1. The treatment of data when accessing the website and the app
You can use our website without entering direct personal information (such as your name, postal address or email address). Even in this case, we have to collect and save certain information in order to enable your access to our website.
You can only use our app as a Miles & More member after entering the requested identification details (e.g. Miles & More card number and PIN or a user ID and password).
Both for our website and our app we implement analysis procedures, and on our website we have integrated additional functionalities to include social networks. The following points explain the analysis procedures and integration.
When you visit our websites, our internet server automatically recognises the domain name or the IP address of the computer making the request, as well as the access data, the client file request (file name and URL), the HTTP response code, the website from which you are visiting us, and the number of bytes transferred during the session. This data is deleted as soon as you leave our website. We save your IP address for a seven day period for legitimate purposes permitted by law, in particular to detect misuse and to identify and eliminate technical malfunctions.
1.2 Cookies / Web Beacons
As many renowned companies do, we use so-called cookies and web beacons to ensure that our service is as userfriendly as possible.
A “cookie” is a small text file which a webserver (for example the www.miles-and-more.com webserver) sends to your browser when you visit a website. So-called “session cookies” expire at the end of the browser session and can capture your activities during the browser session. In contrast to these, there are “permanent cook-ies” which are saved on your terminal and these are able to capture your settings or activities on multiple websites.
Besides so-called “session cookies” which are deleted when you end your browser session, we put in place permanent cookies for the purposes of analysis by Adobe Analytics, the web analysis with Webtrends and app analysis with Google Analytics (see the explanation below under para. 1.3–1.6), which are stored until deleted by the user.
It depends on your browser’s settings as to whether the cookie file is stored or deleted. If the file is stored, our webserver can recognise your terminal. Next time you visit the site or when you switch between functions requiring you to enter a pass-word, the cookie can save you reinputting information. This is how cookies make it easier for you to use websites requiring user input. Additionally, cookies can help us offer you the most personalised, optimised surfing experience, as long as you give us permission to do so.
Regardless of saved cookies, for security reasons you must log in every time you enter the parts of our website where registration is required. Miles redemption also requires the prior entry of a password.
No personal data is saved in the cookies used by us: This is because these cookies are only allocated an identification number which we will not join with other data which may be available to us (possibly due to a registration) without your permission.
You can set up your browser to accept our cookies or use our website without any cookie functionality. However, in the latter case your text inputs in form fields for other requests will not be saved, so next time you visit our website you will be re-quired to input the information again. This also means that unfortunately we cannot present you with any content that is tailor-made for you.
It could be that your browser is also already set up to display an alert every time it accepts a cookie. This alert can be very annoying, as every single time a page is called up on our website, the identification cookie has to be sent again. Hence we recommend that you set up your browser to always allow cookies from www.miles-and-more.com. You can specify this setting for single websites on an individual basis.
Web beacons are small graphic files (also known as “pixel tags” or “clear GIFs”) which may be contained in our websites, apps, applications and newsletters and are normally installed in conjunction with cookies to identify users and/or user behaviour. All of the above mentioned information about cookies applies also to web beacons. So web beacons will not be installed if you have refused the use of the respective cookies.
1.3 Analysis with Adobe Analytics
Adobe Analytics is installed on our website, in our app and our communication media. This is a web analysis service from Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Ireland (“Adobe”).
With Adobe Analytics your IP address is shortened, thus making it anonymous, and it is used only in this anonymised form.
Information acquired by the use of a cookie or a Clear GIF will only be transferred to Adobe’s computing centre located in a European Union member state or in other states which are party to the Agreement on the European Economic Area. Adobe uses this information solely on our behalf and only for the purposes set out above.
If you do not wish to allow the collection and usage of such information by Adobe Analytics using cookies you can decline it here. In the case of the use of our app, you can prevent this collection by deactivating the button at the end of the data protection provision. Then a corresponding opt-out cookie is installed on your device which contains no tracking data; instead it enables us to recognise your objection and not to allow any more data sharing with the Adobe server for tracking purposes.
In addition, you can generally set up your internet browser to not accept any cookies and by doing so prevent data collection by Adobe Analytics. The same applies to the “do not track” function or the deactivation of graphics displays for Clear GIFs. Please make sure you are clear about the steps required to carry this out by reading the instructions for your own internet browser, as the relevant settings vary according to each browser supplier.
You can find more information about Adobe Analytics and data protection at Adobe at http://www.omniture.com/de/privacy/product.
1.4 Web analysis with Webtrends
Our website uses Webtrends Analytics, a web analysis service from Webtrends EMEA Acquisition Ltd. / Webtrends Inc., 851 SW 6th Ave., Suite 1600, Portland, Or-egon 97206, USA (“Webtrends”). Webtrends Analytics uses so-called “cookies”, text files which are saved on your computer, and they make it possible to carry out an analysis of the website’s usage.
Information generated by cookies about your usage of the website is generally trans-ferred to a Webtrends server in the USA and is stored there.
Webtrends will use this information on our behalf to evaluate your usage of the web-site in order to compile reports about the website activities and to provide us with services associated with the usage of the website and the internet. Where appropriate, information will be transferred to a third party insofar as it is prescribed by law, or third parties may process this data on our behalf. Access data will be stored anonymously so that no association can be made with any visitors. This is done in particular by anonymising the IP address.
You can prevent cookies being installed by a corresponding setting in your browser software; however we must notify you that in this case it is possible that you will not be able to use all the functions of the website in full.
You can refuse data collection and storing at any time with future effect using the following opt-out link: https://ondemand.webtrends.com/support/optout.asp.
1.5 App analysis with Google Analytics
Our app uses Google Analytics, an analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
You can prevent the storage of cookies in the specific settings of your mobile device / our app. However we notify you that in this case it is possible that you will not be able to make use of all functions of this app in full.
Furthermore, you can prevent the capture of data by Google relating to your use of the app generated by the cookie (including your IP address), as well as the processing of this data, by deactivating the button at the end of the data protection in-formation in the app.
More information about conditions of use and data protection with Google Analytics can be found at: http://www.google.com/analytics/terms/de.html or at https://www.google.de/intl/de/policies/
1.6 The integration of social networks
On our website and in our app we can integrate functionalities relating to social networks (such as Facebook or Twitter).
We currently use links to offers from Miles & More in social networks. Both our website and our app can be accessed and used without these links. If you use these ad-ditional functionalities, please be aware of the following policy about the treatment of personal data:
By linking our website to one of our offers in social networks, e.g. on our Facebook page, our YouTube channel or our Twitter account, this refers to simple links to the pages of current social networks. By the use of such links, we do not share any per-sonal information to the providers of these social networks.
However, we wish to point out to you that these providers essentially have the possibility of recognising the provenance of a visit. We have no influence over how data processing is carried out by the provider, and this data protection policy does not extend to the offers of this provider. Further information can generally be found in the respective providers’ data protection policies.
If you allow the app to access your location, you are permitting the app to access your mobile device's location services. Your device's location services use information from the mobile, Wi-Fi and GPS networks and/or iBeacons in order to determine your approximate location.
The app must have your permission to access your device's location services so that the app can provide you with site-specific features, such as viewing offers in your area. If you do not allow access, the location-based display of content will be restricted.
Configuration on smartphones with an iOS operating system (Apple iPhone and iPad):
You can also enable or disable location device services in the iOS settings in the future. To do so, open the iOS "Settings" app, select the "Privacy" menu item and the "Location Services" sub-item. The following menu lists all the apps installed on your device that have location-based features. Select the Miles & More app. In the following menu, you can select whether access to the site shall always be permitted or always be blocked.
Configuration on smartphones with Android operating systems (various manufacturers such as Samsung, HTC, Sony, LG):
With an Android operating system, the app is allowed to access your mobile device's location services by default. This cannot be avoided due to Google's technical specifications, over which we have no influence.
The app will not use this feature without your consent. The app will only allow access to location services if you explicitly allow access in the app. The app will prompt you to allow access after you register or log in. The app will only access location services if you answer the prompt with "Allow".
You can also enable or disable location device services in the Android settings in the future. To do so, open the "Settings" app in your device's main menu and select the "Location Services" menu item. You can enable or disable access to location services In the following menu for all installed apps. Unfortunately, Android currently does not enable the separate configuration of location services for each app.
2. The handling of data when using the website and the app
2.1 Functionalities for Miles & More members
On our website and in our app we make available a variety of functionalities which require personal data or other information to be collected. These functionalities can only be accessed, for example for Miles & More members, after logging in with your identification details (e.g. a Miles & More card number and PIN or a user ID and password).
As a Miles & More member you can access your customer profile via our website and our app. Here you have the possibility inter alia to look at your mileage account, request specific awards, and modify or amend specific master data (as described in the Miles & More programme data protection policy).
Where the use of functionalities requires you to provide more personal information, this will be identified on our website or in our app. Mandatory information is specifically identified; if mandatory information is not provided, the use of the particular functionality will not be possible.
2.2 Other functionalities
On our website or in our app, we can offer you functionalities which can be used as a Miles & More member without a login, but nonetheless personal details or other in-formation must be collected for these functionalities, e.g. if you take part in a survey on this website or you have a question or feedback for us. We will collect, process and use such data and information without your complete permission solely to the extent required for the respective functionality (e.g. to respond to your questions or to process your feedback).
2.3 References and data collection on third party websites
You can reach third party websites via links from our website which are not operated by us. For example, these may be the websites of partner companies where you can earn miles or where special offers are made available for Miles & More members. We have no influence on the collection, processing and use of your personal data on such third party websites; this is dealt with by the relevant website provider. Therefore please read the conditions of use and data protection information on these websites in order to get more precise information about the collection, processing and use of (personal) information on these websites.
3. Permissions and options
We would like to use your data to be able to inform you about our offers and services and those of our partners, and, where appropriate, to consult you in order to tailor our content to suit you as well as possible and to maximise its relevance to you.
You decide for yourself whether or not you would like to receive this information from us. We can offer you the option (e.g. in your application to be a Miles & More member, on our website or in a Miles & More communication medium or another advertising medium) of giving separate permission to receive specific information in connection with Miles & More. You can find further information in the data protection policies for the Miles & More programme
If you have given us this permission, we can assess your master data in order to provide you with personalised information which is relevant to you and tailor-made to suit your interests. The analytical data will only be evaluated in a summarised (aggregated) form.
4. Access, rectification
Upon request, we are happy to inform you whether your personal details have been saved and, if so, which ones. If, despite our best efforts to ensure that the data saved is accurate and up-to-date, incorrect information is stored, we will correct it at your request. In your customer profile on our website, you can check the current status of the majority of your master data yourself. Please update your personal details immediately after any changes occur (e.g. your postal address, email address or telephone number).
5. Data security
MMG and Lufthansa use technical and organisational security measures to protect the data we hold about you against accidental or deliberate manipulation, loss, deletion or unauthorised access. Our security measures are being improved continuously as new technology develops.
We store your personal details on servers in Germany, in a European Union member state or in states which are party to the Agreement on the European Economic Area. When services are used, personal details can also be communicated to other countries, having taken into consideration the data protection regulations applicable.
We check these data protection policies regularly and we will update these as necessary. Where there are significant changes made to these data protection policies, we will inform you (for example on our website or in our app).
7. Data protection officers
The Lufthansa group data protection officer is also the data protection officer for Miles & More GmbH. If you have questions about data protection at Miles & More, you can contact Dr. Barbara Kirchberg-Lennartz (e.g. by post: Group data protection officer, FRA RD, 60546 Frankfurt/Main or by email email@example.com).