Version as of 11.06.2019
In this data protection declaration we, the shareholders and managing directors of LegalFly GmbH (hereinafter LegalFly, we or ourselves), explain how we collect and otherwise process personal data. This is not an exhaustive description; other data protection declarations, contractual agreements, general conditions of participation or similar documents may regulate specific circumstances. Personal data means any information relating to an identified or identifiable person.
If you provide us with personal data of other persons (e.g. data of employees, accompanying passengers), please make sure that these persons are aware of this data protection declaration and provide us with their personal data only if you are allowed to do so and if the corresponding personal data is correct.
This privacy statement is based on the EU Data Protection Basic Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is important for us in certain circumstances, because Swiss data protection law is strongly influenced by EU law and we also address our services to citizens of the European Union (EU) and to citizens of third countries resident within the EU.
1. Person in charge
LegalFly is responsible for the data processing that we describe here, unless otherwise stated in individual cases. If you have any data protection concerns, you can contact us at the following contact address:
9000 St. Gallen
Please title your request with the remark "Data protection".
2. Collection and processing of personal data
We primarily process personal information (such as flight details, identity card and passport information, bank transfer details) that you provide (by subscribing to a newsletter, filling out web forms to claim compensation from an airline, or other communications) in order to obtain a service offered by us (advice, assistance and representation in the enforcement of claims or assignment of claims to LegalFly, etc.). In general, we process the personal data necessary or helpful to enforce claims for compensation against domestic and foreign airlines and related companies and the other services we offer. We also collect and process personal information collected in connection with the use of our website (e.g. IP address of the smartphone or computer, information about your device and settings, cookies, date and time of visit, pages and content viewed, functions used, referring website, location).
To the extent permitted, we also extract certain data from publicly accessible sources (e.g. commercial registrars, the press, the Internet, flight databases) or receive such data from authorities or other third parties. We also collect and process information about you that we receive from people around you (business partners, consultants, legal representatives, insurance companies, etc.) because we can enter into or process contracts with you or with your involvement (e.g. your address for deliveries, powers of attorney, information from banks, information from the media and the Internet about your person).
3. Purpose of data processing and legal bases
We use the personal data collected by us primarily in order to conclude and process our contracts with our customers and business partners, in particular to enforce claims for compensation from domestic and foreign airlines for our customers. We also use them to purchase products and services from our suppliers and agents and to comply with our legal obligations at home and abroad.
In addition, we process personal data from you and other persons, to the extent permitted and deemed appropriate by us, also for the following purposes in which we (and sometimes also third parties) have a legitimate interest corresponding to the purpose:
- Assertion of the claims by our customers with reference to and reference to existing proceedings in procedural constellations similar to those already conducted
- Offer and further development of our offers, services and websites, apps and other platforms on which we are present;
- Communication with third parties and processing of their enquiries (e.g. applications, media enquiries);
- Review and optimisation of procedures for needs analysis for the purpose of addressing customers directly and collection of personal data from publicly accessible sources for the purpose of customer acquisition;
- Advertising and marketing (including the implementation of events), provided that you have not objected to the use of your data (if we send you advertising from us as an existing customer, you can object to this at any time; we will then place you on a blocking list against further advertising mailings);
- Market and opinion research, media monitoring;
- Assertion of legal claims and defence in connection with legal disputes and official proceedings;
- Prevention and clarification of criminal offences and other misconduct (e.g. carrying out internal investigations, data analyses to combat fraud);
- Warranties of our operations, in particular IT, our websites, apps and other platforms;
- Video surveillance for the protection of domestic rights and other measures for IT, building and plant security and protection of our employees and other persons and assets belonging to or entrusted to us (e.g. access controls, visitor lists, network and mail scanners, telephone recordings);
- Cooperations or other forms of cooperation with other institutions and the associated transfer of personal data.
If you have given us your consent to process your personal data for certain purposes (for example, when you register to receive newsletters), we will process your personal data within the scope and on the basis of this consent, unless we have another legal basis and we need one. A given consent can be revoked at any time, but this has no effect on data processing that has already taken plac.
4. Cookies / Tracking and other Technologies relating to the use of our website
We typically use "cookies" and similar techniques on our websites to identify your browser or device. A cookie is a small file that is sent to your computer or automatically stored on your computer or mobile device by the web browser you use when you visit our website. When you return to this site, we may recognize you even if we do not know who you are. In addition to cookies, which are only used during a session and are deleted after your visit to our website ("session cookies"), cookies can also be used to store user settings and other information for a certain period of time (e.g. two years) ("permanent cookies"). However, you can set your browser so that it rejects cookies, saves them only for one session or otherwise deletes them prematurely. Most browsers are preset to accept cookies. We use permanent cookies to help us better understand how you use our offers and content and to enable us to provide you with customized offers and advertisements (which may also happen on websites of other companies; however, we will not tell them who you are if we know this ourselves, because they will only see that their website is the same user who was on a particular page with us). Some of the cookies are set by us, some by contractors with whom we work. If you block cookies, certain functions (e.g. language selection, shopping basket, ordering processes) may no longer work.
In our newsletters and other marketing e-mails, we include some and as far as possible visible and invisible picture elements in our newsletters and other marketing e-mails, by whose retrieval from our servers we can determine whether and when you have opened the e-mail, so that we can measure and better understand how you can use our offers and tailor them to you. You can block this in your email program; most are preset to do so.
By using our websites and consenting to receive newsletters and other marketing emails, you consent to the use of these techniques. If you do not wish to do so, you must set your browser or e-mail program accordingly.
We sometimes use Google Analytics or comparable services on our websites. This is a service provided by third parties, which may be located in any country of the world (in the case of Google Analytics, it is Google LLC in the USA, www.google.com), with which we can measure and evaluate the use of the website (not personal). Permanent cookies set by the service provider are also used for this purpose. The service provider does not receive any personal data from us (nor does it keep any IP addresses), but can track your use of the website, combine this information with data from other websites that you have visited and which are also tracked by service providers, and use this information for its own purposes (e.g. advertising control). If you have registered with the Service Provider yourself, the Service Provider will also know you. The processing of your personal data by the service provider is then the responsibility of the service provider in accordance with its data protection provisions. The service provider merely informs us how our respective website is used (no information about you personally).
5. Data sharing and data transfer abroad
In the course of our business activities and for the purposes set out in section 3, we shall also disclose data to third parties as far as permitted and appropriate, either because they process it for us or because they wish to use it for their own purposes. This applies in particular to the following positions:
- service providers (e.g. foreign law firms, banks, insurance companies), including contractors (e.g. IT providers);
- Dealers, suppliers, auxiliary persons (such as in particular invited speakers, conference leaders etc.) and other business partners;
- Domestic and foreign authorities, public authorities or courts, arbitration boards and arbitration tribunals;
- Public, including visitors to websites and social media;
- Competitors, industry organisations, associations, organisations and other bodies;
- other parties in possible or actual legal proceedings;
all together receivers.
These recipients are mainly domestic, but can be in any country in the world. In particular, you must expect your data to be transferred to all countries where the service providers we use are located (e.g. Amazon Web Services, Google Cloud).
6. Duration of the storage of personal data
We process and store your personal data as long as it is necessary for the fulfilment of our contractual and legal obligations or otherwise the purposes pursued with the processing, and furthermore in accordance with the legal duties of storage and documentation. As soon as your personal data are no longer required for the purposes mentioned under point 3, they will be deleted or anonymised as far as possible. If the data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted.
7. Data security
We take appropriate technical and organizational security precautions to protect your personal information from unauthorized access and misuse, such as IT and network security solutions, access controls and restrictions, and other controls.
8. Obligation to provide personal data
As part of our business relationship, you must provide the personal information necessary to establish and conduct a business relationship and to fulfill the contractual obligations associated therewith (you do not normally have a legal obligation to provide us with data). Without this information, we will generally not be able to enter into or complete a contract with you (or the entity or person you represent). The website can also not be used if certain information to ensure data traffic (such as IP address) are not disclosed.
9. Profiling [and automated decision making]
We process your personal data partially automated with the aim of evaluating certain personal aspects (profiling). We use profiling in particular to provide you with targeted information and advice on products. We use evaluation tools that enable us to communicate and advertise according to your needs, including market and opinion research.
10. Rights of the data subject
You have the right to information, correction, deletion, the right to restrict data processing and otherwise to object to our data processing and to the surrender of certain personal data for the purpose of transfer to another location (so-called data portability) within the framework of the data protection law applicable to you and to the extent provided for therein (such as in the case of the GDPR). Please note, however, that we reserve the right to assert the statutory restrictions on our part, for example if we are obliged to store or process certain data, if we have an overriding interest in it (to the extent that we may invoke it) or if we need it for the assertion of claims. If you incur any costs, we will inform you in advance. We have already informed you about the possibility of withdrawing your consent in section 3. Please note that the exercise of these rights may conflict with contractual agreements and this may have consequences such as premature termination of the contract or cost consequences. In this case, we will inform you in advance if this has not already been contractually agreed.
The exercise of such rights generally requires that you prove your identity unambiguously (e.g. by a copy of your identity card, where your identity is otherwise not clear or cannot be verified). In order to assert your rights, you can contact us at the address given in section 1.
Every data subject also has the right to have his or her rights enforced in court or to lodge a complaint with the competent data protection authority.
We may change this privacy statement at any time without notice. The current version published on our website applies. If the data protection declaration is part of an agreement with you, we will inform you in the event of an update about the change by e-mail or other suitable means.