Information about cookies and similar technologies
This section explains how we use cookies and similar technologies at miles-and-more.com. This supplements our Data Protection Policy for the Miles & More website, app and communication media.
We use cookies, local and session storage as well as web beacons to ensure that our service is as user-friendly as possible.
1. Cookies
A “cookie” is a small text file that a web server (for example the www.miles-and-more.com web server) sends to your browser when you visit a website. The cookie file is stored or rejected depending on your browser settings. If the file is stored, our web server can recognise your device. The cookie can save you having to re-enter information the next time you visit the site or when you switch between functions that require you to enter a password. Cookies therefore make it easier for you to use websites that require user information.
We use:
- Session cookies
These expire at the end of the browser session and are used to record your browsing activities. They are deleted when you close your browser.
- Permanent cookies
These are stored on your device between different browser sessions and can record your settings or activities on multiple websites. They are deleted after a predefined period that can vary depending on the cookie. You can also delete the cookies at any time, however, in your browser settings.
- Session storage
Comparable to the use of cookies. Session storage means data is stored in your browser and deleted when you close your browser.
- Local storage
This is also comparable to the use of cookies. It permits the more secure, longer-term storage of information. See “Local storage” for further information.
- Operationally essential
These cookies are absolutely essential for the operation of the website and facilitate logging in, redeeming miles and security features, for example. These types of cookies also allow us to recognise whether you wish to remain logged in to your profile so that you can access our services more quickly the next time you visit our website. - Personalisation
These cookies are used to display personalised content to you that matches your interests. This makes it possible to present offers that are especially relevant to you. - Analysis and statistics
We use tools to improve the user-friendliness and optimise the performance of our website. These help us to find out how users move around the site, where problems occur while using the site and which processes cause difficulties for users. - Advertising
We use marketing and third-party cookies for the purposes of optimising, analysing and personalising advertising campaigns: (1) cookies to show you personalised advertising on other websites (Google Ads); (2) cookies to assign you to a target group list. If you are logged in as a member, your email address is used to generate a cryptographic attribute which is sent to our advertising partners. This enables us to show you advertising online and on social media that corresponds to your interests (Google Customer Match).
It is possible that your browser is already set up to display an alert every time it receives a cookie request. This alert can be very annoying, because the identification cookie must be sent again when you access each individual page on our website. We therefore recommend that you set up your browser to always allow cookies from www.miles-and-more.com. You can specify this setting for websites individually.
You can find out more about the use of cookies and how to disable them at meine-cookies.org or youronlinechoices.com.
Cookies
| mamcom_cl | MMG | This cookie remembers the language/country setting based on the location or the requested URL. | Session | Essential |
| mamcom_cl_last | MMG | This cookie remembers the user’s last language/country setting. | 1 year | Essential |
mamcom_resolvedcountryconflicts |
MMG |
Cookie that stores the requested decision when the country is changed. |
1 year |
Essential |
mamcom_resolvedlanguageconflicts |
MMG |
Cookie that stores the requested decision when the language is changed. |
1 year |
Essential |
mamcom_promo |
MMG |
This cookie recognises whether a member has already registered for a promotion and thus enables information to be displayed showing that the registration has already been completed. |
1 year |
Essential |
mamcom_cookieusage |
MMG |
This cookie enables the Cookie Usage Indicator (cookie information bar) not to be displayed again once the user has closed it. |
1 year |
Essential |
| STAT | MMG | This (short-term) cookie defines the end of “authenticated” status after login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 minutes | Essential |
STATInfo |
MMG |
This (short term) cookie defines the end of “authenticated” status after login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. |
30 minutes |
Essential |
| MFAT | MMG | This (multi-factor) cookie defines the end of “two-factor authenticated” status after a successful two-factor login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 10 minutes | Essential |
| MFATInfo | MMG | This (multi-factor) cookie defines the end of “two-factor authenticated” status after a successful two-factor login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 10 minutes | Essential |
| LTAT | MMG | This (long-term) cookie defines the end of “identified” status after login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 days | Essential |
LTATInfo |
MMG |
This (long-term) cookie defines the end of “identified” status after login. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. |
30 days |
Essential |
DWM_XSITECODE |
Amadeus |
This cookie determines which settings (such as texts, rules) should be used for the Award Flight booking. |
Session |
Essential |
um_jst |
Amadeus |
This cookie is used for the technical security of the current session during the Award Flight booking. |
Session |
Essential |
| ak_wfSession | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| ak_bmsc | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_sv | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_mi | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Essential |
| bm_sz | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 4 hours | Essential |
| _abck | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 1 year | Essential |
visitor |
Q.Two |
This cookie is used to track whether you have been redirected through miles-and-more.com to the Online Shopping partners. |
30 days |
Essential |
mamcom_consent_date |
MMG |
This cookie stores the date on which a user consented to the cookie. |
1 year |
Essential |
mamcom_consent_choice |
MMG |
This cookie stores the cookie selection made by the user. |
1 year |
Essential |
s_ecid |
Adobe Experience Cloud |
This cookie serves as a reference ID for identifying unique visitors if the AMCV cookie has expired.
|
2 years |
Essential |
AMCV_###@AdobeOrg Example: see (1) |
Adobe Experience Cloud |
This cookie is used to identify a unique visitor. |
2 years |
Essential |
| demdex | Adobe Experience Cloud | This cookie is used to identify a unique visitor on Miles & More websites. | 6 months | Essential |
s_cc |
Adobe Analytics |
This cookie is set to determine whether the browser permits cookies. |
Session |
Essential |
s_sq |
Adobe Analytics |
|
Session |
Essential |
s_vi |
Adobe Analytics |
|
2 years |
Essential |
s_vi_s |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
1 hour |
Essential |
s_vi_* |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
2 years |
Essential |
s_fid |
Adobe Analytics |
This cookie is used to identify a unique visitor if the standard s_vi cookie is unavailable due to third-party cookie restrictions. |
2 years |
Essential |
s_getNewRepeat |
Adobe Analytics |
This cookie is used to determine a new or returning visitor.
|
1 month |
Essential |
s_invisit |
Adobe Analytics |
This cookie is used to determine a new or returning visitor and the number of their visits. |
Session |
Essential |
s_ppv |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
Session |
Essential |
s_ppvl |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
Session |
Essential |
s_ppn |
Adobe Analytics |
This cookie is used to store the previous page that the user visited to track the scrolling behaviour. |
30 minutes |
Essential |
s_tp |
Adobe Analytics |
This cookie is used to store information about the percentage of the displayed page that the user has loaded. |
1 month |
Essential |
s_vnum |
Adobe Analytics |
This cookie is used to record the user’s number of visits. |
1 month |
Essential |
| mamcom_refresh_localstorage | MMG | This cookie launches an update of the available data in local storage following an update of the profile data. |
5 minutes | Essential |
| mamcom_{nonce} |
MMG | This cookie converts the value of the URL parameter “state” required during the authentication of the user and for back navigation on https://account.miles-and-more.com into a random alphanumerical figure. This allows for the pseudonymised processing of this value to authenticate the user through back-end systems. |
1 day | Essential |
| TUAT | MMG | During the booking process, users are given the option of registering for Travel ID. The TUAT cookie enables the data collected during the registration process to also be used for the booking process without requiring users to complete the registration process beforehand via the activation link. On its own, the TUAT cookie does not mean that users are logged in. The TUAT cookie is valid for 10 minutes. After that, it will no longer be able to retrieve data. |
10 minutes |
Essential |
| mamcom_alert | MMG | This cookie remembers whether the warning notification was actively closed by a user so that the notification won’t be displayed again for as long as the cookie applies. | 7 days | Essential |
| mamcom_appdownload_visitor | MMG | This cookie is only placed on mobile devices and remembers whether the website has already been opened in the same browser in the past. | 1 year | Essential |
| mamcom_appdownload_banner | MMG | This cookie is only placed on mobile devices and remembers how often the app banner has been closed in the same browser to prevent unwanted display of the banner. | 1 year | Essential |
| Device fingerprint | MMG | This cookie remembers the user’s trusted browsers for the purpose of two-factor authentication via the app, making it possible to log in on these browsers without an additional code from the authentication app. | 1 year | Essential |
mbox |
Adobe Target |
This cookie is used for A/B tests and for personalisation purposes. |
1 year |
Personalisation |
| {}{_}gcl_au |
Google (Google Campaign Manager, Display & Video 360, Google Ads, Search Ads 360) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| _gcl_aw |
Google (Google Ads) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| {}gcl_dc{_} | Google (Google Campaign Manager, Display & Video 360, Search Ads 360) |
These third-party cookies are used to process your data to create target group lists to show you advertising online and on social media that corresponds to your interests. |
90 days |
Advertising |
| _hjSessionUser_{site_id} | Hotjar | This cookie ensures that data from later visitors to the website is allocated to the same user. | 1 year | Analysis and statistics |
| _hjFirstSeen | Hotjar | This cookie identifies a new user’s first visit. | 30 minutes, extended depending on user activity. | Analysis and statistics |
| _hjHasCachedUserAttributes | Hotjar | This cookie checks whether the data in the local storage of the browser is still current or needs to be updated. | Session | Analysis and statistics |
| _hjUserAttributesHash | Hotjar | This cookie checks whether the user properties are still current or need to be updated. | 2 minutes, extended every 30 seconds. | Analysis and statistics |
| _hjUserAttributes | Hotjar | This cookie stores user attributes in hash form. | Local storage. No explicit expiry date |
Analysis and statistics |
| _hjViewportId | Hotjar | This cookie stores details of the user’s viewport, such as the size and dimensions. | Session | Analysis and statistics |
| _hjActiveViewportIds | Hotjar | This cookie stores which particular user viewports are active. | Local storage. No explicit expiry date |
Analysis and statistics |
| _hjSession_{site_id} | Hotjar | This cookie ensures that data from subsequent sessions are linked with one another. | 30 minutes, extended depending on user activity. | Analysis and statistics |
| _hjSessionTooLarge | Hotjar | This cookie ensures that Hotjar terminates data recording if a session becomes too long/large. | 1 hour | Analysis and statistics |
| _hjSessionResumed | Hotjar | This cookie ensures that sessions can be continued if the connection is interrupted. | Session | Analysis and statistics |
| _hjCookieTest | Hotjar | This cookie checks whether Hotjar can use cookies or not. | Is deleted immediately after it is created. Below a duration of 100 ms, the cookie expiry time is adjusted to the duration of the session |
Analysis and statistics |
| _hjLocalStorageTest | Hotjar | This cookie checks whether Hotjar can use the local storage or not. | Below 100 ms duration | Analysis and statistics |
| _hjSessionStorageTest | Hotjar | This cookie checks whether Hotjar can use the session storage. | The data stored in _hjSessionStorageTest does not have a duration of validity, but is deleted immediately after it is created. Below 100 ms duration. |
Analysis and statistics |
| _hjIncludedIn PageviewSample | Hotjar | This cookie checks the users’ limit recorded in the measurement using the page accesses. | 2 minutes, extended every 30 seconds. | Analysis and statistics |
| _hjIncludedIn SessionSample_{site_id} | Hotjar | This cookie checks the users’ limit recorded in the measurement using the maximum number of daily sessions. | 2 minutes, extended every 30 seconds. | Analysis and statistics |
| _hjAbsoluteSessionInProgress | Hotjar | This cookie recognises the user’s first access of the site. | 30 minutes, extended depending on user activity. | Analysis and statistics |
| _hjTLDTest | Hotjar | This cookie is used as a test cookie to ensure that Hotjar is functioning correctly. | Session | Analysis and statistics |
| _hjRecordingEnabled | Hotjar | This cookie informs Hotjar that a session recording has been initialised. | Session | Analysis and statistics |
| _hjRecordingLastActivity | Hotjar | This cookie shows Hotjar that data has been sent to the Hotjar server. | Session | Analysis and statistics |
| _hjClosedSurveyInvites | Hotjar | This cookie lets Hotjar know that a user has reacted to a survey invitation so that the user is not invited again. | 1 year | Analysis and statistics |
| _hjDonePolls | Hotjar | This cookie ensures that a survey is not displayed again if the user has already taken part. | 1 year | Analysis and statistics |
| _hjMinimized Polls | Hotjar | This cookie ensures that a survey remains minimised for as long as the user is navigating through the website. | 1 year | Analysis and statistics |
| _hjShownFeedbackMessage | Hotjar | This cookie ensures that a feedback report remains minimised for as long as the user is navigating through the website. | 1 day | Analysis and statistics |
| visitor | Q.Two | This cookie is used to track whether you have been redirected through miles-and-more.com to the Online Shopping partners. | 30 days | Essential |
| cl_last | Q.Two | This cookie remembers the user’s last language/country setting. | 1 year | Essential |
| consent_choice | Q.Two | This cookie stores the cookie selection made by the user. | 1 year | Essential |
name: AMCV_2F4160D5561546F97F000101%40AdobeOr
2. Web beacons
Web beacons are small graphic files (also known as “tracking pixels”, “pixel tags” or “clear GIFs”) that can be embedded in our websites, apps, applications and newsletters and are normally used in conjunction with cookies. All the information about cookies given above also applies to web beacons. Most notably, web beacons will not be used if you have rejected the use of the respective cookie.
3. Local storage
We use the function known as local storage. This means that your data (master data, status data and programme data) is stored locally in your browser’s cache once you have logged in. Your data is deleted after you have closed the browser window, except for your last chosen login method. This information is retained and can be retrieved the next time you access the website, unless you delete your browser’s cache. By using local storage, we facilitate the correct display of your data when you are surfing our website without slowing the process unnecessarily or overloading the interfaces.
If you do not want local storage to be used, you can change your settings accordingly in your browser at any time. Please note that if you do so, the functionalities of our website may be limited or no longer available. In particular, you will then not be able to access your personal profile.
Local storage
| Name | Description | Validity | Category |
|---|---|---|---|
ID |
Object ID |
Login session |
Essential |
Date of birth |
Date of birth |
Login session |
Essential |
Preferred language |
The preferred language in the user data |
Login session |
Essential |
Academic title |
The visitor’s academic title |
Login session |
Essential |
First name |
The visitor’s first name |
Login session | Essential |
Middle name |
All the visitor’s middle names |
Login session |
Essential |
Surname |
The visitor’s surname |
Login session |
Essential |
Gender |
The visitor’s gender |
Login session |
Essential |
Activity status |
Activity status |
Login session |
Essential |
Cardholder’s name |
Name stated on the service card |
Login session |
Essential |
Ticketholder’s name |
The name stated on the flight ticket |
Login session |
Essential |
Processing of personal data (PPD) |
Consent to the collection, storage and processing of personal data - Master data - Transaction data - Web tracking information - Status information |
Login session |
Essential |
Behaviour-based consent (BP) |
Consent to the collection and processing of personal data by the Lufthansa Group for commercial purposes |
Login session |
Essential |
Customer number |
The visitor’s customer number |
Login session |
Essential |
LHCOM alias (user ID and password authentication) |
The alias set up by the visitor when registering via their user ID and password |
Login session |
Essential |
LH-ID alias (email address and password authentication) |
The alias set up when registering with Lufthansa via their LH ID |
Login session |
Essential |
Service card number FTL |
Card number for FTL status |
Login session |
Essential |
Service card number INST |
Card number for INST status |
Login session |
Essential |
Service card number SEN |
Card number for SEN status |
Login session |
Essential |
Service card number HON |
Card number for HON status |
Login session |
Essential |
Branding |
Branding in accordance with the brand logic |
Login session |
Essential |
Registration date |
The visitor’s registration date |
Login session |
Essential |
Member’s status level |
The visitor’s status level |
Login session |
Essential |
Status basis |
The basis for the visitor’s status |
Login session |
Essential |
Registration source code |
The registration source code used by the member for registration |
Login session |
Essential |
Primary card number (service card number and PIN authentication) |
Value of the primaryCardNumber key in the membership data |
Login session |
Essential |
Membership status |
The visitor’s membership status |
Login session |
Essential |
poolOption |
Option for Mileage Pooling for the user |
Login session |
Essential |
Miles |
Mileage account balance
|
Login session |
Essential |
eVouchers |
Remaining value of the eVouchers |
Login session | Essential |
Points |
Points balance |
Login session |
Essential |
HON Circle Points |
HON Circle Points balance |
Login session |
Essential |
Flight segments |
Flight segments balance |
Login session |
Essential |
Select miles |
Select miles balance |
Login session |
Essential |
The number of Points still required to maintain status |
The number of Points still required to maintain status |
Login session |
Essential |
The number of flight segments still required to maintain status |
The number of flight segments still required to maintain status |
Login session |
Essential |
The number of Points still required to achieve a higher status |
The number of Points still required to achieve a higher status |
Login session |
Essential |
The number of flight segments still required to achieve a higher status |
The number of flight segments still required to achieve a higher status |
Login session |
Essential |
Fraud risk |
The fraud risk checked at the time of an Award Flight booking |
Login session |
Essential |
Recruiting partner |
The partner recruiting the visitor |
Login session |
Essential |
Registration partner |
The visitor’s registration partner |
Login session |
Essential |
Partner for further access |
The visitor’s partner for further access |
Login session |
Essential |
Expiry date of current status |
Date on which the current status expires |
Login session |
Essential |
Expected date for new Status Star |
The date on which the next Status Star is expected based on the Status Star Points rate (extrapolation) |
Login session |
Essential |
Object ID for contact point |
Contact point object ID |
Login session |
Essential |
Contact point usage |
The use of a contact point (PRIVATE only in future) |
Login session |
Essential |
Channel of the contact point |
Information about the channel of the contact point - Primary mobile phone number - Landline number - Fax number - Postal address - Email address |
Login session |
Essential |
Confirmation date |
Date on which the contact point was last confirmed |
Login session |
Essential |
Region/federal state |
Region/federal state of an address with the channel POST |
Login session |
Essential |
Country |
The country of an address with the channel POST The country of residence of a visitor at “standard”: true |
Login session |
Essential |
City |
The city of an address with the channel POST |
Login session |
Essential |
Street |
The street of an address with the channel POST |
Login session |
Essential |
addAddressLine |
Additional information of an address with the channel POST |
Login session |
Essential |
PO box |
The PO box number of an address with the channel POST |
Login session |
Essential |
Building |
The building information of an address with the channel POST |
Login session |
Essential |
Company name |
The company name of an address with the channel POST |
Login session |
Essential |
Postcode |
The postcode of an address with the channel POST |
Login session |
Essential |
PO box address |
The PO box indicator if the street or PO box of an address with the channel POST was specified |
Login session |
Essential |
Invalid address |
The indicator of a contact point that indicates whether the contact point is still valid |
Login session |
Essential |
Standard |
The indicator that indicates whether the contact point is the primary contact point - Primary email address - Primary mobile phone number - Primary postal address |
Login session |
Essential |
Email address |
The email address of a contact point with the channel EMAIL |
Login session | Essential |
International dialling code |
The international dialling code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Area code |
The area code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Number |
The number of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Essential |
Preferred departure airport |
Preferred departure airport |
Login session |
Essential |
Preferences for mobile boarding pass |
The preferred option for a mobile boarding pass |
Login session | Essential |
Subprogrammes |
All active and inactive subprogrammes of a visitor |
Login session |
Essential |
Subscriptions |
All the visitor’s subscriptions |
Login session |
Essential |
Consents |
All consents given by the visitor |
Login session |
Essential |
One-off consents |
All one-off consents given by the visitor |
Login session |
Essential |
Mileage expiry |
Information about mileage expiry |
Login session |
Essential |
Expiry of eVouchers |
Information about the expiry of eVouchers |
Login session |
Essential |
Extension marker |
The extension marker |
Login session |
Essential |
Remaining miles |
The number of remaining miles required for AC enquiries |
Login session |
Essential |
Tool pages |
The data stored to make the country and language-based functions of the last used tools available |
Login session |
Essential |
Benefit code |
The code that identifies the benefit |
Login session |
Essential |
Form of utilisation of a benefit |
Type of benefit: - OUTBOUND FLIGHT - INCENTIVE IN PROGRAMME CURRENCY - CURRENCY EXCHANGE - PARTNER CARD - PERSONAL |
Login session |
Essential |
Benefit status |
The status of the benefit: - OPTION - SELECTED - EXPECTED
|
Login session |
Essential |
Benefit threshold |
Threshold above which the benefit changes from the status EXPECTED to the status OPTION if not yet SELECTED
|
Login session |
Essential |
Expiry date of the benefit |
The expiry date of the benefit with the status OPTION
|
Login session |
Essential |
Maximum conversion value of the benefit |
The maximum conversion value of a benefit of the type CURRENCY EXCHANGE
|
Login session |
Essential |
Date of benefit selection |
The date on which the visitor selected the benefit
|
Login session | Essential |
Mileage exchange ratio for the benefit |
The possible conversion ratio for a benefit of the type CURRENCY EXCHANGE |
Login session |
Essential |
Updating intervals |
Timestamp of the last update of locally stored data |
Login session |
Essential |
Inbox information |
Information about documents stored in the inbox: date, quantity, number, ID, topic, content, expiry date, read/unread, origin |
Login session |
Essential |
Authentication: CSRF_TOKEN |
Every action that changes a status requires this secure random token to prevent CSRF attacks. |
Login session |
Essential |
Authentication: KEY_CUSTOMER_ID |
Returned by the authentication call and stored for further API calls |
Login session | Essential |
Authentication: KEY_LOGIN_TYPE |
Stores the last used form of login |
Continuing |
Essential |
mamcomreferrer |
Required to store the original past context before a change to the country and/or language |
Login session |
Essential |
mamcombacklinkisfallbackpage |
Required for storage if the current country and/or language selection reverts to the fallback page |
Login session | Essential |
Timestamp of the authorisation layer |
Stores the date on which the layer of an authorisation migration or authorisation maximisation was displayed to a visitor |
Login session |
Essential |
| favorites-state | Stores information about offers marked as favorite | Continuing | Essential |
| Feedback-id | Anonymous user identifier used to recognize whether feedback for a specific content has already been submitted. The identifier does not contain personal data and is not used for tracking or advertising purposes. | Continuing | Essential |
Session storage
Name |
Description |
Validity |
Category |
|---|---|---|---|
Response data for retroactive credit request |
Covers the status and amount of the retroactive credit request and is required to display the response on the thank-you page for the retroactive credit request |
Session |
Essential |
Process number |
The thank-you page for the retroactive credit request requires that the parameter for the session storage “requid” displays the process number. |
Session |
Essential |
4. Legal bases
The legal basis for the use of operationally necessary cookies is Art. 6(1)(1)(b) GDPR (performance of a contract and pre-contractual measures); the legal basis for the use of cookies for analysis or marketing purposes and for the use of web beacons and local storage is Art. 6(1)(1)(f) GDPR (legitimate interest). For web beacons, with cookies for statistical and personalisation purposes, the company’s interest lies in the ongoing development and relevance of the website and programme. For the use of local storage, the company’s interest lies in speeding up processes and preventing system overload.