion, exercise or defence of legal claims within the framework of the statutes of limitation

In these cases, the processing of your data is restricted (“blocked”) so that it can no longer be processed for other purposes.

15.1 Your rights

As the data subject you can exercise the following rights where the respective statutory conditions exist:

• Right of access, Art. 15 GDPR
• Right to rectification, Art. 16 GDPR
• Right to erasure (“right to be forgotten”), Art. 17 GDPR (also see Section 11 of this Travel ID Privacy Policy)
• Right to restriction of processing, Art. 18 GDPR
• Right to data portability, Art. 20 GDPR
• Right to object, Art. 21 GDPR (see also Section 16 of this Travel ID Privacy Policy)

Insofar as we process your data on the basis of consent, you have the right to withdraw this consent at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.

To exercise your rights, you can use the relevant contact forms provided by the Travel ID operators (see Section 1 of this Privacy Policy). In order to process your application and identify you, we will process your personal data in accordance with Art. 6 (1)(c) GDPR.

In your Travel ID profile on our websites and apps, you can also check the current status of most of your master data yourself at any time. Please update your personal data immediately after any changes occur (for example, your postal address, email address or telephone number). To delete your Travel ID profile, please proceed as described in Section 11 of this Travel ID Privacy Policy.

You also have the right to lodge a complaint with a regulatory authority: Art. 77 GDPR.

15.2 Supervisory authorities

You will find a list of all data protection authorities responsible for the Travel ID operators below.

The competent supervisory authority for Deutsche Lufthansa AG, Eurowings Discover GmbH and Miles & More GmbH is:

The Data Protection Commissioner of Hesse

Postfach 3163

65021 Wiesbaden

Germany

Tel.: +49 - 611 - 14 08 - 0

Fax: +49 - 611 - 14 08 - 900 or - 901

Email: poststelle@datenschutz.hessen.de

The competent supervisory authority for Eurowings GmbH is:

Regional Officer for Data Protection and Freedom of Information

State of North Rhine-Westphalia
Postfach 20 04 44
40102 Dusseldorf
Germany
Tel.: +49 - 211 - 38 424 - 0
Fax: +49 - 211 - 38 424 - 999
Email: poststelle@ldi.nrw.de

The competent supervisory authority for Austrian Airlines AG is:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna
Austria
Tel.: ​+43 - 52 -152 - 0
Email: ​dsb@dsb.gv.at

The competent supervisory authority for Swiss International Air Lines AG is:

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
Switzerland
Tel.: +41 - 58 - 46 24 395
Fax: +41 - 58 - 46 59 996
 

The competent supervisory authority for Brussels Airlines SA/NV is:

Autorité de protection des données

Gegevensbeschermingsautoriteit

Data Protection Authority

Rue de la presse 35, 1000 Brussels
Belgium
Tel.: +32 - 2 - 27 44 800
Email: contact@apd-gba.be

For reasons arising from your specific situation, you have the right to object at any time to the processing of your personal data based on Art. 6 (1)(f) GDPR (Lawfulness of Processing).

In the event of an objection, we will no longer process the personal data that concerns you, unless we can prove that there are compelling reasons for the processing that are worthy of protection and that outweigh your interests, rights and freedoms, or if the processing is used to enforce, exercise or defend legal claims.

If the personal data concerning you is processed by us for the purpose of direct marketing and you object to this processing, the personal data concerning you will no longer be processed for these purposes.

You can object to the processing of your personal data at any time, for example by using the contacts listed in Section 2 of this Privacy Policy.

We use technical and organisational security measures to protect your data against accidental or deliberate manipulation, loss, deletion or access by unauthorised persons. Our security measures are being improved continuously as new technology develops.

In connection with the processing operations described in this Travel ID Privacy Policy, we may disclose your data to the following categories of recipients:

• service providers with whom we cooperate on the basis of a data processing agreement pursuant to Art. 28 (3) GDPR;
• government agencies and authorities, e.g. on the basis of police and investigative activities.

In such cases, personal data may be transferred to third countries or international organisations. For your protection and the protection of your personal data, appropriate security measures will be taken for such data transfers in accordance with and pursuant to the law.

If these transfers have no legal basis or are made to a country for which the EU Commission has not issued an adequacy decision, we use EU standard contractual clauses.

Information about EU standard contractual clauses is available on the European Union website.

We check this Travel ID Privacy Policy regularly and will update it as required. We will inform you if there are material changes to this Travel ID Privacy Policy (for example on our websites).