Information on cookies and similar technologies
This section provides you with information on how we use cookies and similar technologies at miles-and-more.com and is supplemental to our “Miles & More Website, App & Communications Media Privacy Policy”.
We use so-called cookies, local and session storage and web beacons to ensure that our offers are as user-friendly as possible.
1. Cookies
A “cookie” is a small text file which a web server (for example the www.miles-and-more.com web server), sends to your browser when you visit a website. It depends on your browser’s settings as to whether the cookie file is stored or deleted. If the file is stored, our Web server can recognise your device. The next time you visit the site, or when you switch between functions requiring you to enter a password, the cookie can save you having to re-input information. This is how cookies make it easier for you to use websites requiring user input.
We use:
- “Session cookies”
These expire at the end of the browser session and can capture your activities during the browser session. They are deleted when you finish your browser session.
- “Permanent cookies”
These are saved on your device between different browser sessions and are able to capture your settings or activities on multiple websites. These are deleted after a predefined period, which can vary according to the cookie. You can, however, delete the cookies at any time in your browser settings.
- Session storage
Comparable to the use of cookies. In this case, your data is stored in your browser. The data is deleted when you close your browser.
- Local storage
This is also comparable to the use of cookies. It permits the more secure, longer-term storage of the information contained. For further information, see “Local storage”.
- Operationally necessary
These cookies are absolutely necessary to operate the site and facilitate, for example, login, redeeming miles and security features. Furthermore, these types of cookies allow us to recognise whether you wish to remain logged in to your profile, so that you can access our services more quickly the next time you visit our website. - Personalisation
These cookies are used to show you personalised content tailored to your interests. This makes it possible to present offers that are especially relevant to you. - Advertising
We use marketing and third-party cookies for the purposes of optimising, analysing and personalising advertising campaigns: Cookies to show you personalised advertisements on other websites (Google Ads); Cookies to assign you to a target group list. If you are logged in as a member, your email address is used to generate a cryptographic attribute which is sent to our advertising partners. This enables us to show you advertising online and on social media that corresponds to your interests. (Google Customer Match)
It is possible that your browser is already set up to display an alert every time it accepts a cookie. This alert can be very annoying, as every single time a page is accessed on our website, the identification cookie has to be sent again. Hence, we recommend that you set up your browser to always allow cookies from www.miles-and-more.com. You can specify this setting for single websites on an individual basis.
More information about the use of cookies and how to disable them can be found at meine-cookies.org or youronlinechoices.com.
Cookies
name: AMCV_2F4160D5561546F97F000101%40AdobeOr
| mamcom_cl | MMG | This cookie remembers the language/country setting based on the location or the requested URL. | Session | Necessary |
| mamcom_cl_last | MMG | This cookie remembers the user’s last language/country setting. | 1 year | Necessary |
mamcom_resolvedcountryconflicts |
MMG |
Cookie that stores the requested decision when changing the country. |
1 year |
Necessary |
mamcom_resolvedlanguageconflicts |
MMG |
Cookie that stores the requested decision when changing the language. |
1 year |
Necessary |
mamcom_promo |
MMG |
This cookie recognises whether a member has already registered for a promotion and thus enables the display of information that the registration has already been completed. |
1 year |
Necessary |
mamcom_cookieusage |
MMG |
This cookie enables the "Cookie Usage Indicator" (cookie information bar) not to be displayed again after the user has closed it. |
1 year |
Necessary |
| STAT | MMG | This (short-term) cookie defines the end of status "authenticated" after login and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 minutes | Necessary |
STATInfo |
MMG |
This (short term) cookie defines the end of status "authenticated" after login. After this time has elapsed, a new authentication is requested for security reasons if the user wishes to change their personal data. |
30 minutes |
Necessary |
| MFAT | MMG | This (multi-factor) cookie defines the expiry of "two-factor authenticated" status after a successful two-factor login and contains an encrypted access token. After this time has elapsed, a new authentication is requested for security reasons if the user wishes to change their personal data. | 10 minutes | Necessary |
| MFATInfo | MMG | This (multi-factor) cookie defines the expiry of "two-factor authenticated" status after a successful two-factor login. After this time has elapsed, a new authentication is requested for security reasons if the user wishes to change their personal data. | 10 minutes | Necessary |
| LTAT | MMG | This (long-term) cookie defines the expiry of status "identified" after you have logged in and contains an encrypted access token. New authentication is then requested after this time for security reasons if the user wishes to change their personal data. | 30 days | Necessary |
LTATInfo |
MMG |
This (long-term) cookie defines the expiry of the status "identified" after login. After this time has elapsed, a new authentication is requested for security reasons if the user wishes to change their personal data. |
30 days |
Necessary |
DWM_XSITECODE |
Amadeus |
This cookie defines which settings (e.g., texts, rules) should be used for the flight award booking. |
Session |
Necessary |
um_jst |
Amadeus |
This cookie is used for the technical security of the current session during the flight award booking. |
Session |
Necessary |
| ak_wfSession | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Necessary |
| ak_bmsc | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Necessary |
| bm_sv | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Necessary |
| bm_mi | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 2 hours | Necessary |
| bm_sz | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 4 hours | Necessary |
| _abck | Akamai | Cookie for differentiating between unwanted, automated access and legitimate, human users. | 1 year | Necessary |
visitor |
Q.Two |
This cookie is used to track whether you have been redirected through milesandmore.com to the Online Shopping partners. |
30 days |
Necessary |
mamcom_consent_date |
MMG |
This cookie stores the date on which a user has consented to the cookie. |
1 year |
Necessary |
mamcom_consent_choice |
MMG |
This cookie stores the cookie selection made by the user. |
1 year |
Necessary |
s_ecid |
Adobe Experience Cloud |
This cookie serves as a reference ID for identifying unique visitors if the AMCV cookie has expired.
|
2 years |
Necessary |
AMCV_###@AdobeOrg Example: see (1) |
Adobe Experience Cloud |
This cookie is used to identify a unique visitor. |
2 years |
Necessary |
| demdex | Adobe Experience Cloud | This cookie is used to identify a unique visitor on Miles & More websites. | 6 months | Necessary |
s_cc |
Adobe Analytics |
This cookie is set in order to determine whether the browser permits cookies. |
Session |
Necessary |
s_sq |
Adobe Analytics |
This cookie contains information about the previous link the user clicked. |
Session |
Necessary |
s_vi |
Adobe Analytics |
This cookie is used to identify a unique visitor, including a timestamp. |
2 years |
Necessary |
s_vi_s |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
1 hour |
Necessary |
s_vi_* |
Adobe Analytics |
This cookie is used to identify a unique visitor. |
2 years |
Necessary |
s_fid |
Adobe Analytics |
This cookie is used to identify a unique visitor, if the standard s_vi cookie is unavailable due to third-party cookie restrictions. |
2 years |
Necessary |
s_getNewRepeat |
Adobe Analytics |
This cookie is used to determine a new or returning visitor.
|
1 month |
Necessary |
s_invisit |
Adobe Analytics |
This cookie is used to determine a new or returning visitor as well as the corresponding number of visits. |
Session |
Necessary |
s_ppv |
Adobe Analytics |
This cookie is used to store the previous page that the user has visited in order to track the scrolling behaviour. |
Session |
Necessary |
s_ppvl |
Adobe Analytics |
This cookie is used to store the previous page that the user has visited in order to track the scrolling behaviour. |
Session |
Necessary |
s_ppn |
Adobe Analytics |
This cookie is used to store the previous page that the user has visited in order to track the scrolling behaviour. |
30 minutes |
Necessary |
s_tp |
Adobe Analytics |
This cookie is used to store information about the percentage of the displayed page that the user has loaded. |
1 month |
Necessary |
s_vnum |
Adobe Analytics |
This cookie is used to record the user’s number of visits. |
1 month |
Necessary |
| mamcom_refresh_localstorage |
MMG | This cookie launches an update of the available data in local storage following an update of the profile data. | 5 minutes | Necessary |
| mamcom_{nonce} |
MMG | This cookie changes the value of the URL parameter “state”, which is required for authenticating the user as well as navigating back to https://account.miles-and-more.com, to a random alphanumeric number. This allows for the pseudonymised processing of this value in order to authenticate the user through back-end systems. | 1 day | Necessary |
| TUAT | MMG | This allows users to register for Travel ID within the booking process. The TUAT enables the data collected during the registration process to also be used for the booking process without the users having to fully complete the registration process beforehand via the activation link. Users are not logged in only because of the TUAT cookie. The TUAT is valid for ten minutes. After that, the TUAT cookie will no longer be able to retrieve user data. | 10 minutes | Necessary |
| mamcom_alert | MMG | This cookie remembers whether the warning notification was actively closed by a user in order to no longer display the notification for as long as the cookie applies. | 7 days | Necessary |
eqsid_ |
Epoq |
Analysis cookie for monitoring and evaluating website performance. |
Session |
Personalisation |
mbox |
Adobe Target |
This cookie is used for A/B tests and for personalisation purposes. |
1 year |
Personalisation |
| {}{_}gcl_au |
Google (Google Campaign Manager, Display & Video 360, Google Ads, Search Ads 360) |
These third-party cookies are used to process your data for the creation of target group lists and thus display advertising on the internet and social media tailored to your interests. | 90 days |
Advertising |
| _gcl_aw |
Google (Google Ads) |
These third-party cookies are used to process your data for the creation of target group lists and thus display advertising on the internet and social media tailored to your interests. | 90 days
|
Advertising |
| {}gcl_dc{_} |
Google (Google Campaign Manager, Display & Video 360, Search Ads 360) |
These third-party cookies are used to process your data for the creation of target group lists and thus display advertising on the internet and social media tailored to your interests. | 90 days
|
Advertising |
2. Web beacons
Web beacons are small graphic files (also known as “tracking pixels”, “pixel tags” or “clear GIFs”), which may be installed in our websites, apps, applications and newsletters, and are normally installed in conjunction with cookies. All of the above-mentioned information about cookies applies also to web beacons. So, web beacons will not be installed if you have refused the use of the respective cookies.
3. Local storage
We use the so-called local storage functionality. This means that your data (master data, status data and programme data) is stored locally in the cache of your browser once you have logged in. Your data is deleted after you have closed the browser window until the next chosen login method. Providing you do not delete your browser’s cache; this information is retained and can be retrieved the next time you access the website. By using local storage, we facilitate the correct display of your data when you are surfing our website without slowing the process unnecessarily or overloading the interfaces.
If you do not wish local storage to be used, you can change this accordingly at any time in your browser settings. Please note that if you do so, the functionality of our website may only be available to a limited extent or no longer available. In particular, you will then not be able to access your personal profile.
Local storage
| Surname | Description | Validity | Category |
|---|---|---|---|
ID |
Object ID |
Login session |
Necessary |
Date of birth |
Date of birth |
Login session |
Necessary |
Preferred language |
Preferred language in the user data |
Login session |
Necessary |
Academic title |
Visitor’s academic title |
Login session |
Necessary |
First name |
Visitor’s first name |
Login session | Necessary |
Middle name |
All the visitor’s middle names |
Login session |
Necessary |
Surname |
Visitor’s surname |
Login session |
Necessary |
Gender |
Visitor’s gender |
Login session |
Necessary |
Activity status |
Activity status |
Login session |
Necessary |
Cardholder’s name |
Name given on the service card |
Login session |
Necessary |
Ticketholder’s name |
Name given on the flight ticket |
Login session |
Necessary |
Processing of personal data (PPD) |
Consent to the collection, storage and processing of personal data - Master data - Transaction data - Web tracking information - Status information |
Login session |
Necessary |
Behaviour-based consent (BP) |
Consent to the collection and processing of personal data for commercial purposes by the Lufthansa Group |
Login session |
Necessary |
Customer number |
Visitor’s customer number |
Login session |
Necessary |
LHCOM alias (Username and password authentication) |
The alias set up by the visitor at registration using the User ID and password |
Login session |
Necessary |
LH-ID alias (email address and password authentication) |
The alias set up at registration via Lufthansa with the LH-ID |
Login session |
Necessary |
Service card number FTL |
Card number for status FTL |
Login session |
Necessary |
Service card number INST |
Card number for status INST |
Login session |
Necessary |
Service card number SEN |
Card number for status SEN |
Login session |
Necessary |
Service card number HON |
Card number for status HON |
Login session |
Necessary |
Branding |
Branding in accordance with the brand logic |
Login session |
Necessary |
Registration date |
Visitor’s registration date |
Login session |
Necessary |
Member’s status level |
Visitor’s status level |
Login session |
Necessary |
Status basis |
Basis for the visitor’s status |
Login session |
Necessary |
Source code of registration |
Source code of registration used by the member for registration |
Login session |
Necessary |
Primary card number (service card number and PIN authentication) |
Value of the primaryCardNumber key in the membership data |
Login session |
Necessary |
Membership status |
Visitor’s membership status |
Login session |
Necessary |
poolOption |
Option for Mileage Pooling for the user. |
Login session |
Necessary |
Award miles |
Account balance of award miles
|
Login session |
Necessary |
eVouchers |
Remaining value of the eVouchers |
Login session | Necessary |
status miles |
Account balance of status miles |
Login session |
Necessary |
HON Circle miles |
Account balance of HON Circle miles |
Login session |
Necessary |
Flight segments |
Account balance of flight segments |
Login session |
Necessary |
Select miles |
Account balance of Select miles |
Login session |
Necessary |
The number of status miles missing to maintain status |
The number of status miles missing to maintain status |
Login session |
Necessary |
The number of flight segments missing to maintain status |
The number of flight segments missing to maintain status |
Login session |
Necessary |
The number of status miles missing to achieve a higher status |
The number of status miles missing to achieve a higher status |
Login session |
Necessary |
The number of flight segments missing to achieve a higher status |
The number of flight segments missing to achieve a higher status |
Login session |
Necessary |
Fraud risk |
The fraud risk checked at the time of flight award booking |
Login session |
Necessary |
Status Stars |
Number of Status Stars |
Login session |
Necessary |
Status Star points |
Number of Status Star points |
Login session |
Necessary |
Recruiting partner |
The partner recruiting the visitor |
Login session |
Necessary |
Registration partner |
Visitor’s registration partner |
Login session |
Necessary |
Partner for further access |
Visitor’s partner for further access |
Login session |
Necessary |
Expiry date of current status |
The date on which the current status expires |
Login session |
Necessary |
Expected date for new Status Star |
The data on which the next Status Star is expected based on the Status Star points rate (extrapolation) |
Login session |
Necessary |
Object ID for contact point |
Contact point for Object ID |
Login session |
Necessary |
Contact point usage |
Usage of a contact point (only PRIVATE in future) |
Login session |
Necessary |
Channel of the contact point |
Information about the channel of the contact point - Primary mobile phone number - Landline number - Fax number - Postal address - Email address |
Login session |
Necessary |
Confirmation date |
Date on which the contact point was last confirmed |
Login session |
Necessary |
Region/Federal state |
Region/Federal state of an address with the channel POST |
Login session |
Necessary |
Country |
Country of an address with the channel POST Domicile of a visitor at "standard": true |
Login session |
Necessary |
Town/city |
The city of an address with the channel POST |
Login session |
Necessary |
Street |
The street of an address with the channel POST |
Login session |
Necessary |
addAddressLine |
Additional information of an address with the channel POST |
Login session |
Necessary |
PO box |
PO box number of an address with the channel POST |
Login session |
Necessary |
Building |
Building information of an address with the channel POST |
Login session |
Necessary |
Company name |
Company name of an address with the channel POST |
Login session |
Necessary |
Postcode |
Postcode of an address with the channel POST |
Login session |
Necessary |
PO box address |
PO box indicator if the street or PO box of an address with the channel POST was given |
Login session |
Necessary |
Invalid address |
Indicator of a contact point that indicates whether the contact point is still valid |
Login session |
Necessary |
Standard |
The indicator that indicates whether the contact point is the primary contact point - Primary email address - Primary mobile phone number - Primary postal address |
Login session |
Necessary |
Email address |
Email address of a contact point with the channel EMAIL |
Login session | Necessary |
International dialling code |
The international dialling code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Necessary |
Area code |
The area code of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Necessary |
Number |
The number of a contact point with the channel - MOBILE - TELEPHONE - FAX |
Login session |
Necessary |
Preferred departure airport |
The preferred departure airport |
Login session |
Necessary |
Preferences for a mobile boarding pass |
The preferred option for a mobile boarding pass |
Login session | Necessary |
Subprogrammes |
All active and inactive subprogrammes of a visitor |
Login session |
Necessary |
Subscriptions |
All the visitor’s subscriptions |
Login session |
Necessary |
Consents |
All consents given by the visitor |
Login session |
Necessary |
One-off consents |
All one-off consents given by the visitor |
Login session |
Necessary |
Expiry of award miles |
Information about the expiry of award miles |
Login session |
Necessary |
Expiry of eVouchers |
Information about the expiry of eVouchers |
Login session |
Necessary |
Re-qualification marking |
The re-qualification marking |
Login session |
Necessary |
Remaining miles |
The number of miles remaining required for AC enquiries |
Login session |
Necessary |
Tool pages |
The data stored in order to make the country and language-based functions of the last used tools available |
Login session |
Necessary |
Benefit code |
The code that identifies the benefit |
Login session |
Necessary |
Form of utilisation of a benefit |
Type of benefit: - OUTBOUND FLIGHT - INCENTIVE IN PROGRAMME CURRENCY - CURRENCY EXCHANGE - PARTNER CARD - PERSONAL |
Login session |
Necessary |
Benefit status |
Status of the benefit: - OPTIONAL - SELECTED - EXPECTED
|
Login session |
Necessary |
Benefit threshold |
Threshold above which the benefit changes from the status EXPECTED to the status OPTIONAL, if not yet SELECTED
|
Login session |
Necessary |
Expiry date of the benefit |
Expiry date of the benefit with the status OPTIONAL
|
Login session |
Necessary |
Maximum conversion value of the benefit |
Maximum conversion value of benefits of the type of CURRENCY EXCHANGE
|
Login session |
Necessary |
Date of benefit selection |
The date on which the visitor selected the benefit
|
Login session | Necessary |
Ratio of the benefit for mileage exchange |
The possible conversion ratio of a benefit of the type of CURRENCY EXCHANGE |
Login session |
Necessary |
Updating intervals |
Time stamp of the last update of locally stored data |
Login session |
Necessary |
Inbox information |
Information about the documents stored in the inbox: date, quantity, number, ID, subject, content, expiry date, read/unread, origin |
Login session |
Necessary |
Authentication: CSRF_TOKEN |
Every action that changes a status requires this secure random token to prevent CSRF attacks. |
Login session |
Necessary |
Authentication: KEY_CUSTOMER_ID |
Is sent back by the authentication call and stored for further API calls. |
Login session | Necessary |
Authentication: KEY_LOGIN_TYPE |
Stores the last used form of the login. |
Continuing |
Necessary |
mamcomreferrer |
Required to store the original past context before the change to the country and/or language. |
Login session |
Necessary |
mamcombacklinkisfallbackpage |
Required to store if the current country and/or language selection reverts to the alternative page. |
Login session | Necessary |
Time stamp of the authorisation layer |
Stores the date on which the layer of an authorisation migration or the authorisation maximisation is displayed to a visitor. |
Login session |
Necessary |
Session memory
Surname |
Description |
Validity |
Category |
|---|---|---|---|
Response data for retroactive credit |
Covers the status and amount of the retroactive credit and is required to display the response on the thank-you page for the retroactive credit. |
Session |
Necessary |
Process number |
The thank-you page for the retroactive credit requires that the parameter displays the process number for the session memory "required". |
Session |
Necessary |
4. Legal bases
The legal basis for the use of operationally relevant cookies is Art. 6(1) b) GDPR (performance of contract and pre-contractual measures), and the legal basis for the use of cookies for analysis or marketing purposes, as well as for the use of web beacons and local storage, is Art. 6(1) f) GDPR (legitimate interest). In the case of web beacons, the company’s interest in cookies lies in statistical usage and personalisation purposes in the ongoing development and relevance of the website and programme. In the use of local storage, the company’s interest in cookies lies in speeding up processes and avoiding system overload.