EBSA 2021 - flight request

Passenger Information
Flight request
Our Privacy Policy
Data protection The protection of your privacy and the security of your personal data is the top priority for COLUMBUS Reisen GmbH. We promise we will handle your personal data carefully and conscientiously. That’s why the processing of your personal data is continually reviewed, and corresponding technical and organisational security measures are taken. The personal data you entrust us with is thereby protected against manipulation, loss or access by unauthorised persons. To be able to offer you this protection in the long-term, our data security measures are, of course, continually reviewed and renewed. For reasons of easier legibility, this Privacy Policy does not make a distinction between male and female persons. The relevant terms apply in all cases to both sexes, in line with gender equality. 1. Responsible authority COLUMBUS Reisen GmbH & Co KG. (Universitätsring 8, 1010 Vienna, Austria; hereinafter also “we” or “us”) hereby informs you about the processing of your personal data. 2. Data subjects Data subjects to whom this Privacy Policy applies are natural persons who use our services. 3. Security has the highest priority Security has the highest priority as you entrust us with a lot of your personal data. It is an important concern for us that we handle your personal data with the greatest care and protect your privacy. Data protection is taken into account in our business processes at all times. By using our services you agree to this Privacy Policy. We use the services of selected commissioned data processors for the technical and organisational handling of your request. These are contractually obliged to process the obtained personal data solely according to our instructions. 4. Booking flight tickets When you book a flight with us, the following personal data is processed: title, first name, surname, date of birth, email address, contact address (street, town and postcode), telephone number, meal preference (requested menu), your specific service requests (e.g. transport assistance, accompanying assistance, etc.) and credit card data. Irrespective of the travel destination, the following personal data may or must be given: date of birth nationality and passport data Visa data We only process your personal data in order to issue your desired flight ticket and to send you a booking confirmation. Your booking confirmation will be sent unencrypted via electronic channels. In addition, we process your personal booking data solely on the basis of statutory regulations or with your consent. If you provide us with any personal health information when booking your flights so that we can provide you with the relevant assistance in accordance with your medical needs, this data will only be processed for the provision of those services and/or shared with third parties (e.g. airports, security checks, etc.) for the provision of those services. If you carry out the purchase of a flight ticket not only for yourself but also for a person travelling with you, please note that you must have the relevant power of representation. Please also note that we will store your passenger data. In principle, the retention period is three years, unless other statutory or legitimate interests prevent the deletion of such data. 5. Connection with frequent flyer programme When booking a flight or checking in online, you can indicate a frequent flyer programme by providing your frequent flyer number for the purposes of earning mileage credit. Please note the data protection information for your frequent flyer programme. 6. Transmitting personal data to third parties The personal data you disclosed when successfully booking a flight will only be shared with third parties (e.g. operating airlines, airports, etc.) for the fulfilment of contractual obligations. The transmission of personal data to domestic and foreign courts, authorities or other state institutions will only be carried out in accordance with applicable statutory requirements. 7. Transmission of personal data to foreign authorities The collection or transmission of personal data to state institutions and authorities will only be carried out in accordance with applicable statutory requirements. Please note: all data provided by you in the context of a booking may be subject to transmission. 7.1. APIS data (Advance Passenger Information System) In a variety of countries, airlines are under legal or official obligation to transmit passenger data before the respective flight lands in the destination country, that is, if your destination or transfer airport is based in one of the states affected. Such legal regulations generally involve the transmission of data pertaining to the identity and the travel documents (passport, visa) of the passenger boarding the flight. We generally do not have access to these data, which is why they must be collected before departure. This is increasingly carried out via the so-called “machine-readable zone” on newer travel documents. The collection of this data is intended solely for direct transmission to the authorities of the destination country.
7.2. Secure Flight In accordance with the regulations of the Transportation Security Administration (TSA), you are obliged, for the purposes of Watch List Screenings on the basis of 49 U.S.C. Section 114 of the Intelligence Reform and Terrorism Prevention Act of 2004 and 49 C.F.R. Part 1540 and 1560, to provide your full name, date of birth and gender. If available, you can also provide your redress number. If you do not provide your full name, date of birth and gender, you may be denied the right to travel or to access the departure area. Within the scope of its public records system, the TSA can exchange the data provided by you with law enforcement authorities, intelligence services and other organisations. You can find further information about the Privacy Policy of the TSA, the documentation system and the data protection implications on the TSA website at www.tsa.gov. 8. Collection of contact data In accordance with EU Regulation No. 996/2010 (EU Regulation No. 996/2010 of the European Parliament and of the Council of 20 October 2010, for the Investigation and Prevention of Accidents and Incidents in Civil Aviation and Repeal of Directive 94/56/EC), we give you the option to provide the name and telephone number, or email address, of a contact person, who should be contacted in the event of an aviation accident. These details will be used exclusively for this purpose and will be deleted after the last flight you have boarded. Please note: These data are not linked with the reservation – if you rebook, these details must be re-entered. 9. Legitimate interests Should we process your data, in our legitimate interest, aside from the purposes stated above, it will be for the following purposes: to claim, defend or enforce legal claims; for the transparency and further development of business processes subject to the stated retention periods. 10. Review of payment transactions COLUMBUS Reisen GmbH & Co KG. reviews payment transactions in connection with flight bookings to prevent fraud and other improper use. For this purpose, COLUMBUS Reisen GmbH & Co KG. uses both internal and external resources. 11. Data security COLUMBUS Reisen GmbH & Co KG. implements technical and organisational data security procedures to protect your personal data against incidental and wilful manipulation, loss and destruction, or against access by unauthorised persons. Data security measures at COLUMBUS Reisen GmbH & Co KG. are continuously evolving to ensure our technical security procedures reflect the latest standards in technological development. In the same way, our staff at COLUMBUS Reisen GmbH & Co KG. in the data security and data protection divisions undergo training and are subject to organisational procedures designed for secure data processing. 12. Data subject rights COLUMBUS Reisen GmbH & Co KG. is deeply committed to making our data processing procedures clear and transparent. It is therefore important that our customers are not only able to withdraw their consent, but also to exercise the following rights they have: Right to information Right to correction of their personal data Right to deletion Right to restriction of processing Right of data portability You must submit your data subject rights request in writing using the online form with proof of your identity (scan or copy of an official photo ID). You can also send this type of request to us by post: COLUMBUS Reisen GmbH & Co KG. Data Protection Universitätsring 8 1010 Vienna Austria If you have any concerns about data protection law, please contact us by post at the address given above or contact our company’s data protection officer using our online form. You also have the right to file a complaint with the Data Protection Authority as the competent supervisory authority. The data protection authority with jurisdiction for COLUMBUS Reisen GmbH & Co KG. is: Austrian Data Protection Authority (Österreichische Datenschutzbehörde) Barichgasse 40-42 1030 Vienna Telephone: +43 (0) 52 152 – 0 Email: dsb@dsb.gv.at 13. Disclaimer This Privacy Policy only applies to the processing of personal data when using our flight booking services. This Privacy Policy does not cover other websites, in particular third-party websites. If you leave this website, we ask you to consult the validity of the applicable data protection provisions of those other websites. In the course of our business operations, it is sometimes necessary to collect, save and process some of your personal data. For example, this is necessary for carrying out a flight booking or for the creation of your customer profile. However, you can rest assured that we are as transparent as possible when it comes to the processing of your data and that you have control over your personal data at all times. Your personal data is only processed to the extent that it is absolutely necessary or if we have received your permission to do so. If you would like to know what personal data we process in detail, please contact us at any time by sending us an Information request. In addition, you have further rights which you can exercise based on the General Data Protection Regulation (in short: “GDPR” – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 for the protection of individuals with regard to the processing of personal data and on the free movement of such data).