Privacy Policy

acc. GDPR

Date: 2023-04-08

This Privacy Policy provides information on the type, scope and purpose of the processing of personal data (hereinafter referred to as “Data”) within our online offering and the related websites, functions and contents as well as any external online presence, such as our social media profile (hereinafter jointly referred to as “Online Offering”). With respect to the terminology used, such as “personal data” or “processing” thereof, reference is made to the definitions in Article 4 General Data Protection Regulation (GDPR).


Name/Company name: AviationDataServices GmbH
Street address: Zu den Eichen 4
Postcode, city, country: 30900 Wedemark, Germany
Commercial register no: HRB211325
General Managers: Ingo Battis, Ivo Mynter
Telephone number: +49(0)5130-60 97 833
E-mail address:

Categories of data processed:
  • Master data (such as names, titles, addresses).
  • Contact details (such as e-mail, telephone numbers).
  • Payment data (such as payment history, account statements in bookkeeping).
  • Usage data (such as reservation data of resources, access times, log data).
Processing of special categories of data (Article 9(1) GDPR):

No special categories of data are processed.

Categories of data subjects in relation to the processing:
  • Customers (Clients) / interested parties
  • Client’s employees
  • Client’s customers / members

The data subjects shall hereinafter jointly be referred to as “Users”.

Purpose of the processing:
  • Provision of the online offering, an industry solution for aviation with its contents and functions
  • Provision of contractual services, service and customer care
  • Responding to contact enquiries and communication with users
  • Marketing, advertising and market research
  • Security measu
1. Relevant legal bases

In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. Where the legal basis is not indicated in the Privacy Policy, the following shall apply: The legal basis relating to the explicit request for your consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for processing for the purpose of performing our services and contractual measures and replies to requests is Article 6(1)(b) GDPR, the legal basis for processing for the purpose of compliance with our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing for the purpose of protecting our legitimate interests is Article 6(1)(f) GDPR. Article 6(1)(d) GDPR serves as the legal basis in cases where the protection of vital interests of the data subject or another natural person require the processing of personal data.

2. Amendments of and updates to the Privacy Policy

We ask you to review the contents of our Privacy Policy on a regular basis. You may always view our Privacy Policy via a link on our website We will amend the Privacy Policy as soon as changes in the data processing carried out by us make such necessary. We will inform you as soon as the amendments require an act of your cooperation (such as consent) or otherwise an individual notification.

3. Security measures

3.1. In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, we shall take appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These measures include in particular ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure and assurance of availability relating to the data. In addition, the measures shall include in particular the encrypted transmission of data between your browser and our server..

4. Cooperation with other processors and third parties

4.1. Where, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transfer data to them or otherwise grant them access to the data, such is only done on the basis of a legal authorization (e.g., if a transfer of the data to third parties, such as payment service providers, is necessary for the performance of the contract in accordance with Article 6(1)(b) GDPR), if you have consented, if provided for by a legal obligation or on the basis of our legitimate interests (e.g., when using agents, webhosting services etc).

4.2. Where we commission third parties to process data on the basis of an “agreement on data processing”, this is done on the basis of Article 28 GDPR.

5. Transfers to third countries

Where we process data in a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or where this is done in the context of using the services of third parties or disclosure or transfer of data to third parties, such will only take place if it is done to perform our (pre-)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we shall process or keep the data in a third country only if the special requirements of Articles 44 et seqq. GDPR are given. For example, processing is carried out on the basis of specific guarantees, such as the officially recognized establishment of a level of data protection equivalent to that in the EU (e.g., for the US through the Privacy Shield) or compliance with officially recognised specific contractual obligations (referred to as “standard contractual clauses”).

6. Rights of data subjects

6.1. You shall have the right to obtain confirmation as to whether or not personal data concerning you are being processed and to obtain access to such data, further information and a copy of the data in accordance with Article 15 GDPR.

6.2. You shall have the right to obtain the completion of personal data concerning you or the rectification of inaccurate personal data concerning you in accordance with Article 16 GDPR.

6.3. You shall have the right to request the erasure of personal data concerning you without undue delay in accordance with Article 17 GDPR or alternatively to request restriction of processing in accordance with Article 18 GDPR.

6.4. You shall have the right to receive the personal data concerning you which you have provided to us and to transmit those data to another controller in accordance with Article 20 GDPR.

6.5. You shall also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR.

7. Right of withdrawal

You shall have the right to withdraw your consent in accordance with Article 7(3) GDPR with effect for the future. The withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

8. Right to object

You shall have the right to object at any time to the future processing of personal data concerning you in accordance with Article 21 GDPR. The objection may be made in particular where personal data are processed for direct marketing purposes.

9. Cookies and right to object to direct marketing

We use temporary and permanent cookies, i.e., small files that are stored on users’ devices (for an explanation of the term and their function, see last section of this Privacy Policy). In some cases, the cookies serve security purposes or are necessary for the operation of our online offering (e.g., for the presentation of the website) or to save users’ decisions when the cookie banner is confirmed. In addition, we or our technology partners use cookies for reach measurement and marketing purposes, about which users are informed by way of this Privacy Policy.
A general objection to the use of cookies used for online marketing purposes may be declared for a large number of services, particularly in the case of tracking, via the US website or the EU site Additionally, cookies may be deactivated in the browser settings. Please note that not all functions of this online offering may be used in such cases.

10. Deletion of data

10.1. The data processed by us will be deleted or restricted in their processing in accordance with Articles 17 and 18 GDPR. Unless expressly stipulated in this Privacy Policy, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and there is no legal obligation to retain such data. Unless the data are deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data are blocked and not processed for other purposes. This shall apply, for example, to data that must be stored for reasons of commercial law or tax law.

10.2. In accordance with legal requirements, data will be retained in particular for 6 years in accordance with Section 257(1) German Commercial Code (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers etc) and for 10 years in accordance with Section 147(1) German Fiscal Code (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation etc).

11. Contractual performan

11.1. We shall process master data (such as names and addresses as well as contact data of users), contract data (such as services used, names of contact persons, payment information) to fulfill our contractual obligations and services in accordance with Article 6(1)(b) GDPR.

11.2. We shall use e-mail addresses collected by Client or its users to provide the users of our Aircraft Info Desk customer systems with important information about the operation of Aircraft Info Desk. Such information shall include, for example, general operational messages, error reports or new or modified functions of Aircraft Info Desk, which are included in the respective customer contract. The processing shall be based on our legitimate interests within the meaning of Article 6(1)(f) GDPR. The selection of user groups shall be made by us in individual cases depending on the relevance of the information to be disseminated.

11.3. In the context of the use of our online services by users, we shall store the IP address and the time of the respective user action. The storage shall be based on both our legitimate interests and the legitimate interests of the users for the purpose of improved information in case of misuse and other unauthorized use. As a matter of principle, such data will not be transferred to third parties unless it is necessary to pursue our claims or there is a legal obligation to which we are subject under Article 6(1)(c) GDPR.

11.4. For the purpose of customer support and troubleshooting, we may inspect the data of customer systems. We shall treat any and all customer and personal data obtained as strictly confidential.

12. Contact

12.1. When contacting us (via contact form or e-mail), users’ data will be processed for the purpose of handling the contact request and its processing in accordance with Article 6(1)(b) GDPR.

12.2. The data provided by users may be stored in our customer relationship management system (“CRM system”) or similar inquiry organization.

12.3. We use the “Exact Online” CRM system of provider Exact Software Germany GmbH (Design Offices Cologne Gereon, Christophstraße 15-17, 50670 Cologne, Germany) based on our legitimate interests (efficient and fast processing of user requests). To ensure an adequate level of security and to comply with data protection regulations, we have concluded a contract with Exact Software Germany in which Exact Software Germany undertakes to process user data only in accordance with our instructions.

13. Collection of access data and log files

13.1. Based on our legitimate interests within the meaning of Article 6(1)(f) GDPR, we shall collect data about every access to the server on which the Aircraft Info Desk customer systems are located (referred to as server log files). The access data shall include the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, user operating system, referrer URL (the previously visited site) and IP address.

13.2. For security reasons (e.g., for the investigation of abuse or fraud), log file information shall be stored for a maximum of 60 days and then deleted. Data whose further storage is required for evidential purposes shall be excluded from deletion until the respective incident has been finally assessed.

13.3. Based on our legitimate interests within the meaning of Article 6(1)(f) GDPR, we shall collect data on every access to Aircraft Info Desk that leads to an internal error message (error logs) for the purpose of continual operational monitoring, maintaining system stability and technical optimization of our services. The data in the error log shall include the date and time of the web page accessed and a technical message describing the technical event. These data may only be considered personal data in combination with the information from Clause 13.1. Upon the deletion of the access logs from Clause 13.1, the data from the error log shall be anonymous.

14. Social media online presence

14.1. We maintain online presences within social networks and platforms to be able to communicate with customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and privacy policies of their respective operators shall apply.

14.2. Unless otherwise stated in our Privacy Policy, we shall process the data of users where they communicate with us within the social networks and platforms, e.g., are posting on our online presences or sending us messages.

15. Cookies & reach measurement

15.1. Cookies are information that is transferred from our web server or web servers of third parties to the web browsers of users and stored there for later retrieval. Cookies can be small files or other types of information storage.

15.2. We use “session cookies”, which are only stored in users’ browsers for the duration of the current visit to enable the storage of the login status. Among other things, a randomly generated unique identification number, referred to as session ID, shall be stored in a session cookie. A cookie also contains information about its origin and the storage period. Session cookies shall be deleted when users have finished using our online offering and, for example, log out or close the browser.

15.3. We use persistent cookies in the event that users choose the option to remain logged in permanently. Persistent cookies shall also remain on users’ computers when they close the web browser. These cookies shall be removed if users log out during the visit to our online offering, or not stored at all if users operate the browser in “private mode”.

15.4. Users shall be informed about the use of cookies in the context of pseudonymous reach measurement within the scope of this Privacy Policy.

15.5. Where users do not want cookies to be stored on their computers, they shall be asked to deactivate the corresponding option in the system settings of their browser. Stored cookies may be deleted in the system settings of the browser. Declining the use of cookies may lead to functional limitations of this online offering.

15.6. You may object to the use of cookies for reach measurement and marketing purposes via the Network Advertising Initiative’s opt-out page ( and additionally via the US website ( or the European website (

16. Reach analysis with Matomo (formerly PIWIK)

16.1. Matomo collects and stores the following data: the type and version of browser you use, the operating system, your country of origin, date and time of the server request, the number of visits, your time spent on the website and the external links you have activated. The IP addresses of users are anonymized prior to saving.

16.2. Matomo uses cookies, which are stored on the users’ computers and which enable an analysis of the use of our online offering by users. Pseudonymous user profiles of users may be created from the processed data. The cookies have a storage period of one week. The information generated by the cookie about your use of this website is only stored on our server and is not passed on to third parties.

16.3. Users may object to the anonymous data collection by the Matomo program at any time with effect for the future by clicking on the link below. In such event, an “opt-out cookie” will be placed in your browser, which means that Matomo no longer collects any session data. If users delete their cookies, however, the opt-out cookie will also be deleted and will therefore need to be reactivated by users.

17. SurveyMonkey

17.1. Based on our legitimate interests (i.e., measuring customer satisfaction to improve user experience in a targeted manner), we use the “SurveyMonkey” market research tool from SurveyMonkey Inc, One Curiosity Way, San Mateo, CA 94403, USA. For this purpose, we have entered into a contract with SurveyMonkey using “standard contractual clauses”, in which SurveyMonkey undertakes to process user data only in accordance with our instructions and to comply with the EU data protection level. SurveyMonkey is also certified under the Privacy Shield Agreement, providing an additional guarantee of compliance with European data protection laws (>). The Privacy Policy can be viewed at:

18. Newsletters

18.1. In the following, we inform you about the contents of our various newsletters and the registration, sending and statistical evaluation procedure as well as your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

18.2. Newsletters for advertising purposes: We are sending newsletters, e-mails and other electronic notifications containing promotional information (hereinafter referred to as “Promotional Newsletters”) only with the consent of the recipients or with legal permission. If the contents of the advertising newsletter are specifically described in the context of a registration for the advertising newsletter, the consent of the users shall be governed thereby. In addition, our advertising newsletters contain information about our products, offers, promotions and our company.

18.3. Newsletters for operational purposes: We are sending newsletters, e-mails and other electronic notifications containing information on the system status of Aircraft Info Desk (hereinafter referred to as “Company Newsletters”) based on the e-mail addresses collected on behalf of our customers and their users. The sending of company newsletters shall be based on our legitimate interests (i.e., interest in the rapid information of users about important system statuses) within the meaning of Article 6(1)(f) GDPR. These notifications do not contain advertising. The selection of the addressed user groups is made by us in each individual case depending on the relevance of the information to be disseminated.

18.4. Double-Opt-In and logging: Registration for our advertising newsletters takes place in a “double-opt-in” procedure. This means that after registration you will receive an e-mail asking you to confirm your registration. Said confirmation is necessary so that no one can register with third-party e-mail addresses. Registrations for the advertising newsletter are logged to be able to prove the registration process in accordance with statutory requirements. This shall include storage of the registration and confirmation time as well as the IP address. Likewise, any changes to your data stored with the mailing service provider shall be logged.

18.5. Additionally, according to their own information, the mailing service providers may use these data in pseudonymous form, i.e., without allocation to a specific user, to optimize or improve their own services, e.g., for technical optimization of the mailing and presentation of newsletters or for statistical purposes to determine the countries of origin of recipients. The mailing service providers will, however, not use the data of our newsletter recipients to contact them or to transfer their data to third parties.

18.6. Measuring success: The newsletters contain a “web beacon”, a pixel-sized file that is retrieved from the server of the mailing service provider when the newsletter is opened. Within the scope of such retrieval, technical information such as information on the browser and your system, as well as your IP address and time of retrieval will initially be collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behavior based on their access locations (which can be determined by means of the IP address) or access times. Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked.

18.7. The mailing of the advertising newsletter and the measurement of success is based on the consent of the recipients in accordance with Article 6(1)(a), Article 7 GDPR in conjunction with Section 7(2)(3) German Act against Unfair Competition.

18.8. Cancellation/withdrawal: You may cancel the receipt of our advertising newsletter at any time, i.e., withdraw your consent with effect for the future. You will find a link to cancel the advertising newsletter at the end of each newsletter. If users have only registered for the promotional newsletter and canceled this registration, their personal data will be deleted. The objection may be made in particular where personal data are processed for direct marketing purposes.

19. Integration of third-party services and content

19.1. As part of our online offering, we use content or service offers from third parties on the basis of our legitimate interests (i.e., interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6(1)(f) GDPR) to integrate their content and services, such as videos or fonts (hereinafter referred to as “Content”). This always presumes that the third-party providers of such content are aware of the IP address of users, since they would not be able to send the content to their browsers without the IP address. The IP address is therefore required for displaying such content. Third parties may also use “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” allow information such as visitor traffic on the web pages to be evaluated. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information on the browser and operating system, referring web pages, visiting time and other information on the use of our online offering, as well as being able to be linked to such information from other sources.

19.2. The following presentation offers an overview of third-party providers and their contents, together with links to their Privacy Policies, which contain further information on the processing of data and, in some cases, the possibility to object (“opt-out”):

  • Videos der Plattform “VIMEO” des Drittanbieters Vimeo, Inc., 555 West 18th Street, New York 10011, USA. Datenschutzerklärung:, Opt-Out:
  • Videos der Plattform „WISTIA“ des Drittanbieters Wistia Inc., 17 Tudor Street Cambridge, Massachusetts, 02139 USA. Datenschutzerklärung:, Opt-Out per E-Mail an
  • Terminvereinbarungsfunktion der Plattform „Calendly“ des Drittanbieters Calendly LLC, 1315 Peachtree St NE, Atlanta, GA 30309, USA. Datenschutzerklärung:, Opt-Out per E-Mail an