Data Protection Policy
Which companies does this policy apply to
Condor is a part of the Thomas Cook Group Airlines and the wider Thomas Cook Group Plc that includes a number of companies registered within the European Union and overseas.
Thomas Cook Group Airline consists of the following companies processing customer data:
- Condor Flugdienst GmbH
- Thomas Cook Airlines Ltd
- Thomas Cook Airlines Scandinavia A/S including Airshoppen, which operates the online duty free shop “Airshoppen”
- Thomas Cook Airlines Balearics
When we say ‘we’ or ‘us’ in this Policy, we are sometimes also referring to these companies that make up Condor´s businesses (depending on the type of Services you use). Depending on the nature of your contact with Condor your personal data can also be processed by the companies mentioned above.
What types of personal data do we collect about you and why
We collect certain personal data about you and about any other person you include in your booking. The sort of personal data we collect is information that you provide to us, that we collect from you or observe about you, or that we obtain from other sources.
Personal data you give to us
When you make a booking or other purchase or enquiry we will ask you for your name, title, address, e-mail address, telephone number, date of birth, payment data. and personal travel preferences. For credit card payment we ask for the card holder, card number, expiry date, and CVC/CVV, for SEPA Direct Debit we ask for the bank account holder, IBAN, BIC, address, e-mail address, and telephone number. Payment information can also be forwarded to payment providers in an encrypted manner. We need to collect this information in order to arrange the travel and other services you are requesting.
For flights to certain countries Condor is required to provide Secure Flight data and Advanced Passenger Information (API) for each passenger. In practical terms, Secure Flight data means: Title/gender, first name, family name, date of birth, redress number (if any). These will automatically be recorded at the time of making bookings. API must be entered separately: in advance via the API data form available on our website, or at Check-In. For API we will collect your passport data and for flights to the US we will ask you for additional information, which is Country of residence and your full first address during your stay in the US. Without collecting this kind of data and providing it to the authorities, Condor is not allowed to transport the passengers. It also ensures we fulfil our legal requirements to share personal data with relevant customs and immigration authorities (‘Relevant Authorities’) (if applicable).
When you make a purchase from our online duty free shop, Airshoppen, we will ask you for your title, full name, payment card details, booking information and e-mail address. We need this information in order to process the sale for you.
If you want us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested.
If you enter a competition or promotion, or if you report a problem with any of our Services, we will collect your name and relevant contact information and any other personal information you choose to give us.
If you complete any of our customer feedback questionnaires/surveys after a flight with Condor, we will collect your name, your relevant contact information as well as the booking information, especially the flight details. We may provide this information to third party providers for the creation of statistical reports, which do not identify any individuals.
If you contact us online, we may keep a record of your name, address, e-mail, telephone number, date of birth, bank details, profession, title, memberships in associations; if the chat function is used, also e-mail and IP address. If you call us by telephone, we may - with your consent - monitor and/or record phone conversations for training and customer service reasons.
If, when using our Services, or making a search on our website you enter or provide any of your personal data (including telephone number or e-mail address), but do not make a booking or other purchase, we will keep and use the data you’ve provided for a limited time and purpose, as mentioned below.
To help us keep your information current, accurate and complete, please ensure you tell us if anything needs to be changed.
Personal data we collect and/or observe about you
Based on how you have used our Services in the past and your activity on our website, social media channels, with our contact centre or directly with Condor, we collect the following personal data about you:
- Details of the services we have provided to you in the past, including your previous travel arrangements, such as flights and other additional services, and matters related to those arrangements, such as details of your previous requirements, feedbacks or complaints.
- We collect details of your visits to booking areas via our Sites and Apps (including, but not limited to flight data, search data, traffic data, website interaction, location data), and of the resources that you access. With your consent, we use third party technology services, such as Google Analytics and SessionCam Ltd to administer these services. Read on to find out more
The website www.condor.com uses services like Google Analytics, a web analysis tool from Google Inc. ("Google"). Google Analytics uses so-called "cookies", i.e. text files stored on your computer that make it possible to analyse your website usage. The information the cookie generates about your use of this website is transmitted to and stored on Google servers in the EEA and in the USA. Google uses this information to evaluate your use of the website, to compile reports on website activities for the website operator, and to provide other services associated with website and Internet use. Google may also share this information with third parties, if required to do so by law, or if the third parties are processing this data on behalf of Google.
Google will never link your IP address with other data stored by Google. You can stop cookies from being installed by configuring your browser software accordingly via the relevant setting; however, please note that this may mean that you cannot fully utilise all the functions of this website. By using this website, you consent to allow Google to process the data collected about you in the manner described above and for the aforementioned purpose. You can opt out at any time, so that data will no longer be collected and stored in the future. You can use the following plug-in for this: https://tools.google.com/dlpage/gaoptout?hl=en Google’s Privacy Shield certification can be read at: https://privacy.google.com/businesses/compliance/#?dal_active=none
Our website uses the anonymisation function from Google. IP addresses are thus only stored and processed in abbreviated form, so that data cannot be traced back to a specific individual.
Our web site may use SessionCam for analysis. SessionCam is a product that has been developed by SessionCam LTD. SessionCam may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include bank details or any sensitive personal data. Data collected by SessionCam ist for internal use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.
We collect details of website(s) you visited before you use a link to our Sites, pages visited in our Sites, time spent on each page, what products you were interested in, what products you have purchased, and when you have left our website(s).
We may collect information about your computer (or mobile device/tablet) including, where available, your IP address, operating system, device location, browser type, cookie identification numbers, for system administration purposes and marketing purposes This is statistical data about our users' browsing actions and patterns, and any reports we share do not identify any individuals.
We may collect hashed e-mail addresses for the sole purpose of cross device tracking. Hashed e-mail addresses are coded and cannot be linked or assigned to any personal data.
Personal data obtained from other sources
We might also receive your personal data from third party sources who collect information about you on our behalf. This includes:
- If you tell a third party that you would like to receive marketing communications from Condor, they will securely transfer your contact details and marketing preferences to us.
- If you book one of our flight seat sales through a third party travel agent, certain personal data (as applicable to your booking, such as your name, address, e-mail, date of birth or any special requirements you have) will be passed to us to provide the services you have requested/booked.
Where is your data stored and who it’s shared with
Your personal data is held on a combination of our own systems and systems of the suppliers we use to provide our services.
When you give your personal data to us, some of the personal data you provide will be processed in own systems, some will need to be given to, processed, and stored by relevant third parties. These parties include:
- our technology and data management partners who help us to administer the services we provide
- our travel partners, such as third party airlines and airlines within the Thomas Cook Group Airline, airports, insurance companies and ground handling agents, so that they can provide you with the arrangements and assistance you require.
- our card payment facilitators, that help us process customer payments and assists us in detecting and preventing fraudulent payments or bookings.
Some of these third parties may be based outside of the European Economic Area (“EEA”). Organisations that are based outside of the EEA may not be subject to the same level of controls in regard to data protection as those within Germany and the EEA. We only transfer your data to third parties outside of the EEA where your personal information will be subject to one or more appropriate safeguards set out in the law. These should be the use of standard contractual clauses in a form approved by regulators, or aiming at our suppliers sign up to an independent privacy scheme approved by regulators (like the US ‘Privacy Shield’ scheme). To learn more about the destinations Condor is operating in click here.
In order for you to travel, we may be required to disclose certain of your personal data to government bodies or other authorities in Germany and in other countries, such as those responsible for immigration, border control, law enforcement, security and anti-terrorism. Even if it is not mandatory for us to provide information to such authorities, we may exercise our discretion to assist them where appropriate in the interests of detecting and preventing criminal activity.
We may disclose your personal information to any member of the Thomas Cook Group plc for administrative purposes, (those administrative purposes include holding your data on central/shared systems for administering bookings and supporting customers in destination countries). Thomas Cook Group plc means our subsidiaries and, our ultimate holding company and its subsidiaries. For example, where you have booked a flight with a third party airline or another Thomas Cook Group Airline, your data will be transferred to the airline providing your flight (as applicable).
We may pass your data to relevant third parties or the purpose of detecting and preventing fraudulent payments or bookings.
How do we use your information when providing our services to you
In order to provide our services to you, we use the information we hold in a number of different ways. We process your information either because it is necessary for us to do so as part of a contract you enter into, because we have a legitimate interest for doing so, or because we have a Legal Obligation to.
The following activities are carried out by us using your personal data because it is necessary in relation to a contract which you have entered into or because you have asked for something to be done so you can enter into a contract:
- Administering your booking internally and communicating your booking externally with our suppliers, to ensure the services you have requested are arranged.
- To communicate with you regarding your booking or any additional or other purchases, including sending booking confirmation, travel documents, information and tipps about the booking (such as airport, check-in information), and to notify you about changes to our service.
- Provide Relevant Authorities with your Advance Passenger Information (API) prior to departure for flights to and from certain destinations outside the EEA. We may not be able to transport you to or from that destination without first providing your API to the Relevant Authorities. Some destinations may not provide you with as good level of protection of your personal data or rights, but we will always transfer the minimum amount of personal data that is required in order to carry out our contract with you.
We may use and process your personal information as set out below where it is necessary for us to carry out activities for which it is in our legitimate interests as a business to do so:
To improve the customer experience, our products & services:
- To allow you to participate in interactive features of our Sites and Apps, when you choose to do so. When using the Condor website or Condor App, you can choose not to use interactive features by changing your settings.
- To ensure that content from our Sites, Apps and booking systems is presented in the most effective manner for you and for your computer.
To inform you about Products and Services related to your flight:
- Typical types of products and services that can be booked/purchased through Condor Flugdienst GmbH and travel related services from our TC Group Airline: Flights and flight ancillary services (such as in-flight meals and Airshoppen online duty free service), from Thomas Cook Airlines Ltd and Thomas Cook Airlines Scandinavia A/S. Other products and services offered by third parties: Car hire, travel insurance, airport parking, airport hotel, lounge pass; hotels & flights, rail & fly. To learn more about our partners, click here.
- If you have made an enquiry or purchase with us or one of our partners your personal data may be used by us in the ways the law allows, to contact you by post, electronic means (e-mail or text message) and/or by phone with information and offers relating to these products or services.
- You will only receive information on Products and Services from Condor about those which we think are relevant to you.
- We will not pass your contact details to a third party to contact you or send you marketing communications unless you have expressly agreed that we may do so.
- You can unsubscribe from such e-mails, this option will be included in each e-mail sent to you apart from essential operational e-mails.
For internal research/analysis to improve the quality of our Services, the products we offer and new products we are developing by:
- Asking you to take part in surveys or customer/business discussion groups to constantly improve our products.
- Aggregated customer data to make informed decisions based on analysis of customer booking/purchase trends and behaviours.
For the establishment, exercise or defence of legal claims
To protect our business against financial loss:
- For obtaining information about creditworthiness in the event of doubt, the information on our customers can be forwarded to credit bureaus (such as Creditreform) before making a booking.
- For collection of outstanding payments before departure, we pass on the customer data to our airport agents in order to collect the payments.
- For collection of the claim in case of outstanding claims after the flight, we will forward the booking information (i.e. the information you provided during the booking process) to our collection agencies.
- For payment and booking transaction verification.
- For preventing and detecting fraudulent or criminal activity.
To promote our business, brands and products and measure the reach and effectiveness of our campaign:
- To send marketing correspondence about products and services provided by Condor, similar to those you have previously bought from us. You can opt out from and object to marketing information and this option will be included in every marketing message we send you. See the section ‘When and how do we use your information for marketing for more information’.
We may use and process your personal information as set out below where we have your consent to do so:
- To assist you or arrange for assistance to be provided to you by third parties where you have special requirements in regards to medical conditions, special assistance and dietary requirements.
- To send marketing correspondence (including newsletters) about our products and services where we have asked for your permission to do so. See the section ‘When and how do we use your information for marketing for more information’.
- If you have not made an enquiry or purchase, we will only send you information and offers by e-mail or text message if you sign up (opt in) to receive such marketing, directly through us or by a third party company which sends out the information and offers on our behalf.
- To contact you if you make an enquiry with us on our website but do not complete a booking to check if there was a problem or you need any assistance to book.
- To display you with targeted advertising delivered online through social media and other platforms or websites operated by other companies. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the Cookies Policy.
- To call you asking you to take part in surveys to constantly improve our products
- We identify links between your attributes and your behaviours and markets to others with the same attributes, in our direct marketing campaigns and through targeted advertising delivered through our Sites, Apps or third party platforms including social media channels.
- We tailor and personalise our interactions with you to make them more relevant to your interests. These interactions include your journey around our Sites and the content that appears on it and marketing communications we send or show to you in our direct marketing campaigns and through online targeted advertising described in the paragraph above. Please see ‘How we personalise marketing for you’ for more information.
We may use and process your personal information as set out below where there is a legal requirement for us to do so:
- For resolving complaints, dealing with disputes and legal proceedings. This might include contacting you proactively if we need to resolve any issues you may be experiencing or have experienced with a booking/purchase.
- For Processing Advanced Passenger Information (API) in advance of departure of flights to ensure that we meet our legal requirements to share your API data with Relevant Authorities.
We and third parties acting on our instructions, such as external law firms may use and process your personal information as set out below where we consider that it is in your vital interests that we do:
- To assist you or arrange for assistance to be provided to you by third parties in the event of an incident or emergency.
How do we personalise our marketing to you
To try and ensure that our marketing communications and advertising are relevant to you, we work with third parties to offer a better experience to customers and potential customers. You can find out how we do this by reading more here.
Using new technologies and with the help of our advertising agencies and marketing activation platforms we may use your personal information in the following ways:
- to try to ensure any marketing communications we send to you are offering products or services likely to be of interest to you.
- to tailor and track our digital marketing (for example, our internet banner advertisements) and links from our marketing partners' websites to our Sites. This digital marketing may include marketing related to Condor and/or Thomas Cook Group Plc or marketing related to third parties to whom we provide advertising services.
Our business partners and advertising networks may also serve you with adverts on our Sites. We allow third parties to collect information about your online activities using cookies and other technologies.
The third parties may include other Thomas Cook companies, our suppliers/business partners who collect information when you view or interact with an advert on one of our Sites, and advertising networks. We also collect information about your online activities using cookies and other technologies when you use websites other than our Sites to provide advertising services to third parties. This technology allows us to display an advert to you on other websites based on your page visits and other behaviours whilst on our Sites.
The information collected by these third parties might be used to make predictions about your preferences or interests and to display adverts on our Sites or across the internet appropriate to those perceived interests. Please see our Cookies Policy for more information.
What you need to do if you don’t want our marketing communications
We understand you might no longer want to hear from us and that’s ok. It is easy to opt-out or unsubscribe, please read more here.
You have the right at any time to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by choosing not to actively opt in to receiving marketing communication during our online booking process. You can also exercise this right at any later time by using the unsubscribe link on any marketing e-mail you receive, by following the opt-out instructions on any direct marketing communication sent by post, or by sending an unsubscribe request to firstname.lastname@example.org.
Please note – when you unsubscribe from marketing in respect of flights seat sale or related travel services, this opt-out will apply only to the Thomas Cook company making the marketing communication. If you receive marketing directly from Airshoppen and if you wish to opt-out from their direct marketing you will need to follow the instructions on their website or follow unsubscribe notices in their marketing communications.
Your rights in relation to any personal data we hold about you
You have a number of rights in relation to your personal information under data protection law. To find out more, please read here.
Your Right to Access Your Personal Information
You have the right to make a Data Subject Access Request in many circumstances. That is a request for access to the personal information that we hold about you. If we agree that we have to provide personal information to you (or someone else on your behalf), we’ll provide it to you or them free of charge.
We may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information. That may include information about your previous booking(s) or other purchases. If someone is acting on your behalf they will need to provide written and signed confirmation from you that you have given your authority to that person/company for them to make the request.
We will ask for this to be provided before we give you (or another person acting on your behalf) a copy of any of your personal information we may be holding. We may not provide you with a copy of your personal information if it includes the personal information of other individuals or we have another lawful reason to withhold that information.
Please see the section titled ‘How to Contact Us’ if you need to make a Data Subject Access Request
Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/e-mail address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting our customer service team here.
Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out in section above titled ‘How do we use your information when providing our services to you’, you may withdraw your consent at any time. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, please see the section titled 'What you need to do if you don’t want our marketing communications’ for further details.
If you would like to withdraw your consent to us processing any information concerning dietary requirements, medical conditions, disabilities and special requirements, please contact us at email@example.com. Please note if you ask us to stop processing this information, it may mean we won’t be able to provide all or parts of the services you have requested.
If you withdraw your consent, our use of your personal information before you withdraw can still be lawful.
Objecting to our use of your personal information
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), you may object to us using your personal information for these purposes by e-mailing or writing to us at the address provided at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter.
If we agree that your objection is justified in accordance with your rights under data protection law, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by e-mailing or writing to us at the address at the end of this policy.
Provided we do not have any continuing lawful reason to continue processing or holding your personal information, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. We may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out in section titled ‘How do we use your information when providing our services to you’, you may ask us to provide you with a copy of that information in a structured data file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if it contains the personal information of other individuals or we have another lawful reason to withhold that information.
How to contact us
For queries about this policy and for subject requests, please contact us at firstname.lastname@example.org or in writing to:
Condor Flugdienst GmbH
60549 Frankfurt am Main
Once you have made your subject request and provided us with the information we need to begin a search for the data we hold on you (including proof of identity), we will have 30 days to respond.
Alternatively, you can contact our Group Data Protection Officer by GroupDPO@ThomasCook.com, +44 (0)207 557 6400, or at Thomas Cook Group plc | 3rd Floor, South Building | 200 Aldersgate | London EC1A 4HD | United Kingdom.
Making a complaint
We encourage you to contact us if you have a complaint and we will seek to resolve any issues or concerns you may have.
You have the right to lodge a complaint with the data protection regulator where you believe your legal rights have been infringed, or where you have reason to believe your personal information is being or has been used in a way that doesn’t comply with the law. The contact details for the Data Protection Authority of Hesse is as follows:
Der Hessische Datenschutzbeauftragte
Keeping hold of your personal data
For retention and deletion of your personal data we follow our legal obligations and internal processes. If you want to find out more about retention and deletion of your data, please click here.
Where you’ve made a booking or other purchase with us, your personal information will be retained to ensure we provide the best possible customer service to you.
We also retain your personal data for legal and audit purposes only for as long as necessary and in accordance with any retention period required by law.
What is our approach to data security
We take data security very seriously, to find out our approach to this please read more here.
The transmission of information via the internet is not completely secure, and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Sites, therefore any transmission is at your own risk.
Once we have received your information, we will take all reasonable steps to keep your personal data secure and to try to prevent any unauthorised access, use or loss of your data, by putting in place appropriate security measures and limiting access to those who have a business need to know.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping that password confidential. We ask you not to share a password with anyone.
We have a process to deal with any suspected personal data breach and will notify you and the Data Protection Authority of Hesse of a breach where legally required to do so.
Following a link from our website to a third party website
Our Sites include links to other websites which include privacy policies of their own. To learn more about this, please read here.
Our Sites contains links to and frames of websites of our principals, suppliers, advertisers and other third parties.
You can tell when a third party is involved in supplying a product or service you have requested because their name will appear with ours.
If you follow a link or otherwise use any of these other websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies or for these third party websites. Please check these policies before you submit any personal data to these websites.
Some cookies are essential to make our Sites work properly and to allow you to make your travel booking or other purchases and enable us to fulfil your purchase requests
Customer Experience Cookies (Analytics, Customisation & Tracking)
These types of cookies help us to provide you with a good experience when you browse our Sites and allow us to track your experience between different devices to improve our Sites or the way we provide our service to customers.
Third party adverts on our Sites and social media
This type of advertising is intended to provide you with a selection of products/services that you’ve viewed on other third party websites, or social media channels, which are presented to you by our agency when you visit our Sites or social media channels.
The adverts may feature variations on the products/services that might be considered relevant to your browsing history on these other third party websites.
Thomas Cook adverts on third party websites
This type of advertising is intended to provide you with a selection of travel related products/services that you’ve viewed on our website, which are presented to you by our agency when you visit other selected websites or social media channels. The adverts may feature different Thomas Cook products/services that might be considered relevant to your browsing history.
We use advertising solutions to serve you these advertisements. Where we share data for the purposes mentioned above, it is encrypted and does not include your name.
A summary of both the essential, customer experience (non-essential), and advertising cookies used on the website you are on can be viewed here.
- If you choose to remove cookies parts of website you are on may not work properly or your use of the website may be impaired.
- If you choose to use this website you are on without declining any non-essential cookies, then your use will constitute implied consent to the non-essential cookies that are set.
You can opt-out of third-party advertising networks using your information for interest-based advertising. Our Sites participate in Google DoubleClick for Publishers (DFP) partner network, you can opt-out of this here.
You will need to opt-out on each device you use to access our Sites. Your information will not be shared with our third party advertising network partners for the purpose interest-based advertising if you opt-out, however, you will continue to receive interest-based advertising from Condor and Thomas Cook and its business partners when using Condor and Thomas Cook websites.
Please note these opt-out mechanisms use a cookie on your device, and if you clear the cookies from your browser it will ‘forget’ the opt-out.
Alternatively you can review cookies by accessing the preference panels from your browser's main menu (usually found under ‘Edit’, ‘Tools’ or ‘Options’). Do not track (DNT) is a feature offered by some browsers, with some newer browsers offering it as default. If you enable it, it sends a signal to websites to request that your browsing isn't tracked, for example by third party advertisers or social networks, or analytic companies. No industry-wide agreed standard to determine how DNT requests should be managed has been put in place, so our website doesn’t currently support DNT requests. Until that standard is established, we'll continue to review DNT and other new technologies, but won't respond to DNT requests.