Privacy Policy


The Flughafen Parken GmbH, (hereinafter also known as the “controller” or “we”) takes the security of your personal data very seriously and observes the relevant privacy provisions, in particular the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The purpose of this policy is to explain to you how we process your personal information while using our website park.aero

I. General

1. How we process your data

We collect and use the personal data of our users only as far as this is necessary to make a functional internet site available, as well as to provide our content and services. The collection and use of personal data is done only where such processing is permitted by statutory provisions, or with the consent of the user

2. Legal basis for the processing of your personal data

Insofar as we obtain the user’s consent for the processing of personal data on our website, point (a) of Article 6 paragraph 1 GDPR applies.

Where the processing of personal data is necessary for the performance of a contract, where the contractual party is the user, point (b) of Article 6 paragraph 1 GDPR applies. This also applies to processing operations where quasi-contractual or pre-contractual measures are required.

As far as processing of personal data is necessary for the performance of a legal obligation, to which our company is subject, point (c) of Article 6 paragraph 1 GDPR applies.

Where processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, point (f) of Article 6 paragraph 1 GDPR applies. (So-called balancing of interests).

In addition, there are other statutory legal bases for the processing of personal data. These are – where relevant – specified below.

3. Data retention period

Personal data will be erased or blocked as soon as the purposes for which they are being processed no longer apply. Personal data may be saved for longer periods when this is provided for by European or national legislators under EU-regulations as well as Union or Member State law or other regulations, to which our company is subject. Blocking or erasure of data also takes place when the storage period provided for in the legal provisions named above expires, unless there is a necessity to retain the data for the purpose of entering into a contract or the fulfilment of a contract.

4. Sharing personal data with third parties

When we share your personal data we do this only with the airport selected by you for your parking reservation or newsletter registration, as well as, if applicable, service providers which support us with the fulfilment of the aforementioned purposes, e.g. IT service providers. These companies, contracted by us as so-called processors, may use your personal data only to perform tasks on our behalf and are obligated to comply with the relevant data protection provisions.

The processor used by us is: ilogs information logistics GmbH, Krone Platz 1, 9020 Klagenfurt, Austria

Otherwise, personal data will only be passed on to third parties if this is mentioned in Section II below as part of the respective description of data processing.

5. Location(s) where data will be processed

The processing of your saved personal data by us will take place exclusively in countries of the European Economic Area.

II. Processing of personal data

1. Preparation of the Internet site and creation of log files

a) Description of the data processing

Each time our internet site is called up our system automatically registers data and information from the computer system of the server which is calling.

The following data are collected:

  • Information about the type of browser and the version used
  • Operating system of the user
  • User’s internet service provider
  • User’s IP address
  • Date and time of access
  • Websites, from which the user’s system has accessed our Internet site
  • Websites accessed by the user’s system through access to our website

The data are stored in the log files of our system. The IP-address of the user, or other data which enable the mapping of the data to a consumer, are not affected. Storage of this data, together with other personal data of the use, does not take place.

b) Legal basis for the data processing

The legal basis for the temporary storage of data processing is Article 6, paragraph 1 point f GDPR.

c) Purpose of the data processing

The temporary storage of the IP-address on the system is necessary to enable to provide availability of the internet site to the user’s computer. For this purpose, the IP-address of the user has to be stored for the duration of the session.

In these purposes lies our legitimate interest in the data processing in accordance with point (f) of Article 6 paragraph 1 GDPR.

d) Data retention period

The data are erased as soon as the reason for their collection has been achieved. In the case of the data having been collected for the provision of the website, this means when the session is ended.

e) Objections and removal options

The collection of data for the provision of the internet site and the storage of data in log files is essential for the operation of the website. Therefore, there can be no objection on the part of the user.

2. Booking/arranging airport parking

a) Description of the data processing

As part of the airport parking booking process on our website, the following data will be requested:

  • Company
  • Title
  • First name, last name
  • E-mail address
  • Street, Post code/Zip code, town, country

b) Legal basis for the data processing

The legal basis for the data processing is point (b) of Article 6, paragraph 1 GDPR and point (f) of Article 6, paragraph 1 GDPR.

c) Purpose of the data processing

The processing of the personal data in the input form is required for the execution and processing of your booking. To this end, we provide the information supplied by you to the airport selected by you and – if your booking was generated through  a partner (e.g. airline, travel agency) – to the partner who generated the booking. The partner has a justified interest in this data due to support processes and internal administrative processes. Further information on the processing of your personal data can be found in the Privacy Policy of the respective airport/partner.

d) Data retention period

The user’s personal data will be erased by us as soon as they are no longer needed by us for the execution and completion of the contract (Arranging the booking of the selected airport parking place), including any follow-up work arising from problem cases (e.g. with the booking or the payment). The personal data of the user will be anonymised by us at the latest 90 days following the exit date booked.

e) Objections and removal possibilities

The user may, in principle, object at any time to the storage of his/her personal data. If the data are required for the fulfilment of a contract, an early erasure of data is only possible provided there are no contractual or statutory obligations which preclude erasure.

3. Use of Partner-Portal

a) Description of the data processing

Within the registration for our Partner Portal at agency.park.aero, the following data is requested from partners:

  • Company
  • Salutation, title
  • First name, last name
  • E-mail address
  • Phone number
  • Street, Postcode, City, Country
  • VAT ID
  • Bank details (IBAN & SWIFT)

b) Legal basis for the data processing

The legal basis for the data processing is point (b) of Article 6, paragraph 1 GDPR and point (f) of Article 6, paragraph 1 GDPR.

c) Purpose of the data processing

The processing of the partner´s contact information serves the purpose of enabling the use of the Partner Portal in accordance with the concluded Partner Agreement. If a partner sets up SEPA agency collection as an alternative payment option and uses it for payment, we transfer the following data to the processor Stripe Payments Europe Ltd, C/o A&l Goodbody, Ifsc, North Wall Quay, Dublin 1, 662880, Ireland, which processes payments via SEPA agency collection for us:

  • Company
  • Bank details (IBAN)

Furthermore, the contact data of the partner will be transmitted to the airport, if necessary with a created booking, and placed by the airport on its booking confirmation (e-mail).

d) Data retention period

The personal data of the partner will be erased as soon as the underlying partner contract has been terminated and they are no longer required for the execution and processing of the contracts (arranging the booking of the selected airport parking space), including the follow-up processing of problem cases (e.g. booking and/or payment). The personal data of the Partner will be anonymised by us after termination at the latest 90 days after the booked departure date of the last booking made via the Partner Portal.

e) Objections and removal possibilities

The partner may object to the storage of his personal data at any time. If the data is necessary for the fulfilment of a contract, an early deletion of the data is only possible if there are no contractual or legal obligations that prevent deletion.

4. Airport Newsletter

a) Description of the data processing

On our website it is possible to register for the Airport Newsletter. When you have signed up for the newsletter, the information requested in the contact form (first name, last name, Email address) will be used for sending out the newsletter from the airport of your choice. When you have registered you will receive an Email from your selected airport. In order to prevent misuse of data, access to the newsletter will only take place once you have confirmed this Email. Further information regarding the dispatch of the Newsletter can be found in the Private Policy of the respective airport, shown as a link during the registration process for the newsletter.

b) Legal basis for the data processing

The legal basis for the processing of personal data following registration for the Email Newsletter is where the user has given his/her consentpoint (a) of Article 6, paragraph 1 GDPR.

c) Purpose of the data processing

The collection of the aforementioned contact information of the user is used to enable the delivery of the Newsletter.

d) Data retention period

The user’s Email address will be stored only for the period of time during which the subscription to the Email Newsletter is active.

e) Objections and removal options

The user can, at any time, using a link in the Newsletter, withdraw his/her agreement to the receipt of the Email Newsletter vis-à-vis the respective Airport.

III. Use of Cookies

1. Description of the data processing

We use cookies to make your visit to our website more attractive and to allow the use of certain functions. Cookies are small data files which are placed in your browser and/or placed by your browser on your computer or other end device. When a user visits a website, a cookie can be saved on the user’s operating system. These cookies contain a characteristic trail which allows a clear identification of the browser when you access the website again.

a) Technically essential cookies

We use cookies to make our website more user friendly. Some elements of our website demand that the browser accessing our website can be identified even following a website change. In the cookies the following data will be stored and transmitted:

  • language settings
  • display settings
  • log-in information

b) Technically non-essential Cookies, Third party cookies

We also use cookies on our website which are technically not essential, but which in particular enable us to monitor your browsing behaviour. In this way the following data can be transmitted:

  • frequency of pages viewed
  • utilisation of the functions of the website
  • search terms entered

The following technically non-essential cookies are so-called third party Cookies:

  • Google Analytics, Google Ads, Google Maps (see also paragraph IV of our Privacy Policy)

Technically unnecessary cookies are only used if the user actively agrees to them via the consent tool “consentmanager” (see section III. point 5).

c) Note on changing the browser settings

Most browsers are set to automatically accept cookies. The user can, nevertheless, prevent the storage of cookies on his/her computer by changing the browser settings. This can, however, limit the functionality of our Website.

2. Legal basis for the data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. b) (pre-contractual / contractual measures) and Art. 6 para. 1 lit. f) (legitimate interest of the operator).The processing of personal data using technically unnecessary cookies takes place exclusively with the consent of the user via the consentmanager tool (see section III. point 5). The legal basis is therefore Art. 6 para. 1 lit. a).

3. Purpose of the data processing

The purpose of the use of technically essential cookies is to simplify the use of the website for the user. Some features of our website are not available without the use of cookies. To this end it is necessary that the browser can be recognised, even after a change of website.

The use of non-essential cookies and third party cookies is carried out for the purpose of improving the quality and content of our website. Through the analysis-cookies we can learn how the website is being used and thereby continually optimise our online offers.

The user data collected through cookies on our website is not used to create user profiles.

4. Data retention period, Objections and Removal options

Cookies are stored on the user’s computer and transmitted to our website. Therefore, as the user, you have full control over the use of cookies. Through a change in your browser settings you can disable or restrict cookies. Cookies already saved can be erased at any time. This can also take place automatically. If cookies used for our website are disabled, it is possible that not all features of the website can be fully used.

5. consent to processing via consentmanager

We have integrated the consent management tool “consentmanager” (www.consentmanager.net) from consentmanager AB (Håltgelvågen 1b, 72348 Västerås, Sweden, info@consentmanager.net) on our website to obtain consent for data processing and use of cookies or comparable functions. With the help of “consentmanager” you have the possibility to give your consent for certain functionalities of our website, e.g. for the purpose of integrating external elements, integrating streaming content, statistical analysis, measurement and personalized advertising. With the help of “consentmanager” you can grant or reject your consent for all functions or give your consent for individual purposes or individual functions. The settings you have made can also be changed afterwards. The purpose of integrating “consentmanager” is to let the users of our website decide about the above-mentioned things and, as part of the further use of our website, to offer the option of changing settings that have already been made. By using “consentmanager”, personal data and information from the end devices used, such as the IP address, are processed by consentmanager. In addition, the processed information may also be stored on your device.
The legal basis for processing is Art. 6 Para. 1 S. 1 lit. c) in conjunction with Art. 6 para. 3 sentence 1 lit. a) in conjunction with Art. 7 para. 1 GDPR and, in the alternative, lit. f). By processing the data, consentmanager helps us (according to GDPR this is the responsible party) to fulfill our legal obligations (e.g. obligation to provide evidence). Our legitimate interests in processing lie in the storage of user settings and preferences with regard to the use of cookies and other functionalities. “Consentmanager” stores your data as long as your user settings are active. After two years after making the user settings, the consent will be asked again. The user settings made are then saved again for this period.
You can object to the processing. You have the right to object to reasons arising from your particular situation. To object, please send an email to info@consentmanager.net.

IV. Use of Web analytic- tools

1. General information

On our website, the web analysis tool “Google Analytics” is used with consent of the user via consentmanager. The analysis of user behaviour is important as, in this way, the consumer demand can be analysed and thereby our online offers optimised.

The personal data collected by Google Analytics are not used to create user profiles.

2. Supplementary notes of the use of the web analytic tool “Google Analytics”

This website uses Google Analytics, a web analysis service provided by Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, U.S.A. (“Google”). Google Analytics uses so-called cookies and text files which are stored on your computer and enable analysis of the use of the website by you. The information generated by the cookie about your use of the website is usually forwarded to a Google server in the U.S.A. where it is then stored. In case of an activation of the IP anonymisation on the website, Google will abbreviate your IP address within the member states of the European Union or in other party states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be forwarded to a Google server in the U.S.A. and abbreviate there. The IP address transmitted by your browser within the scope of Google Analytics will not – according to Google – be merged into other data from Google. We have no influence over the collection of data by Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to report on website activity and further to assemble information on the website and internet use with linked services and provide this to the operator.

In these purposes lies our legitimate interest in the processing of personal data.

The legal basis for the processing of personal data for use by Google Analytics in the aforementioned form is point (a) of Article 6 paragraph 1 GDPR.

You can prevent the storage of cookies by adjusting your browser software; we would, however, advise you that in this case you will potentially not be able to fully use all features of the website. You can also prevent the collection of data generated by cookies related to your use of the website (including your IP address) being sent to Google, as well as preventing Google from processing the data, by following this link – http://tools.google.com/dlpage/gaoptout?hl=de – and downloading and installing the available Browser-Plugin or by refusing the corresponding processing of the data via consentmanager.

Further information on this subject can be found under:

https://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/

We would advise you that, on this website, Google Analytics has been expanded to include the code “ga(‘set’,’anonymizelp’true) to ensure an anonymised collection of IP addresses (so-called IP-Masking).

V. Your Rights

If your personal data has been collected and processed, you as the data subject, as defined by the GDPR, have the following rights in relation to the responsible parties.

1. Right to Information

You can ask for confirmation from the controller as to whether we process your personal data.

Should such a processing of your personal data have taken place, you have the right to the following information:

  • The purposes for which this personal data have been processed;
  • The categories of personal data which have been processed;
  • The recipient, or the categories of recipients, who have access to the processed personal data related to you or who could be given access;
  • The planned period of time which is intended for the storage of the personal data related to you or, should such concrete information not be possible, criteria for the definition of the planned retention period.
  • The right to rectify or erase personal data held concerning you, the right to limit the processing by the controller or a right to objectto this processing;
  • The existence of a right to lodge a complaint with a supervisory authority;
  • All available information about the origin of the data, where the personal data is not collected from the data subject;
  • The existence of automated decision-making, including profiling, according to Article 22 paragraph 1 and 4 GDPR and – at least in this case – meaningful information regarding the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.

You have a right to ask for information as to whether the personal data collected about you have been forwarded to a third country or to an international organisation. In this context, you can require that you are informed about the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to Rectification

You have a right to the rectification and/or completion of data against the controller, to the degree that personal data processed that concern you are incorrect or incomplete. The controller must perform the rectification without undue delay.

3. Right to restriction of processing

Under the following conditions, you have the right to obtain the restriction of processing of your personal data:

  • The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data ;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • You have objected to the processing according to Article 21 paragraph 1 GDPR pending the verification as to whether the legitimate grounds of the controller override those of the data subject.

Where processing of your personal data has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing according to the aforementioned conditions has been obtained, you will be informed by the controller before the restriction of processing is lifted.

4. Right to erasure

a) Erasure obligation

You have the right to obtain from the controller the erasure of personal data concerning yourself without undue delay and the controller has the obligation to erase such personal data without undue delay where one of the following grounds applies:

  • Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based according to point (a) of Article 6 paragraph 1 GDPR or point point (a) of Article 9 paragraph 2 GDPR and where there is no other legal ground for the processing ;
  • You object to the processing according to Article 2 paragraph 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21 paragraph 2 GDPR;
  • Your personal data have been unlawfully processed;
  • Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • Your personal data have been collected in relation to services offered by the information society referred to in Article 8 paragraph 1 GDPR.

b) Information to third parties

Where the controller has made your personal data
public and is obliged according to Article 17 paragraph 1 GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, that personal data.

c) Exceptions to the Erasure Obligation:

The right to erasure does not exist where the processing is necessary:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller ;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 paragraph 2, as well as Article 9 paragraph 3 GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89 paragraph 1 GDPR in so far as the right referred to in a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

for the establishment, exercise or defence of legal Claims.

5. Right to Information

If you have claimed the right to rectification, erasure or restriction of processing vis-a-vis the controller, then the controller is obliged to inform the recipients to whom your personal data have been disclosed of the rectification, erasure or restriction of the processing of such, except where this proves to be impossible or involves a disproportionate effort.

You also have the right to be informed by the controller about these recipients.

6. Right to data portability

You have the right to receive the personal data concerning yourself, which you have provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit that data to another controller
without hindrance from the controller to which the personal data
has been provided, in as much as:

  • The processing is based on consent pursuant to point (a) of Article 6 paragraph 1 GDPR or point (a) of Article 9 paragraph 2 GDPR or is based on a contract pursuant to point (b) of Article 6 paragraph 1 GDPR and
  • the processing is carried out by automated means.

In exercising these rights, you further have the right to have the personal data concerning yourself transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the rights and freedoms of others.

The right to data portability does not apply where the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the Controller.

7. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data where such processing is based on point (e) or point (f) of Article 6, paragraph 1 GDPR; this includes profiling based on those provisions.

The controller will no longer process your personal data unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedom or the processing is for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Where you make an objection to processing for direct marketing purposes, your personal data will no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58 EC, you may exercise your right to object by automated means using technical specifications.

8. Right to withdrawal of the data privacy law declaration of consent

You have the right, at any time, to revoke your data privacy law declaration of consent. The lawfulness of the processing that took place prior to your withdrawal of consent is not affected by the withdrawal of consent.

9. Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on an automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into, or fulfilling of a contract between you and the data controller.
  • is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedom and legitimate interests.
  • is based on your explicit consent.

However, the aforementioned decisions will not be based on special categories of personal data referred to in Article 9 paragraph 1 GDPR, unless point (a) or (g) of Article 9 paragraph 2, applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

In the cases referred to in bullet points (1) and (3) above, the data controller will implement suitable measure to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller to express the point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial appeal, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.

The supervisory authority, with which the complaint has been lodged, will inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR.

The contact information for the supervisory authority responsible for our company can be found at the end of this privacy policy notice.

11. Miscellaneous

To exercise any of the above rights, please contact us (see the contact information and the end of the Privacy Policy notice). Queries which are electronically filed with us are normally answered electronically, in as far as you have not specified otherwise in your query.

VI. External links

Our website may contain links to third party pages. If this is not obviously recognisable, we will indicate that this is an external link. We have no influence over the content and design of the external sites. In that regard, this private policy does not apply.

VII. Alterations to this Privacy Policy

The constant evolution of the internet and the frequently associated changes to the applicable legislation require adjustments to our privacy policy from time to time. We will keep you informed of any such changes.

VIII. Responsible Party

Controller in the sense of the GDPR and other national data protection laws of the EU Member States, as well as other data protection regulations is:
Flughafen Parken GmbH
Terminalstrasse Mitte 18
85356 München-Flughafen
Mail: datenschutz@park.aero
Full company details can be found here: Imprint

IX. Data Protection Officer

We have appointed a Data Protection Officer who is monitoring the observance of this policy. You can contact the data protection officer under the mail address datenschutz@park.aero.

Last Update: July 2020