1. Who is the controller?
The controller responsible for the processing of your personal data within the meaning of Article 4(1) of the General Data Protection Regulation (GDPR) in connection with the use of our website is HTM Helicopter Travel Munich GmbH, Willy-Messerschmitt-Straße 1, 82024 Taufkirchen near Munich, email: office-muenchen@htm.de.
2. How can I contact the data protection officer?
You can contact our official data protection officer at datenschutzbeauftragter-heristo@ds-quadrat.de or by mail at
ds² Unternehmensberatung GmbH & Co.KG
Falkenstraße 10
33775 Versmold
In the latter case, please label the envelope “Data Protection Officer”.
3. For what purposes and on what legal basis is my personal data processed? Will it be shared with others?
Your personal data will only be processed for the purposes defined here and will only be shared with third parties on a need-to-know basis:
Provision, improvement, further development and security of the website
We process certain log files and device information containing personal data in order to provide our websites and their functionalities. This processing also helps us optimize our websites and ensure the security of our IT systems. In particular, it serves to prevent server overload (especially in the event of malicious attacks such as DDoS attacks), monitor server utilization, and ensure the stability of our websites.
We use these log files and device information based on our legitimate interest in ensuring the availability and ongoing improvement of our website. The legal basis is Article 6(1)(f) GDPR.
Our web hosting provider, Strato AG, Otto-Ostrowski-Straße 7, 10249 Berlin, Germany, may have access to this data. Providing personal data is neither legally nor contractually required and is not necessary for concluding a contract. However, without processing this data, the functionality of our websites cannot be ensured.
Contact and Communication
If you provide us with personal data when contacting us (e.g., via contact form, email, or phone), we use this data to respond to and handle your request as quickly and effectively as possible. We also process your personal data to ensure the security of our IT systems, in particular to detect spam emails or investigate fraud alerts. Non-promotional communication with you may also take place for other technical, security, and/or contract-related purposes.
The use of your data in the context of our communication is based on our legitimate interest pursuant to Article 6(1)(f) GDPR. If your request relates to our services, your data will be processed for the performance of a contract or for pre-contractual measures at your request pursuant to Article 6(1)(b) GDPR.
Our mailing provider, InterNetX GmbH, Johanna-Dachs-Str. 55, 93055 Regensburg, Germany, may have access to this data. Providing personal data is not required by law. However, your personal data is necessary to process your request and may be required to conclude a contract. Please understand that we reserve the right not to process your request or to refuse to conclude a contract if you do not provide the required personal data.
Processing of your personal data in connection with cookies or other identifiers
We and other third-party providers process your personal data and store information (e.g., via cookies or other identifiers) on your device or access such information. If this information is not strictly necessary for providing the requested telemedia service, we will ask for your consent in accordance with Section 25(1) TTDSG. If we use this information to facilitate the use or further development of our website, this is based on Article 6(1)(f) GDPR. Where processing is legally required, we rely on Article 6(1)(c) GDPR. Where processing is carried out for analysis, personalization, or the display of interest-based advertising, we do so based on your consent pursuant to Article 6(1)(a) GDPR. Further information on this processing, the scope of your consent (which can be withdrawn at any time), and the information required under Article 13 GDPR can be found in our consent manager or Consent Management Platform (CMP), which you can access at any time via our website.
4. How long will my data be stored?
In general, we only store your personal data for as long as is necessary to fulfill the purpose underlying the respective processing or to comply with legal requirements.
5. Is personal data also transferred to recipients outside the European Union or outside the European Economic Area (EEA)?
We also intend to transfer your personal data to recipients located in non-EEA countries. In such cases, we ensure before the transfer that the recipient either provides an adequate level of data protection (e.g., based on an adequacy decision by the European Commission or by agreeing on EU Standard Contractual Clauses) or that valid consent has been obtained.
You can request an overview of recipients in third countries as well as a copy of the specific safeguards agreed to ensure an adequate level of data protection. Please use the contact details provided in the Contact section.
6. Is automated decision-making, including profiling, used in the context of processing my personal data on this website?
Automated decision-making, including profiling, does not take place (Article 22(1) and (4) GDPR).
7. What are my rights?
You have the right of access (Article 15 GDPR), rectification (Article 16 GDPR), and erasure (Article 17 GDPR) or restriction of processing (Article 18 GDPR). Where we process personal data based on legitimate interests pursuant to Article 6(1)(f) GDPR, you have the right to object to the processing (Article 21 GDPR). Whether your objection is successful will be assessed by balancing the respective interests. Where processing is based on your consent or is carried out for the performance of a contract, you may also have the right to data portability (Article 20 GDPR).
Without prejudice to the rights described above, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.
This privacy notice was created by WeData GmbH (www.we-data.de).