Passngr Privacy Policy
to the German version / zur deutschen Version
Table of contents
Go to top of page
General
Passngr is your personal airport service app. With Passngr you receive relevant information and offers at the right time and the right place for your stay at participating airports.
Go to top of page
The Passngr App is offered and operated by the Flughafen München GmbH (hereinafter referred to as "we").
Business address
Nordallee 25
85356 München-Flughafen
Telephone +49 89 975 00
Data processing when using the app
You can use certain basic Passngr services without registering with a user account. For example, you can call up flight schedule information, select your departing or arriving flight and display related offers or subscribe to push notifications. In this respect, we process only the data required for this use, such as your IP address, the operating system you use, the content you have accessed, your location if applicable, and an ID number assigned by your operating system for push notifications. In this case, the data under "My flights", "My services", "Booked services", "Stored services" and "Visited services" cannot be directly assigned to you without more information.
You can set up a personal user account to use all of the app's functions. Simply create your user account with your email address and a password. You can add your name, address and other information, change your details and delete your account completely in the menu item "Settings - Profile". We use this voluntary information during campaigns and promotions, for example to send personalized greetings or birthday vouchers.
To complete your registration, we will send you an email to the address you have provided containing a link to a confirmation page. Please confirm your registration within 24 hours by visiting this page. Otherwise your registration data will be deleted. If you cannot find the email in your mailbox (it may be in your spam folder), please contact our support team.
The legal basis for the data processing described in this section is provided by Art. 6(1) (b) GDPR (performance of a contract and steps prior to entering into a contract).
Go to top of page
Location-based services
Automatic airport change (only in the Android version)
The Android version of the Passngr app allows you to automatically change airports based on location changes. To do this, we use a function of your smartphone operating system that permanently accesses your location information in the background. The function also remains active when the app itself is closed so that it can immediately show you the correct airport when you use the app again. To do this, the app registers what are known as "geofences" of the participating airports and is informed by the operating system when you enter the area of a participating airport. A push notification is then generated locally to inform you of the change of airport. Location monitoring only runs locally on your smartphone. No communication with our data center takes place in this process.
The legal basis for the data processing described in this section is provided by Art. 6(1) (b) GDPR (performance of a contract, i.e. the provision of the described function of the Passngr App). You can deactivate the function at any time via the menu item "Settings - Airport change based on location changes".
Wi-Fi auto login
To automatically log you into the Wi-Fi provided by the participating airport, the Passngr app uses a Wi-Fi auto login function. This function of your smartphone operating system permanently accesses your location information in the background and remains active even when the Passngr app is closed. This is necessary in order to recognize which Wi-Fi networks are within range and to perform auto login in the portal if the Wi-Fi network of the participating airport is suitable. This means that the available Wi-Fi connections in the vicinity of your smartphone are compared with the Wi-Fi connection of the participating airport. To do this, the app registers in the operating system the Wi-Fi identifiers for which it should be activated when they come within range of your smartphone. After an additional plausibility check (comparison of your current location with the location of your participating airport via geofence), the login attempt is started so that you can use the Wi-Fi.
The legal basis for the data processing described in this section is provided by Art. 6(1) (b) GDPR (performance of a contract, i.e. the provision of the described function of the Passngr App). You can deactivate the function at any time via the menu item "Settings - Wi-Fi".
Go to top of page
User profiles
We analyze your use of the Passngr app in the form of pseudonymized user profiles so that we can show you the content and offers in the app that are relevant to you. For this purpose, each time the app is used we store the time you start using the app, your device's IP address, the device ID (a random, unique ID number that identifies the device used), the operating system, the page of the app you visited, the time you spent on the page, services you booked, the location (if applicable and if location recognition is active), and the time you stop using the app. If these data, such as the IP address, could be used to identify you personally, it is stored only in abbreviated form where possible so that it can no longer be used to identify you.
We create and use the user profiles based on these data exclusively to
- analyze the use of the information and services offered in the app
and
- to be able to offer you more targeted information or services when you next use the app.
If you do not consent to this, you can uninstall the app and delete your user account at any time. All data stored for your user profile will then be deleted or anonymized immediately. Otherwise, we will delete or anonymize the data stored in a user profile no later than two years after it was collected.
The legal basis for the data processing described in this section is provided by Art. 6(1) (b) GDPR (performance of a contract and steps prior to entering into a contract).
Go to top of page
Google Analytics for Firebase
In order to improve Passngr, we need statistics on how different Passngr users use the app. We compile these statistics with the help of Google Analytics for Firebase, an analysis service from Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA, hereinafter referred to as "Google").
We use Google Analytics for Firebase only if you give us your consent to do so. The legal basis for this data processing is provided by Art. 6(1) (a) GDPR in conjunction with your consent. You can revoke this consent at any time by deactivating Google Analytics for Firebase in the settings under "Statistics". The withdrawal of consent shall not affect the lawfulness of processing based on that consent before it was withdrawn.
Your device transmits the information collected by Google Analytics for Firebase about your use of the app to Google servers in the USA, where it is stored for up to 14 months. This also includes the collection of location data. No decision has currently been adopted by the EU Commission on whether the USA generally offers an adequate level of protection for personal data. However, Google has certified that it complies with the EU-US Data Privacy Framework. Further information on this can be found on the website of the EU Commission and the Data Privacy Framework website of the US Department of Commerce.
You can find more information on the collection of data by Google Analytics for Firebase here:
https://support.google.com/firebase/answer/6318039?hl=en
You can find the setting for the collection and transmission of data by Google Analytics for Firebase in the settings under "Statistics".
Go to top of page
Push notifications
We use the service of Pushwoosh Inc.,1224 M St NW, Suite 101, Washington, DC 20005, USA, to send push notifications to mobile devices. The push notifications are sent using a pseudonymous push token assigned by the operating system you are using or by the relevant push service. Neither we nor Pushwoosh can derive personal data from the push token or assign the push token to an end device.
Push notifications are sent on the basis of your consent to push notifications in accordance with Art. 6(1) (a) GDPR. You can revoke your consent at any time by removing Passngr's permission to send push notifications in your device's settings. The withdrawal of consent shall not affect the lawfulness of processing based on that consent before it was withdrawn.
When push notifications are activated, your device transmits information collected about your use of the app to Pushwoosh servers in the USA. No decision has currently been adopted by the EU Commission on whether the USA generally offers an adequate level of protection for personal data. Pushwoosh is not currently certified under the EU-US Data Privacy Framework, so standard data protection clauses are entered into in order to ensure an adequate level of data protection.
Go to top of page
Flightradar24
You can use the "Radar" function in the app to obtain additional information about individual flights, If you call up this function, the app will show you the corresponding website of Flightradar24 AB, Kungsgatan 12 9tr, 111 35 Stockholm, Sweden (hereinafter referred to as "Flightradar24"). The legal basis for this is provided by Art. 6(1) (b) GDPR (performance of a contract). Flightradar24 is responsible for the processing of your personal data by the company's website that is displayed. Further information on this can be found at: https://www.flightradar24.com/privacy-policy.
Go to top of page
Maps app on your smartphone
We can display maps taken from the standard map app of your smartphone (i.e. Google Maps for Android smartphones, Apple Maps for iOS smartphones) in our app for you. The legal basis for this is provided by Art. 6(1) (b) GDPR (performance of a contract). The relevant company is responsible for the processing of your personal data by the map app on your smartphone. Further information can be found at the following links:
Apple Maps privacy policy:
https://www.apple.com/legal/privacy/data/en/apple-maps/
Google Maps privacy policy:
https://policies.google.com/privacy
Go to top of page
Feedback
Your feedback on the use of the app can be given via the app by e-mail to feedback@passngr.de. In this context, apart from your contact details, the content of your e-mails and information about the device you use are also processed in order to be able to promptly handle and answer the concerns you expressed.
In particular, the following categories of data are regularly processed:
- title, name, first name
- address, e-mail address, phone number
- IT usage information (device type, app version, software version, build number)
Purpose of processing
The purpose of processing is to communicate directly with app users regarding their feedback and to be able to handle the suggestions contained in the feedback.
Legal basis
The processing of personal data is based on the following legal basis:
- Necessity of fulfilling a contract to which the data subject is a party [cf. Art. 6 (1) sentence 1 (b) variant 1 GDPR], provided that the subject matter of the feedback are inquiries that relate to the rights and obligations arising from the terms of use.
- Necessity of protecting the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail [cf. Art. 6 (1) sentence 1 (f) GDPR]. The legitimate interests are to ensure that your request is processed through functional communication.
Categories of recipients
Personal data is transmitted to the following recipients or categories of recipients:
- External contractors in accordance with Art. 28 GDPR, currently these are: mail service providers
- If necessary, other responsible parties such as persons with a duty of professional secrecy, e.g. auditors, tax consultants or lawyers, banks or insurance companies.
Transmission to third countries
A transfer to a third country outside the European Union is not intended, but can not be completely ruled out in the course of the e-mail transmission. If data is transmitted to third countries by the service provider we use, this is done on the basis of the standard data protection clauses and for the USA on the basis of the Data Privacy Framework.
Term of storage and criteria for determining the effective period
Your feedback and the associated communication with you will be stored for up to three years. Necessity of the data and consequences of failure to provide data. The provision of personal data is voluntary. However, if you do not provide this data, the result may be that we cannot process your feedback.
Possibility of erasure or withdrawal
You have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation.
Please send the objection to feedback@munich-airport.de. We reserve the right to individually review your request before implementing a restriction or discontinuation of processing and erasure.
nach oben
App Clips / Instant App
For users who would like to get to know our app first without directly downloading the entire app, we offer the option at various entry points, such as your gate, to provide a part of the native app by scanning a QR code with your smartphone. The use of an Instant App or an App Clip is similar to browsing a website, but corresponds to the appearance and functions of a conventional iOS or Android app and is intended to make the usability of our app easier.
Information on enabling Instant Apps (Android) and using App Clips (iOS) can be found under the following links:
Scope of processing
When downloading and using the application offered via App Clips or Instant Apps, personal data is processed in accordance with the processing activities described in this privacy policy, depending on your specific use.
In addition to the processing of your IT usage and device data (e.g. IP address, operating system, date and time of use) that is absolutely necessary for the provision of the application, this may be your location data in the case of card use or sending push notifications after the consent given by you before or your contact data if you decide to log in to the application with your account.
Purpose of processing
The use of App Clips or Instant Maps serves the purpose of providing individual functions of the native app to the user without the user having to install the app on their device.
Legal basis
The processing of personal data is based on the following legal basis:
- Necessity of protecting the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail [cf. Art. 6 (1) sentence 1 (f) GDPR]. The legitimate interests are the legitimate interest of the provider to provide a barrier-free and targeted offer of the native app and thus also serve the interest of the data subject, in the event of scanning the QR code, to enable content without the need for installation of the app and thus to facilitate decision-making regarding the possible installation of the app.
- With regard to the individual functions used in the App Clip or Instant App, the respective processing activity is carried out on the legal basis specified in this privacy policy for the respective processing activity.
Categories of recipients
In the context of the use of the App Clips or Instant Apps your personal data will not be transmitted to recipients other than the recipient categories listed in this privacy policy. This also applies to any third-country transmissions.
Term of storage and criteria for determining the effective period
App Clips (iOS): If you open the App Clip on your Apple device, the App Clip will be saved on your device. You have the option to remove it from the app media library. Further information can be found here.
Instant Apps (Android): If you have used the Instant App on your device, the Instant App will be saved on your device. You have the option to delete the Instant App. You can find more information here.
We adhere to the principles of data avoidance and data economy. We therefore store your personal data only for as long as is necessary to achieve the purposes stated here or as provided for by the various retention periods stipulated by law. After the respective purpose has ceased to apply or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with legal regulations.
Necessity of the data and consequences of failure to provide data
The provision of personal data or the request for the App Clip or the Instant App is voluntary. However, if you do not provide this data, the result may be that you cannot use the App Clip or the Instant App.
nach oben
Deletion of inactive accounts
We adhere to the principles of data avoidance and data economy. For this reason, we will delete your user account in accordance with the terms and conditions of use (T&Cs) if you do not log in to the Passngr app for more than 4 years or do not use the app when you are logged in. We store the data of your last login for this purpose. The legal basis for this data processing is provided by Art. 6(1) (b) GDPR (performance of a contract).
After your user account is deleted, it is of course possible to log in again with a new user account.
Go to top of page
Categories of recipients to whom your data may be disclosed
- Courts, authorities or other government institutions if we are legally obliged or entitled to do so
- External contractors in accordance with Art. 28 GDPR (e.g. data centers)
- External bodies and internal company departments in order to fulfill the above-mentioned purposes (e.g. the home airport as described above or an airport whose email newsletter you order in the app)
Go to top of page
Storage periods
We adhere to the principles of data avoidance and data economy. We therefore store your personal data only for as long as is necessary to achieve the purposes stated here or as provided for by the various retention periods stipulated by law. After the relevant purpose has ceased to exist or these periods have expired, the relevant data will be routinely blocked or deleted
Go to top of page
Your rights
You have the right to receive information about your personal data stored by us at any time. You also have the right to obtain rectification, restriction of processing or, with the exception of the mandatory data retention for business purposes, erasure of your personal data. Please use the contact details above to do this.
To ensure that data can be blocked at any time, these data must be kept in a lock file for control purposes. You can also request that the data be erased if there is no statutory archiving obligation. If such an obligation exists, we will block your data on request.
You also have the right to receive from us the data concerning you that you have provided to us in a structured, commonly used and machine-readable format; you may transmit this data or have it transmitted to other bodies.
Your right to object: If we process your data on the basis of a balancing of interests (Art. 6(1) (f) GDPR), you have the right to object if the legal requirements are met. Specifically, a data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
Go to top of page
Right to lodge a complaint with a supervisory
authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes applicable law.
Competent supervisory authority in Bavaria for the private sector: Bavarian State Office for Data Protection Supervision, Ansbach.
Go to top of page
Changes to our privacy policy
We reserve the right to amend this privacy policy from time to time so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your continued use of the app.
Go to top of page
Last update: 11/2024
Impressum