We, the airlines of the Lufthansa Group and Miles & More GmbH, as the operators of Travel ID, would like to offer you our services within the Lufthansa Group in the most convenient way possible and provide you with a travel experience that is tailored to you and your particular wishes and expectations, from your first visit to our website and apps through to the end of your trip and beyond. You have the option through Travel ID to create a free customer profile, which is valid for all Travel ID operators, and with which you can access a wide range of services.
The creation of a Travel ID profile and provision of the data needed for this is not required by law or contract. However, some of our services are available exclusively to our Travel ID customers. This applies, for example, to the option of receiving personalised flight offers and additional services on the Travel ID operators’ booking platforms.
1. Controllers under data protection law
Austrian Airlines AG, Brussels Airlines SA/NV, Deutsche Lufthansa AG, Eurowings GmbH, EW Discover GmbH and Swiss International Air Lines AG, as Lufthansa Group airlines, and Miles & More GmbH are the operators of Travel ID.
More information and contact addresses for the Lufthansa Group airlines and Miles & More GmbH can be found in the introduction to the Travel ID Terms and Conditions of Use and in the respective legal notices of the Travel ID operators.
2. Data protection officers
To ensure the protection of your personal data, all Travel ID operators have appointed a data protection officer. Please feel free to contact these data protection officers with data-protection-related queries concerning Travel ID.
The data protection officer of Deutsche Lufthansa AG, Miles & More GmbH, Eurowings GmbH and EW Discover GmbH:
Deutsche Lufthansa AG
Group Data Protection Officer
Lufthansa Aviation Center
60546 Frankfurt am Main
Austrian Airlines AG Data Protection Officer:
Austrian Airlines AG
Legal office – Data Protection
Office Park 2
PO box 100
1300 Vienna Airport
Swiss International Air Lines Ltd. Company Data Protection Officer:
Swiss International Air Lines Ltd.
Company Data Protection Officer
Brussels Airlines SA/NV Data Protection Officer:
Data Protection Officer
Airport Bld. 26, General Aviation - Ringbaan
Head office in the UK for purposes of compliance with applicable data protection laws: World Business Centre 1, Newall Road, London Heathrow Airport, Hounslow, Middlesex, TW6 2FA, England
When you register for Travel ID, the only mandatory information we request is your email address, your title, your first and last names, your date of birth and a password. Your country and preferred language settings will be automatically transferred - as far as technically possible - using the country and language settings you entered on the respective websites or apps of the Travel ID operators. This information is required in order to create a Travel ID profile and to use the Travel ID services described in detail below and in the Travel ID Terms and Conditions of Use.
4. Personalised use of websites and apps
When you visit our websites and apps, our aim is to make it easier and quicker for you to find and use the information that is relevant to you. That is why we give you the option of using your Travel ID when you log in to the websites and apps of the Travel ID operators, so that the respective service you wish to use is already personalised without a new customer profile having to be created each time. Examples of this personalisation might be that you are greeted by name when you access the respective website/app, or we might provide information relevant to your current flight booking and/or pre-populated forms.
As may be required in individual cases, we process the data stored in your Travel ID profile to enable you to log in with your Travel ID and to personalise the content displayed in the website/app you access.
If you do not wish to use the login service, you are, of course, free to use the website/app without logging in. In this case, the content you access will no longer be personalised, unless you subsequently enter certain types of information manually (such as your current flight booking), in order to obtain specific information, e.g. in relation to your flight. In such cases, any data you input manually will not be linked to your Travel ID profile.
5. Pre-populated forms
We use the data you enter in your Travel ID profile to make the booking process easier for you through pre-populated forms. This could be data you actively provided during registration or added at some later point, or data you gave as part of a previous booking and which we automatically use for another booking. We also use your data given during your booking to provide you with pre-populated forms for online check-in and at self-service check-in machines. If you fill out other forms, such as during your participation in a lucky draw or when you send customer feedback using one of our electronic feedback forms on the website, for example to report lost baggage or provide feedback on your travel experience, the contact details required are also pre-populated from your Travel ID profile.
6. Summary of your bookings
Your past bookings will be displayed in your Travel ID profile. This means you can continue to keep track of your previous bookings with Travel ID operators in the future, and access and print booking documents and invoices. These bookings are automatically saved in your Travel ID profile when you have made the booking while logged in. It is also possible to add bookings to your profile retroactively. Your Travel ID profile shows the bookings for a maximum of the last ten years.
7. Health document check
You have the option of using the health document check process to have your health-related documents checked for validity for entry to or travelling through a country. You can upload your health-related documents, such as vaccination certificates or proof of recovery, to your Travel ID profile. When using this process, you consent to the storage and checking of your health-related documents and, in particular, special categories of personal data as defined in the GDPR.
You have the right to withdraw your consent to the use of health-related data at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn. If you withdraw your consent, the documents will be deleted from your Travel ID profile.
The legal basis for the data processing described is represented by your consent given in accordance with Art. 6 (1)(a) GDPR.
Your health-related documents will be deleted automatically after 12 months.
8. Personalisation of offers
Once you have booked a flight, you may be shown a list of possible additional services for your flight in the Travel ID operators’ booking portals. These may be additional flight-related Travel ID operator services, such as premium meals or upgrades, or additional third-party services, such as rental cars or insurance policies.
For this purpose, we process data stored about you with Travel ID operators, such as flight data and the data stored in your profile, provided you have consented to the use of your data.
If you give us your consent in this respect, we also use information collected by means of cookies to analyse your response to the services offered, i.e. whether you have clicked on or purchased them, in order to continuously improve the personalisation of our offers.
9. Personalised advertising communication
During the registration process and subsequently in your Travel ID profile, you have the option of giving us consent to send you information and individual offers regarding the services of the Lufthansa Group airlines and their respective partner companies, and to communicate with you for this purpose via electronic means of communication (e.g. email, SMS/MMS) and/or by telephone.
In addition, you can give Miles & More GmbH permission to send you offers relating to your possible membership of the Miles & More programme if you are not yet a member of the Miles & More programme.
If you give us the relevant consent, we will process your contact details (i.e. name and telephone number and/or email address) in order to send you the information and personalised offers in accordance with your statement of consent.
As we only wish to send you information and offers that you are really interested in, we also process with your consent the information stored in your Travel ID profile regarding previous bookings, such as itinerary, travel period, booking class, and information about your current booking, such as your travel destination, selected fare and preferences stored in your Travel ID profile, in order to personalise the information and offers. For example, by analysing information regarding your forthcoming trip, we may send you special offers or vouchers for additional services for your trip or for services available at your travel destination.
10. “Stay logged-in” feature
You can choose to actively enable a “stay logged-in” feature when logged into Travel ID operators’ websites and apps, which means that you will not be required to log in again after ending your session and later re-visiting the website/app.
When the “stay logged-in” feature expires, you will be asked to log in again. In addition, you will always be prompted to log in again if you are in the process of carrying out activities which require an enhanced level of security, such as changing your profile data.
11. Deleting your Travel ID profile
If you no longer wish to use the Travel ID services, you may delete your Travel ID profile at any time. The personal data collected in connection with your use of Travel ID will then be deleted immediately - subject to conflicting retention requirements and obligations.
You can delete your Travel ID profile, as well as any specific items of data you have provided in your Travel ID profile, yourself by logging into your Travel ID profile and using the delete button located next to your personal details.
We also delete your provisional Travel ID profile if you do not confirm your registration within the period stated in the confirmation email, or if you have had a confirmation email with an activation link sent to you more than three times and do not use it.
We also reserve the right to delete your Travel ID profile if you have not used it for ten years.
12. Linking with the Miles & More programme
Should you register for the Miles & More programme via Lufthansa Group airline websites or apps at some time in the future, both Travel ID registration and the linking of both profiles is required.
If you are already a member of the Miles & More programme at the time of your Travel ID registration, please link your Travel ID profile to your Miles & More account. In this way, it is easier for us to ensure that you only receive the communication you want and that the different profile details do not contradict each other.
You decide whether to create this link by giving your consent. Data synchronisation is performed between your Travel ID profile and your Miles & More account when you give your consent. Specifically, the data you have stored in the two accounts will be synchronised or transferred as follows when you make the link:
The master data (e.g. surname, first name, address, telephone number) given voluntarily during registration or at a later date will be compared. If these do not match, the title, first and last names, address, mobile phone number and date of birth from your Miles & More account will be automatically stored. The email address will be taken from your Travel ID profile.
Other data, such as your preference details, will be compared if this information is stored in both accounts, and the preferences from the Miles & More account stored.
As you are given the option to consent to advertising communications from us in both profiles, and we want to be sure that we only contact you if you actually want us to, these communication settings are also synchronised during the account linking process. This ensures that we will only contact you if you have given your consent to this in both your Travel ID profile and your Miles & More account. Please note that if you give or withdraw your consent after the accounts are connected, this is then effective for both of your accounts.
13. Cookies and local storage
Specific cookies are used on the registration page as part of the registration process. You can find these under Information on cookies and similar technologies.
We use local storage functionality on the registration page. This means that your data is stored locally in your browser’s cache once you have logged in. Your data is deleted after you have closed the browser window, except for your last chosen login method. Providing you do not delete your browser’s cache, this information is retained and can be read the next time you access the website. By using local storage, we facilitate the correct display of your data when you are using our website without slowing the process unnecessarily or overloading the interfaces.
If you do not want local storage to be used, you can change your settings accordingly in your browser at any time. Please note that if you do so the functionalities of our website may be limited or no longer available. In particular, you will then not be able to access your personal profile.
With regard to cookies and the functionality of local storage on the individual websites of Travel ID operators, the respective Privacy Policies and information about cookies and similar technologies of the Travel ID operators shall apply.
14. Storage periods
If the purpose for which your data was processed no longer applies, this data will be deleted, unless the retention thereof is required for the following purposes:
- fulfilment of statutory retention periods, which may result from obligations under commercial or tax law; these periods may amount to up to ten years
- assertion, exercise or defence of legal claims within the framework of the statutes of limitation
In these cases, the processing of your data is restricted (“blocked”) so that it can no longer be processed for other purposes.
15. Your rights as the data subject
15.1 Your rights
As the data subject you can exercise the following rights where the respective statutory conditions exist:
- Right of access, Art. 15 GDPR
- Right to rectification, Art. 16 GDPR
- Right to restriction of processing, Art. 18 GDPR
- Right to data portability, Art. 20 GDPR
Insofar as we process your data on the basis of consent, you have the right to withdraw this consent at any time without affecting the lawfulness of any processing performed on the basis of this consent before such consent was withdrawn.
You also have the right to lodge a complaint with a regulatory authority: Art. 77 GDPR.
15.2 Supervisory authorities
You will find a list of all data protection authorities responsible for the Travel ID operators below.
The competent supervisory authority for Deutsche Lufthansa AG, Eurowings Discover GmbH and Miles & More GmbH is:
The Data Protection Commissioner of Hesse
Tel.: +49 - 611 - 14 08 - 0
Fax: +49 - 611 - 14 08 - 900 or - 901
The competent supervisory authority for Eurowings GmbH is:
Regional Officer for Data Protection and Freedom of Information
State of North Rhine-Westphalia
Postfach 20 04 44
Tel.: +49 - 211 - 38 424 - 0
Fax: +49 - 211 - 38 424 - 999
The competent supervisory authority for Austrian Airlines AG is:
Austrian Data Protection Authority
Tel.: +43 - 52 -152 - 0
The competent supervisory authority for Swiss International Air Lines AG is:
Federal Data Protection and Information Commissioner
Tel.: +41 - 58 - 46 24 395
Fax: +41 - 58 - 46 59 996
The competent supervisory authority for Brussels Airlines SA/NV is:
Autorité de protection des données
Data Protection Authority
Rue de la presse 35, 1000 Brussels
Tel.: +32 - 2 - 27 44 800
16. Right to object under Art. 21 GDPR
For reasons arising from your specific situation, you have the right to object at any time to the processing of your personal data based on Art. 6 (1)(f) GDPR (Lawfulness of Processing).
In the event of an objection, we will no longer process the personal data that concerns you, unless we can prove that there are compelling reasons for the processing that are worthy of protection and that outweigh your interests, rights and freedoms, or if the processing is used to enforce, exercise or defend legal claims.
If the personal data concerning you is processed by us for the purpose of direct marketing and you object to this processing, the personal data concerning you will no longer be processed for these purposes.
17. Data security
We use technical and organisational security measures to protect your data against accidental or deliberate manipulation, loss, deletion or access by unauthorised persons. Our security measures are being improved continuously as new technology develops.
18. Recipients of your data
- service providers with whom we cooperate on the basis of a data processing agreement pursuant to Art. 28 (3) GDPR;
- government agencies and authorities, e.g. on the basis of police and investigative activities.
In such cases, personal data may be transferred to third countries or international organisations. For your protection and the protection of your personal data, appropriate security measures will be taken for such data transfers in accordance with and pursuant to the law.
If these transfers have no legal basis or are made to a country for which the EU Commission has not issued an adequacy decision, we use EU standard contractual clauses.
Information about EU standard contractual clauses is available on the European Union website.