Privacy Policy

We protect your data in accordance with German data protection laws and the EU-GDPR. The following privacy policy provides detailed information on which data we collect, store and how we use it.

1. Scope of this privacy policy

This privacy policy applies to the websites operated by Munich Airport (hereafter also “FMG” or “we”) under the domains and For other websites in cooperation with third-party providers separate privacy policies and regulations may apply.

The ticketshop and website are hosted by ERNW Insight GmbH.

2. Controller, Data Protection Officer, Contact data

2.1 Controller

Flughafen München GmbH Nordallee 25 85356 Munich Germany Tel. +49 89 975 00 Email:

2.2 Data protection officer

Data Protection Officer of Flughafen München GmbH: Data Protection Officer Flughafen München GmbH Nordallee 25 85356 München E-Mail:

2.3 Data protection officer (Hosting and Operation)

Data Protection Officer of ERNW Insight GmbH: Data Protection Officer ERNW Insight GmbH Carl-Bosch-Strasse 4 69115 Heidelberg E-Mail:

3. General information on the collection and use of data when using our services

3.1 What comprises personal data?

Personal data means any information relating to an identified or identifiable natural person (e.g. your name, address or telephone number).

3.2 What information do we store and for which purposes?

When you access any part of our website (with the exception of the contact form and our ticketshop – see below), data which could be used to identify you (e.g. your IP address) and other information such as the date, time and the pages accessed during the session is stored only in anonymized form using a pseudonym. We do not perform any data analysis except for statistical purposes. After the statistical analysis, the anonymized data is deleted.

You have a right to object to the creation of these utilization profiles. If you wish to exercise this right, please notify us in writing. When a user submits the contact form or buys a event or training ticket in our ticketshop, the sender’s current IP address is stored for security reasons.

This data is stored on the servers of Insight for a limited period for marketing and optimization purposes and undergoes statistical analysis so that we can offer you even better services in the future. This data does not enable us to identify any specific person.

Please note: When using certain services, however, you must register with your personal data (e.g. signing up for an event or training).

If you register on our pages or contact us using the contact form, we will process and use the personal data collected (e.g. your email address) as needed in order to fulfill the related purpose.

The purpose of this website and ticketshop is to operate the InfoSec-Hub center and host trainings, events and other educational content. Personal data are collected, processed and utilized exclusively in connection with this purpose.

3.3 Recipients or categories of recipients to whom the data may be provided

  • Public authorities in case of overriding legal regulations
  • External contractors as defined in Section 28 of the EU-GDPR
  • External offices and departments within the company to achieve the business purposes specified below

3.4 Duration of storage

We comply with the principles of data avoidance and data minimization. Consequently, we store your personal data only as long as necessary for achieving the specified purposes or as stipulated under the various storage periods required by law. After the relevant purpose no longer applies or the expiry of these periods, the corresponding data will be blocked or deleted routinely in accordance with the statutory regulations.

4. Which internet technologies are used?

4.1 Collection of general information

When you access our website, information of a general nature is automatically logged. This information (server log files) contain such data as the type of web browser, the operating system, the domain name of your internet service provider, etc. It is not possible to use any of this information to identify you. These data are needed for technical reasons for correct delivery of the website contents requested by you and are necessary when using the internet. We perform statistical analysis on anonymous information of this kind in order to optimize our website and the underlying technology.

4.2 Registration on our website

When registering to use our personalized services or buying tickets for events, some personal data are collected such as your name, address, and contact and communication data such as your telephone number and email address. If you are registered with us, you can access content and services that we offer to registered users only. Registered users can also change or delete the data provided at registration as required at any time. Of course we will also provide you with information at any time on your personal data stored by us. We will be happy to correct or delete these data on request unless statutory archiving obligations stipulate otherwise. To contact us in this regard, please use the contact information provided at the end of this Privacy Statement.

4.3 Delivery of billable services

In order to provide billable services, we request additional data, e.g. payment details. To protect the security of the data transfer, we use state-of-the-art encryption methods (e.g. SSL) via the HTTPS protocol.

4.4. Newsletter

The data provided by you when registering to subscribe to our newsletter are used exclusively for that purpose. Subscribers may also be informed by email of circumstances relevant to the service or registration (e.g. changes in the newsletter service or technical issues).

For your registration to take effect, we need a valid email address. To check that the registration is in fact coming from the owner of the email address, we employ the double opt-in process. For that purpose, we log the newsletter order, the dispatch of the confirmation email and the receipt of the requested reply. No other data are collected. These data are used exclusively for sending the newsletter and are not forwarded to third parties.

You can revoke your consent to store your personal data and unsubscribe from the newsletter at any time. Every newsletter contains instructions for that purpose. In addition, you can unsubscribe directly on this website at any time and inform us of your request using the contact options provided at the end of this document.

4.5 Use of cookies

Cookies are text files that are stored by your browser. The collected data can be used to create utilization profiles under a pseudonym for the web pages visited. As a result, cookies enable us to recognize your browser. This is useful, for example, in ensuring that your input is not lost in case an activity on our website is not completed (e.g. if the network connection is interrupted).

The data collected when using our services is stored and statistically analyzed for marketing and optimization purposes. However, the data collected is not used to identify the site users individually. Nor is it combined with personal data through the assigned pseudonym unless you give us your express consent.

If you do not want Munich Airport, ERNW Insight or its cooperation partners to use cookies, simply deactivate this function in your browser. You can also delete cookies at any time. Please note that deactivating or deleting cookies may restrict your use of the website and the available services. For more information, consult the help files for your browser.

4.6 Use of etracker technologies

We don’t currently use any eTracker technologies such as piwik, Google Analytics or anything like that.

5. Your right to information, correction, deletion and objection

You have the right to obtain information from us at any time on your personal data stored by us. You also have the right to have such data corrected or blocked and – subject to the required storage of data for completing business transactions – to have it deleted. Please submit your request in writing using the contact data below.

To ensure that a data block can be complied with at all times, these data must be kept in a blocked file for monitoring purposes. You can also request the deletion of data unless a statutory archiving obligation applies. If there is such an obligation, we will block your data on request.

You can make changes or revoke a declaration of consent with future effect at any time by notifying us accordingly. Your consent is legally effective only until such time at which it is revoked.

Contact data for exercising your rights as a data subject in writing:

Flughafen München GmbH Data protection query P.O. Box 23 17 55 85356 Munich Email:

6. Right to submit complaints to the regulatory authority

Other remedies under administrative law or through litigation notwithstanding, you have the right to file a complaint with a regulatory authority, in particular in the EU member state of your residence, employment or the location of the alleged violation if you believe that the processing of the personal data pertaining to you is unlawful.

The responsible regulatory authority for Bavaria for the non-public sector: Bavarian Data Protection Authority (BayLDA) in Ansbach.

7. Changes to our data protection regulations

We reserve the right to amend this Privacy Statement as needed from time to time to ensure that it is always in compliance with the current legal requirements or to implement changes in our services in the Privacy Statement, e.g. when introducing new services. The latest amended version of the data protection declaration will then be published on our website (

8. Questions for the data protection officer

If you have questions about data protection, please contact our data protection officer or send us an email to

Effective: June 19, 2018